45 subscribers
با برنامه Player FM !
پادکست هایی که ارزش شنیدن دارند
حمایت شده
Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted
Manage episode 382558625 series 2956114
We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser.
Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etc
Links:
- https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/
- https://github.com/superfly/macaroon
- https://cryspen.com/post/pqxdh/
- https://eprint.iacr.org/2023/1390.pdf
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
فصل ها
1. Issues With Encrypted Jabber Communications (00:00:00)
2. App and Web Security Challenges (00:13:53)
3. Benefits and Limitations of Web Encryption (00:22:26)
4. Benefits and Challenges of Browser-Based Cryptography (00:29:54)
5. Web App Security and Distribution Models (00:35:09)
6. Web Security and Signal Key Exchange (00:48:36)
7. X3DH Protocol and Signal's Key Exchange (00:53:49)
8. Camry Encapsulation Attack and Secure Encryption (01:08:11)
55 قسمت
Manage episode 382558625 series 2956114
We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser.
Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etc
Links:
- https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/
- https://github.com/superfly/macaroon
- https://cryspen.com/post/pqxdh/
- https://eprint.iacr.org/2023/1390.pdf
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
فصل ها
1. Issues With Encrypted Jabber Communications (00:00:00)
2. App and Web Security Challenges (00:13:53)
3. Benefits and Limitations of Web Encryption (00:22:26)
4. Benefits and Challenges of Browser-Based Cryptography (00:29:54)
5. Web App Security and Distribution Models (00:35:09)
6. Web Security and Signal Key Exchange (00:48:36)
7. X3DH Protocol and Signal's Key Exchange (00:53:49)
8. Camry Encapsulation Attack and Secure Encryption (01:08:11)
55 قسمت
همه قسمت ها
×
1 E2EE Storage Done Right with Matilda Backendal Jonas Hofmann and Kien Tuong Trong 1:02:25

1 Cryptanalyzing LLMs with Nicholas Carlini 1:20:42

1 Dual_EC_DRBG with Justin Schuh and Matthew Green 1:07:45

1 A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep 1:13:55

1 Campaign Security with [REDACTED] 1:23:39

1 Telegram with Matthew Green 1:04:04

1 Zero Day Markets with Mark Dowd 1:25:49

1 STIR/SHAKEN with Paul Grubbs and Josh Brown 1:01:47



1 Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted 1:19:05



1 Threema with Kenny Paterson, Matteo Scarlata and Kien Tuong Truong 1:03:55


1 Matrix with Martin Albrecht and Dan Jones 1:06:24

1 SOC2 with Sarah Harvey 1:01:37



1 Passkeys with Adam Langley 1:03:01


1 OMB Zero Trust Memo with Eric Mill 1:00:33

1 Tink with Sophie Schmieg 1:07:02

1 Cancellable Crypto Takes and Real World Crypto 1:11:04

1 Lattices and Michigan Football with Chris Peikert 1:10:01

1 Tailscale with Avery Pennarun and Brad Fitzpatrick 1:18:22

1 The feeling's mutual: mTLS with Colm MacCárthaigh 1:10:31

1 Holiday Call-in Spectacular! 1:22:09

1 WireGuard with Jason Donenfeld 1:21:06

1 PAKEs, oPRFs, algebra with George Tankersley 1:15:09


1 How to be a Certificate Authority with Ryan Sleevi 1:34:11

1 Platform Security Part Deux with Justin Schuh 1:20:02

1 What do we do about JWT? with Jonathan Rudenberg 1:14:56

1 The Great "Roll Your Own Crypto" Debate with Filippo Valsorda 1:00:48
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.