Claim OwnershipSecurity Cryptography Whatever
Subscribed: 178Played: 2,118
Subscribe
© 2024 Security Cryptography Whatever
Description
Some cryptography & security people talk about security, cryptography, and whatever else is happening.
48 Episodes
Reverse
You may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/Links:- https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html- “Safe Coding”: https://dl.acm.org/doi/10.1145/3651621- “e...
With the 2024 United States Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late August, 2024.Transcript: https://securitycryptographywhatever.com/2024/10/13/campaign-security/Links:- Active Measures by Thomas Rind: https://us.macmillan.com/books/9780374287269/activemeasures- Aurora: https://en.wikipedia.org/wiki/Operation\_Aurora- Google APP announcement, Oc...
We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind!Transcript: https://securitycryptographywhatever.com/2024/09/06/telegramLinks:- https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/- Lav...
Are you going to be in Vegas during BlackHat / DEF CON? We're hosting a mixer, sponsored by Observa! We have limited capacity, so please only register if you can actually come. Location details are in the confirmation email. Tickets will be released in batches, so if you get waitlisted, there's a good chance you still get in. Looking forward to seeing you in Vegas!Ticket Link: https://www.eventbrite.com/e/scwpod-vegas-2024-tickets-946939099337We talk about CrowdStrike in this episode, but we ...
We have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive security work.Transcript: https://securitycryptographywhatever.com/2024/06/24/mdowd/Links:https://www.azimuthsecurity.com/https://www.vigilantlabs.com/https://github.com/mdowd79/presentations/blob/main/bluehat2023-mdowd-final.pdfhttps://i.blackhat.com/USA21/Wednesday-Handouts...
iykykTranscript: https://securitycryptographywhatever.com/2024/05/25/ekr/Links:- https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt- https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf- https://datatracker.ietf.org/doc/html/rfc8446- SoK: SCT Auditing in Certificate Transparency: https://arxiv.org/pdf/2203.01661- A hard look at Certificate Transparency, Part I: Transparency Systems: https://educatedguesswork.org/posts/transparency-part-1/- A hard look at Certificate Transpa...
Josh Brown and Paul Grubbs join us to describe how those damned spam calls work, and how STIR/SHAKEN is supposed to try to stop them, but have other privacy and security implications as well. Transcript: https://securitycryptographywhatever.com/2024/04/30/stir-shaken/Links: - https://iacr.org/submit/files/slides/2024/rwc/rwc2024/98/slides.pdf- https://www.youtube.com/watch?v=3trxXF0-fRU- Paul Grubbs: https://web.eecs.umich.edu/~paulgrub/"Security Cryptography Whatever" is hosted by ...
(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed this podcast."Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations:Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebila/Links:- https://security.apple.com/blog/imessage-pq3/- Security analysis of the iMessage PQ3 pr...
We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code!Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assurance-kyber/Links:- https://cryspen.com/post/ml-kem-implementation/- https://github.com/cryspen/libcrux/- https://github.com/formosa-crypto/libjade- h...
Facebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major cross-platform endeavor, and how David Bowie fits into their personal Labyrinth.Transcript: https://securitycryptographywhatever.com/2023/12/28/e2ee-fb-messenger/Links:- https://www.facebook.com/notes/2420600258234172- https://eprint.iacr.org/2022/1044....
1Returning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my!Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/Links:- https://pq-crystals.org/kyber/index.shtml- https://pq-crystals.org/dilithium/index.shtml- https://eprint.iacr.org/2019/930.pdf- https://en.wikipedia.org/wiki/Short_integer_solution_problem- Frodo: https://eprint.iacr.org/201...
We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser.Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etcLinks:- https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/- https://github....
We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis!“At the point where we find an intelligible English string that generates theNIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.”Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curvesLinks:- Steve’s post: https://saweis.net/posts/nist-curve-seed-origins.html- ANSI X9.62 ECDSA: https://safecurves.cr.yp.to/group...
We're back from our summer vacation! We're covering a bunch of stuff we saw and did:Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/Links:- Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html- Downfall: https://downfall.page- Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcad...
What does P vs NP have to do with cryptography? Why do people love and laugh about the random oracle model? What's an oracle? What do you mean factoring and discrete log don't have proofs of hardness? How does any of this cryptography stuff work, anyway? We trapped Steve Weis into answering our many questions.Transcript: https://securitycryptographywhatever.com/2023/06/29/why-do-we-think-anything-is-secure-with-steve-weis/Links:- The Random Oracle Methodology, Revisited: https://eprint.i...
Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/Links:https://mjg59.dreamwidth.org/66791.htmlhttps://help.twitter.com/en/using-twitter/encrypted-direct-messageshttps://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-d...
WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works.Transcript: https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparencyLinks: https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/https://github.com/facebook/akdParkeet: https://eprint.iacr.org/2023/081.pdfCONIKS: https://eprint.iac...
Messaging Layer Security (MLS) 1.0 is (basically) here! We invited RaphaelRobert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?)Transcript:https://securitycryptographywhatever.com/2023/04/22/mls/Links:- https://messaginglayersecurity.rocks/- https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html- https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html- https://github.co...
Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken.Linkshttps://rwc.iacr.org/2023/https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.htmlTranscript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
Download from Google Play
Download from App Store
United States
I liked it.🤙🥇