Black Hat USA Registration Black Hat USA Registration Black Hat USA Briefings Black Hat USA Briefings Black Hat USA Training Black Hat USA Training Black Hat USA Schedule Black Hat USA Schedule Black Hat USA Sponsors Black Hat USA Sponsors Black Hat  USA Special Events Black Hat  USA Special Events Black Hat USA Venue Black Hat USA Venue

On This Page

Uses and Misuses of Cryptography – How to Use Crypto Properly and Attack Those That Don’t

Andrew Lindell | July 28-30



Ends May 31



Ends July 24



Ends July 30


Most security professionals and software engineers working in security are familiar with the basic concepts of cryptography. However, many do not really understand what security guarantees are provided by different cryptographic primitives, which constructions are recommended and which should not be used (and why), and how easy it is to misuse cryptography to the point that it is trivially broken.

In this course, we will take a broad look at cryptographic concepts, constructions and implementation dangers and issues. A wide variety of primitives and topics will be studied. For just a few examples: we will understand the fundamental differences between stream and block and ciphers and their uses in encryption, message authentication and protocols; we will study practical advanced attacks on encryption like padding oracle attacks, blockwise adaptive chosen plaintext attacks, and length-leakage attacks; we will study the security of cryptographic hash functions and learn advanced attacks like low-memory birthday attacks and rainbow tables; and we will study RSA with a focus on how it works and how it is attacked. The aim of the course is to understand the security guarantees provided by a variety of cryptographic primitives, obtain an idea as to how they are constructed and how they work, learn how they can be properly and improperly used, and be familiar with the main attacks against them and their ramifications. The course will be filled with real-world examples of cryptography misuses and we will demonstrate how difficult it is to do cryptography properly and how devastating the results are when it is misused.

This course is of importance to anyone who uses cryptography in any way in their products, and to developers who either use existing cryptographic libraries or implement their own. In addition to lectures and discussion, the participants will solve exercises that include designing and carrying out real attacks, and analyzing the security of real-world systems.


Familiarity with basic math and basic cryptographic concepts is helpful

What Students Will Be Provided With

I provide slides handouts for taking notes, exercise books, a large book of reference material for background and further study, and a summary “rules of thumb” document for future use

What Students Should Bring

Students must bring pens and pencils, paper, and calculators; laptops are highly recommended but not required for absolutely everyone


Yehuda (Andrew) Lindell is a Professor at Bar-Ilan University in Israel. Andrew attained a Ph.D. at the Weizmann Institute of Science in 2002 and spent two years at the IBM T.J. Watson research lab as a Postdoctoral fellow in the cryptography research group. Andrew has carried out extensive research in cryptography, and has published more than 60 conference and journal publications, as well as an undergraduate textbook on cryptography and two books on secure protocols. Andrew has presented at numerous international conferences, workshops and university seminars, and has served on program committees for top international conferences in cryptography. In addition to Andrew's notable academic work, he has significant industry experience and has worked on the cryptographic and security issues that arise in the design and construction of authentication schemes, smartcard applications, software protection schemes and more.