Security. Cryptography. Whatever.
172 FOLLOWERS
Some cryptography / security people talk about security, cryptography, and whatever else is happening.
Security. Cryptography. Whatever.
1M ago
(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166
This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed this podcast.
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian ..read more
Security. Cryptography. Whatever.
2M ago
Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations:
Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebila/
Links:
- https://security.apple.com/blog/imessage-pq3/
- Security analysis of the iMessage PQ3 protocol
https://security.apple.com/assets/files/A_Formal_Analysis_of_the_iMessage_PQ3_Messaging_Pr ..read more
Security. Cryptography. Whatever.
3M ago
We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code!
Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assurance-kyber/
Links:
- https://cryspen.com/post/ml-kem-implementation/
- https://github.com/cryspen/libcrux/
- https://github.com/formosa-crypto/libjade
- https://cryspen.com/post/pqxdh/
- https://eprint.iacr.org/2023/1933.pdf
- Franziskus Kiefer: ht ..read more
Security. Cryptography. Whatever.
6M ago
Returning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my!
Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/
Links:
- https://pq-crystals.org/kyber/index.shtml
- https://pq-crystals.org/dilithium/index.shtml
- https://eprint.iacr.org/2019/930.pdf
- https://en.wikipedia.org/wiki/Short_integer_solution_problem
- Frodo: https://eprint.iacr.org/2016/659
- https://csrc.nist.gov/CSRC/media/Events/third-pqc-standardization-conference/document ..read more
Security. Cryptography. Whatever.
6M ago
We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser.
Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etc
Links:
- https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/
- https://github.com/superfly/macaroon
- https://cryspen.com/post/pqxdh/
- https://eprint.iacr.org/2023/1390.pdf ..read more
Security. Cryptography. Whatever.
7M ago
We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis!
“At the point where we find an intelligible English string that generates the
NIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.”
Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curves
Links:
- Steve’s post: https://saweis.net/posts/nist-curve-seed-origins.html
- ANSI X9.62 ECDSA: https://safecurves.cr.yp.to/grouper.ieee.org/groups/1363/private/x9-62-09-20-98.pdf / FIPS 186-2 https://csrc.nist.gov/files/p ..read more
Security. Cryptography. Whatever.
8M ago
We're back from our summer vacation! We're covering a bunch of stuff we saw and did:
Transcript:
https://securitycryptographywhatever.com/2023/09/13/cruel-summer/
Links:
- Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html
- Downfall: https://downfall.page
- Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian ..read more
Security. Cryptography. Whatever.
8M ago
We're back from our summer vacation! We're covering a bunch of stuff we saw and did:
Transcript:
https://securitycryptographywhatever.com/2023/09/13/cruel-summer/
Links:
- Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html
- Downfall: https://downfall.page
- Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian ..read more
Security. Cryptography. Whatever.
10M ago
What does P vs NP have to do with cryptography? Why do people love and laugh
about the random oracle model? What's an oracle? What do you mean factoring and
discrete log don't have proofs of hardness? How does any of this cryptography
stuff work, anyway? We trapped Steve Weis into answering our many questions.
Transcript:
https://securitycryptographywhatever.com/2023/06/29/why-do-we-think-anything-is-secure-with-steve-weis/
Links:
- The Random Oracle Methodology, Revisited: https://eprint.iacr.org/1998/011.pdf
- Factoring integers with CADO-NFS: https://www.ens-lyon.fr/LIP/AriC/wp-cont ..read more
Security. Cryptography. Whatever.
1y ago
Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.
Transcript:
https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/
Links:
https://mjg59.dreamwidth.org/66791.html
https://help.twitter.com/en/using-twitter/encrypted-direct-messages
https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/
BrokenKDF2BytesGenerator: https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/o ..read more