Working with Mozilla on Security
Submitted by Sachin A (@sachin-a) on Tuesday, 10 January 2017
An overview of Blake
- Blake and Blake2 are cryptographic hash functions designed by a team of experts in cryptanalysis, implementation, and cryptographic engineering; namely Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O’Hearn and Christian Winnerlein.
- Blake2 is an improved version popular among developers which is faster than MD5, SHA-1, SHA-2, and SHA-3.
- It is at least as secure as the latest standard SHA-3 and has been adopted by many projects due to its high speed, security, and simplicity.
- Blake was one of the five hash functions in the final of the NIST SHA-3 Competition
An introduction on how to contribute to security tools through Mozilla’s student programme.
- The Winter of Security (MWOS) is a program organized by Mozilla’s Security teams to involve students with Security projects.
- Projects are focused on building security tools, and students are expected to write code which must be released as Open Source.
A good takeaway for the audience would probably be the realization that some of most useful and powerful privacy tools like Pretty Good Privacy (PGP) or Tor have roots in rather humble open source projects or academic ventures started on a whim.
Intended for beginners in security interested in contributing to safeguarding the internet :)
Why are cryptographic hash functions a big deal?
- What do they do?
- And why should you really care?
- An overview of how systems deal with hashes
- How not to store passwords
- What standards do we follow?
- SHA1, SHA2, SHA3?
- Public Key Cryptographic Standard #11? How did we get here?
What is Blake?
- General overview of Blake
- A little bit of history
- The algorithm
- Optimizations for hardware and software
- An overview of the optimizations introduced in Blake2
- Benchmarks against existing hash functions
- What can Blake do for password hashing?
- Enter Argon! The winner of PHC
- Delve into code! (C implementation)
Getting involved with Mozilla
- What’s Mozilla Winter of Security?
- Projects offered in the 2016 edition
- What is Network Security Services (NSS) and what do they offer?
- How can I set up up my application to use NSS?
- How do I contribute?
- Writing secure code
- Conforming to standards
- Making patches
I’m a junior at NIT Trichy currently pursuing my bachelor’s in Computer Science & Engineering.
I’m a software developer who innately supports security as a scientific endeavor. I participate in Mozilla’s Winter of Security and work with Mozilla on security tools. I’ve also been in the top 100 in India for Build the Shield 2016, Microsoft’s CTF.
I’m an active member of Delta, a computer science club @ Nit Trichy. We frequently hold workshops for juniors interested in Computer Science. I also occasionally pen articles for bits and bytes, a computer science newsletter.
I fiercely support the free software movement and contribute to open source as a gesture of that support for FOSS.
Passionate about open source technical solutions that can protect our privacy and impede unfair internet surveillance.
Generally interested in free software, free speech and humanity for all.
It’s going to take all of us.