Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Internet Radio Done Right
45 subscribers
Checked 26d ago
Tilføjet four år siden
Indhold leveret af Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
Minder om Security Cryptography Whatever
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
The Data Skeptic Podcast features interviews and discussion of topics related to data science, statistics, machine learning, artificial intelligence and the like, all from the perspective of applying critical thinking and the scientific method to evaluate the veracity of claims and efficacy of approaches.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
))
Daily Deals
Podcasts der er værd at lytte til
SPONSORERET
S
Species Unite
“If we march into that village and we start trying to persecute people for using poison, something that's very illegal, nobody's going to talk to us. We're not going to find out where the poison came from. We're not going to be able to shut anything down. We should take the approach that people are using poison because they're desperate, because they see no other alternative.” – Andrew Stein Andrew Stein is a wildlife ecologist who spent the past 25 years studying human carnivore conflict from African wild dogs and lions in Kenya and Botswana to leopards and hyenas in Namibia. His work has long focused on finding ways for people and predators to coexist. He is the founder of CLAWS , an organization based in Botswana that's working at the intersection of cutting-edge wildlife research and community driven conservation. Since its start in 2014 and official launch as an NGO in 2020, CLAWS has been pioneering science-based, tech-forward strategies to reduce conflict between people and carnivores. By collaborating closely with local communities, especially traditional cattle herders, CLAWS supports both species conservation and rural livelihoods—making coexistence not just possible, but sustainable.…
A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep
Manage episode 445316655 series 2956114
Indhold leveret af Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
You may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉
Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/
Links:
- https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
- “Safe Coding”: https://dl.acm.org/doi/10.1145/3651621
- “effectiveness of security design”: https://docs.google.com/presentation/d/16LZ6T-tcjgp3T8_N3m0pa5kNA1DwIsuMcQYDhpMU7uU/edit#slide=id.g3e7cac054a_0_89
- https://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html
- https://github.com/google/crubit
- https://github.com/google/autocxx
- https://en.wikipedia.org/wiki/Stagefright_(bug)
- https://security.googleblog.com/2021/04/rust-in-android-platform.html
- https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md
- https://www.usenix.org/conference/usenixsecurity22/presentation/alexopoulos
-https://kb.meinbergglobal.com/kb/time_sync/ntp/ntp_vulnerabilities_reported_2023-04
- https://blog.isosceles.com/the-legacy-of-stagefright/
- https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/
- https://www.youtube.com/watch?v=QrrH2lcl9ew
- https://source.android.com/docs/setup/build/rust/building-rust-modules/overview
- https://github.com/rust-lang/rust-bindgen
- https://security.googleblog.com/2021/06/rustc-interop-in-android-platform.html
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Kapitler
1. A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep (00:00:00)
2. Security and Memory Safety in Android (00:00:12)
3. Evaluating Memory Safety and Security Boundaries (00:10:14)
4. Scaling Memory-Safe Code for Security (00:17:04)
5. Assessing Memory Safety for Future Code (00:23:33)
6. Memory Safety and Security Progress (00:28:43)
7. Analyzing Memory Safety Issue Trends (00:35:37)
8. Transitioning to Memory-Safe Code (00:45:39)
9. Practical Approach to Memory Safety (01:00:22)
54 episoder
DelManage episode 445316655 series 2956114
Indhold leveret af Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. Alt podcastindhold inklusive episoder, grafik og podcastbeskrivelser uploades og leveres direkte af Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian eller deres podcastplatformspartner. Hvis du mener, at nogen bruger dit ophavsretligt beskyttede værk uden din tilladelse, kan du følge processen beskrevet her https://da.player.fm/legal.
You may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉
Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/
Links:
- https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
- “Safe Coding”: https://dl.acm.org/doi/10.1145/3651621
- “effectiveness of security design”: https://docs.google.com/presentation/d/16LZ6T-tcjgp3T8_N3m0pa5kNA1DwIsuMcQYDhpMU7uU/edit#slide=id.g3e7cac054a_0_89
- https://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html
- https://github.com/google/crubit
- https://github.com/google/autocxx
- https://en.wikipedia.org/wiki/Stagefright_(bug)
- https://security.googleblog.com/2021/04/rust-in-android-platform.html
- https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md
- https://www.usenix.org/conference/usenixsecurity22/presentation/alexopoulos
-https://kb.meinbergglobal.com/kb/time_sync/ntp/ntp_vulnerabilities_reported_2023-04
- https://blog.isosceles.com/the-legacy-of-stagefright/
- https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/
- https://www.youtube.com/watch?v=QrrH2lcl9ew
- https://source.android.com/docs/setup/build/rust/building-rust-modules/overview
- https://github.com/rust-lang/rust-bindgen
- https://security.googleblog.com/2021/06/rustc-interop-in-android-platform.html
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Kapitler
1. A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep (00:00:00)
2. Security and Memory Safety in Android (00:00:12)
3. Evaluating Memory Safety and Security Boundaries (00:10:14)
4. Scaling Memory-Safe Code for Security (00:17:04)
5. Assessing Memory Safety for Future Code (00:23:33)
6. Memory Safety and Security Progress (00:28:43)
7. Analyzing Memory Safety Issue Trends (00:35:37)
8. Transitioning to Memory-Safe Code (00:45:39)
9. Practical Approach to Memory Safety (01:00:22)
54 episoder
Alle episoder
×
1 Picking Quantum Resistant Algorithms 14:56
14:56 
Afspil senere 
Afspil senere 
Lister 
Like 
Liked14:56
Afspil senere Afspil senere Lister Like LikedMigrating the US government to quantum-resistant cryptography is hard, luckily the gamer presidents are on it. This episode is extremely not safe for work, nor does it reflect the political opinions of, well, anybody. "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 Apple Pulls Advanced Data Protection in the UK with Matt Green and Joe Hall 48:30
48:30 Afspil senere Afspil senere Lister Like Liked48:30
Afspil senere Afspil senere Lister Like LikedApple has pulled the availability of their opt-in iCloud end-to-end encryption feature, called Advanced Data Protection, in the UK. This doesn't only affect UK Apple users, however. To help us make sense of this surprising move from the fruit company, we got Matt Green, Associate Professor at Johns Hopkins, and Joe Hall, Distinguished Technologist at the Internet Society, on the horn. Recorded Saturday February 22nd, 2025. Transcript: https://securitycryptographywhatever.com/2025/02/24/apple-pulls-adp-in-uk/ Watch episode on YouTube: https://youtu.be/LAn_yOGUkR0 Links: - https://www.lawfaremedia.org/article/apples-cloud-key-vault-and-secure-law-enforcement-access - https://www.androidcentral.com/how-googles-backup-encryption-works-good-bad-and-ugly - https://gdpr.eu/right-to-be-forgotten/ - https://www.legislation.gov.uk/id/ukpga/2024/9 - https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html - https://en.wikipedia.org/wiki/Salt_Typhoon - Salt Typhoon: https://www.cisa.gov/news-events/news/strengthening-americas-resilience-against-prc-cyber-threats - https://www.bloomberg.com/news/articles/2025-02-21/apple-removes-end-to-end-encryption-feature-from-uk-after-backdoor-order - https://support.apple.com/en-us/102651 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 Cryptanalyzing LLMs with Nicholas Carlini 1:20:42
1:20:42 Afspil senere Afspil senere Lister Like Liked1:20:42
Afspil senere Afspil senere Lister Like Liked'Let us model our large language model as a hash function—' Sold. Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs and other attacks, just as the ones that made OpenAI turn off some features, hehehehe. Watch episode on YouTube: https://youtu.be/vZ64xPI2Rc0 Transcript: https://securitycryptographywhatever.com/2025/01/28/cryptanalyzing-llms-with-nicholas-carlini/ Links: - https://nicholas.carlini.com - “Stealing Part of a Production Language Model”: https://arxiv.org/pdf/2403.06634 - ‘Why I attack"’: https://nicholas.carlini.com/writing/2024/why-i-attack.html - “Cryptanalytic Extraction of Neural Network Models”, CRYPTO 2020: https://arxiv.org/abs/2003.04884 - “Stochastic Parrots”: https://dl.acm.org/doi/10.1145/3442188.3445922 - https://help.openai.com/en/articles/5247780-using-logit-bias-to-alter-token-probability-with-the-openai-api - https://community.openai.com/t/temperature-top-p-and-top-k-for-chatbot-responses/295542 - https://opensource.org/license/mit - https://github.com/madler/zlib - https://ai.meta.com/blog/yann-lecun-ai-model-i-jepa/ - https://nicholas.carlini.com/writing/2024/how-i-use-ai.html "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 Biden’s Cyber-Everything Bagel with Carole House 57:14
57:14 Afspil senere Afspil senere Lister Like Liked57:14
Afspil senere Afspil senere Lister Like LikedJust a few days before turning off the lights, the Biden administration dropped a huge cybersecurity executive order including a lot of good stuff, that hopefully [cross your fingers, knock wood, spin around three times and spit] will last into future administrations. We snagged some time with Carole House, outgoing Special Advisor and Acting Senior Director for Cybersecurity and Critical Infrastructure Policy, National Security Council in the Biden-Harris White House, to give us a brain dump. And now due to popular demand, with video of our actual human¹ faces! https://youtu.be/Pqw0W2crQiM Transcript: https://securitycryptographywhatever.com/2025/01/20/bidens-cyber-everything-bagel-carole-house/ Links: - https://www.federalregister.gov/d/2025-01470 - https://www.wired.com/story/biden-executive-order-cybersecurity-ai-and-more/ - 2022 EO: https://archive.ph/hvzWd - 2023 EO: https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security-1.pdf - 2021 EO: https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity - NIST SSDF: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf - https://www.federalregister.gov/documents/2015/04/02/2015-07788/blocking-the-property-of-certain-persons-engaging-in-significant-malicious-cyber-enabled-activities - IEEPA: https://www.govinfo.gov/content/pkg/USCODE-2023-title50/pdf/USCODE-2023-title50-chap35-sec1701.pdf ¹ Actual human faces not guaranteed in all cases "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 Quantum Willow with John Schanck and Samuel Jacques 53:36
53:36 Afspil senere Afspil senere Lister Like Liked53:36
Afspil senere Afspil senere Lister Like LikedTHE QUANTUM COMPUTERS ARE COMING...right? We got Samuel Jacques and John Schanck at short notice to answer that question plus a bunch of other about error correcting codes, logical qubits, T-gates, and more about Google's new quantum computer Willow. Transcript: https://securitycryptographywhatever.com/2024/12/18/quantum-willow Links: - https://blog.google/technology/research/google-willow-quantum-chip/ - https://research.google/blog/making-quantum-error-correction-work/ - https://blog.google/technology/google-deepmind/alphaqubit-quantum-error-correction/ - https://www.nature.com/articles/s41586-024-08449-y - Sam’s ‘Landscape of Quantum Computing’ chart: https://sam-jaques.appspot.com/quantum\_landscape\_2024 - The above, originally published in 2021: https://sam-jaques.appspot.com/quantum\_landscape - https://sam-jaques.appspot.com - https://jmschanck.info/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 Dual_EC_DRBG with Justin Schuh and Matthew Green 1:07:45
1:07:45 Afspil senere Afspil senere Lister Like Liked1:07:45
Afspil senere Afspil senere Lister Like LikedNothing we have ever recorded on SCW has brought so much joy to David. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body. Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup. Transcript: https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbg Links: - Dicky George at InfiltrateCon 2014, 'Life at Both Ends of the Barrel - An NSA Targeting Retrospective': [https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q](https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q) - Dicky George: [https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/](https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/) - NYTimes on Sigint Enabling Project: [https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html](https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html) - On the Practical Exploitability of Dual EC in TLS Implementations: [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf) - Wired - Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA [https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/](https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/) - ProPublica - Revealed: The NSA's Secret Campaign to Crack, Undermine Internet Security [https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption](https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption) - DDoSecrets - Sigint Enabling Project: [https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf](https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf) - IAD: [https://www.iad.gov/](https://www.iad.gov/) - Ars Technica - “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic: [https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/](https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/) - 2015 IMPORTANT JUNIPER SECURITY ANNOUNCEMENT: [https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554](https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554) - Extended Random Values for TLS: [https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00](https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00) - The Art of Software Security Assessment: [https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426) "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep 1:13:55
1:13:55 Afspil senere Afspil senere Lister Like Liked1:13:55
Afspil senere Afspil senere Lister Like LikedYou may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉 Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/ Links: - https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html - “Safe Coding”: https://dl.acm.org/doi/10.1145/3651621 - “effectiveness of security design”: https://docs.google.com/presentation/d/16LZ6T-tcjgp3T8_N3m0pa5kNA1DwIsuMcQYDhpMU7uU/edit#slide=id.g3e7cac054a_0_89 - https://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html - https://github.com/google/crubit - https://github.com/google/autocxx - https://en.wikipedia.org/wiki/Stagefright_(bug) - https://security.googleblog.com/2021/04/rust-in-android-platform.html - https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md - https://www.usenix.org/conference/usenixsecurity22/presentation/alexopoulos -https://kb.meinbergglobal.com/kb/time_sync/ntp/ntp_vulnerabilities_reported_2023-04 - https://blog.isosceles.com/the-legacy-of-stagefright/ - https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/ - https://www.youtube.com/watch?v=QrrH2lcl9ew - https://source.android.com/docs/setup/build/rust/building-rust-modules/overview - https://github.com/rust-lang/rust-bindgen - https://security.googleblog.com/2021/06/rustc-interop-in-android-platform.html "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 Campaign Security with [REDACTED] 1:23:39
1:23:39 Afspil senere Afspil senere Lister Like Liked1:23:39
Afspil senere Afspil senere Lister Like LikedWith the 2024 United States Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late August, 2024. Transcript: https://securitycryptographywhatever.com/2024/10/13/campaign-security/ Links: - Active Measures by Thomas Rind: https://us.macmillan.com/books/9780374287269/activemeasures - Aurora: https://en.wikipedia.org/wiki/Operation\_Aurora - Google APP announcement, October 2017: https://www.wired.com/story/google-advanced-protection-locks-down-accounts/ - XXD: https://linux.die.net/man/1/xxd - Adobe Reader October 2016 Security Update: https://helpx.adobe.com/security/products/acrobat/apsb16-33.html "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind! Transcript: https://securitycryptographywhatever.com/2024/09/06/telegram Links: - https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/ - Lavabit / Ladar Levinson: https://en.wikipedia.org/wiki/Lavabit - Pavel Durov indictment statement from French authorities: https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-08/2024-08-28%20-%20CP%20TELEGRAM%20mise%20en%20examen.pdf - MTProto 2.0 protocol spec: https://core.telegram.org/api/end-to-end - https://words.filippo.io/dispatches/telegram-ecdh/ - MTProto 1.0 (old no longer used): - https://web.archive.org/web/20131220000537/https://core.telegram.org/api/end-to-end#key-generation - OTR: https://otr.cypherpunks.ca/otr-wpes.pdf - AES and sha2 used in ‘Infinite Garble Extension’ mode: https://eprint.iacr.org/2015/1177.pdf - Four Attacks and a Proof for Telegram: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833666 - History of Telegram e2ee chats availability: https://en.wikipedia.org/wiki/Telegram_(software)#Architecture - https://securitycryptographywhatever.com/2023/01/27/threema/ - https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/ - https://en.wikipedia.org/wiki/Matrix_(protocol), introduced in September 2014 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
Are you going to be in Vegas during BlackHat / DEF CON? We're hosting a mixer, sponsored by Observa ! We have limited capacity, so please only register if you can actually come. Location details are in the confirmation email. Tickets will be released in batches, so if you get waitlisted, there's a good chance you still get in. Looking forward to seeing you in Vegas! Ticket Link: https://www.eventbrite.com/e/scwpod-vegas-2024-tickets-946939099337 We talk about CrowdStrike in this episode, but we know we made some mistakes: The sys files may be code in addition to data. The bug might be bigger than "just" a null pointer exception. Luckily, none of that is actually relevant to the main issues we discuss. Show page: https://securitycryptographywhatever.com/2024/07/24/summertime-sadness/ Other Links: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization https://dadrian.io/blog/posts/pqc-signatures-2024/ https://dadrian.io/blog/posts/cto/ https://www.blackhat.com/us-24/briefings/schedule/ https://terrapin-attack.com/ https://www.youtube.com/watch?v=-AqayGm0_pw More like ClownStrike, amirite? "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 Zero Day Markets with Mark Dowd 1:25:49
1:25:49 Afspil senere Afspil senere Lister Like Liked1:25:49
Afspil senere Afspil senere Lister Like LikedWe have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive security work. Transcript: https://securitycryptographywhatever.com/2024/06/24/mdowd/ Links: https://www.azimuthsecurity.com/ https://www.vigilantlabs.com/ https://github.com/mdowd79/presentations/blob/main/bluehat2023-mdowd-final.pdf https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Hack-Different-Pwning-IOS-14-With-Generation-Z-Bug-wp.pdf https://i.blackhat.com/USA-19/Wednesday/us-19-Shwartz-Selling-0-Days-To-Governments-And-Offensive-Security-Companies.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
iykyk Transcript: https://securitycryptographywhatever.com/2024/05/25/ekr/ Links: - https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt - https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf - https://datatracker.ietf.org/doc/html/rfc8446 - SoK: SCT Auditing in Certificate Transparency: https://arxiv.org/pdf/2203.01661 - A hard look at Certificate Transparency, Part I: Transparency Systems: https://educatedguesswork.org/posts/transparency-part-1/ - A hard look at Certificate Transparency: CT in Reality: https://educatedguesswork.org/posts/transparency-part-2/ - E2EE on the web: is the web really that bad? https://emilymstark.com/2024/02/09/e2ee-on-the-web-is-the-web-really-that-bad.html - Launching Default End-to-End Encryption on Messenger: https://about.fb.com/news/2023/12/default-end-to-end-encryption-on-messenger/ - ekr's newsletter: https://educatedguesswork.org - Over 25 years of ekr RFCs: https://www.rfc-editor.org/search/rfc_search_detail.php?sortkey=Date&sorting=DESC&page=All&author=rescorla&pubstatus[]=Any&pub_date_type=any Subscribe to his newsletter at https://educatedguesswork.org/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 STIR/SHAKEN with Paul Grubbs and Josh Brown 1:01:47
1:01:47 Afspil senere Afspil senere Lister Like Liked1:01:47
Afspil senere Afspil senere Lister Like LikedJosh Brown and Paul Grubbs join us to describe how those damned spam calls work, and how STIR/SHAKEN is supposed to try to stop them, but have other privacy and security implications as well. Transcript: https://securitycryptographywhatever.com/2024/04/30/stir-shaken/ Links: - https://iacr.org/submit/files/slides/2024/rwc/rwc2024/98/slides.pdf - https://www.youtube.com/watch?v=3trxXF0-fRU - Paul Grubbs: https://web.eecs.umich.edu/~paulgrub/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166 This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed this podcast. "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
1 Post-Quantum iMessage with Douglas Stebila 55:34
55:34 Afspil senere Afspil senere Lister Like Liked55:34
Afspil senere Afspil senere Lister Like LikedApple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations: Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebila/ Links: - https://security.apple.com/blog/imessage-pq3/ - Security analysis of the iMessage PQ3 protocol https://security.apple.com/assets/files/A_Formal_Analysis_of_the_iMessage_PQ3_Messaging_Protocol_Basin_et_al.pdf - Ratcheting design: https://eprint.iacr.org/2024/220.pdf - When Messages are Keys: Is HMAC a dual-PRF?: https://eprint.iacr.org/2023/861.pdf - Real World Deniability in Messaging: https://eprint.iacr.org/2023/403.pdf - Padmé: https://www.petsymposium.org/2019/files/papers/issue4/popets-2019-0056.pdf - Max Headroom: https://www.youtube.com/watch?v=cYdpOjletnc - Extended Canetti-Krawczyk model: https://iacr.org/archive/eurocrypt2001/20450451.pdf - Douglas Stebila: https://www.douglas.stebila.ca/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 High-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik Bhargavan 56:13
56:13 Afspil senere Afspil senere Lister Like Liked56:13
Afspil senere Afspil senere Lister Like LikedWe welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code! Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assurance-kyber/ Links: - https://cryspen.com/post/ml-kem-implementation/ - https://github.com/cryspen/libcrux/ - https://github.com/formosa-crypto/libjade - https://cryspen.com/post/pqxdh/ - https://eprint.iacr.org/2023/1933.pdf - Franziskus Kiefer: https://franziskuskiefer.de/ - Karthik Bhargavan: https://bhargavan.info/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Encrypting Facebook Messenger with Jon Millican and Timothy Buck 59:35
59:35 Afspil senere Afspil senere Lister Like Liked59:35
Afspil senere Afspil senere Lister Like LikedFacebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major cross-platform endeavor, and how David Bowie fits into their personal Labyrinth. Transcript: https://securitycryptographywhatever.com/2023/12/28/e2ee-fb-messenger/ Links: - https://www.facebook.com/notes/2420600258234172 - https://eprint.iacr.org/2022/1044.pdf - https://engineering.fb.com/2023/12/06/security/building-end-to-end-security-for-messenger/ - https://www.theverge.com/2023/12/6/23991501/facebook-messenger-default-end-to-end-encryption-meta - https://www.threads.net/@jonmillican/post/C0kQPAyoFpr - https://engineering.fb.com/wp-content/uploads/2023/12/MessengerEnd-to-EndEncryptionOverview_12-6-2023.pdf - https://engineering.fb.com/wp-content/uploads/2023/12/TheLabyrinthEncryptedMessageStorageProtocol_12-6-2023.pdf - https://engineering.fb.com/2022/03/10/security/code-verify/ - https://chrome.google.com/webstore/detail/code-verify/llohflklppcaghdpehpbklhlfebooeog "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Attacking Lattice-based Cryptography with Martin Albrecht 57:20
57:20 Afspil senere Afspil senere Lister Like Liked57:20
Afspil senere Afspil senere Lister Like LikedReturning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my! Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/ Links: - https://pq-crystals.org/kyber/index.shtml - https://pq-crystals.org/dilithium/index.shtml - https://eprint.iacr.org/2019/930.pdf - https://en.wikipedia.org/wiki/Short_integer_solution_problem - Frodo: https://eprint.iacr.org/2016/659 - https://csrc.nist.gov/CSRC/media/Events/third-pqc-standardization-conference/documents/accepted-papers/ribeiro-saber-pq-key-pqc2021.pdf - https://en.wikipedia.org/wiki/Hermite_normal_form - https://en.wikipedia.org/wiki/Wagner%E2%80%93Fischer_algorithm - https://www.math.auckland.ac.nz/~sgal018/crypto-book/ch18.pdf - https://eprint.iacr.org/2019/1161 - QRAM: https://arxiv.org/abs/2305.10310 - https://en.wikipedia.org/wiki/Lenstra%E2%80%93Lenstra%E2%80%93Lov%C3%A1sz_lattice_basis_reduction_algorithm - MATZOV improved dual lattice attack: https://zenodo.org/records/6412487 - https://eprint.iacr.org/2008/504.pdf - https://eprint.iacr.org/2023/302.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted 1:19:05
1:19:05 Afspil senere Afspil senere Lister Like Liked1:19:05
Afspil senere Afspil senere Lister Like LikedWe're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser. Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etc Links: - https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/ - https://github.com/superfly/macaroon - https://cryspen.com/post/pqxdh/ - https://eprint.iacr.org/2023/1390.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 'Jerry Solinas deserves a raise' with Steve Weis 57:31
57:31 Afspil senere Afspil senere Lister Like Liked57:31
Afspil senere Afspil senere Lister Like LikedWe explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis! “At the point where we find an intelligible English string that generates the NIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.” Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curves Links: - Steve’s post: https://saweis.net/posts/nist-curve-seed-origins.html - ANSI X9.62 ECDSA: https://safecurves.cr.yp.to/grouper.ieee.org/groups/1363/private/x9-62-09-20-98.pdf / FIPS 186-2 https://csrc.nist.gov/files/pubs/fips/186-2/final/docs/fips186-2.pdf - “A RIDDLE WRAPPED IN AN ENIGMA”: https://eprint.iacr.org/2015/1018.pdf - https://arstechnica.com/information-technology/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/ - https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-institute-of-standards-and-technology-78756/ - https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-security-agency-78755/ - Filippo’s bounty: https://words.filippo.io/dispatches/seeds-bounty/ - Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters - NIST 800-186 with Curve25519 and friends - RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier - https://www.rfc-editor.org/rfc/rfc4492#section-6 - https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/ - https://en.wikipedia.org/wiki/Bullrun_(decryption_program) - https://en.wikipedia.org/wiki/BSAFE - https://sockpuppet.org/blog/2015/08/04/is-extended-random-malicious/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades 58:35
58:35 Afspil senere Afspil senere Lister Like Liked58:35
Afspil senere Afspil senere Lister Like LikedWe're back from our summer vacation! We're covering a bunch of stuff we saw and did: Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/ Links: - Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html - Downfall: https://downfall.page - Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Why do we think anything is secure, with Steve Weis 46:17
46:17 Afspil senere Afspil senere Lister Like Liked46:17
Afspil senere Afspil senere Lister Like LikedWhat does P vs NP have to do with cryptography? Why do people love and laugh about the random oracle model? What's an oracle? What do you mean factoring and discrete log don't have proofs of hardness? How does any of this cryptography stuff work, anyway? We trapped Steve Weis into answering our many questions. Transcript: https://securitycryptographywhatever.com/2023/06/29/why-do-we-think-anything-is-secure-with-steve-weis/ Links: - The Random Oracle Methodology, Revisited: https://eprint.iacr.org/1998/011.pdf - Factoring integers with CADO-NFS: https://www.ens-lyon.fr/LIP/AriC/wp-content/uploads/2015/03/JDetrey-tutorial.pdf - On One-way Functions from NP-Complete Problems: https://eprint.iacr.org/2021/513.pdf - Seny Kamara's lecture notes on provable security: https://cs.brown.edu/~seny/2950-v/2-provablesecurity.pdf - How To Simulate It – A Tutorial on the Simulation Proof Technique: https://eprint.iacr.org/2016/046.pdf - A Survey of Leakage-Resilient Cryptography: https://eprint.iacr.org/2019/302 - A Decade of Lattice Cryptography: https://eprint.iacr.org/2015/939.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Elon's Encrypted DMs with Matthew Garrett 52:28
52:28 Afspil senere Afspil senere Lister Like Liked52:28
Afspil senere Afspil senere Lister Like LikedAre Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped. Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/ Links: https://mjg59.dreamwidth.org/66791.html https://help.twitter.com/en/using-twitter/encrypted-direct-messages https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/ BrokenKDF2BytesGenerator: https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java#L70 Analysis from sweis: https://twitter.com/sweis/status/1657082478727933954?s=20 https://signal.org/docs/specifications/x3dh/ https://signal.org/docs/specifications/doubleratchet/ https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages Trail of Bits has not audited nor signed a contract yet, per Platformer: https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi 55:43
55:43 Afspil senere Afspil senere Lister Like Liked55:43
Afspil senere Afspil senere Lister Like LikedWhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works. Transcript: https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparency Links: https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/ https://github.com/facebook/akd Parkeet: https://eprint.iacr.org/2023/081.pdf CONIKS: https://eprint.iacr.org/2014/1004.pdf SEEMless: https://eprint.iacr.org/2018/607.pdf WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf Keybase key transparency: https://book.keybase.io/docs/server "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Messaging Layer Security (MLS) with Raphael Robert 55:02
55:02 Afspil senere Afspil senere Lister Like Liked55:02
Afspil senere Afspil senere Lister Like LikedMessaging Layer Security (MLS) 1.0 is (basically) here! We invited Raphael Robert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?) Transcript: https://securitycryptographywhatever.com/2023/04/22/mls/ Links: - https://messaginglayersecurity.rocks/ - https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html - https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html - https://github.com/openmls/openmls - https://eprint.iacr.org/2022/1533.pdf - https://eprint.iacr.org/2020/1327.pdf - https://eprint.iacr.org/2022/559.pdf - https://signal.org/docs/ - https://en.wikipedia.org/wiki/Key_encapsulation_mechanism - https://twitter.com/beurdouche/status/1220617962182389760 - https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#mls-ciphersuites - https://www.ietf.org/archive/id/draft-ietf-mls-federation-02.html - https://datatracker.ietf.org/wg/mimi/documents/ - https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en - Yes in the protocol document this is 1.0: https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#section-6 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken. Links https://rwc.iacr.org/2023/ https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Transcript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Threema with Kenny Paterson, Matteo Scarlata and Kien Tuong Truong 1:03:55
1:03:55 Afspil senere Afspil senere Lister Like Liked1:03:55
Afspil senere Afspil senere Lister Like LikedAnother day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts. Transcript: https://securitycryptographywhatever.com/2023/01/27/threema/ Links: https://breakingthe3ma.app/ https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf https://threema.ch/en/blog/posts/ibex "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Has RSA been destroyed by a quantum computer??? 41:16
41:16 Afspil senere Afspil senere Lister Like Liked41:16
Afspil senere Afspil senere Lister Like LikedThere's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die? Also some musings about Bruce Schneier. Errata: Schneier's honorary PhD is from the University of Westminster, not UW. Transcript: https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-computer/ Links: https://arxiv.org/pdf/2212.12372.pdf https://eprint.iacr.org/2021/232.pdf https://github.com/lducas/SchnorrGate https://sweis.medium.com/did-schnorr-destroy-rsa-show-me-the-factors-dcb1bb980ab0 https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html https://scottaaronson.blog/?p=6957 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
David and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF. Transcript: https://securitycryptographywhatever.com/2023/01/04/end-of-year-wrap-up/ Links: https://tailscale.com/blog/tailnet-lock/ https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html https://groups.google.com/a/chromium.org/g/chromium-dev/c/0z-6VJ9ZpVU "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Software Safety and Twitter with Kevin Riggle 58:36
58:36 Afspil senere Afspil senere Lister Like Liked58:36
Afspil senere Afspil senere Lister Like LikedWe talk to Kevin Riggle ( @kevinriggle ) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half the audience! https://twitter.com/kevinriggle Transcript: https://securitycryptographywhatever.com/2022/11/24/software-safety-and-twitter-with-kevin-riggle/ Errata It was the Mars Climate Orbiter that crashed due to a units mismatch David confused the Dreamliner with the 737 Max Links https://free-dissociation.com/blog/posts/2018/08/why-is-it-so-hard-to-build-safe-software/ https://complexsystems.group/ https://how.complexsystems.fail/ https://noncombatant.org/2016/06/20/get-into-security-engineering/ https://blog.nelhage.com/2010/03/security-doesnt-respect-abstraction/ http://sunnyday.mit.edu/safer-world.pdf https://www.adaptivecapacitylabs.com/john-allspaw/ https://www.etsy.com/codeascraft/blameless-postmortems https://increment.com/security/approachable-threat-modeling/ https://www.nytimes.com/2022/11/17/arts/music/taylor-swift-tickets-ticketmaster.html https://www.hillelwayne.com/post/are-we-really-engineers/ https://www.hillelwayne.com/post/we-are-not-special/ https://www.hillelwayne.com/post/what-we-can-learn/ https://lotr.fandom.com/wiki/Denethor_II https://twitter.com/sarahjeong/status/1587597972136546304 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 WireGuard with Jason Donenfeld 1:21:06
1:21:06 Afspil senere Afspil senere Lister Like Liked1:21:06
Afspil senere Afspil senere Lister Like LikedHey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more! Transcript: https://securitycryptographywhatever.com/2021/12/05/wireguard-with-jason-donenfeld/ Links: WireGuard: https://www.wireguard.com Tamarin : https://tamarin-prover.github.io IDApro : https://hex-rays.com/ida-pro NIST PQC : https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions WireGuard Patreon : https://www.patreon.com/zx2c4 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 PAKEs, oPRFs, algebra with George Tankersley 1:15:09
1:15:09 Afspil senere Afspil senere Lister Like Liked1:15:09
Afspil senere Afspil senere Lister Like LikedA conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. With special guest, George Tankersley! Transcript: https://securitycryptographywhatever.com/2021/10/26/pakes-oprfs-algebra-with-george-tankersley/ Links: SRP deprecation: https://blog.cryptographyengineering.com/should-you-use-srp OPAQUE: https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.html obfs: https://github.com/shadowsocks/simple-obfs Elligator: https://elligator.cr.yp.to Hash to Curve: https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-12.html Magic Wormhole: https://github.com/magic-wormhole/magic-wormhole Biscuits: https://github.com/CleverCloud/biscuit Ristretto: https://ristretto.group Monero signature bug: https://www.getmonero.org/ru/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html SIDH smooth-order supersingular curves: https://link.springer.com/chapter/10.1007/978-3-662-53018-4_21 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
A lot of fixes got pushed in the past week! Please apply your updates! Apple, Chrome, Matrix, Azure, and more nonsense. Transcript: https://securitycryptographywhatever.com/2021/09/20/patch-damnit/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian Links! The accuvant story in MIT Technology Review All the Apple platforms patched FORCEDENTRY no-click 0-day Chrome patched some 0-days that were being exploited in the wild PASETO update "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 How to be a Certificate Authority with Ryan Sleevi 1:34:11
1:34:11 Afspil senere Afspil senere Lister Like Liked1:34:11
Afspil senere Afspil senere Lister Like LikedNot the hero the internet deserves, but the one we need: it's Ryan Sleevi! We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman. Transcript: https://securitycryptographywhatever.com/2021/09/06/how-to-be-a-certificate-authority-with-ryan-sleevi/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Apple's CSAM Detection with Matthew Green 52:57
52:57 Afspil senere Afspil senere Lister Like Liked52:57
Afspil senere Afspil senere Lister Like LikedWe're talking about Apple's new proposed client-side CSAM detection system . We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green. We cover how Apple's system works, what it does (and doesn't), where we have unanswered questions, and where some of the gaps are. Transcript: https://securitycryptographywhatever.com/2021/08/27/apple-s-csam-detection-with-matthew-green/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian Links: https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdf https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf https://www.law.cornell.edu/uscode/text/18/2258A https://www.missingkids.org/content/dam/missingkids/gethelp/2020-reports-by-esp.pdf https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does https://research.fb.com/blog/2021/02/understanding-the-intentions-of-child-sexual-abuse-material-csam-sharers/ https://www.nytimes.com/interactive/2019/11/09/us/internet-child-sex-abuse.html https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Platform Security Part Deux with Justin Schuh 1:20:02
1:20:02 Afspil senere Afspil senere Lister Like Liked1:20:02
Afspil senere Afspil senere Lister Like LikedWe did not run out of things to talk about: Chrome vs. Safari vs. Firefox. Rust vs. C++. Bug bounties vs. exploit development. The Peace Corps vs. The Marine Corps. Transcript: https://securitycryptographywhatever.com/2021/08/21/platform-security-part-deux-with-justin-schuh/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 What do we do about JWT? with Jonathan Rudenberg 1:14:56
1:14:56 Afspil senere Afspil senere Lister Like Liked1:14:56
Afspil senere Afspil senere Lister Like Liked🔥JWT🔥 We talk about all sorts of tokens: JWT, PASETO, Protobuf Tokens, Macaroons, and Biscuits. With the great Jonathan Rudenberg! After we recorded this, Thomas went deep on tokens even beyond what we talked about here: https://fly.io/blog/api-tokens-a-tedious-survey/ Transcript: https://securitycryptographywhatever.com/2021/08/12/what-do-we-do-about-jwt-with-jonathan-rudenberg/ Find us at: https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian https://twitter.com/scwpod "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 The Great "Roll Your Own Crypto" Debate with Filippo Valsorda 1:00:48
1:00:48 Afspil senere Afspil senere Lister Like Liked1:00:48
Afspil senere Afspil senere Lister Like LikedSpecial guest Filippo Valsorda joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general. After we recorded this, David went even deeper on 'rolling your own crypto' in a blog post here: https://dadrian.io/blog/posts/roll-your-own-crypto/ Transcript: https://securitycryptographywhatever.com/2021/07/31/the-great-roll-your-own-crypto-debate-with-filippo-valsorda/ Links: https://peter.website/meow-hash-cryptanalysis https://arxiv.org/pdf/2107.04940.pdf https://ristretto.group https://filippo.io/heartbleed Find us at: https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 NSO group, Pegasus, Zero-Days, i(OS|Message) security 59:35
59:35 Afspil senere Afspil senere Lister Like Liked59:35
Afspil senere Afspil senere Lister Like LikedDeirdre, Thomas and David talk about NSO group, Pegasus, whether iOS a burning trash fire, the zero-day market, and whether rewriting all of iOS in Swift is a viable strategy for reducing all these vulns. Transcript: https://securitycryptographywhatever.com/2021/07/26/nso-group-pegasus-zero-days-i-os-message-security/ Find us at: https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Matrix with Martin Albrecht and Dan Jones 1:06:24
1:06:24 Afspil senere Afspil senere Lister Like Liked1:06:24
Afspil senere Afspil senere Lister Like LikedNo not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic Vulnerabilities in Matrix". Transcript : https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/ Links: https://nebuchadnezzar-megolm.github.io/static/paper.pdf https://nebuchadnezzar-megolm.github.io Signal Private Group system: https://eprint.iacr.org/2019/1416.pdf https://signal.org/blog/signal-private-group-system/ https://spec.matrix.org/latest/ WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf https://www.usenix.org/conference/usenixsecurity21/presentation/albrecht FS, PCS etc Other clients: https://nvd.nist.gov/vuln/detail/CVE-2022-39252 https://nvd.nist.gov/vuln/detail/CVE-2022-39254 https://nvd.nist.gov/vuln/detail/CVE-2022-39264 https://dadrian.io/blog/posts/roll-your-own-crypto/ https://podcasts.apple.com/us/podcast/the-great-roll-your-own-crypto-debate-feat-filippo-valsorda/id1578405214?i=1000530617719 WhatsApp End-to-End Encrypted Backups: https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsapp Roll your own and Telegram: https://mtpsym.github.io/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
We have Sarah Harvey ( @worldwise001 on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas: SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.html SOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/ Transcript : https://securitycryptographywhatever.com/2022/10/16/SOC2-with-Sarah-Harvey/ Links: Tailscale recent post on getting SOC2’d: https://tailscale.com/blog/soc2-type2/ SSO Tax: https://sso.tax David’s previous job: https://getnametag.com David's other startup: https://censys.io Thomas works at https://fly.io "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers. Steven Chu: https://en.wikipedia.org/wiki/Steven_Chu CFB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB) CCFB: https://link.springer.com/chapter/10.1007/11502760_19 XXTEA: https://en.wikipedia.org/wiki/XXTEA CHERI: https://cseweb.ucsd.edu/~dstefan/cse227-spring20/papers/watson:cheri.pdf Transcript : https://securitycryptographywhatever.com/2022/09/29/nate-lawson-ii/ Errata : Pedram Amini did in fact do Pai Mei "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s. Transcript : https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/ References IBM S/390: https://ieeexplore.ieee.org/document/5389176 SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/ Errata HMAC actually published in 1996, not 1997 "That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Hot Cryptanalytic Summer with Steven Galbraith 52:35
52:35 Afspil senere Afspil senere Lister Like Liked52:35
Afspil senere Afspil senere Lister Like LikedAre the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here. Transcript: https://securitycryptographywhatever.com/2022/08/11/hot-cryptanalytic-summer-with-steven-galbraith/ Merch : https://merch.scwpodcast.com Links: https://eprint.iacr.org/2022/975.pdf https://eprint.iacr.org/2022/1026.pdf https://ellipticnews.wordpress.com/2022/07/31/breaking-supersingular-isogeny-diffie-hellman-sidh/ GPST active adaptive attack against SIDH: https://eprint.iacr.org/2016/859.pdf Failing to hash into supersingular isogeny graphs: https://eprint.iacr.org/2022/518.pdf https://research.nccgroup.com/2022/08/08/implementing-the-castryck-decru-sidh-key-recovery-attack-in-sagemath/ Kuperberg attack via Peikert: https://eprint.iacr.org/2019/725 .pdf SQISign: https://eprint.iacr.org/2020/1240.pdf (Post recording) Breaking SIDH in polynomial time: https://eprint.iacr.org/2022/1038.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys! David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings. Transcript : https://securitycryptographywhatever.com/2022/08/11/passkeys-with-adam-langley/ Links : GoogleIO Presentation WWDC Presentation W3C WebAuthN Adam's blog on passkeys and CABLE Cable / Hybrid PR CTAP spec from FIDO Noise NKPSK DERP Don't forget about merch! https://merch.securitycryptographywhatever.com/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs. Transcript : https://securitycryptographywhatever.com/2022/06/17/hertzbleed/ Links: Hertzbleed Attack | ellipticnews (wordpress.com) https://www.hertzbleed.com/hertzbleed.pdf https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920031 Merch : https://merch.scwpodcast.com "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 OMB Zero Trust Memo with Eric Mill 1:00:33
1:00:33 Afspil senere Afspil senere Lister Like Liked1:00:33
Afspil senere Afspil senere Lister Like LikedThe US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill , on to explain it to us. As always, your @SCWPod hosts are Deirdre Connolly ( @durumcrustulum ), Thomas Ptacek ( @tqbf ), and David Adrian ( @davidcadrian ). Transcript: https://securitycryptographywhatever.com/2022/06/10/omb-zero-trust-memo-with-eric-mill/ Links: OMB Memo Executive order on cybersecurity PIV card Derived PIV BeyondCorp HSTS Preloading .gov preloading Neither Rain, Nor Snow, Nor MITM EDR memo Technology Transformation Services (TTS) Is it Christmas? "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
We talk about Tink with Sophie Schmieg, cryptographer and algebraic geometer at Google. Transcript: https://securitycryptographywhatever.com/2022/05/28/tink-with-sophie-schmieg/ Links: Sophie: https://twitter.com/SchmiegSophie Tink: https://github.com/google/tink RWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8 Where to store keys: https://twitter.com/SchmiegSophie/status/1413502566797778948 EAX mode: https://en.wikipedia.org/wiki/EAX_mode AES-GCM-SIV: https://en.wikipedia.org/wiki/AES-GCM-SIV Deterministic AEADs: https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#deterministic-authenticated-encryption-with-associated-data Thai Duong: https://twitter.com/XorNinja AWS-SDK Vuln: https://twitter.com/XorNinja/status/1310587707605659649 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Cancellable Crypto Takes and Real World Crypto 1:11:04
1:11:04 Afspil senere Afspil senere Lister Like Liked1:11:04
Afspil senere Afspil senere Lister Like LikedLive from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program! Transcript : https://securitycryptographywhatever.com/2022/04/12/cancellable-crypto-takes-and-real-world-crypto/ Links: Tony's twete: https://twitter.com/bascule/status/1512539700220805124 Real World Crypto 2022: https://rwc.iacr.org/2022 Merch! https://merch.scwpodcast.com Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Lattices and Michigan Football with Chris Peikert 1:10:01
1:10:01 Afspil senere Afspil senere Lister Like Liked1:10:01
Afspil senere Afspil senere Lister Like LikedWe're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time! Transcript: https://securitycryptographywhatever.com/2022/03/12/lattices-and-michigan-football-with-chris-peikert/ Slides: https://web.eecs.umich.edu/~cpeikert/pubs/slides-qcrypt.pdf Links: He Gives C-Sieves on the CSIDH: https://eprint.iacr.org/2019/725 Lattice-based Cryptography: https://cims.nyu.edu/~regev/papers/pqc.pdf NIST PQC Competition: https://csrc.nist.gov/Projects/post-quantum-cryptography The 2nd Bar Ilan Winter School on Cryptography Lattice- Based Cryptography and Applications: https://www.youtube.com/playlist?list=PL8Vt-7cSFnw2OmpCmPLLwSx0-Yqb2ptqO A Decade of Lattice Cryptography: https://eprint.iacr.org/2015/939.pdf Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
We've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my! 🍪 Transcript: https://securitycryptographywhatever.com/2022/01/29/biscuits-with-geoffroy-couprie/ Links: Biscuits V2 : https://www.biscuitsec.org Experiments iterating on Biscuits: https://github.com/biscuit-auth/biscuit/tree/master/experimentations Apache Pulsar: https://pulsar.apache.org Spec: https://github.com/biscuit-auth/biscuit/blob/master/SPECIFICATIONS.md Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Tailscale with Avery Pennarun and Brad Fitzpatrick 1:18:22
1:18:22 Afspil senere Afspil senere Lister Like Liked1:18:22
Afspil senere Afspil senere Lister Like Liked“Can I Tailscale my Chromecast?” You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM. Transcript: https://securitycryptographywhatever.com/2022/01/15/tailscale-with-avery-pennarun-brad-fitzpatrick/ People: Avery Pennarun (@apenwarr) Brad Fitzpatrick (@bradfitz) Deirdre Connolly (@durumcrustulum) Thomas Ptacek (@tqbf) David Adrian (@davidcadrian) @SCWPod Links: DERP server: https://github.com/tailscale/tailscale/tree/main/derp https://xtermjs.org/ The Tail at Scale : https://research.google/pubs/pub40801/ Raft: https://raft.github.io/ Litestream: https://litestream.io/ MagicDNS: https://tailscale.com/kb/1081/magicdns/ Netstack: https://github.com/google/netstack "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 The feeling's mutual: mTLS with Colm MacCárthaigh 1:10:31
1:10:31 Afspil senere Afspil senere Lister Like Liked1:10:31
Afspil senere Afspil senere Lister Like LikedWe recorded this months ago, and now it's finally up! Colm MacCárthaigh joined us to chat about all things TLS, S2N , MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC. Transcript: https://securitycryptographywhatever.com/2021/12/29/the-feeling-s-mutual-mtls-with-colm-maccarthaigh/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
Happy New Year! Feliz Navidad! Merry Yule! Happy Hannukah! Pour one out for the log4j incident responders! We did a call-in episode on Twitter Spaces and recorded it, so that's why the audio sounds different. We talked about BLOCKCHAIN/Web3 (blech), testing, post-quantum crypto, client certificates, ssh client certificates, threshold cryptography, U2F/WebAuthn, car fob attacks, geese, and more! Transcript: https://securitycryptographywhatever.com/2021/12/21/holiday-call-in-spectacular/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
Velkommen til Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Minder om Security Cryptography Whatever
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
The Data Skeptic Podcast features interviews and discussion of topics related to data science, statistics, machine learning, artificial intelligence and the like, all from the perspective of applying critical thinking and the scientific method to evaluate the veracity of claims and efficacy of approaches.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
))
