Some cryptography & security people talk about security, cryptography, and whatever else is happening.
Post-Quantum iMessage with Douglas Stebila
Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations:Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebila/Links:- https://security.apple.com/blog/imessage-pq3/- Security analysis of the iMessage PQ3 protocolhttps://security.apple.com/assets/files/A_Formal_Analysis_of_the_iMessage_PQ3_Messaging_Protocol_Basin_et_al.pdf- Ratcheting design: https://eprint.iacr.org/2024/220.pdf- When Messages are Keys: Is HMAC a dual-PRF?: https://eprint.iacr.org/2023/861.pdf- Real World Deniability in Messaging: https://eprint.iacr.org/2023/403.pdf- Padmé: https://www.petsymposium.org/2019/files/papers/issue4/popets-2019-0056.pdf- Max Headroom: https://www.youtube.com/watch?v=cYdpOjletnc- Extended Canetti-Krawczyk model: https://iacr.org/archive/eurocrypt2001/20450451.pdf- Douglas Stebila: https://www.douglas.stebila.ca/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
3/3/2024 • 55 minutes, 34 seconds
Hertzbleed
Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs.Transcript: https://securitycryptographywhatever.com/2022/06/17/hertzbleed/ Links:Hertzbleed Attack | ellipticnews (wordpress.com)https://www.hertzbleed.com/hertzbleed.pdfhttps://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920031Merch: https://merch.scwpodcast.com"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
6/18/2022 • 58 minutes, 39 seconds
OMB Zero Trust Memo with Eric Mill
The US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill, on to explain it to us.As always, your @SCWPod hosts are Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian).Transcript: https://securitycryptographywhatever.com/2022/06/10/omb-zero-trust-memo-with-eric-mill/Links:OMB MemoExecutive order on cybersecurity PIV card Derived PIVBeyondCorpHSTS Preloading.gov preloading Neither Rain, Nor Snow, Nor MITMEDR memoTechnology Transformation Services (TTS)Is it Christmas?"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
6/11/2022 • 1 hour, 33 seconds
Tink with Sophie Schmieg
We talk about Tink with Sophie Schmieg, cryptographer and algebraic geometer at Google.Transcript: https://securitycryptographywhatever.com/2022/05/28/tink-with-sophie-schmieg/Links:Sophie: https://twitter.com/SchmiegSophieTink: https://github.com/google/tinkRWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8Where to store keys: https://twitter.com/SchmiegSophie/status/1413502566797778948EAX mode: https://en.wikipedia.org/wiki/EAX_modeAES-GCM-SIV: https://en.wikipedia.org/wiki/AES-GCM-SIVDeterministic AEADs: https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#deterministic-authenticated-encryption-with-associated-dataThai Duong: https://twitter.com/XorNinjaAWS-SDK Vuln: https://twitter.com/XorNinja/status/1310587707605659649"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
5/28/2022 • 1 hour, 7 minutes, 2 seconds
Cancellable Crypto Takes, and Real World Crypto
Live from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program!Transcript: https://securitycryptographywhatever.com/2022/04/12/cancellable-crypto-takes-and-real-world-crypto/Links:Tony's twete: https://twitter.com/bascule/status/1512539700220805124Real World Crypto 2022: https://rwc.iacr.org/2022Merch! https://merch.scwpodcast.comFind us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
4/13/2022 • 1 hour, 11 minutes, 4 seconds
Lattices and Michigan Football with Chris Peikert
We're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time!Transcript: https://securitycryptographywhatever.com/2022/03/12/lattices-and-michigan-football-with-chris-peikert/Slides: https://web.eecs.umich.edu/~cpeikert/pubs/slides-qcrypt.pdfLinks:He Gives C-Sieves on the CSIDH: https://eprint.iacr.org/2019/725Lattice-based Cryptography: https://cims.nyu.edu/~regev/papers/pqc.pdfNIST PQC Competition: https://csrc.nist.gov/Projects/post-quantum-cryptography The 2nd Bar Ilan Winter School on Cryptography Lattice- Based Cryptography and Applications: https://www.youtube.com/playlist?list=PL8Vt-7cSFnw2OmpCmPLLwSx0-Yqb2ptqOA Decade of Lattice Cryptography: https://eprint.iacr.org/2015/939.pdfFind us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
3/13/2022 • 1 hour, 10 minutes, 1 second
Biscuits with Geoffroy Couprie
We've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my! 🍪 Transcript:https://securitycryptographywhatever.com/2022/01/29/biscuits-with-geoffroy-couprie/Links:Biscuits V2: https://www.biscuitsec.orgExperiments iterating on Biscuits: https://github.com/biscuit-auth/biscuit/tree/master/experimentationsApache Pulsar: https://pulsar.apache.orgSpec: https://github.com/biscuit-auth/biscuit/blob/master/SPECIFICATIONS.mdFind us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
1/29/2022 • 58 minutes, 55 seconds
Tailscale with Avery Pennarun & Brad Fitzpatrick
“Can I Tailscale my Chromecast?” You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM.Transcript:https://securitycryptographywhatever.com/2022/01/15/tailscale-with-avery-pennarun-brad-fitzpatrick/People:Avery Pennarun (@apenwarr)Brad Fitzpatrick (@bradfitz)Deirdre Connolly (@durumcrustulum)Thomas Ptacek (@tqbf)David Adrian (@davidcadrian)@SCWPodLinks:DERP server: https://github.com/tailscale/tailscale/tree/main/derphttps://xtermjs.org/The Tail at Scale : https://research.google/pubs/pub40801/Raft: https://raft.github.io/Litestream: https://litestream.io/MagicDNS: https://tailscale.com/kb/1081/magicdns/Netstack: https://github.com/google/netstack"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
1/15/2022 • 1 hour, 18 minutes, 22 seconds
The feeling's mutual: mTLS with Colm MacCárthaigh
We recorded this months ago, and now it's finally up! Colm MacCárthaigh joined us to chat about all things TLS, S2N, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC.Transcript: https://securitycryptographywhatever.com/2021/12/29/the-feeling-s-mutual-mtls-with-colm-maccarthaigh/Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
12/29/2021 • 1 hour, 10 minutes, 31 seconds
Holiday Call-in Spectacular!
Happy New Year! Feliz Navidad! Merry Yule! Happy Hannukah! Pour one out for the log4j incident responders!We did a call-in episode on Twitter Spaces and recorded it, so that's why the audio sounds different. We talked about BLOCKCHAIN/Web3 (blech), testing, post-quantum crypto, client certificates, ssh client certificates, threshold cryptography, U2F/WebAuthn, car fob attacks, geese, and more!Transcript: https://securitycryptographywhatever.com/2021/12/21/holiday-call-in-spectacular/Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
12/22/2021 • 1 hour, 22 minutes, 9 seconds
WireGuard with Jason Donenfeld
Hey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more!Transcript: https://securitycryptographywhatever.com/2021/12/05/wireguard-with-jason-donenfeld/Links: WireGuard: https://www.wireguard.comTamarin: https://tamarin-prover.github.ioIDApro: https://hex-rays.com/ida-proNIST PQC: https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissionsWireGuard Patreon: https://www.patreon.com/zx2c4"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
12/5/2021 • 1 hour, 21 minutes, 6 seconds
PAKEs, oPRFs, algebra with George Tankersley
A conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. With special guest, George Tankersley!Transcript: https://securitycryptographywhatever.com/2021/10/26/pakes-oprfs-algebra-with-george-tankersley/Links: SRP deprecation: https://blog.cryptographyengineering.com/should-you-use-srpOPAQUE: https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.htmlobfs: https://github.com/shadowsocks/simple-obfsElligator: https://elligator.cr.yp.toHash to Curve: https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-12.htmlMagic Wormhole: https://github.com/magic-wormhole/magic-wormholeBiscuits: https://github.com/CleverCloud/biscuitRistretto: https://ristretto.groupMonero signature bug: https://www.getmonero.org/ru/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.htmlSIDH smooth-order supersingular curves: https://link.springer.com/chapter/10.1007/978-3-662-53018-4_21"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
10/26/2021 • 1 hour, 15 minutes, 9 seconds
"Patch, Damnit!"
A lot of fixes got pushed in the past week! Please apply your updates! Apple, Chrome, Matrix, Azure, and more nonsense.Transcript:https://securitycryptographywhatever.com/2021/09/20/patch-damnit/Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrianLinks!The accuvant story in MIT Technology ReviewAll the Apple platforms patched FORCEDENTRY no-click 0-dayChrome patched some 0-days that were being exploited in the wildPASETO update "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
9/20/2021 • 1 hour, 14 minutes, 56 seconds
How to be a Certificate Authority with Ryan Sleevi
Not the hero the internet deserves, but the one we need: it's Ryan Sleevi!We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman.Transcript: https://securitycryptographywhatever.com/2021/09/06/how-to-be-a-certificate-authority-with-ryan-sleevi/Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
9/6/2021 • 1 hour, 34 minutes, 11 seconds
Apple's CSAM Detection with Matthew Green
We're talking about Apple's new proposed client-side CSAM detection system. We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green.We cover how Apple's system works, what it does (and doesn't), where we have unanswered questions, and where some of the gaps are.Transcript: https://securitycryptographywhatever.com/2021/08/27/apple-s-csam-detection-with-matthew-green/Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrianLinks:https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdfhttps://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdfhttps://www.law.cornell.edu/uscode/text/18/2258Ahttps://www.missingkids.org/content/dam/missingkids/gethelp/2020-reports-by-esp.pdfhttps://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CThttps://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_doeshttps://research.fb.com/blog/2021/02/understanding-the-intentions-of-child-sexual-abuse-material-csam-sharers/https://www.nytimes.com/interactive/2019/11/09/us/internet-child-sex-abuse.htmlhttps://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
8/28/2021 • 52 minutes, 57 seconds
Platform Security Part Deux with Justin Schuh
We did not run out of things to talk about: Chrome vs. Safari vs. Firefox. Rust vs. C++. Bug bounties vs. exploit development. The Peace Corps vs. The Marine Corps.Transcript: https://securitycryptographywhatever.com/2021/08/21/platform-security-part-deux-with-justin-schuh/Find us at:https://twitter.com/scwpodhttps://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
8/21/2021 • 1 hour, 20 minutes, 2 seconds
What do we do about JWT? with Jonathan Rudenberg
🔥JWT🔥We talk about all sorts of tokens: JWT, PASETO, Protobuf Tokens, Macaroons, and Biscuits. With the great Jonathan Rudenberg!After we recorded this, Thomas went deep on tokens even beyond what we talked about here: https://fly.io/blog/api-tokens-a-tedious-survey/Transcript: https://securitycryptographywhatever.com/2021/08/12/what-do-we-do-about-jwt-with-jonathan-rudenberg/Find us at:https://twitter.com/durumcrustulumhttps://twitter.com/tqbfhttps://twitter.com/davidcadrianhttps://twitter.com/scwpod"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
8/12/2021 • 1 hour, 14 minutes, 56 seconds
The Great "Roll Your Own Crypto" Debate with Filippo Valsorda
Special guest Filippo Valsorda joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general.After we recorded this, David went even deeper on 'rolling your own crypto' in a blog post here: https://dadrian.io/blog/posts/roll-your-own-crypto/Transcript: https://securitycryptographywhatever.com/2021/07/31/the-great-roll-your-own-crypto-debate-with-filippo-valsorda/Links:https://peter.website/meow-hash-cryptanalysishttps://arxiv.org/pdf/2107.04940.pdfhttps://ristretto.grouphttps://filippo.io/heartbleedFind us at:https://twitter.com/durumcrustulumhttps://twitter.com/tqbf https://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Deirdre, Thomas and David talk about NSO group, Pegasus, whether iOS a burning trash fire, the zero-day market, and whether rewriting all of iOS in Swift is a viable strategy for reducing all these vulns.Transcript: https://securitycryptographywhatever.com/2021/07/26/nso-group-pegasus-zero-days-i-os-message-security/Find us at:https://twitter.com/durumcrustulumhttps://twitter.com/tqbf https://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)