Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Internet Radio Done Right
45 subscribers
Checked 14d ago
اضافه شده در four سال پیش
محتوای ارائه شده توسط Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه Security Cryptography Whatever
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k
3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Daily Deals
پادکست هایی که ارزش شنیدن دارند
حمایت شده
T
This Is Woman's Work with Nicole Kalil
Let’s talk about adulting— actual adulting. Not just paying bills or keeping a houseplant alive, but the kind that involves emotional maturity, healthy boundaries, and conscious self-leadership. Because let’s be honest, most of us weren’t taught how to be fully functioning adults… and it shows. Joining us is Michelle Chalfant , licensed therapist turned holistic life coach, creator of The Adult Chair® model, and author of the new book The Adult Chair: Get Unstuck, Claim Your Power, and Transform Your Life . With millions reached through her podcast, coaching programs, and retreats, she’s here to walk us through the five pillars of being a healthy, grounded adult. Here’s the truth: being an adult isn’t about checking boxes or pretending you’re fine. It’s about owning your truth. Feeling your feelings. Practicing compassion without letting yourself off the hook. It’s about setting firm boundaries—with no need for justification—and recognizing that your triggers are not flaws, they’re clues. None of us were handed a guidebook for how to grow up emotionally. We inherited patterns from people who were figuring it out as they went. But what Michelle shares today is empowering: it’s never too late to unlearn what no longer serves you and become the adult you were meant to be. Whether you’re starting this work or knee-deep in your personal development era, this episode will meet you where you are—and help you move forward with clarity, self-trust, and strength. Connect with Michelle: Website: https://theadultchair.com/ Book: https://theadultchair.com/book IG: https://www.instagram.com/themichellechalfant/?hl=en FB: https://www.facebook.com/@TheMichelleChalfant/ YouTube: https://www.youtube.com/c/michellechalfant Related Podcast Episodes: How To Build Emotionally Mature Leaders with Dr. Christie Smith | 272 Boundaries vs. Ultimatums with Jan & Jillian Yuhas | 297 Gentleness: Cultivating Compassion for Yourself and Others with Courtney Carver | 282 Share the Love: If you found this episode insightful, please share it with a friend, tag us on social media, and leave a review on your favorite podcast platform! 🔗 Subscribe & Review: Apple Podcasts | Spotify | Amazon Music Learn more about your ad choices. Visit megaphone.fm/adchoices…
Cryptanalyzing LLMs with Nicholas Carlini
Manage episode 463607233 series 2956114
محتوای ارائه شده توسط Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
'Let us model our large language model as a hash function—'
Sold.
Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs and other attacks, just as the ones that made OpenAI turn off some features, hehehehe.
Watch episode on YouTube: https://youtu.be/vZ64xPI2Rc0
Transcript: https://securitycryptographywhatever.com/2025/01/28/cryptanalyzing-llms-with-nicholas-carlini/
Links:
- https://nicholas.carlini.com
- “Stealing Part of a Production Language Model”: https://arxiv.org/pdf/2403.06634
- ‘Why I attack"’: https://nicholas.carlini.com/writing/2024/why-i-attack.html
- “Cryptanalytic Extraction of Neural Network Models”, CRYPTO 2020: https://arxiv.org/abs/2003.04884
- “Stochastic Parrots”: https://dl.acm.org/doi/10.1145/3442188.3445922
- https://help.openai.com/en/articles/5247780-using-logit-bias-to-alter-token-probability-with-the-openai-api
- https://community.openai.com/t/temperature-top-p-and-top-k-for-chatbot-responses/295542
- https://opensource.org/license/mit
- https://github.com/madler/zlib
- https://ai.meta.com/blog/yann-lecun-ai-model-i-jepa/
- https://nicholas.carlini.com/writing/2024/how-i-use-ai.html
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
فصل ها
1. Mathematical Attacks on AI Security (00:00:00)
2. AI Model Extraction and Security (00:12:07)
3. Model Extraction Security Mechanism Analysis (00:16:11)
4. Model Extraction Attack Methodology Discussion (00:29:18)
5. Training Data Extraction Attack Methodology (00:39:00)
6. Data Poisoning Attacks and Defenses (00:50:59)
7. AI Security Defense Challenges and Strategies (00:59:24)
8. Exploring AI Model Capabilities (01:06:20)
9. Challenges in AI Model Security (01:15:21)
55 قسمت
اشتراک گذاریManage episode 463607233 series 2956114
محتوای ارائه شده توسط Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
'Let us model our large language model as a hash function—'
Sold.
Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs and other attacks, just as the ones that made OpenAI turn off some features, hehehehe.
Watch episode on YouTube: https://youtu.be/vZ64xPI2Rc0
Transcript: https://securitycryptographywhatever.com/2025/01/28/cryptanalyzing-llms-with-nicholas-carlini/
Links:
- https://nicholas.carlini.com
- “Stealing Part of a Production Language Model”: https://arxiv.org/pdf/2403.06634
- ‘Why I attack"’: https://nicholas.carlini.com/writing/2024/why-i-attack.html
- “Cryptanalytic Extraction of Neural Network Models”, CRYPTO 2020: https://arxiv.org/abs/2003.04884
- “Stochastic Parrots”: https://dl.acm.org/doi/10.1145/3442188.3445922
- https://help.openai.com/en/articles/5247780-using-logit-bias-to-alter-token-probability-with-the-openai-api
- https://community.openai.com/t/temperature-top-p-and-top-k-for-chatbot-responses/295542
- https://opensource.org/license/mit
- https://github.com/madler/zlib
- https://ai.meta.com/blog/yann-lecun-ai-model-i-jepa/
- https://nicholas.carlini.com/writing/2024/how-i-use-ai.html
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
فصل ها
1. Mathematical Attacks on AI Security (00:00:00)
2. AI Model Extraction and Security (00:12:07)
3. Model Extraction Security Mechanism Analysis (00:16:11)
4. Model Extraction Attack Methodology Discussion (00:29:18)
5. Training Data Extraction Attack Methodology (00:39:00)
6. Data Poisoning Attacks and Defenses (00:50:59)
7. AI Security Defense Challenges and Strategies (00:59:24)
8. Exploring AI Model Capabilities (01:06:20)
9. Challenges in AI Model Security (01:15:21)
55 قسمت
All episodes
×
S
Security Cryptography Whatever
1 E2EE Storage Done Right with Matilda Backendal Jonas Hofmann and Kien Tuong Truong 1:02:25
1:02:25 
پخش در آینده 
پخش در آینده 
لیست ها 
پسندیدن 
دوست داشته شد1:02:25
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدIt seems like everyone that tries to deploy end-to-end encrypted cloud storage seems to mess it up, often in new and creative ways. Our special guests Matilda Backendal, Jonas Hofmann, and Kien Tuong Truong give us a tour through the breakage and discuss a new formal model of how to actually build a secure E2EE storage system. Watch on YouTube: https://youtu.be/sizLiK_byCw Transcript: https://securitycryptographywhatever.com/2025/05/19/e2ee-storage/ Links: - https://brokencloudstorage.info - https://eprint.iacr.org/2024/1616.pdf - https://www.sync.com - https://www.pcloud.com - https://icedrive.net - https://seafile.com - https://tresorit.com - https://eprint.iacr.org/2024/989.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
Migrating the US government to quantum-resistant cryptography is hard, luckily the gamer presidents are on it. This episode is extremely not safe for work, nor does it reflect the political opinions of, well, anybody. "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
Apple has pulled the availability of their opt-in iCloud end-to-end encryption feature, called Advanced Data Protection, in the UK. This doesn't only affect UK Apple users, however. To help us make sense of this surprising move from the fruit company, we got Matt Green, Associate Professor at Johns Hopkins, and Joe Hall, Distinguished Technologist at the Internet Society, on the horn. Recorded Saturday February 22nd, 2025. Transcript: https://securitycryptographywhatever.com/2025/02/24/apple-pulls-adp-in-uk/ Watch episode on YouTube: https://youtu.be/LAn_yOGUkR0 Links: - https://www.lawfaremedia.org/article/apples-cloud-key-vault-and-secure-law-enforcement-access - https://www.androidcentral.com/how-googles-backup-encryption-works-good-bad-and-ugly - https://gdpr.eu/right-to-be-forgotten/ - https://www.legislation.gov.uk/id/ukpga/2024/9 - https://www.nytimes.com/2021/05/17/technology/apple-china-censorship-data.html - https://en.wikipedia.org/wiki/Salt_Typhoon - Salt Typhoon: https://www.cisa.gov/news-events/news/strengthening-americas-resilience-against-prc-cyber-threats - https://www.bloomberg.com/news/articles/2025-02-21/apple-removes-end-to-end-encryption-feature-from-uk-after-backdoor-order - https://support.apple.com/en-us/102651 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Cryptanalyzing LLMs with Nicholas Carlini 1:20:42
1:20:42 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:20:42
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد'Let us model our large language model as a hash function—' Sold. Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs and other attacks, just as the ones that made OpenAI turn off some features, hehehehe. Watch episode on YouTube: https://youtu.be/vZ64xPI2Rc0 Transcript: https://securitycryptographywhatever.com/2025/01/28/cryptanalyzing-llms-with-nicholas-carlini/ Links: - https://nicholas.carlini.com - “Stealing Part of a Production Language Model”: https://arxiv.org/pdf/2403.06634 - ‘Why I attack"’: https://nicholas.carlini.com/writing/2024/why-i-attack.html - “Cryptanalytic Extraction of Neural Network Models”, CRYPTO 2020: https://arxiv.org/abs/2003.04884 - “Stochastic Parrots”: https://dl.acm.org/doi/10.1145/3442188.3445922 - https://help.openai.com/en/articles/5247780-using-logit-bias-to-alter-token-probability-with-the-openai-api - https://community.openai.com/t/temperature-top-p-and-top-k-for-chatbot-responses/295542 - https://opensource.org/license/mit - https://github.com/madler/zlib - https://ai.meta.com/blog/yann-lecun-ai-model-i-jepa/ - https://nicholas.carlini.com/writing/2024/how-i-use-ai.html "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
Just a few days before turning off the lights, the Biden administration dropped a huge cybersecurity executive order including a lot of good stuff, that hopefully [cross your fingers, knock wood, spin around three times and spit] will last into future administrations. We snagged some time with Carole House, outgoing Special Advisor and Acting Senior Director for Cybersecurity and Critical Infrastructure Policy, National Security Council in the Biden-Harris White House, to give us a brain dump. And now due to popular demand, with video of our actual human¹ faces! https://youtu.be/Pqw0W2crQiM Transcript: https://securitycryptographywhatever.com/2025/01/20/bidens-cyber-everything-bagel-carole-house/ Links: - https://www.federalregister.gov/d/2025-01470 - https://www.wired.com/story/biden-executive-order-cybersecurity-ai-and-more/ - 2022 EO: https://archive.ph/hvzWd - 2023 EO: https://www.whitehouse.gov/wp-content/uploads/2023/06/M-23-16-Update-to-M-22-18-Enhancing-Software-Security-1.pdf - 2021 EO: https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity - NIST SSDF: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf - https://www.federalregister.gov/documents/2015/04/02/2015-07788/blocking-the-property-of-certain-persons-engaging-in-significant-malicious-cyber-enabled-activities - IEEPA: https://www.govinfo.gov/content/pkg/USCODE-2023-title50/pdf/USCODE-2023-title50-chap35-sec1701.pdf ¹ Actual human faces not guaranteed in all cases "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
THE QUANTUM COMPUTERS ARE COMING...right? We got Samuel Jacques and John Schanck at short notice to answer that question plus a bunch of other about error correcting codes, logical qubits, T-gates, and more about Google's new quantum computer Willow. Transcript: https://securitycryptographywhatever.com/2024/12/18/quantum-willow Links: - https://blog.google/technology/research/google-willow-quantum-chip/ - https://research.google/blog/making-quantum-error-correction-work/ - https://blog.google/technology/google-deepmind/alphaqubit-quantum-error-correction/ - https://www.nature.com/articles/s41586-024-08449-y - Sam’s ‘Landscape of Quantum Computing’ chart: https://sam-jaques.appspot.com/quantum\_landscape\_2024 - The above, originally published in 2021: https://sam-jaques.appspot.com/quantum\_landscape - https://sam-jaques.appspot.com - https://jmschanck.info/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Dual_EC_DRBG with Justin Schuh and Matthew Green 1:07:45
1:07:45 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:07:45
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدNothing we have ever recorded on SCW has brought so much joy to David. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body. Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup. Transcript: https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbg Links: - Dicky George at InfiltrateCon 2014, 'Life at Both Ends of the Barrel - An NSA Targeting Retrospective': [https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q](https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q) - Dicky George: [https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/](https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/) - NYTimes on Sigint Enabling Project: [https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html](https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html) - On the Practical Exploitability of Dual EC in TLS Implementations: [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf) - Wired - Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA [https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/](https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/) - ProPublica - Revealed: The NSA's Secret Campaign to Crack, Undermine Internet Security [https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption](https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption) - DDoSecrets - Sigint Enabling Project: [https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf](https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf) - IAD: [https://www.iad.gov/](https://www.iad.gov/) - Ars Technica - “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic: [https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/](https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/) - 2015 IMPORTANT JUNIPER SECURITY ANNOUNCEMENT: [https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554](https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554) - Extended Random Values for TLS: [https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00](https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00) - The Art of Software Security Assessment: [https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426) "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep 1:13:55
1:13:55 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:13:55
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدYou may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉 Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/ Links: - https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html - “Safe Coding”: https://dl.acm.org/doi/10.1145/3651621 - “effectiveness of security design”: https://docs.google.com/presentation/d/16LZ6T-tcjgp3T8_N3m0pa5kNA1DwIsuMcQYDhpMU7uU/edit#slide=id.g3e7cac054a_0_89 - https://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html - https://github.com/google/crubit - https://github.com/google/autocxx - https://en.wikipedia.org/wiki/Stagefright_(bug) - https://security.googleblog.com/2021/04/rust-in-android-platform.html - https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md - https://www.usenix.org/conference/usenixsecurity22/presentation/alexopoulos -https://kb.meinbergglobal.com/kb/time_sync/ntp/ntp_vulnerabilities_reported_2023-04 - https://blog.isosceles.com/the-legacy-of-stagefright/ - https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/ - https://www.youtube.com/watch?v=QrrH2lcl9ew - https://source.android.com/docs/setup/build/rust/building-rust-modules/overview - https://github.com/rust-lang/rust-bindgen - https://security.googleblog.com/2021/06/rustc-interop-in-android-platform.html "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Campaign Security with [REDACTED] 1:23:39
1:23:39 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:23:39
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدWith the 2024 United States Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late August, 2024. Transcript: https://securitycryptographywhatever.com/2024/10/13/campaign-security/ Links: - Active Measures by Thomas Rind: https://us.macmillan.com/books/9780374287269/activemeasures - Aurora: https://en.wikipedia.org/wiki/Operation\_Aurora - Google APP announcement, October 2017: https://www.wired.com/story/google-advanced-protection-locks-down-accounts/ - XXD: https://linux.die.net/man/1/xxd - Adobe Reader October 2016 Security Update: https://helpx.adobe.com/security/products/acrobat/apsb16-33.html "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Telegram with Matthew Green 1:04:04
1:04:04 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:04:04
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدWe finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind! Transcript: https://securitycryptographywhatever.com/2024/09/06/telegram Links: - https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/ - Lavabit / Ladar Levinson: https://en.wikipedia.org/wiki/Lavabit - Pavel Durov indictment statement from French authorities: https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-08/2024-08-28%20-%20CP%20TELEGRAM%20mise%20en%20examen.pdf - MTProto 2.0 protocol spec: https://core.telegram.org/api/end-to-end - https://words.filippo.io/dispatches/telegram-ecdh/ - MTProto 1.0 (old no longer used): - https://web.archive.org/web/20131220000537/https://core.telegram.org/api/end-to-end#key-generation - OTR: https://otr.cypherpunks.ca/otr-wpes.pdf - AES and sha2 used in ‘Infinite Garble Extension’ mode: https://eprint.iacr.org/2015/1177.pdf - Four Attacks and a Proof for Telegram: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833666 - History of Telegram e2ee chats availability: https://en.wikipedia.org/wiki/Telegram_(software)#Architecture - https://securitycryptographywhatever.com/2023/01/27/threema/ - https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/ - https://en.wikipedia.org/wiki/Matrix_(protocol), introduced in September 2014 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
Are you going to be in Vegas during BlackHat / DEF CON? We're hosting a mixer, sponsored by Observa ! We have limited capacity, so please only register if you can actually come. Location details are in the confirmation email. Tickets will be released in batches, so if you get waitlisted, there's a good chance you still get in. Looking forward to seeing you in Vegas! Ticket Link: https://www.eventbrite.com/e/scwpod-vegas-2024-tickets-946939099337 We talk about CrowdStrike in this episode, but we know we made some mistakes: The sys files may be code in addition to data. The bug might be bigger than "just" a null pointer exception. Luckily, none of that is actually relevant to the main issues we discuss. Show page: https://securitycryptographywhatever.com/2024/07/24/summertime-sadness/ Other Links: https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization https://dadrian.io/blog/posts/pqc-signatures-2024/ https://dadrian.io/blog/posts/cto/ https://www.blackhat.com/us-24/briefings/schedule/ https://terrapin-attack.com/ https://www.youtube.com/watch?v=-AqayGm0_pw More like ClownStrike, amirite? "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Zero Day Markets with Mark Dowd 1:25:49
1:25:49 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:25:49
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدWe have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive security work. Transcript: https://securitycryptographywhatever.com/2024/06/24/mdowd/ Links: https://www.azimuthsecurity.com/ https://www.vigilantlabs.com/ https://github.com/mdowd79/presentations/blob/main/bluehat2023-mdowd-final.pdf https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Hack-Different-Pwning-IOS-14-With-Generation-Z-Bug-wp.pdf https://i.blackhat.com/USA-19/Wednesday/us-19-Shwartz-Selling-0-Days-To-Governments-And-Offensive-Security-Companies.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
iykyk Transcript: https://securitycryptographywhatever.com/2024/05/25/ekr/ Links: - https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt - https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf - https://datatracker.ietf.org/doc/html/rfc8446 - SoK: SCT Auditing in Certificate Transparency: https://arxiv.org/pdf/2203.01661 - A hard look at Certificate Transparency, Part I: Transparency Systems: https://educatedguesswork.org/posts/transparency-part-1/ - A hard look at Certificate Transparency: CT in Reality: https://educatedguesswork.org/posts/transparency-part-2/ - E2EE on the web: is the web really that bad? https://emilymstark.com/2024/02/09/e2ee-on-the-web-is-the-web-really-that-bad.html - Launching Default End-to-End Encryption on Messenger: https://about.fb.com/news/2023/12/default-end-to-end-encryption-on-messenger/ - ekr's newsletter: https://educatedguesswork.org - Over 25 years of ekr RFCs: https://www.rfc-editor.org/search/rfc_search_detail.php?sortkey=Date&sorting=DESC&page=All&author=rescorla&pubstatus[]=Any&pub_date_type=any Subscribe to his newsletter at https://educatedguesswork.org/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 STIR/SHAKEN with Paul Grubbs and Josh Brown 1:01:47
1:01:47 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:01:47
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدJosh Brown and Paul Grubbs join us to describe how those damned spam calls work, and how STIR/SHAKEN is supposed to try to stop them, but have other privacy and security implications as well. Transcript: https://securitycryptographywhatever.com/2024/04/30/stir-shaken/ Links: - https://iacr.org/submit/files/slides/2024/rwc/rwc2024/98/slides.pdf - https://www.youtube.com/watch?v=3trxXF0-fRU - Paul Grubbs: https://web.eecs.umich.edu/~paulgrub/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166 This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed this podcast. "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations: Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebila/ Links: - https://security.apple.com/blog/imessage-pq3/ - Security analysis of the iMessage PQ3 protocol https://security.apple.com/assets/files/A_Formal_Analysis_of_the_iMessage_PQ3_Messaging_Protocol_Basin_et_al.pdf - Ratcheting design: https://eprint.iacr.org/2024/220.pdf - When Messages are Keys: Is HMAC a dual-PRF?: https://eprint.iacr.org/2023/861.pdf - Real World Deniability in Messaging: https://eprint.iacr.org/2023/403.pdf - Padmé: https://www.petsymposium.org/2019/files/papers/issue4/popets-2019-0056.pdf - Max Headroom: https://www.youtube.com/watch?v=cYdpOjletnc - Extended Canetti-Krawczyk model: https://iacr.org/archive/eurocrypt2001/20450451.pdf - Douglas Stebila: https://www.douglas.stebila.ca/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code! Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assurance-kyber/ Links: - https://cryspen.com/post/ml-kem-implementation/ - https://github.com/cryspen/libcrux/ - https://github.com/formosa-crypto/libjade - https://cryspen.com/post/pqxdh/ - https://eprint.iacr.org/2023/1933.pdf - Franziskus Kiefer: https://franziskuskiefer.de/ - Karthik Bhargavan: https://bhargavan.info/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
Facebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major cross-platform endeavor, and how David Bowie fits into their personal Labyrinth. Transcript: https://securitycryptographywhatever.com/2023/12/28/e2ee-fb-messenger/ Links: - https://www.facebook.com/notes/2420600258234172 - https://eprint.iacr.org/2022/1044.pdf - https://engineering.fb.com/2023/12/06/security/building-end-to-end-security-for-messenger/ - https://www.theverge.com/2023/12/6/23991501/facebook-messenger-default-end-to-end-encryption-meta - https://www.threads.net/@jonmillican/post/C0kQPAyoFpr - https://engineering.fb.com/wp-content/uploads/2023/12/MessengerEnd-to-EndEncryptionOverview_12-6-2023.pdf - https://engineering.fb.com/wp-content/uploads/2023/12/TheLabyrinthEncryptedMessageStorageProtocol_12-6-2023.pdf - https://engineering.fb.com/2022/03/10/security/code-verify/ - https://chrome.google.com/webstore/detail/code-verify/llohflklppcaghdpehpbklhlfebooeog "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
Returning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my! Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/ Links: - https://pq-crystals.org/kyber/index.shtml - https://pq-crystals.org/dilithium/index.shtml - https://eprint.iacr.org/2019/930.pdf - https://en.wikipedia.org/wiki/Short_integer_solution_problem - Frodo: https://eprint.iacr.org/2016/659 - https://csrc.nist.gov/CSRC/media/Events/third-pqc-standardization-conference/documents/accepted-papers/ribeiro-saber-pq-key-pqc2021.pdf - https://en.wikipedia.org/wiki/Hermite_normal_form - https://en.wikipedia.org/wiki/Wagner%E2%80%93Fischer_algorithm - https://www.math.auckland.ac.nz/~sgal018/crypto-book/ch18.pdf - https://eprint.iacr.org/2019/1161 - QRAM: https://arxiv.org/abs/2305.10310 - https://en.wikipedia.org/wiki/Lenstra%E2%80%93Lenstra%E2%80%93Lov%C3%A1sz_lattice_basis_reduction_algorithm - MATZOV improved dual lattice attack: https://zenodo.org/records/6412487 - https://eprint.iacr.org/2008/504.pdf - https://eprint.iacr.org/2023/302.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted 1:19:05
1:19:05 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:19:05
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدWe're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser. Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etc Links: - https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/ - https://github.com/superfly/macaroon - https://cryspen.com/post/pqxdh/ - https://eprint.iacr.org/2023/1390.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis! “At the point where we find an intelligible English string that generates the NIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.” Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curves Links: - Steve’s post: https://saweis.net/posts/nist-curve-seed-origins.html - ANSI X9.62 ECDSA: https://safecurves.cr.yp.to/grouper.ieee.org/groups/1363/private/x9-62-09-20-98.pdf / FIPS 186-2 https://csrc.nist.gov/files/pubs/fips/186-2/final/docs/fips186-2.pdf - “A RIDDLE WRAPPED IN AN ENIGMA”: https://eprint.iacr.org/2015/1018.pdf - https://arstechnica.com/information-technology/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/ - https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-institute-of-standards-and-technology-78756/ - https://www.muckrock.com/foi/united-states-of-america-10/origin-of-fips-186-4-elliptic-curves-over-prime-field-seed-parameters-national-security-agency-78755/ - Filippo’s bounty: https://words.filippo.io/dispatches/seeds-bounty/ - Recommendations for Discrete Logarithm-based Cryptography: Elliptic Curve Domain Parameters - NIST 800-186 with Curve25519 and friends - RFC 8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier - https://www.rfc-editor.org/rfc/rfc4492#section-6 - https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/ - https://en.wikipedia.org/wiki/Bullrun_(decryption_program) - https://en.wikipedia.org/wiki/BSAFE - https://sockpuppet.org/blog/2015/08/04/is-extended-random-malicious/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
We're back from our summer vacation! We're covering a bunch of stuff we saw and did: Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/ Links: - Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html - Downfall: https://downfall.page - Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
What does P vs NP have to do with cryptography? Why do people love and laugh about the random oracle model? What's an oracle? What do you mean factoring and discrete log don't have proofs of hardness? How does any of this cryptography stuff work, anyway? We trapped Steve Weis into answering our many questions. Transcript: https://securitycryptographywhatever.com/2023/06/29/why-do-we-think-anything-is-secure-with-steve-weis/ Links: - The Random Oracle Methodology, Revisited: https://eprint.iacr.org/1998/011.pdf - Factoring integers with CADO-NFS: https://www.ens-lyon.fr/LIP/AriC/wp-content/uploads/2015/03/JDetrey-tutorial.pdf - On One-way Functions from NP-Complete Problems: https://eprint.iacr.org/2021/513.pdf - Seny Kamara's lecture notes on provable security: https://cs.brown.edu/~seny/2950-v/2-provablesecurity.pdf - How To Simulate It – A Tutorial on the Simulation Proof Technique: https://eprint.iacr.org/2016/046.pdf - A Survey of Leakage-Resilient Cryptography: https://eprint.iacr.org/2019/302 - A Decade of Lattice Cryptography: https://eprint.iacr.org/2015/939.pdf "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped. Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/ Links: https://mjg59.dreamwidth.org/66791.html https://help.twitter.com/en/using-twitter/encrypted-direct-messages https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/ BrokenKDF2BytesGenerator: https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java#L70 Analysis from sweis: https://twitter.com/sweis/status/1657082478727933954?s=20 https://signal.org/docs/specifications/x3dh/ https://signal.org/docs/specifications/doubleratchet/ https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages Trail of Bits has not audited nor signed a contract yet, per Platformer: https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works. Transcript: https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparency Links: https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/ https://github.com/facebook/akd Parkeet: https://eprint.iacr.org/2023/081.pdf CONIKS: https://eprint.iacr.org/2014/1004.pdf SEEMless: https://eprint.iacr.org/2018/607.pdf WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf Keybase key transparency: https://book.keybase.io/docs/server "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
Messaging Layer Security (MLS) 1.0 is (basically) here! We invited Raphael Robert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?) Transcript: https://securitycryptographywhatever.com/2023/04/22/mls/ Links: - https://messaginglayersecurity.rocks/ - https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html - https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html - https://github.com/openmls/openmls - https://eprint.iacr.org/2022/1533.pdf - https://eprint.iacr.org/2020/1327.pdf - https://eprint.iacr.org/2022/559.pdf - https://signal.org/docs/ - https://en.wikipedia.org/wiki/Key_encapsulation_mechanism - https://twitter.com/beurdouche/status/1220617962182389760 - https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#mls-ciphersuites - https://www.ietf.org/archive/id/draft-ietf-mls-federation-02.html - https://datatracker.ietf.org/wg/mimi/documents/ - https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en - Yes in the protocol document this is 1.0: https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#section-6 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken. Links https://rwc.iacr.org/2023/ https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Transcript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
1 Threema with Kenny Paterson, Matteo Scarlata and Kien Tuong Truong 1:03:55
1:03:55 پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شد1:03:55
پخش در آینده پخش در آینده لیست ها پسندیدن دوست داشته شدAnother day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts. Transcript: https://securitycryptographywhatever.com/2023/01/27/threema/ Links: https://breakingthe3ma.app/ https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf https://threema.ch/en/blog/posts/ibex "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die? Also some musings about Bruce Schneier. Errata: Schneier's honorary PhD is from the University of Westminster, not UW. Transcript: https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-computer/ Links: https://arxiv.org/pdf/2212.12372.pdf https://eprint.iacr.org/2021/232.pdf https://github.com/lducas/SchnorrGate https://sweis.medium.com/did-schnorr-destroy-rsa-show-me-the-factors-dcb1bb980ab0 https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html https://scottaaronson.blog/?p=6957 "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
S
Security Cryptography Whatever
David and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF. Transcript: https://securitycryptographywhatever.com/2023/01/04/end-of-year-wrap-up/ Links: https://tailscale.com/blog/tailnet-lock/ https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html https://groups.google.com/a/chromium.org/g/chromium-dev/c/0z-6VJ9ZpVU "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)…
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
Daily Deals
مشابه Security Cryptography Whatever
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Flash Forward is a show about possible (and not so possible) future scenarios. What would the warranty on a sex robot look like? How would diplomacy work if we couldn’t lie? Could there ever be a fecal transplant black market? (Complicated, it wouldn’t, and yes, respectively, in case you’re curious.) Hosted and produced by award winning science journalist Rose Eveleth, each episode combines audio drama and journalism to go deep on potential tomorrows, and uncovers what those futures might re ...
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
