Cryptography عمومی
[search 0]
بیشتر

برنامه را دانلود کنید!

show episodes
 
C
Cryptography FM

1
Cryptography FM

Symbolic Software

Unsubscribe
Unsubscribe
ماهیانه
 
Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM.
  continue reading
 
Loading …
show series
 
Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped. Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/ Links: https://mjg59.dreamwidth.org/66791.html https://…
  continue reading
 
WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works. Transcript: https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparency Links: https://engineering.fb.com/2023/04/1…
  continue reading
 
Messaging Layer Security (MLS) 1.0 is (basically) here! We invited Raphael Robert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?) Transcript: https://securitycryptographywhatever.com/2023/04/22/mls/ Links: - https://messaginglayersecurity.rocks/ - https://messaginglayersecurity.r…
  continue reading
 
Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken. Links https://rwc.iacr.org/2023/ https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Transcript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/ "Security Cryptography Whatever" is hosted b…
  continue reading
 
For several years, CryptoHack has been a free platform for learning modern cryptography through fun and challenging programming puzzles. From toy ciphers to post-quantum cryptography, CryptoHack has a wide-ranging and ever increasing library of puzzles for both the aspiring and accomplished cryptographer. On this episode, Nadim and Lucas are joined…
  continue reading
 
Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts. Transcript: https://securitycryptographywhatever.co…
  continue reading
 
On April 19th 2022, Neil Madden disclosed a vulnerability in many popular Java runtimes and development kits. The vulnerability, dubbed "Psychic Signatures", lies in the cryptography for ECDSA signatures and allows an attacker to bypass signature checks entirely for these signatures. How are popular cryptographic protocol implementations in Java af…
  continue reading
 
Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, K…
  continue reading
 
There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die? Also some musings about Bruce Schneier. Errata: Schneier's honorary PhD is from the University of Westminster, not UW. Transcript: https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-…
  continue reading
 
David and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF. Transcript: https://securitycryptographywhatever.com/2023/01/04/end-of-year-wrap-up/ Links: https://tailscale.com…
  continue reading
 
We talk to Kevin Riggle (@kevinriggle) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half …
  continue reading
 
No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic Vulnerabilities in Matrix". Transcript: https://securitycryptographywhatever.com/2022/11/02…
  continue reading
 
We have Sarah Harvey (@worldwise001 on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas: SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.html SOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-se…
  continue reading
 
This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers. Steven Chu: https://en.wikipedia.org/wiki/Steven_Chu CFB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB) CCFB: https://link.springer.com/chapter/10.1007/11502760_19 XXTEA: https://en.wikipedia.org/wiki/XXTEA CHERI: https…
  continue reading
 
We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s. Transcript: https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/ References IBM S/390: https://ieeexplore.ieee.org/document/5389176 SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft…
  continue reading
 
Are the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here. Transcript: https://securitycryptographywhatever.com/2022/08/11/hot-cryptanalytic-summer-with-steven-galbraith/ Merch: https://merch.scwpodca…
  continue reading
 
Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys! David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings. Transcript: https://securitycryptographywhatever.com/20…
  continue reading
 
Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs. Transcript: https://securitycryptographywhatever.com/2022/06/17/hertzbleed/ Links: Hertzbleed Attack | ellipticnews (wordpress.com) https://www.hertzb…
  continue reading
 
The US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill, on to explain it to us. As always, your @SCWPod hosts are Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian). Transcript: https://securitycryptographywhatever.com/2…
  continue reading
 
We talk about Tink with Sophie Schmieg, cryptographer and algebraic geometer at Google. Transcript: https://securitycryptographywhatever.com/2022/05/28/tink-with-sophie-schmieg/ Links: Sophie: https://twitter.com/SchmiegSophie Tink: https://github.com/google/tink RWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8 Where to store keys: https://…
  continue reading
 
Live from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program! Transcript: https://securitycryptographywhatever.com/2022/04/12/cancellable-crypto-takes-and-real-world-crypto/ Links: Tony's twete: https://twitter.com/bascule/status/1512539700220805124 Real World Crypto 2022: https://rwc.ia…
  continue reading
 
We're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time! Transcript: https://securitycryptographywhatever.com/…
  continue reading
 
We've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my! 🍪 Transcript: https://securitycryptographywhatever.com/2022/01/29/biscuits-with-geoffroy-couprie/ Links: Biscuits V2: https://www.biscuitsec.org Experiments iterating on Biscuits: https://g…
  continue reading
 
“Can I Tailscale my Chromecast?” You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM. Transcript: https://securitycryptographywhatever.com/2022/01/15/tailscale-with-avery-pennarun-brad-fitzpatrick/ People: Avery Pennarun (@apen…
  continue reading
 
We recorded this months ago, and now it's finally up! Colm MacCárthaigh joined us to chat about all things TLS, S2N, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC. Transcript: https://securitycryptographywhatever.com/2021/12/29/the-feeling-s-mutual-mtls-with-colm-maccarthaigh/ Find us at: https://twitte…
  continue reading
 
Happy New Year! Feliz Navidad! Merry Yule! Happy Hannukah! Pour one out for the log4j incident responders! We did a call-in episode on Twitter Spaces and recorded it, so that's why the audio sounds different. We talked about BLOCKCHAIN/Web3 (blech), testing, post-quantum crypto, client certificates, ssh client certificates, threshold cryptography, …
  continue reading
 
Hey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more! Transcript: https://securitycryptographywhatever.com/2021/12/05/wireguard-with-jason-donenfeld/ Links…
  continue reading
 
A conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. With special guest, George Tankersley! Transcript: https://securitycryptographywhatever.com/2021/10/26/pakes-oprfs…
  continue reading
 
A lot of fixes got pushed in the past week! Please apply your updates! Apple, Chrome, Matrix, Azure, and more nonsense. Transcript: https://securitycryptographywhatever.com/2021/09/20/patch-damnit/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian Links! The accuvant …
  continue reading
 
Not the hero the internet deserves, but the one we need: it's Ryan Sleevi! We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman…
  continue reading
 
We're talking about Apple's new proposed client-side CSAM detection system. We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green. We…
  continue reading
 
Benjamin Wesolowski talks about his latest paper in which he mathematically proved that the two fundamental problems underlying isogeny-based cryptography are equivalent. Links and papers discussed in the show: The supersingular isogeny path and endomorphism ring problems are equivalent Episode 5: Isogeny-based Cryptography for Dummies! Music compo…
  continue reading
 
We did not run out of things to talk about: Chrome vs. Safari vs. Firefox. Rust vs. C++. Bug bounties vs. exploit development. The Peace Corps vs. The Marine Corps. Transcript: https://securitycryptographywhatever.com/2021/08/21/platform-security-part-deux-with-justin-schuh/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum …
  continue reading
 
🔥JWT🔥 We talk about all sorts of tokens: JWT, PASETO, Protobuf Tokens, Macaroons, and Biscuits. With the great Jonathan Rudenberg! After we recorded this, Thomas went deep on tokens even beyond what we talked about here: https://fly.io/blog/api-tokens-a-tedious-survey/ Transcript: https://securitycryptographywhatever.com/2021/08/12/what-do-we-do-ab…
  continue reading
 
Special guest Filippo Valsorda joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general. After we recorded this, David went even deeper on 'rolling your own crypto' in a blog post here: https://dadrian.io/blog/posts/roll-your-own-crypto/ Transcript: https://security…
  continue reading
 
Deirdre, Thomas and David talk about NSO group, Pegasus, whether iOS a burning trash fire, the zero-day market, and whether rewriting all of iOS in Swift is a viable strategy for reducing all these vulns. Transcript: https://securitycryptographywhatever.com/2021/07/26/nso-group-pegasus-zero-days-i-os-message-security/ Find us at: https://twitter.co…
  continue reading
 
A team of cryptanalysits presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, they show that the initial state of GEA-1 can be recovered from as little as 65 bits of known keystream (with at least 24 bits coming from one frame) in time 240 GEA-1 evaluations and usi…
  continue reading
 
TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols. ALPACA is an application layer protocol con…
  continue reading
 
Nadim talks with Peter Schwabe and Matthias Kannwischer about the considerations — both in terms of security and performance — when implementing cryptographic primitives for low-level and embedded platforms. Links and papers discussed in the show: Optimizing crypto on embedded microcontrollers Implementing post-quantum cryptography on embedded micr…
  continue reading
 
Wi-Fi is a pretty central technology to our daily lives, whether at home or at the office. Given that so much sensitive data is regularly exchanged between Wi-Fi devices, a number of standards have been developed to ensure the privacy and authentication of Wi-Fi communications. However, a recent paper shows that every single Wi-Fi network protectio…
  continue reading
 
Contact discovery is a core feature in popular mobile messaging apps such as WhatsApp, Signal and Telegram that lets users grant access to their address book in order to discover which of their contacts are on that messaging service. While contact discovery is critical for WhatsApp, Signal and Telegram to function properly, privacy concerns arise w…
  continue reading
 
Loading …

راهنمای مرجع سریع