Not in the Job DescriptionRoss McDonaldSenior Developer, FrogSlayer

Requirements• Is a website• Users can store content• Users can login• Only logged in users can

modify content• User content is analyzed using

client algorithm

Developer knowledge

Assumed Expertise

Client Provided Knowledge

Probability / Random Sampling• Random vs. Pseudorandom• Correct use of PRNGs• Converting uniform distributions to non-

uniform distributions

Produce a predictable sequence determined by initial seed

• Seed once• Make sure its properties

fit your need

Pseudorandom Number Generators

PRNG Output Transformation Pitfalls• Bounding with rand()%max or similar• Producing byte-streams or floats with random ints incorrectly• Sampling more complex distributions with a uniform PRNG

incorrectly

Computer Security Pitfalls• Not understanding Encryption /

Authentication / Integrity• Not trusting the defaults and standards

(rolling your own)• Trusting the defaults and standards

Alice Bob

Authentication Integrity Encryption

Trust the Defaultse.g. .NET provides CryptoServiceProvider classes with reasonable defaults.

• GenerateKey()• GenerateIV()• Sane default Mode (CBC)

Original ECB Non-ECB

Don’t Trust the Defaults• No matter how self contained the library is, there is potential for

misuse (e.g. Padding Oracle Attack)• PGP does not provide forward secrecy• GnuPG was slow in adopting Elliptic Curve• The NSA / RSA BSAFE debacle

Takeaways • Recognize problems are more complicated than you might think.• Never stop learning.• Immerse yourself in technical cultures (e.g. blogs, podcasts, stack

exchange)• Know enough about everything to know when your client’s concerns

warrant an expert