Cryptography has emerged as an enormously important component of the networked world. People are hesitant to trust the World Wide Web and eCommerce without the protections crypto provides. As companies build Virtual Private Networks, demand secure communications and require stronger authentication techniques, more and more applications are built with crypto as core components. Many cryptographic algorithms are virtually unbreakable . . . if used properly. If applied incorrectly, it doesn't matter how strong an algorithm or key is, the tools of crypto will provide no protection. This presentation will describe some of the blunders people have made over the years in their use of cryptography. Some of these mistakes made headlines, some did not. Some might even be a little humorous -- to those not involved. The blunders include Netscape's random number seed, JavaSoft's DSA, Gemstar's VCR+ and maybe one or two by Microsoft. If nothing else, the audience will learn what not to do in their products.

With degrees in math from Grinnell College in Iowa and the Claremont Graduate School in California, Steve Burnett has spent most of his professional career converting math into computer programs, first at Intergraph and presently with RSA Security. A frequent speaker at industry confeences, Steve is the lead engineer for RSA's BSAFE Crypto-C and Crypto-J products - general purpose cryptography software development kits in C and Java.