A few weeks ago, we had the opportunity to attend and sponsor the 2017 dotSecurity--a great conference for developers about security, of course!
We chose to sponsor the conference because:
- We are a security company.
- We love dotConferences!
dotConferences organizes technical conferences in Paris for an international audience and was inspired by the quality and format of TED Talks. Quite ambitious, but honestly, it has worked really well thus far. Every year we send dozens of Dashlaners to dotjs, dotScale, dotSwift, and they always come back thrilled!
The first dotSecurity conference took place last year, and this year, we wanted to be a part of it and help bring world-class experts on stage to share the latest security best practices to the tech community.
What you missed at this year’s dotSecurity conference
Passionate speakers came from all over the globe–from Oslo, Dublin, San Francisco and even Hawaii—to talk about topics within their areas of expertise. We also had Paul Mockapetris, the inventor of the Domain Name System (DNS) as a speaker!
The Inventor of the DNS took the stage
Cyril Leclec discussed Dashlane & Intel SGX Technology
Our very own superstar and Head of Security at Dashlane, Cyril Leclerc, gave a lightning talk about how we use Intel Software Guard Extensions (SGX) in our product.
For those who are not familiar with this new technology, Intel’s SGX technology helps us to encrypt directly on Intel’s CPUs, where a part of the memory called enclave is dedicated to hosting some code. This is where we can create and store another derivation of the master password making Dashlane even more secure to any kind of attack.
Joseph Bonneau discussed Randomness and Verifiable Lotteries
Another, but unexpected, moment of glory was when Joseph Bonneau, Security researcher and teacher Technology Fellow at the Electronic Frontier Foundation (EFF), and one of the greatest experts regarding randomness in algorithms, gave a great talk about verifiable lotteries.
He opened his talk by asking the audience to imagine Dashlane as an “evil company” who wanted to rig the dotSecurity raffle for an Apple Watch; Bonneau then set up his talk by asking hypothetically, “how could Dashlane prove to you that they’re running an honest lottery?”
The best part: after Bonneau’s talk, what should have been a simple, on-stage raffle ceremony turned out to become a live example of a fair lottery! Unfortunately, we didn’t have a best-in-class random algorithm prepared for our giveaway, but we did try to follow Bonneau’s 5 steps to holding a fair lottery:
- Algorithm commitment: Bonneau’s first tip is to commit to an algorithm, which could be as simple as committing to the set of names of eligible players. This will prevent incidents, like adding fake entries to rig the odds. Surprisingly, everyone in attendance agreed to our “algorithm”.
- Open Audit: Normally, an algorithm will call upon a random number generator to help you choose a winner, but you’ll need input a random seed to make the algorithm work. In our real-life example, to participate in the lottery, people had to come to the Dashlane booth and flash their QR code. We used 3 devices, synced the data, and uploaded it to a spreadsheet. We showed it on stage, so people could see there were no duplicate entries and check if they can see their names on it—well, mainly the people with a good eyesight.
- Choose a random seed: Normally, an algorithm will call upon a random number generator to help you choose a winner, but you’ll need input a random seed to make the algorithm work. For our raffle, we used a block chain transaction.
- Run algorithm: And the winner is… Ioan N.!
- Independent verification: The beauty of Bonneau’s method is that anyone should be able to run this algorithm themselves and check to see if they get the same result. Well, we had no attorney or audit agency to independently verify, but we can say the audience took this role.
Don’t Miss dotSecurity Next Year!
We look forward to sponsoring future dotSecurity conferences so we can continue to share our knowledge and learn from others in the industry.
Don’t miss out on another year of incredible speakers, learning about the latest tools and technology, and, of course, your chance to participate in an awesome giveaway! We look forward to seeing you next year!