Some cryptography & security people talk about security, cryptography, and whatever else is happening.
…
continue reading
DJ Cryptography, who creates music beats, showing the basics of how to create grooves and teaching cryptographic terminology, now has a podcast! It's geared for children, but anyone can enjoy.
…
continue reading
Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM.
…
continue reading
this feed is not currently active. We may posts the occasional song/episode eventually.Av DJ Cryptography
…
continue reading
1
A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep
1:13:55
1:13:55
Spill senere
Spill senere
Lister
Lik
Likt
1:13:55
You may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉 Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/ Links: - htt…
…
continue reading
1
Campaign Security with [REDACTED]
1:23:39
1:23:39
Spill senere
Spill senere
Lister
Lik
Likt
1:23:39
With the 2024 United States Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late August, 2024. Transcript: https://securitycryptographywhatever.com/2024/10/13/campaign-security/ Links: - Active Measures by Thomas R…
…
continue reading
We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind! Transcript: https://securitycryptograph…
…
continue reading
Are you going to be in Vegas during BlackHat / DEF CON? We're hosting a mixer, sponsored by Observa! We have limited capacity, so please only register if you can actually come. Location details are in the confirmation email. Tickets will be released in batches, so if you get waitlisted, there's a good chance you still get in. Looking forward to see…
…
continue reading
This is the second episode of DJ Cryptography: The Podcast.Av DJ Cryptography
…
continue reading
We have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive security work. Transcript: https://securitycryptographywhatever.com/2024/06/24/mdowd/ Links: https://www.azimuthsecurity.com/ htt…
…
continue reading
This is the first episode of DJ Cryptography: The Podcast.Av DJ Cryptography
…
continue reading
Welcome to the DJ Cryptography: The Podcast trailer. DJ Cryptography is a DJ who explains some of his beats on the show. Yeah, I had to republish this.Av DJ Cryptography
…
continue reading
iykyk Transcript: https://securitycryptographywhatever.com/2024/05/25/ekr/ Links: - https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt - https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf - https://datatracker.ietf.org/doc/html/rfc8446 - SoK: SCT Auditing in Certificate Transparency: https://arxiv.org/pdf/2203.01661 - A hard lo…
…
continue reading
1
STIR/SHAKEN with Paul Grubbs and Josh Brown
1:01:47
1:01:47
Spill senere
Spill senere
Lister
Lik
Likt
1:01:47
Josh Brown and Paul Grubbs join us to describe how those damned spam calls work, and how STIR/SHAKEN is supposed to try to stop them, but have other privacy and security implications as well. Transcript: https://securitycryptographywhatever.com/2024/04/30/stir-shaken/ Links: - https://iacr.org/submit/files/slides/2024/rwc/rwc2024/98/slides.pdf - ht…
…
continue reading
(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166 This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed th…
…
continue reading
1
Post-Quantum iMessage with Douglas Stebila
55:34
55:34
Spill senere
Spill senere
Lister
Lik
Likt
55:34
Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations: Transcript: https://securitycryptographywhatever.com/2…
…
continue reading
1
High-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik Bhargavan
56:13
56:13
Spill senere
Spill senere
Lister
Lik
Likt
56:13
We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code! Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assura…
…
continue reading
1
Encrypting Facebook Messenger with Jon Millican and Timothy Buck
59:35
59:35
Spill senere
Spill senere
Lister
Lik
Likt
59:35
Facebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major cross-platform endeavor, and how David Bowie fits into their personal Labyrinth. Transcript: https://secur…
…
continue reading
1
Attacking Lattice-based Cryptography with Martin Albrecht
57:20
57:20
Spill senere
Spill senere
Lister
Lik
Likt
57:20
Returning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my! Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/ Links: - https://pq-crystals.org/kyber/index.shtml - https://pq-crystals.org/dilith…
…
continue reading
1
Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted
1:19:05
1:19:05
Spill senere
Spill senere
Lister
Lik
Likt
1:19:05
We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser. Transcript: https://…
…
continue reading
1
'Jerry Solinas deserves a raise' with Steve Weis
57:31
57:31
Spill senere
Spill senere
Lister
Lik
Likt
57:31
We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis! “At the point where we find an intelligible English string that generates the NIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.” Transcript: https://securitycryptographywhatever.com/2023…
…
continue reading
1
Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades
58:35
58:35
Spill senere
Spill senere
Lister
Lik
Likt
58:35
We're back from our summer vacation! We're covering a bunch of stuff we saw and did: Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/ Links: - Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html - Downfall: https://downfall.page - Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-sec…
…
continue reading
1
Why do we think anything is secure, with Steve Weis
46:17
46:17
Spill senere
Spill senere
Lister
Lik
Likt
46:17
What does P vs NP have to do with cryptography? Why do people love and laugh about the random oracle model? What's an oracle? What do you mean factoring and discrete log don't have proofs of hardness? How does any of this cryptography stuff work, anyway? We trapped Steve Weis into answering our many questions. Transcript: https://securitycryptograp…
…
continue reading
1
Elon's Encrypted DMs with Matthew Garrett
52:28
52:28
Spill senere
Spill senere
Lister
Lik
Likt
52:28
Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped. Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/ Links: https://mjg59.dreamwidth.org/66791.html https://…
…
continue reading
1
WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi
55:43
55:43
Spill senere
Spill senere
Lister
Lik
Likt
55:43
WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works. Transcript: https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparency Links: https://engineering.fb.com/2023/04/1…
…
continue reading
1
Messaging Layer Security (MLS) with Raphael Robert
55:02
55:02
Spill senere
Spill senere
Lister
Lik
Likt
55:02
Messaging Layer Security (MLS) 1.0 is (basically) here! We invited Raphael Robert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?) Transcript: https://securitycryptographywhatever.com/2023/04/22/mls/ Links: - https://messaginglayersecurity.rocks/ - https://messaginglayersecurity.r…
…
continue reading
Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken. Links https://rwc.iacr.org/2023/ https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Transcript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/ "Security Cryptography Whatever" is hosted b…
…
continue reading
1
Episode 24: CryptoHack's Collection of Cryptic Conundrums!
49:18
49:18
Spill senere
Spill senere
Lister
Lik
Likt
49:18
For several years, CryptoHack has been a free platform for learning modern cryptography through fun and challenging programming puzzles. From toy ciphers to post-quantum cryptography, CryptoHack has a wide-ranging and ever increasing library of puzzles for both the aspiring and accomplished cryptographer. On this episode, Nadim and Lucas are joined…
…
continue reading
1
Threema with Kenny Paterson, Matteo Scarlata and Kien Tuong Truong
1:03:55
1:03:55
Spill senere
Spill senere
Lister
Lik
Likt
1:03:55
Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts. Transcript: https://securitycryptographywhatever.co…
…
continue reading
1
Episode 23: Psychic Signatures in Java!
53:20
53:20
Spill senere
Spill senere
Lister
Lik
Likt
53:20
On April 19th 2022, Neil Madden disclosed a vulnerability in many popular Java runtimes and development kits. The vulnerability, dubbed "Psychic Signatures", lies in the cryptography for ECDSA signatures and allows an attacker to bypass signature checks entirely for these signatures. How are popular cryptographic protocol implementations in Java af…
…
continue reading
1
Episode 22: Three Lessons from Threema: Breaking a Secure Messenger!
52:12
52:12
Spill senere
Spill senere
Lister
Lik
Likt
52:12
Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, K…
…
continue reading
1
Has RSA been destroyed by a quantum computer???
41:16
41:16
Spill senere
Spill senere
Lister
Lik
Likt
41:16
There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die? Also some musings about Bruce Schneier. Errata: Schneier's honorary PhD is from the University of Westminster, not UW. Transcript: https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-…
…
continue reading
David and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF. Transcript: https://securitycryptographywhatever.com/2023/01/04/end-of-year-wrap-up/ Links: https://tailscale.com…
…
continue reading
1
Software Safety and Twitter with Kevin Riggle
58:36
58:36
Spill senere
Spill senere
Lister
Lik
Likt
58:36
We talk to Kevin Riggle (@kevinriggle) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half …
…
continue reading
1
Matrix with Martin Albrecht and Dan Jones
1:06:24
1:06:24
Spill senere
Spill senere
Lister
Lik
Likt
1:06:24
No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic Vulnerabilities in Matrix". Transcript: https://securitycryptographywhatever.com/2022/11/02…
…
continue reading
We have Sarah Harvey (@worldwise001 on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas: SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.html SOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-se…
…
continue reading
This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers. Steven Chu: https://en.wikipedia.org/wiki/Steven_Chu CFB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB) CCFB: https://link.springer.com/chapter/10.1007/11502760_19 XXTEA: https://en.wikipedia.org/wiki/XXTEA CHERI: https…
…
continue reading
We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s. Transcript: https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/ References IBM S/390: https://ieeexplore.ieee.org/document/5389176 SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft…
…
continue reading
1
Hot Cryptanalytic Summer with Steven Galbraith
52:35
52:35
Spill senere
Spill senere
Lister
Lik
Likt
52:35
Are the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here. Transcript: https://securitycryptographywhatever.com/2022/08/11/hot-cryptanalytic-summer-with-steven-galbraith/ Merch: https://merch.scwpodca…
…
continue reading
Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys! David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings. Transcript: https://securitycryptographywhatever.com/20…
…
continue reading
Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs. Transcript: https://securitycryptographywhatever.com/2022/06/17/hertzbleed/ Links: Hertzbleed Attack | ellipticnews (wordpress.com) https://www.hertzb…
…
continue reading
1
OMB Zero Trust Memo with Eric Mill
1:00:33
1:00:33
Spill senere
Spill senere
Lister
Lik
Likt
1:00:33
The US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill, on to explain it to us. As always, your @SCWPod hosts are Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian). Transcript: https://securitycryptographywhatever.com/2…
…
continue reading
We talk about Tink with Sophie Schmieg, cryptographer and algebraic geometer at Google. Transcript: https://securitycryptographywhatever.com/2022/05/28/tink-with-sophie-schmieg/ Links: Sophie: https://twitter.com/SchmiegSophie Tink: https://github.com/google/tink RWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8 Where to store keys: https://…
…
continue reading
1
Cancellable Crypto Takes and Real World Crypto
1:11:04
1:11:04
Spill senere
Spill senere
Lister
Lik
Likt
1:11:04
Live from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program! Transcript: https://securitycryptographywhatever.com/2022/04/12/cancellable-crypto-takes-and-real-world-crypto/ Links: Tony's twete: https://twitter.com/bascule/status/1512539700220805124 Real World Crypto 2022: https://rwc.ia…
…
continue reading
1
Lattices and Michigan Football with Chris Peikert
1:10:01
1:10:01
Spill senere
Spill senere
Lister
Lik
Likt
1:10:01
We're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time! Transcript: https://securitycryptographywhatever.com/…
…
continue reading
We've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my! 🍪 Transcript: https://securitycryptographywhatever.com/2022/01/29/biscuits-with-geoffroy-couprie/ Links: Biscuits V2: https://www.biscuitsec.org Experiments iterating on Biscuits: https://g…
…
continue reading
1
Tailscale with Avery Pennarun and Brad Fitzpatrick
1:18:22
1:18:22
Spill senere
Spill senere
Lister
Lik
Likt
1:18:22
“Can I Tailscale my Chromecast?” You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM. Transcript: https://securitycryptographywhatever.com/2022/01/15/tailscale-with-avery-pennarun-brad-fitzpatrick/ People: Avery Pennarun (@apen…
…
continue reading
1
The feeling's mutual: mTLS with Colm MacCárthaigh
1:10:31
1:10:31
Spill senere
Spill senere
Lister
Lik
Likt
1:10:31
We recorded this months ago, and now it's finally up! Colm MacCárthaigh joined us to chat about all things TLS, S2N, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC. Transcript: https://securitycryptographywhatever.com/2021/12/29/the-feeling-s-mutual-mtls-with-colm-maccarthaigh/ Find us at: https://twitte…
…
continue reading
Happy New Year! Feliz Navidad! Merry Yule! Happy Hannukah! Pour one out for the log4j incident responders! We did a call-in episode on Twitter Spaces and recorded it, so that's why the audio sounds different. We talked about BLOCKCHAIN/Web3 (blech), testing, post-quantum crypto, client certificates, ssh client certificates, threshold cryptography, …
…
continue reading
Hey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more! Transcript: https://securitycryptographywhatever.com/2021/12/05/wireguard-with-jason-donenfeld/ Links…
…
continue reading