Security. Cryptography. Whatever.

Follow Security. Cryptography. Whatever.
Share on
Copy link to clipboard

Some cryptography & security people talk about security, cryptography, and whatever else is happening.

Deirdre Connolly, Thomas Ptacek, David Adrian


    • May 19, 2025 LATEST EPISODE
    • monthly NEW EPISODES
    • 1h 4m AVG DURATION
    • 55 EPISODES


    Search for episodes from Security. Cryptography. Whatever. with a specific topic:

    Latest episodes from Security. Cryptography. Whatever.

    E2EE Storage Done Right with Matilda Backendal Jonas Hofmann and Kien Tuong Trong

    Play Episode Listen Later May 19, 2025 62:25 Transcription Available


    It seems like everyone that tries to deploy end-to-end encrypted cloudstorage seems to mess it up, often in new and creative ways. Our specialguests Matilda Backendal, Jonas Hofmann, and Kien Tuong Trong give us a tour through the breakage and discuss a new formal model of how to actually build a secure E2EE storage system.Watch on YouTube: https://youtu.be/sizLiK_byCwTranscript: https://securitycryptographywhatever.com/2025/05/19/e2ee-storage/Links:- https://brokencloudstorage.info- https://eprint.iacr.org/2024/989.pdf- https://www.sync.com- https://www.pcloud.com- https://icedrive.net- https://seafile.com- https://tresorit.com"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Picking Quantum Resistant Algorithms

    Play Episode Listen Later Mar 24, 2025 14:56 Transcription Available


    Migrating the US government to quantum-resistant cryptography is hard, luckily the gamer presidents are on it. This episode is extremely not safe for work, nor does it reflect the political opinions of, well, anybody."Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Apple Pulls Advanced Data Protection in the UK with Matt Green and Joe Hall

    Play Episode Listen Later Feb 25, 2025 48:30 Transcription Available


    Apple has pulled the availability of their opt-in iCloud end-to-end encryption feature, called Advanced Data Protection, in the UK. This doesn't only affect UK Apple users, however. To help us make sense of this surprising move from the fruit company, we got Matt Green, Associate Professor at Johns Hopkins, and Joe Hall, Distinguished Technologist at the Internet Society, on the horn. Recorded Saturday February 22nd, 2025.Transcript: https://securitycryptographywhatever.com/2025/02/24/apple-pulls-adp-in-uk/Watch episode on YouTube: https://youtu.be/LAn_yOGUkR0Links:- https://www.lawfaremedia.org/article/apples-cloud-key-vault-and-secure-law-enforcement-access- https://www.androidcentral.com/how-googles-backup-encryption-works-good-bad-and-ugly- https://gdpr.eu/right-to-be-forgotten/- https://www.legislation.gov.uk/id/ukpga/2024/9- https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html- https://en.wikipedia.org/wiki/Salt_Typhoon- Salt Typhoon: https://www.cisa.gov/news-events/news/strengthening-americas-resilience-against-prc-cyber-threats- https://www.bloomberg.com/news/articles/2025-02-21/apple-removes-end-to-end-encryption-feature-from-uk-after-backdoor-order- https://support.apple.com/en-us/102651"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Cryptanalyzing LLMs with Nicholas Carlini

    Play Episode Listen Later Jan 28, 2025 80:42 Transcription Available


    'Let us model our large language model as a hash function—' Sold.Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs and other attacks, just as the ones that made OpenAI turn off some features, hehehehe.Watch episode on YouTube: https://youtu.be/vZ64xPI2Rc0Transcript: https://securitycryptographywhatever.com/2025/01/28/cryptanalyzing-llms-with-nicholas-carlini/Links:- https://nicholas.carlini.com- “Stealing Part of a Production Language Model”: https://arxiv.org/pdf/2403.06634- ‘Why I attack"': https://nicholas.carlini.com/writing/2024/why-i-attack.html- “Cryptanalytic Extraction of Neural Network Models”, CRYPTO 2020: https://arxiv.org/abs/2003.04884- “Stochastic Parrots”: https://dl.acm.org/doi/10.1145/3442188.3445922- https://help.openai.com/en/articles/5247780-using-logit-bias-to-alter-token-probability-with-the-openai-api- https://community.openai.com/t/temperature-top-p-and-top-k-for-chatbot-responses/295542- https://opensource.org/license/mit- https://github.com/madler/zlib- https://ai.meta.com/blog/yann-lecun-ai-model-i-jepa/- https://nicholas.carlini.com/writing/2024/how-i-use-ai.html"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Biden's Cyber-Everything Bagel with Carole House

    Play Episode Listen Later Jan 21, 2025 57:14 Transcription Available


    Just a few days before turning off the lights, the Biden administration dropped a huge cybersecurity executive order including a lot of good stuff, that hopefully [cross your fingers, knock wood, spin around three times and spit] will last into future administrations. We snagged some time with Carole House, outgoing Special Advisor and Acting Senior Director for Cybersecurity and Critical Infrastructure Policy, National Security Council in the Biden-Harris White House, to give us a brain dump.And now due to popular demand, with video of our actual human¹ faces! https://youtu.be/Pqw0W2crQiMTranscript: https://securitycryptographywhatever.com/2025/01/20/bidens-cyber-everything-bagel-carole-house/Links:- https://www.federalregister.gov/d/2025-01470- https://www.wired.com/story/biden-executive-order-cybersecurity-ai-and-more/- 2022 EO: https://archive.ph/hvzWd- 2023 EO: https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security-1.pdf- 2021 EO: https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity- NIST SSDF: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf- https://www.federalregister.gov/documents/2015/04/02/2015-07788/blocking-the-property-of-certain-persons-engaging-in-significant-malicious-cyber-enabled-activities- IEEPA: https://www.govinfo.gov/content/pkg/USCODE-2023-title50/pdf/USCODE-2023-title50-chap35-sec1701.pdf¹ Actual human faces not guaranteed in all cases"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Quantum Willow with John Schanck and Samuel Jacques

    Play Episode Listen Later Dec 18, 2024 53:36 Transcription Available


    THE QUANTUM COMPUTERS ARE COMING...right? We got Samuel Jacques and John Schanck at short notice to answer that question plus a bunch of other about error correcting codes, logical qubits, T-gates, and more about Google's new quantum computer Willow.Transcript: https://securitycryptographywhatever.com/2024/12/18/quantum-willowLinks:- https://blog.google/technology/research/google-willow-quantum-chip/ - https://research.google/blog/making-quantum-error-correction-work/- https://blog.google/technology/google-deepmind/alphaqubit-quantum-error-correction/  - https://www.nature.com/articles/s41586-024-08449-y- Sam's ‘Landscape of Quantum Computing' chart: https://sam-jaques.appspot.com/quantum_landscape_2024  - The above, originally published in 2021: https://sam-jaques.appspot.com/quantum_landscape- https://sam-jaques.appspot.com- https://jmschanck.info/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Dual_EC_DRBG with Justin Schuh and Matthew Green

    Play Episode Listen Later Dec 7, 2024 67:45 Transcription Available


    Nothing we have ever recorded on SCW has brought so much joy toDavid. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body.Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup.Transcript: https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbgLinks:- Dicky George at InfiltrateCon 2014, 'Life at Both Ends of the Barrel - An NSA Targeting Retrospective': [https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q](https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q)- Dicky George: [https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/](https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/)- NYTimes on Sigint Enabling Project: [https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html](https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html)- On the Practical Exploitability of Dual ECin TLS Implementations: [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf)- Wired - Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA [https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/](https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/)- ProPublica - Revealed: The NSA's Secret Campaign to Crack, Undermine Internet Security [https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption](https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption)- DDoSecrets - Sigint Enabling Project: [https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf](https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf)- IAD: [https://www.iad.gov/](https://www.iad.gov/)- Ars Technica - “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic: [https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/](https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/)- 2015 IMPORTANT JUNIPER SECURITY ANNOUNCEMENT: [https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554](https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554)- Extended Random Values for TLS: [https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00](https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00)- The Art of Software Security Assessment: [https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426)"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep

    Play Episode Listen Later Oct 15, 2024 73:55 Transcription Available


    You may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time!

    Campaign Security

    Play Episode Listen Later Oct 13, 2024 83:24 Transcription Available


    With the 2024 United State Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late August, 2024.Links:- Active Measures by Thomas Rind- Aurora https://en.wikipedia.org/wiki/Operation_Aurora- Google APP announcement, October 2017: https://www.wired.com/story/google-advanced-protection-locks-down-accounts/- XXD https://linux.die.net/man/1/xxd- Adobe Reader October 2016 Security Update: https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Telegram with Matthew Green

    Play Episode Listen Later Sep 7, 2024 64:04 Transcription Available


    We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind!Transcript: https://securitycryptographywhatever.com/2024/09/06/telegramLinks:- https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/- Lavabit / Ladar Levinson: https://en.wikipedia.org/wiki/Lavabit- Pavel Durov indictment statement from French authorities: https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-08/2024-08-28%20-%20CP%20TELEGRAM%20mise%20en%20examen.pdf- MTProto 2.0 protocol spec: https://core.telegram.org/api/end-to-end- https://words.filippo.io/dispatches/telegram-ecdh/- MTProto 1.0 (old no longer used): - https://web.archive.org/web/20131220000537/https://core.telegram.org/api/end-to-end#key-generation- OTR: https://otr.cypherpunks.ca/otr-wpes.pdf- AES and sha2 used in ‘Infinite Garble Extension' mode: https://eprint.iacr.org/2015/1177.pdf- Four Attacks and a Proof for Telegram: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833666- History of Telegram e2ee chats availability: https://en.wikipedia.org/wiki/Telegram_(software)#Architecture- https://securitycryptographywhatever.com/2023/01/27/threema/- https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/- https://en.wikipedia.org/wiki/Matrix_(protocol), introduced in September 2014"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Summertime Sadness

    Play Episode Listen Later Jul 25, 2024 57:24 Transcription Available


    Are you going to be in Vegas during BlackHat / DEF CON? We're hosting a mixer, sponsored by Observa! We have limited capacity, so please only register if you can actually come. Location details are in the confirmation email. Tickets will be released in batches, so if you get waitlisted, there's a good chance you still get in. Looking forward to seeing you in Vegas!Ticket Link: https://www.eventbrite.com/e/scwpod-vegas-2024-tickets-946939099337We talk about CrowdStrike in this episode, but we know we made some mistakes:The sys files may be code in addition to data.The bug might be bigger than "just" a null pointer exception.Luckily, none of that is actually relevant to the main issues we discuss.Show page: https://securitycryptographywhatever.com/2024/07/24/summertime-sadness/Other Links:https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardizationhttps://dadrian.io/blog/posts/pqc-signatures-2024/https://dadrian.io/blog/posts/cto/https://www.blackhat.com/us-24/briefings/schedule/https://terrapin-attack.com/https://www.youtube.com/watch?v=-AqayGm0_pwMore like ClownStrike, amirite?"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Zero Day Markets with Mark Dowd

    Play Episode Listen Later Jun 24, 2024 85:49 Transcription Available


    We have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive security work.https://www.azimuthsecurity.com/https://www.vigilantlabs.com/https://github.com/mdowd79/presentations/blob/main/bluehat2023-mdowd-final.pdfhttps://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Hack-Different-Pwning-IOS-14-With-Generation-Z-Bug-wp.pdfhttps://i.blackhat.com/USA-19/Wednesday/us-19-Shwartz-Selling-0-Days-To-Governments-And-Offensive-Security-Companies.pdf"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    ekr

    Play Episode Listen Later May 24, 2024 108:16 Transcription Available


    iykykTranscript: https://securitycryptographywhatever.com/2024/05/25/ekr/Links:- https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt- https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf- https://datatracker.ietf.org/doc/html/rfc8446- SoK: SCT Auditing in Certificate Transparency: https://arxiv.org/pdf/2203.01661- A hard look at Certificate Transparency, Part I: Transparency Systems: https://educatedguesswork.org/posts/transparency-part-1/- A hard look at Certificate Transparency: CT in Reality: https://educatedguesswork.org/posts/transparency-part-2/- E2EE on the web: is the web really that bad? https://emilymstark.com/2024/02/09/e2ee-on-the-web-is-the-web-really-that-bad.html- Launching Default End-to-End Encryption on Messenger: https://about.fb.com/news/2023/12/default-end-to-end-encryption-on-messenger/- ekr's newsletter: https://educatedguesswork.org- Over 25 years of ekr RFCs: https://www.rfc-editor.org/search/rfc_search_detail.php?sortkey=Date&sorting=DESC&page=All&author=rescorla&pubstatus[]=Any&pub_date_type=anySubscribe to his newsletter at https://educatedguesswork.org/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    STIR/SHAKEN with Paul Grubbs and Josh Brown

    Play Episode Listen Later Apr 30, 2024 61:47 Transcription Available


    Josh Brown and Paul Grubbs join us to describe how those damned spam calls work, and how STIR/SHAKEN is supposed to try to stop them, but have other privacy and security implications as well. Transcript: https://securitycryptographywhatever.com/2024/04/30/stir-shaken/Links: - https://iacr.org/submit/files/slides/2024/rwc/rwc2024/98/slides.pdf- https://www.youtube.com/watch?v=3trxXF0-fRU- Paul Grubbs: https://web.eecs.umich.edu/~paulgrub/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Cryptography Tier List

    Play Episode Listen Later Mar 23, 2024 19:28


    (NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed this podcast."Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Post-Quantum iMessage with Douglas Stebila

    Play Episode Listen Later Mar 3, 2024 55:34 Transcription Available


    Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they're going post-quantum, AND they're doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations:Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebila/Links:- https://security.apple.com/blog/imessage-pq3/- Security analysis of the iMessage PQ3 protocolhttps://security.apple.com/assets/files/A_Formal_Analysis_of_the_iMessage_PQ3_Messaging_Protocol_Basin_et_al.pdf- Ratcheting design: https://eprint.iacr.org/2024/220.pdf- When Messages are Keys: Is HMAC a dual-PRF?: https://eprint.iacr.org/2023/861.pdf- Real World Deniability in Messaging: https://eprint.iacr.org/2023/403.pdf- Padmé: https://www.petsymposium.org/2019/files/papers/issue4/popets-2019-0056.pdf- Max Headroom: https://www.youtube.com/watch?v=cYdpOjletnc- Extended Canetti-Krawczyk model: https://iacr.org/archive/eurocrypt2001/20450451.pdf- Douglas Stebila: https://www.douglas.stebila.ca/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    High-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik Bhargavan

    Play Episode Listen Later Jan 29, 2024 56:13 Transcription Available


    We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code!Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assurance-kyber/Links:- https://cryspen.com/post/ml-kem-implementation/- https://github.com/cryspen/libcrux/- https://github.com/formosa-crypto/libjade- https://cryspen.com/post/pqxdh/- https://eprint.iacr.org/2023/1933.pdf- Franziskus Kiefer: https://franziskuskiefer.de/- Karthik Bhargavan: https://bhargavan.info/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Encrypting Facebook Messenger with Jon Millican and Timothy Buck

    Play Episode Listen Later Dec 23, 2023 59:35 Transcription Available


    Facebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major cross-platform endeavor, and how David Bowie fits into their personal Labyrinth.Transcript: https://securitycryptographywhatever.com/2023/12/28/e2ee-fb-messenger/Links:- https://www.facebook.com/notes/2420600258234172- https://eprint.iacr.org/2022/1044.pdf- https://engineering.fb.com/2023/12/06/security/building-end-to-end-security-for-messenger/- https://www.theverge.com/2023/12/6/23991501/facebook-messenger-default-end-to-end-encryption-meta- https://www.threads.net/@jonmillican/post/C0kQPAyoFpr- https://engineering.fb.com/wp-content/uploads/2023/12/MessengerEnd-to-EndEncryptionOverview_12-6-2023.pdf- https://engineering.fb.com/wp-content/uploads/2023/12/TheLabyrinthEncryptedMessageStorageProtocol_12-6-2023.pdf- https://engineering.fb.com/2022/03/10/security/code-verify/- https://chrome.google.com/webstore/detail/code-verify/llohflklppcaghdpehpbklhlfebooeog"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Attacking Lattice-based Cryptography with Martin Albrecht

    Play Episode Listen Later Nov 13, 2023 57:20 Transcription Available


    Returning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my!Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/Links:- https://pq-crystals.org/kyber/index.shtml- https://pq-crystals.org/dilithium/index.shtml- https://eprint.iacr.org/2019/930.pdf- https://en.wikipedia.org/wiki/Short_integer_solution_problem- Frodo: https://eprint.iacr.org/2016/659- https://csrc.nist.gov/CSRC/media/Events/third-pqc-standardization-conference/documents/accepted-papers/ribeiro-saber-pq-key-pqc2021.pdf- https://en.wikipedia.org/wiki/Hermite_normal_form- https://en.wikipedia.org/wiki/Wagner%E2%80%93Fischer_algorithm- https://www.math.auckland.ac.nz/~sgal018/crypto-book/ch18.pdf- https://eprint.iacr.org/2019/1161- QRAM: https://arxiv.org/abs/2305.10310- https://en.wikipedia.org/wiki/Lenstra%E2%80%93Lenstra%E2%80%93Lov%C3%A1sz_lattice_basis_reduction_algorithm- MATZOV improved dual lattice attack: https://zenodo.org/records/6412487- https://eprint.iacr.org/2008/504.pdf- https://eprint.iacr.org/2023/302.pdf"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted

    Play Episode Listen Later Nov 7, 2023 79:05 Transcription Available


    We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser.Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etcLinks:- https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/- https://github.com/superfly/macaroon- https://cryspen.com/post/pqxdh/- https://eprint.iacr.org/2023/1390.pdf"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    'Jerry Solinas deserves a raise' with Steve Weis

    Play Episode Listen Later Oct 12, 2023 57:31 Transcription Available


    We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis!“At the point where we find an intelligible English string that generates theNIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.”Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curvesLinks:- Steve's post: https://saweis.net/posts/nist-curve-seed-origins.html- ANSI X9.62 ECDSA: https://safecurves.cr.yp.to/grouper.ieee.org/groups/1363/private/x9-62-09-20-98.pdf / FIPS 186-2 https://csrc.nist.gov/files/pubs/fips/186-2/final/docs/fips186-2.pdf- “A RIDDLE WRAPPED IN AN ENIGMA”: https://eprint.iacr.org/2015/1018.pdf- https://arstechnica.com/information-technology/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/- https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-institute-of-standards-and-technology-78756/- https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-security-agency-78755/- Filippo's bounty: https://words.filippo.io/dispatches/seeds-bounty/- Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters - NIST 800-186 with Curve25519 and friends- RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier- https://www.rfc-editor.org/rfc/rfc4492#section-6- https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/- https://en.wikipedia.org/wiki/Bullrun_(decryption_program)- https://en.wikipedia.org/wiki/BSAFE- https://sockpuppet.org/blog/2015/08/04/is-extended-random-malicious/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades

    Play Episode Listen Later Sep 13, 2023 58:35 Transcription Available


    We're back from our summer vacation! We're covering a bunch of stuff we saw and did:Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/Links:- Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html- Downfall: https://downfall.page- Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Why do we think anything is secure, with Steve Weis

    Play Episode Listen Later Jun 29, 2023 46:17 Transcription Available


    What does P vs NP have to do with cryptography? Why do people love and laugh about the random oracle model? What's an oracle? What do you mean factoring and discrete log don't have proofs of hardness? How does any of this cryptography stuff work, anyway? We trapped Steve Weis into answering our many questions.Transcript: https://securitycryptographywhatever.com/2023/06/29/why-do-we-think-anything-is-secure-with-steve-weis/Links:- The Random Oracle Methodology, Revisited: https://eprint.iacr.org/1998/011.pdf- Factoring integers with CADO-NFS: https://www.ens-lyon.fr/LIP/AriC/wp-content/uploads/2015/03/JDetrey-tutorial.pdf- On One-way Functions from NP-Complete Problems: https://eprint.iacr.org/2021/513.pdf- Seny Kamara's lecture notes on provable security: https://cs.brown.edu/~seny/2950-v/2-provablesecurity.pdf- How To Simulate It – A Tutorial on the Simulation Proof Technique: https://eprint.iacr.org/2016/046.pdf- A Survey of Leakage-Resilient Cryptography: https://eprint.iacr.org/2019/302- A Decade of Lattice Cryptography: https://eprint.iacr.org/2015/939.pdf"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Elon's Encrypted DMs with Matthew Garrett

    Play Episode Listen Later May 29, 2023 52:28 Transcription Available


    Are Twitter's new encrypted DMs unreadable even if you put a gun to Elon's head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/Links:https://mjg59.dreamwidth.org/66791.htmlhttps://help.twitter.com/en/using-twitter/encrypted-direct-messageshttps://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/BrokenKDF2BytesGenerator: https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java#L70Analysis from sweis: https://twitter.com/sweis/status/1657082478727933954?s=20https://signal.org/docs/specifications/x3dh/https://signal.org/docs/specifications/doubleratchet/https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-MessagesTrail of Bits has not audited nor signed a contract yet, per Platformer: https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi

    Play Episode Listen Later May 6, 2023 55:43 Transcription Available


    WhatsApp has announced they're rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works.Transcript: https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparencyLinks: https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/https://github.com/facebook/akdParkeet: https://eprint.iacr.org/2023/081.pdfCONIKS: https://eprint.iacr.org/2014/1004.pdfSEEMless: https://eprint.iacr.org/2018/607.pdfWhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdfKeybase key transparency: https://book.keybase.io/docs/server"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Messaging Layer Security (MLS) with Raphael Robert

    Play Episode Listen Later Apr 22, 2023 55:02 Transcription Available


    Messaging Layer Security (MLS) 1.0 is (basically) here! We invited RaphaelRobert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?)Transcript:https://securitycryptographywhatever.com/2023/04/22/mls/Links:- https://messaginglayersecurity.rocks/- https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html- https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html- https://github.com/openmls/openmls- https://eprint.iacr.org/2022/1533.pdf- https://eprint.iacr.org/2020/1327.pdf- https://eprint.iacr.org/2022/559.pdf- https://signal.org/docs/- https://en.wikipedia.org/wiki/Key_encapsulation_mechanism- https://twitter.com/beurdouche/status/1220617962182389760- https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#mls-ciphersuites- https://www.ietf.org/archive/id/draft-ietf-mls-federation-02.html- https://datatracker.ietf.org/wg/mimi/documents/- https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en- Yes in the protocol document this is 1.0: https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#section-6"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Real World: Crypto (2023)

    Play Episode Listen Later Mar 25, 2023 54:51 Transcription Available


    Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken.Linkshttps://rwc.iacr.org/2023/https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.htmlTranscript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Threema with Kenny Paterson, Matteo Scarlata, & Kien Tuong Truong

    Play Episode Listen Later Jan 27, 2023 63:55 Transcription Available


    Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Scarlata Matteo, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts.Transcript: https://share.descript.com/view/FrejxahpsGDLinks:https://breakingthe3ma.app/https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdfhttps://threema.ch/en/blog/posts/ibex"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Has RSA been destroyed by a quantum computer???

    Play Episode Listen Later Jan 7, 2023 41:16 Transcription Available


    There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die?Also some musings about Bruce Schneier.Transcript:https://beta-share.descript.com/view/JQL7kRwgfJaLinks:https://arxiv.org/pdf/2212.12372.pdfhttps://eprint.iacr.org/2021/232.pdfhttps://github.com/lducas/SchnorrGatehttps://sweis.medium.com/did-schnorr-destroy-rsa-show-me-the-factors-dcb1bb980ab0https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.htmlhttps://scottaaronson.blog/?p=6957"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    End of Year Wrap Up

    Play Episode Listen Later Jan 5, 2023 59:27 Transcription Available


    David and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF.Transcript:https://beta-share.descript.com/view/i75G8aN6BLiLinks:https://tailscale.com/blog/tailnet-lock/https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.htmlhttps://groups.google.com/a/chromium.org/g/chromium-dev/c/0z-6VJ9ZpVU"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Software Safety and Twitter with Kevin Riggle

    Play Episode Listen Later Nov 24, 2022 58:36 Transcription Available


    We talk to Kevin Riggle (@kevinriggle) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half the audience!https://twitter.com/kevinriggleTranscript: https://beta-share.descript.com/view/WTrQGK4xEVj ErrataIt was the Mars Climate Orbiter that crashed due to a units mismatchDavid confused the Dreamliner with the 737 MaxLinkshttps://free-dissociation.com/blog/posts/2018/08/why-is-it-so-hard-to-build-safe-software/https://complexsystems.group/https://how.complexsystems.fail/https://noncombatant.org/2016/06/20/get-into-security-engineering/https://blog.nelhage.com/2010/03/security-doesnt-respect-abstraction/http://sunnyday.mit.edu/safer-world.pdfhttps://www.adaptivecapacitylabs.com/john-allspaw/https://www.etsy.com/codeascraft/blameless-postmortemshttps://increment.com/security/approachable-threat-modeling/https://www.nytimes.com/2022/11/17/arts/music/taylor-swift-tickets-ticketmaster.htmlhttps://www.hillelwayne.com/post/are-we-really-engineers/https://www.hillelwayne.com/post/we-are-not-special/https://www.hillelwayne.com/post/what-we-can-learn/https://lotr.fandom.com/wiki/Denethor_IIhttps://twitter.com/sarahjeong/status/1587597972136546304"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    safety software dreamliner riggle mars climate orbiter thomas ptacek
    Matrix, with Martin Albrecht & Dan Jones

    Play Episode Listen Later Nov 2, 2022 66:24 Transcription Available


    No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable CryptographicVulnerabilities in Matrix".Links: https://nebuchadnezzar-megolm.github.io/static/paper.pdfhttps://nebuchadnezzar-megolm.github.ioSignal Private Group system: https://eprint.iacr.org/2019/1416.pdfhttps://signal.org/blog/signal-private-group-system/https://spec.matrix.org/latest/WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdfhttps://www.usenix.org/conference/usenixsecurity21/presentation/albrecht FS, PCS etcOther clients: https://nvd.nist.gov/vuln/detail/CVE-2022-39252 https://nvd.nist.gov/vuln/detail/CVE-2022-39254 https://nvd.nist.gov/vuln/detail/CVE-2022-39264 https://dadrian.io/blog/posts/roll-your-own-crypto/https://podcasts.apple.com/us/podcast/the-great-roll-your-own-crypto-debate-feat-filippo-valsorda/id1578405214?i=1000530617719 WhatsApp End-to-End Encrypted Backups: https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsappRoll your own and Telegram: https://mtpsym.github.io/ Transcript: https://beta-share.descript.com/view/u3VFzjvqrql"Security. Cryptography. Whatever." is hosted by Deirdre Connolly, Thomas Ptacek, and David Adrian.

    SOC2 with Sarah Harvey

    Play Episode Listen Later Oct 16, 2022 61:37 Transcription Available


    We have Sarah Harvey (@worldwise001 on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas:SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.htmlSOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/Links:Tailscale recent post on getting SOC2'd: https://tailscale.com/blog/soc2-type2/SSO Tax: https://sso.taxDavid's previous job: https://getnametag.comDavid's other startup: https://censys.ioThomas works at https://fly.io"Security. Cryptography. Whatever." is hosted by Deirdre Connolly, Thomas Ptacek, and David Adrian.Transcript: https://beta-share.descript.com/view/XF24jrLSOX9

    Nate Lawson II

    Play Episode Listen Later Sep 29, 2022 83:19 Transcription Available


    This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers.Steven Chu: https://en.wikipedia.org/wiki/Steven_ChuCFB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)CCFB: https://link.springer.com/chapter/10.1007/11502760_19XXTEA: https://en.wikipedia.org/wiki/XXTEACHERI: https://cseweb.ucsd.edu/~dstefan/cse227-spring20/papers/watson:cheri.pdf"Security. Cryptography. Whatever." is hosted by Deirdre Connolly, Thomas Ptacek, and David Adrian.Transcript: https://share.descript.com/view/0KOcX9TR05pErrata:Pedram Amini did in fact do Pai Mei

    Nate Lawson: Part 1

    Play Episode Listen Later Sep 9, 2022 80:11 Transcription Available


    We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.ReferencesIBM S/390: https://ieeexplore.ieee.org/document/5389176SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.htmlXbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_AttackGoogle Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/ErrataHMAC actually published in 1996, not 1997"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card"Security. Cryptography. Whatever." is hosted by Deirdre Connolly, Thomas Ptacek, and David Adrian.Transcript: https://share.descript.com/view/lhzrbt6hDeL

    Hot Cryptanalytic Summer feat. Steven Galbraith

    Play Episode Listen Later Aug 11, 2022 52:35


    Are the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here.Transcript: https://share.descript.com/view/Xiv307FvOPAMerch: https://merch.scwpodcast.comLinks:https://eprint.iacr.org/2022/975.pdfhttps://eprint.iacr.org/2022/1026.pdfhttps://ellipticnews.wordpress.com/2022/07/31/breaking-supersingular-isogeny-diffie-hellman-sidh/GPST active adaptive attack against SIDH: https://eprint.iacr.org/2016/859.pdfFailing to hash into supersingular isogeny graphs: https://eprint.iacr.org/2022/518.pdfhttps://research.nccgroup.com/2022/08/08/implementing-the-castryck-decru-sidh-key-recovery-attack-in-sagemath/Kuperberg attack via Peikert: https://eprint.iacr.org/2019/725.pdfSQISign: https://eprint.iacr.org/2020/1240.pdf(Post recording)  Breaking SIDH in polynomial time:https://eprint.iacr.org/2022/1038.pdf"Security. Cryptography. Whatever." is hosted by Deirdre Connolly, Thomas Ptacek, and David Adrian. 

    Passkeys feat. Adam Langley

    Play Episode Listen Later Aug 11, 2022 63:01


    Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys!David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings.Transcript: https://share.descript.com/view/pBAXADn8gKWLinks:GoogleIO PresentationWWDC PresentationW3C WebAuthNAdam's blog on passkeys and CABLECable / Hybrid PRCTAP spec from FIDONoise NKPSKDERPDon't forget about merch! https://merch.securitycryptographywhatever.com/"Security. Cryptography. Whatever." is hosted by Deirdre Connolly, Thomas Ptacek, and David Adrian. 

    Hertzbleed

    Play Episode Listen Later Jun 18, 2022 58:39 Transcription Available


    Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs.Transcript: https://share.descript.com/view/lPM4lsxha63 Links:Hertzbleed Attack | ellipticnews (wordpress.com)https://www.hertzbleed.com/hertzbleed.pdfhttps://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920031Merch: https://merch.scwpodcast.com"Security. Cryptography. Whatever." is hosted by Deirdre Connolly, Thomas Ptacek, and David Adrian. 

    OMB Zero Trust Memo, with Eric Mill

    Play Episode Listen Later Jun 11, 2022 60:33


    The US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill, on to explain it to us.As always, your @SCWPod hosts are Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian).Transcript: https://share.descript.com/view/UayEVA596OKLinks:OMB MemoExecutive order on cybersecurity PIV card Derived PIVBeyondCorpHSTS Preloading.gov preloading Neither Rain, Nor Snow, Nor MITMEDR memoTechnology Transformation Services (TTS)Is it Christmas?

    Tink, with Sophie Schmieg

    Play Episode Listen Later May 28, 2022 67:02


    We talk about Tink with Sophie Schmieg, a cryptographer and algebraic geometer at Google.Transcript: https://beta-share.descript.com/view/v2Q5Ix8pvbDLinks:Sophie: https://twitter.com/SchmiegSophieTink: https://github.com/google/tinkRWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8Where to store keys: https://twitter.com/SchmiegSophie/status/1413502566797778948EAX mode: https://en.wikipedia.org/wiki/EAX_modeAES-GCM-SIV: https://en.wikipedia.org/wiki/AES-GCM-SIVDeterministic AEADs: https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#deterministic-authenticated-encryption-with-associated-dataThai Duong: https://twitter.com/XorNinjaAWS-SDK Vuln: https://twitter.com/XorNinja/status/1310587707605659649"Security. Cryptography. Whatever." is hosted by Deirdre Connolly, Thomas Ptacek, and David Adrian. 

    Cancellable Crypto Takes, and Real World Crypto

    Play Episode Listen Later Apr 13, 2022 71:04 Transcription Available


    Live from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program!Transcript: https://share.descript.com/view/GiVlw4qKV2iLinks:Tony's twete: https://twitter.com/bascule/status/1512539700220805124Real World Crypto 2022: https://rwc.iacr.org/2022Merch! https://merch.scwpodcast.comFind us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian

    Lattices and Michigan Football, feat. Chris Peikert

    Play Episode Listen Later Mar 13, 2022 70:01 Transcription Available


    We're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time!Transcript: https://share.descript.com/view/El2a4Z7OLsdSlides: https://web.eecs.umich.edu/~cpeikert/pubs/slides-qcrypt.pdfLinks:He Gives C-Sieves on the CSIDH: https://eprint.iacr.org/2019/725Lattice-based Cryptography: https://cims.nyu.edu/~regev/papers/pqc.pdfNIST PQC Competition: https://csrc.nist.gov/Projects/post-quantum-cryptography The 2nd Bar Ilan Winter School on Cryptography Lattice- Based Cryptography and Applications: https://www.youtube.com/playlist?list=PL8Vt-7cSFnw2OmpCmPLLwSx0-Yqb2ptqOA Decade of Lattice Cryptography: https://eprint.iacr.org/2015/939.pdfFind us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian

    Biscuits, feat. Geoffroy Couprie

    Play Episode Listen Later Jan 29, 2022 58:55 Transcription Available


    We've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my!

    Tailscale, feat. Avery Pennarun and Brad Fitzpatrick

    Play Episode Listen Later Jan 15, 2022 78:22 Transcription Available


    “Can I Tailscale my Chromecast?” You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM.People:Avery Pennarun (@apenwarr)Brad Fitzpatrick (@bradfitz)Deirdre Connolly (@durumcrustulum)Thomas Ptacek (@tqbf)David Adrian (@davidcadrian)@SCWPodLinks:DERP server: https://github.com/tailscale/tailscale/tree/main/derphttps://xtermjs.org/The Tail at Scale : https://research.google/pubs/pub40801/Raft: https://raft.github.io/Litestream: https://litestream.io/MagicDNS: https://tailscale.com/kb/1081/magicdns/Netstack: https://github.com/google/netstackTranscript: https://share.descript.com/view/2NAe5jEcEqB

    The feeling's mutual: mTLS, feat. Colm MacCárthaigh

    Play Episode Listen Later Dec 29, 2021 70:31


    We recorded this months ago, and now it's finally up! Colm MacCárthaigh joined us to chat about all things TLS, S2N, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC.Transcript: https://share.descript.com/view/tjrQu8wZKT0Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian

    Holiday Call-in Spectacular!

    Play Episode Listen Later Dec 22, 2021 82:09 Transcription Available


    Happy New Year! Feliz Navidad! Merry Yule! Happy Hannukah! Pour one out for the log4j incident responders!We did a call-in episode on Twitter Spaces and recorded it, so that's why the audio sounds different. We talked about BLOCKCHAIN/Web3 (blech), testing, post-quantum crypto, client certificates, ssh client certificates, threshold cryptography, U2F/WebAuthn, car fob attacks, geese, and more!Transcript: https://share.descript.com/view/N9ROtj1AiW0Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian 

    WireGuard, feat. Jason Donenfeld

    Play Episode Listen Later Dec 5, 2021 81:06 Transcription Available


    Hey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more!Transcript: https://share.descript.com/view/olVgXGtRpsYLinks: WireGuard: https://www.wireguard.comTamarin: https://tamarin-prover.github.ioIDApro: https://hex-rays.com/ida-proNIST PQC: https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissionsWireGuard Patreon: https://www.patreon.com/zx2c4

    vpn wireguard donenfeld
    PAKEs, oPRFs, algebra, feat. George Tankersley

    Play Episode Listen Later Oct 26, 2021 75:09 Transcription Available


    A conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. With special guest, George Tankersley!Transcript: https://share.descript.com/view/X8x8oO2Q8TwLinks: SRP deprecation: https://blog.cryptographyengineering.com/should-you-use-srpOPAQUE: https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.htmlobfs: https://github.com/shadowsocks/simple-obfsElligator: https://elligator.cr.yp.toHash to Curve: https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-12.htmlMagic Wormhole: https://github.com/magic-wormhole/magic-wormholeBiscuits: https://github.com/CleverCloud/biscuitRistretto: https://ristretto.groupMonero signature bug: https://www.getmonero.org/ru/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.htmlSIDH smooth-order supersingular curves: https://link.springer.com/chapter/10.1007/978-3-662-53018-4_21

    "Patch, Damnit!"

    Play Episode Listen Later Sep 20, 2021 74:56 Transcription Available


    A lot of fixes got pushed in the past week! Please apply your updates! Apple, Chrome, Matrix, Azure, and more nonsense.Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrianLinks!The accuvant story in MIT Technology ReviewAll the Apple platforms patched FORCEDENTRY no-click 0-dayChrome patched some 0-days that were being exploited in the wildPASETO update Transcript: https://share.descript.com/view/Um4im6a3dqj

    How to be a Certificate Authority, feat. Ryan Sleevi

    Play Episode Listen Later Sep 6, 2021 94:11 Transcription Available


    Not the hero the internet deserves, but the one we need: it's Ryan Sleevi!We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman.Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian

    Apple's CSAM Detection, feat. Matthew Green

    Play Episode Listen Later Aug 28, 2021 52:57 Transcription Available


    We're talking about Apple's new proposed client-side CSAM detection system. We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green.We cover how Apple's system works, what it does (and doesn't), where we have unanswered questions, and where some of the gaps are.Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrianLinks:https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdfhttps://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdfhttps://www.law.cornell.edu/uscode/text/18/2258Ahttps://www.missingkids.org/content/dam/missingkids/gethelp/2020-reports-by-esp.pdfhttps://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CThttps://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_doeshttps://research.fb.com/blog/2021/02/understanding-the-intentions-of-child-sexual-abuse-material-csam-sharers/https://www.nytimes.com/interactive/2019/11/09/us/internet-child-sex-abuse.htmlhttps://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf

    Claim Security. Cryptography. Whatever.

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel