Essential Cryptography Knowledge for Application Developers

Through the years, Java has become much more than just a programming language. It's also an enterprise platform for JEE application development. However, at some level, security and cryptography are easy to get wrong. Most of the time, we don't care which algorithms—SHA-256 or SHA-512, RSA or ECC, AES-128 or AES-256, padding schemes, iteration number, key sizes—are or aren't ideal for encryption, or if a poor choice could benefit attackers. In this technical session, we won't use complex math, and most of the concepts will be illustrated with source code, as we explore: - Broken cryptography - Libraries available for development - Hashing passwords and what people have been doing wrong - Usage of digital signatures - Protecting local data - How to properly exchange encryption keys - Securely sending data over the network - Preventing illegal tampering on client/server applications - SSL best practices - Cryptography in our daily basis