Building a Better Web
June 11–12, 2018: Training
June 12–14, 2018: Tutorials & Conference
San Jose, CA

The art and craft of secrets: Using the cryptographic toolbox

Michael Swieton (Atomic Object)
11:00am–11:40am Thursday, June 14, 2018
Location: 212 A/B
Secondary topics:  Best practice, Technical, Web Pillars Track: Performance, Security, Accessibility
Average rating: ****.
(4.00, 2 ratings)

Who is this presentation for?

  • Full stack and web developers

Prerequisite knowledge

  • An understanding of web basics (requests, cookies, etc.)

What you'll learn

  • Explore the cryptographic ecosystem and learn how these tools come together to enable user-visible functionality like secure sessions, user authentication, and single sign-ons


In 1970, a small group of activists broke into a draft board office in Delaware to steal records. These records were stored in a secure room, and none of them were able to pick the lock. Instead, hours before the planned robbery one of them pasted a note on the door reading “Please don’t lock this door tonight.” After hours when they arrived, the door was open.

The moral of the story is that security is not about picking the right lock. It’s about how the different pieces all come together to make a complete system.

Securing any software system usually isn’t about picking a better cipher algorithm (i.e., a better lock). It’s about the way that cipher works with a sophisticated suite of related security tools to provide trust and privacy. Michael Swieton explores how the cryptographic ecosystem—which includes tools such as public key cryptography, signatures, password hashes, key exchange, and stream ciphers—provides security for our applications and explains how these tools come together to enable user-visible functionality like secure sessions, user authentication, and single sign-ons. Along the way, you’ll learn about real implementations by digging under the hood of HTTP requests to popular websites.

These tools and technologies are not new, shiny, or hip, but they are complicated, critical, and ubiquitous. Understanding the tools in the toolbox will make you better equipped to create, debug, and deploy your applications.

Photo of Michael Swieton

Michael Swieton

Atomic Object

Michael Swieton is a software developer at Atomic Object. For more than decade Michael has written, tweaked, bent, and broken code into the shape of software of all sorts for many industries. He obsesses over details, lines, and patterns and enjoys peeking under the hood of everything, be it math, or software, or coffee, or cake. He travels regularly and seeks out adventures ranging from theatre and culture to altitude sickness. He’s a frequent speaker at conferences and meetups, including RailsConf, Windy City Rails, SyntaxCon, BeerCityCode, and GLSEC.