- UW Continuing Education Class to be taught by Jon Jacky and Brian Dorsey: registration is open!
- notes on Jeremy Condra's talk:
- motivational factors lead people to ignore crypto or do it wrong
- HMAC's are a useful module in the standard library
unpadded RSA is the deault for PyCrypto. do not ever use unpadded RSA.
- Jeremy's Book is coming out
- MD5 bad, SHA-512 almost as bad but not quite
- pycrypto is vulnerable to side channel attacks (measuring elapsed time) because pow() is not hardened
M2Crypto is a useful drop-in replacement
urllib.urlopen("https://gmail.com") does not do hostname checking (unlike other languages)
- the python community should fix these... especially the SSL issue
- Wikipedia is a nice resource for learning about security
- lesson: become concerned about security (better late than never)
- Bloom filters are a fast non-cryptographic hash if there is no attacker in the threat model (but probably this means the threat model is incomplete)
Geremy Condra's name is spelled with a G
- Hookbox looks cool for connecting arbitrary browsers to arbitrary web services, with message passing
It was reported that mysteriously "False < 0" ... however I cannot confirm this on Python 2.6.4
- How to easily encapsulate named values into an object? Answer: use collections.namedtuple
- Next meeting is probably at the UW.