Crypto Attacks and Defenses 2-day Crypto Attacks and Defenses

19 March 2018 - 20 March 2018
Hosted by
Deutsche Telekom
Winterfeldtrasse 21, 10781 Berlin, Germany
View on Google Maps
Jean-Philippe Aumasson and Philipp Jovanovic

Course Description

Students who finish the training will get a certificate of completion.

The 2-day training Crypto Attacks and Defenses by Jean-Philippe Aumasson and Philipp Jovanovic is designed to familiarize developers and security professionals of any level with the most important concepts and best practices of modern cryptography. The training sheds also a light upon some of the most common vulnerabilities and failures found in cryptographic applications over the years and analyses how they could have been prevented.

In the lectures, students learn about all the important basics of modern cryptography. This includes notions such as secure randomness generation, block ciphers and stream ciphers, hash functions, authenticated encryption, key exchange protocols, digital signing schemes, elliptic curve cryptography, and formal security notions and attack models. The training also features topically focused talks on the Transport Layer Security (TLS) protocol, password protection, secure messaging, distributed ledger technologies, and post-quantum cryptography.

In the hands-on sessions, participants put into practice the notions and tools encountered during the lectures by being challenged to find, exploit, and fix vulnerabilities in cryptographic software. The exercises consist of a mix of made-up problems and examples of real-world vulnerabilities found in widely deployed systems.

There are no specific prerequisites for this course beyond a basic programming background.

Students should bring a notebook capable of running Virtualbox or VMware.

Topics Covered During the Course

Cryptography, cryptanalysis, randomness, block ciphers, stream ciphers, hash functions, authenticated encryption, elliptic curve cryptography, vulnerability research, secure messaging, TLS, password hashing, post-quantum cryptography, blockchains, Bitcoin

Course Outline

  • Day 1 Lectures:
    • Randomness
    • Cryptography Basics
    • Elliptic Curve Cryptography
    • Post-quantum Cryptography
  • Day 1 Exercises:
    • Entropy Testing
    • Cryptanalysis of an IoT Protocol
    • Breaking PRNGs I
    • Breaking Hash Functions I
    • Breaking RSA I
    • Implementing ECC-based Systems
  • Day 2 Lectures:
    • Side-channel Attacks
    • Cryptography Libraries
    • Transport Layer Security (TLS)
    • Secure Messaging
    • Bitcoin and Blockchains
  • Day 2 Exercises:
    • CBC Oracles
    • Cryptanalysis of a Smart Grid Protocol
    • Breaking PRNGs II
    • Breaking Hash Functions II
    • Breaking RSA II

Class Requirements

Participants should have some familiarity with common programming languages such as C/C++ and Python. This course is suitable for people who are new to cryptography and IT security. All the theory and concepts related to cryptography and cryptanalysis are explained during the course.

What to Bring

A notebook capable of running Virtualbox or VMware.

Minimum Software to Install

VMware Player, VMware Workstation, VMware Fusion or Virtualbox.


1600€ (until February 19), 2200€ (after).
Prices exclude 19% VAT (MwSt.) for Germany
Cancellation requests by paid registrants must be made at least 45 days before the event and may be subject to an administration fee. In the event of course cancellation by the trainer, students may choose to attend an alternate course (space pending) or receive a full refund.

Pay by Credit Card or Bitcoin

Pay by Check/Wire or
Request a Group Discount

Group discounts are available for 3 or more registrations.
Request Invoice

Onsite Training

Can't make it? Training is also available at a location of your choice.
Request an Onsite Quote