Video: Common Crypto Mistakes in Android

Watch Isaac’s talk about common mistakes that developers make in Android cryptography based on our article about the same topic.

About: If you do a web search for “encrypting Strings in Android”, you’ll find a lot of example code, and they all look pretty similar. They definitely input a String and output gibberish that looks like encrypted text, but they are often incorrect.

Tech Talk: Common crypto mistakes in Android from Galois Video on Vimeo.

In this talk, we’ll discuss the use of a very common crypto algorithm, AES, and show how code examples on the Internet usually make serious mistakes in how they use AES libraries. What are the consequences of these mistakes and what are more reasonable defaults. We’ll also talk a bit about our simple Android library that tries to do AES right.

Speaker Bio: Isaac Potoczny-Jones is the founder of Tozny and a security researcher at Galois where he has lead authentication and collaboration projects for the DoD and IC. Isaac earned his master’s degree in Cybersecurity from the University of Maryland, University College, and his B.S. in Computer Science from Ohio State University. In 2013, Isaac founded Tozny, a Galois spin-off company aimed at solving the password conundrum. Easier and more secure than passwords, Tozny replaces passwords with an easy-to-use cryptographic key on a user’s mobile phone.