Deirdre Connolly, Thomas Ptacek, David Adrian
Security Cryptography Whatever
Some cryptography & security people talk about security, cryptography, and whatever else is happening.
Autor
Deirdre Connolly, Thomas Ptacek, David Adrian
Kategorie
Podcast-Website
Neueste Folge
2. Jul 2026
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
Post-Quantum iMessage with Douglas Stebila 03.03.2024 55:34
Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations: Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebi...
High-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik Bhargavan 29.01.2024 56:13
We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code! Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assurance-kyber/ Links: - https://cryspen.com/post/ml-ke...
Encrypting Facebook Messenger with Jon Millican and Timothy Buck 28.12.2023 59:35
Facebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major cross-platform endeavor, and how David Bowie fits into their personal Labyrinth. Transcript: https://securitycryptographywhatever.com/2023/12/28/e2ee-fb-mes...
Attacking Lattice-based Cryptography with Martin Albrecht 13.11.2023 57:20
Returning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my! Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/ Links: - https://pq-crystals.org/kyber/index.shtml - https://pq-crystals.org/dilithium/index.shtml - https://eprint.iacr.org/2019/930...
Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted 07.11.2023 1:19:05
We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser. Transcript: https://securitycryptographywhatever.com/2023/11/07/P...
'Jerry Solinas deserves a raise' with Steve Weis 12.10.2023 57:31
We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis! “At the point where we find an intelligible English string that generates the NIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.” Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curves Links: - Steve’s post: http...
Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades 13.09.2023 58:35
We're back from our summer vacation! We're covering a bunch of stuff we saw and did: Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/ Links: - Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html - Downfall: https://downfall.page - Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html "Security Cryptogr...
Why do we think anything is secure, with Steve Weis 29.06.2023 46:17
What does P vs NP have to do with cryptography? Why do people love and laugh about the random oracle model? What's an oracle? What do you mean factoring and discrete log don't have proofs of hardness? How does any of this cryptography stuff work, anyway? We trapped Steve Weis into answering our many questions. Transcript: https://securitycryptographywhatever.com/2023/06/29/why-do-we-thi...
Elon's Encrypted DMs with Matthew Garrett 29.05.2023 52:28
Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped. Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/ Links: https://mjg59.dreamwidth.org/66791.html https://help.twitter.com/en/using-twitter/encrypted-direc...
WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi 06.05.2023 55:43
WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works. Transcript: https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparency Links: https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/ https://gi...
Messaging Layer Security (MLS) with Raphael Robert 22.04.2023 55:02
Messaging Layer Security (MLS) 1.0 is (basically) here! We invited Raphael Robert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?) Transcript: https://securitycryptographywhatever.com/2023/04/22/mls/ Links: - https://messaginglayersecurity.rocks/ - https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html - h...
Real World: Crypto (2023) 25.03.2023 54:51
Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken. Links https://rwc.iacr.org/2023/ https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Transcript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Th...
Threema with Kenny Paterson, Matteo Scarlata and Kien Tuong Truong 27.01.2023 1:03:55
Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts. Transcript: https://securitycryptographywhatever.com/2023/01/27/threema/ Links: https://breaking...
Has RSA been destroyed by a quantum computer??? 07.01.2023 41:16
There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die? Also some musings about Bruce Schneier. Errata: Schneier's honorary PhD is from the University of Westminster, not UW. Transcript: https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-computer/ Links: https://arxiv.org/pdf/2...
End of Year Wrap Up 05.01.2023 59:27
David and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF. Transcript: https://securitycryptographywhatever.com/2023/01/04/end-of-year-wrap-up/ Links: https://tailscale.com/blog/tailnet-lock/ https://security.goo...
Software Safety and Twitter with Kevin Riggle 24.11.2022 58:36
We talk to Kevin Riggle ( @kevinriggle ) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half the audience! https://twitter.com/kevi...
Matrix with Martin Albrecht and Dan Jones 02.11.2022 1:06:24
No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic Vulnerabilities in Matrix". Transcript : https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/...
SOC2 with Sarah Harvey 16.10.2022 1:01:37
We have Sarah Harvey ( @worldwise001 on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas: SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.html SOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/ Transcript : https://securi...
Nate Lawson II 29.09.2022 1:23:19
This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers. Steven Chu: https://en.wikipedia.org/wiki/Steven_Chu CFB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB) CCFB: https://link.springer.com/chapter/10.1007/11502760_19 XXTEA: https://en.wikipedia.org/wiki/XXTEA CHERI: https://cseweb.ucsd.edu/~dstefan/cse227-spring20/p...
Nate Lawson: Part 1 09.09.2022 1:20:11
We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s. Transcript : https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/ References IBM S/390: https://ieeexplore.ieee.org/document/5389176 SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html Xbox 360 HMAC: https://beta.ivc.no/wiki/i...
Hot Cryptanalytic Summer with Steven Galbraith 11.08.2022 52:35
Are the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here. Transcript: https://securitycryptographywhatever.com/2022/08/11/hot-cryptanalytic-summer-with-steven-galbraith/ Merch : https://merch.scwpodcast.com Links: https://eprint.iacr.org/2022/9...
Passkeys with Adam Langley 11.08.2022 1:03:01
Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys! David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings. Transcript : https://securitycryptographywhatever.com/2022/08/11/passkeys-with-adam-langley/ Li...
Hertzbleed 18.06.2022 58:39
Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs. Transcript : https://securitycryptographywhatever.com/2022/06/17/hertzbleed/ Links: Hertzbleed Attack | ellipticnews (wordpress.com) https://www.hertzbleed.com/hertzbleed.pdf https://p...
OMB Zero Trust Memo with Eric Mill 11.06.2022 1:00:33
The US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill , on to explain it to us. As always, your @SCWPod hosts are Deirdre Connolly ( @durumcrustulum ), Thomas Ptacek ( @tqbf ), and David Adrian ( @davidcadrian ). Transcript: https://securitycryptographywhatever.com/2022/06/10/omb-zero-trust-memo-with-eric-mil...
Tink with Sophie Schmieg 28.05.2022 1:07:02
We talk about Tink with Sophie Schmieg, cryptographer and algebraic geometer at Google. Transcript: https://securitycryptographywhatever.com/2022/05/28/tink-with-sophie-schmieg/ Links: Sophie: https://twitter.com/SchmiegSophie Tink: https://github.com/google/tink RWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8 Where to store keys: https://twitter.com/SchmiegSophie/status/1413502566797...
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet