Deirdre Connolly, Thomas Ptacek, David Adrian

Security Cryptography Whatever

Some cryptography & security people talk about security, cryptography, and whatever else is happening.

Autor

Deirdre Connolly, Thomas Ptacek, David Adrian

Categoría

Technology

Último episodio

2 de jul. de 2026

¿Dónde escuchar?

Podcasts en la app Replaio Radio Muy pronto

Los podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts

Descárgala en Google Play Instálala gratis Android 5 M+ de descargas · valoración de 4,8 iOS muy pronto

Episodios

Trump's Golden Post-Quantum EO(s) 02.07.2026

The dear leader has actually bleated out some not-dumb executive orders (EOs) to accelerate adoption of post-quantum crypto for the US government! This looks to be in response to a flurry of advancements in quantum computing and quantum attack algorithms a few months ago. We cram legalize into our eyeballs— plus, ECDSA.fail! Watch on YouTube: https://www.youtube.com/watch?v=7ZwQpN_F6P8 Transcript:...

Facing the Vulnpocalypse with lcamtuf 15.06.2026

We talk to Michał Zalewski (lcamtuf) about the vulnpocalypse and if we even need fuzzers anymore. This episode may be export controlled at a future date. Watch on YouTube: https://www.youtube.com/watch?v= uI9CSgB4p9o Transcript: https://securitycryptographywhatever.com/2026/06/14/facing-the-vulnpocalypse-with-lcamtuf https://github.com/google/afl https://www.reddit.com/r/claude/comments/1tqtenf/an...

AI Finds Vulns You Can't With Nicholas Carlini 26.03.2026

Returning champion Nicholas Carlini comes back to talk about using Claude for vulnerability research, and the current vulnpocalypse. It's all very high-brow stuff, and the gang learns some bitter lessons. Watch on YouTube: https://www.youtube.com/watch?v= _IDbFLu9Ug8 Transcript: https://securitycryptographywhatever.com/2026/03/25/ai-bug-finding/ Links: - https://red.anthropic.com/2026/zero-da...

Standardizing Pure PQC 10.03.2026

Standardizing cryptography involves a lot of opinions. Luckily, the gamer presidents are on it. Come on, you all know the drill. This is the last time I do this. "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@dadrian)

Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex Gaynor 02.02.2026

The Python cryptography module, pyca/cryptography , has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography wou...

The IACR Can't Decrypt with Matt Bernhard 31.12.2025

The International Association of Cryptologic Research held their regular election using secure voting software called Helios…and lost the keys to decrypt the results, leaving them with no choice but to throw out the vote and call a new election. Hilarity ensues. We welcome special guest Matt Bernhard who actually works on secure voting systems to explain which bits are homomorphically additive or...

Apple’s Memory Integrity Enforcement 31.10.2025

Apple announced its new suite of memory security improvements from the top of the stack all the way to the bottom, so we dug through what they did and how they did it (performantly).  Watch on YouTube: https://www.youtube.com/watch?v=9FJwOI2PliU Transcript: https://securitycryptographywhatever.com/2025/10/31/apple-mie Links: - https://security.apple.com/blog/memory-integrity-enforcement/ - Secure...

Stop Using Encrypted Email with William Woodruff 23.08.2025

There was a bug in an OpenPGP library which finally gave us an excuse to tear encrypted email via PGP to shreds. Our special guest William Woodruff joined us to help explain the vuln and indulge our gnashing of teeth on why email was never meant to be encrypted and how other modern tools do the job much, much better. Watch on YouTube: https://www.youtube.com/watch?v=IoL3LfIozJo Transcript: https:/...

Alex Gaynor 16.08.2025

We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020!  Watch on YouTube: https://www.youtube.com/watch?v=gBoGvyvsSi4 Transcript: https://securitycryptographywhatever.com/2025/08/16/alex-gaynor Links: - https:...

Vegas, Baby! 29.07.2025

We’re throwing a party in Vegas! Someone called it SCWPodCon last year, and the name stuck. It’s sponsored by Teleport, the infrastructure identity company. Get SSO for SSH! If Thomas was here, I’m sure he’d tell you that Fly.io uses Teleport internally. Oh also there's some thing called Black..pill? Black Pool? Something like that happening in Vegas, with crypto talks, so we chatted about th...

E2EE Storage Done Right with Matilda Backendal Jonas Hofmann and Kien Tuong Truong 19.05.2025

It seems like everyone that tries to deploy end-to-end encrypted cloud storage seems to mess it up, often in new and creative ways. Our special guests Matilda Backendal, Jonas Hofmann, and Kien Tuong Truong give us a tour through the breakage and discuss a new formal model of how to actually build a secure E2EE storage system. Watch on YouTube: https://youtu.be/sizLiK_byCw Transcript: https://secu...

Picking Quantum Resistant Algorithms 24.03.2025

Migrating the US government to quantum-resistant cryptography is hard, luckily the gamer presidents are on it. This episode is extremely not safe for work, nor does it reflect the political opinions of, well, anybody. "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@dadrian)

Apple Pulls Advanced Data Protection in the UK with Matt Green and Joe Hall 25.02.2025

Apple has pulled the availability of their opt-in iCloud end-to-end encryption feature, called Advanced Data Protection, in the UK. This doesn't only affect UK Apple users, however.  To help us make sense of this surprising move from the fruit company, we got Matt Green, Associate Professor at Johns Hopkins, and Joe Hall, Distinguished Technologist at the Internet Society, on the horn.  Recor...

Cryptanalyzing LLMs with Nicholas Carlini 28.01.2025

'Let us model our large language model as a hash function—'  Sold. Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs and other attacks, just as the ones that made OpenAI turn off some features, hehehehe. Watch episode on YouTube: https://youtu.be/vZ64xPI2Rc0 Transcript: https://securitycryptographywhatever.com/2025/01/28/cryptanalyzing-llms-with-ni...

Biden’s Cyber-Everything Bagel with Carole House 21.01.2025

Just a few days before turning off the lights, the Biden administration dropped a huge cybersecurity executive order including a lot of good stuff, that hopefully [cross your fingers, knock wood, spin around three times and spit] will last into future administrations. We snagged some time with Carole House, outgoing Special Advisor and Acting Senior Director for Cybersecurity and Critical Infrastr...

Quantum Willow with John Schanck and Samuel Jacques 18.12.2024

THE QUANTUM COMPUTERS ARE COMING...right? We got Samuel Jacques and John Schanck at short notice to answer that question plus a bunch of other about error correcting codes, logical qubits, T-gates, and more about Google's new quantum computer Willow. Transcript: https://securitycryptographywhatever.com/2024/12/18/quantum-willow Links: - https://blog.google/technology/research/google-willow-qu...

Dual_EC_DRBG with Justin Schuh and Matthew Green 07.12.2024

Nothing we have ever recorded on SCW has brought so much joy to David. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body. Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup. Transcript: https://securitycryptographywhatever.co...

A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep 15.10.2024

You may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉 Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/ Links: - https://security.googleblog.com/2024/09/elimina...

Campaign Security with [REDACTED] 13.10.2024

With the 2024 United States Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late August, 2024. Transcript: https://securitycryptographywhatever.com/2024/10/13/campaign-security/ Links: - Active Measures by Thomas Rind: https://us.macmillan.com/books/9780374287269/...

Telegram with Matthew Green 07.09.2024

We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind! Transcript: https://securitycryptographywhatever.com/2024/09/06/telegram Links: - ht...

Summertime Sadness 25.07.2024

Are you going to be in Vegas during BlackHat / DEF CON? We're hosting a mixer, sponsored by Observa ! We have limited capacity, so please only register if you can actually come. Location details are in the confirmation email. Tickets will be released in batches, so if you get waitlisted, there's a good chance you still get in. Looking forward to seeing you in Vegas! Ticket Link: https://...

Zero Day Markets with Mark Dowd 24.06.2024

We have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive security work. Transcript: https://securitycryptographywhatever.com/2024/06/24/mdowd/ Links: https://www.azimuthsecurity.com/ https://www.vigilantlabs.com/ https://github.com/mdow...

ekr 24.05.2024

iykyk Transcript: https://securitycryptographywhatever.com/2024/05/25/ekr/ Links: - https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt - https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf - https://datatracker.ietf.org/doc/html/rfc8446 - SoK: SCT Auditing in Certificate Transparency: https://arxiv.org/pdf/2203.01661 - A hard look at Certificate Transparency, Part I: Transparen...

STIR/SHAKEN with Paul Grubbs and Josh Brown 30.04.2024

Josh Brown and Paul Grubbs join us to describe how those damned spam calls work, and how STIR/SHAKEN is supposed to try to stop them, but have other privacy and security implications as well.  Transcript: https://securitycryptographywhatever.com/2024/04/30/stir-shaken/ Links:  - https://iacr.org/submit/files/slides/2024/rwc/rwc2024/98/slides.pdf - https://www.youtube.com/watch?v=3trxXF0-fRU - Paul...

Cryptography Tier List 23.03.2024

(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166 This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed this podcast. "Security Cryptography Whatever&q...

Escucha el podcast Security Cryptography Whatever en Replaio

Radio y podcasts en una sola app - gratis y sin registro. Instálala hoy y no te pierdas el estreno

Descárgala en Google Play

Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos