Cryptography Pitfalls

John Downey (Braintree)
Tools and Techniques
Location: Portland 251 Level: Novice
Average rating: ****.
(4.70, 23 ratings)
Slides:   external link,   2-PDF 

As developers we often do a poor job of implementing cryptography and other security measures in our systems. Often the primitives used are out of date and overlook very subtle flaws. These mistakes lead to systems that are hopelessly insecure despite our perception that we’ve build an impenetrable fortress. Fortunately there are a few tools and techniques at our disposal that can ease some of the pain. In this talk we’ll explore some of the most common pitfalls developers encounter with cryptography and restore some of our sanity.

Specific topics:

  • Misusing cryptographic primitives
  • Poor random number generation
  • Secure password storage
  • Other subtle flaws that can leave you insecure
  • Why you should use TLS/SSL and GPG instead
  • Learn what a group of researches has called “The Most Dangerous Code in the World”
Photo of John Downey

John Downey


John Downey is a developer working at Braintree. Braintree helps businesses accept credit card payments online with great development tools and first class support. There he has worked on their highly available infrastructure and integrations into the banking system. In his free time he contributes to open source projects and mentors high school students in the FIRST Robotics Competition.


Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at (707) 827-7065 or

Contact Us

View a complete list of OSCON contacts