BSidesSF 2016

To fully understand Elliptic Curve Cryptography to a point where you could use it in practice, you would need to spend years inside university lecture rooms to study number theory, geometry and software engineering. And then you can probably still be fooled by a backdoored implementation.I won't be able to change that in a short talk. What I will do, however, is explain the basics of ECC. I'll skip over the gory maths (it will help if you can add up, but that's about the extent of it) and explain how this funny thing referred to as "point addition on curves" can be used to exchange a secret code between two entities over a public connection.I will also explain how the infamous backdoor in Dual_EC_DRGB (a random number generator that uses the same kind of maths) worked and what went on at Juniper.At the end of the presentation, you'll still not be able to find such backdoors yourselves and you probably realise you never will. But you will be able to understand articles about ECC a little better. And, hopefully, you will be convinced it is important that we educate more people (possibly you) to become ECC-experts.