Security Cryptography Whatever
63 episodes - English - Latest episode: about 1 month ago - ★★★★★ - 51 ratingsSome cryptography & security people talk about security, cryptography, and whatever else is happening.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Cryptography Tier List
March 23, 2024 06:00 - 19 minutes - 13.4 MB(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166 This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed this podcast. "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcad...
Post-Quantum iMessage with Douglas Stebila
March 03, 2024 21:00 - 55 minutes - 38.2 MBApple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations: Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebila/ Links: - https://security.apple.com/blog/imessage-pq3/ - Security analysis of the iMessage...
High-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik Bhargavan
January 29, 2024 23:00 - 56 minutes - 38.6 MBWe welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code! Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assurance-kyber/ Links: - https://cryspen.com/post/ml-kem-implementation/ - https://github.com/cryspen/libcrux/ - https://github.com/formosa-crypto/l...
Encrypting Facebook Messenger with Jon Millican and Timothy Buck
December 28, 2023 22:00 - 59 minutes - 40.9 MBFacebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major cross-platform endeavor, and how David Bowie fits into their personal Labyrinth. Transcript: https://securitycryptographywhatever.com/2023/12/28/e2ee-fb-messenger/ Links: - https://www.facebook.com/notes/2420600258234172 - https://eprint.iacr.org/20...
Attacking Lattice-based Cryptography with Martin Albrecht
November 13, 2023 17:00 - 57 minutes - 39.4 MBReturning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my! Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/ Links: - https://pq-crystals.org/kyber/index.shtml - https://pq-crystals.org/dilithium/index.shtml - https://eprint.iacr.org/2019/930.pdf - https://en.wikipedia.org/wiki/Short_integer_solution_problem - Frodo: https://eprint.i...
Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted
November 07, 2023 10:00 - 1 hour - 54.3 MBWe're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser. Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etc Links: - https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/ - https:/...
'Jerry Solinas deserves a raise' with Steve Weis
October 12, 2023 03:00 - 57 minutes - 39.5 MBWe explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis! “At the point where we find an intelligible English string that generates the NIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.” Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curves Links: - Steve’s post: https://saweis.net/posts/nist-curve-seed-origins.html - ANSI X9.62 ECDSA: https://safecurves.cr....
Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades
September 13, 2023 07:00 - 58 minutes - 40.3 MBWe're back from our summer vacation! We're covering a bunch of stuff we saw and did: Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/ Links: - Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html - Downfall: https://downfall.page - Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@da...
Why do we think anything is secure, with Steve Weis
June 29, 2023 07:00 - 46 minutes - 31.8 MBWhat does P vs NP have to do with cryptography? Why do people love and laugh about the random oracle model? What's an oracle? What do you mean factoring and discrete log don't have proofs of hardness? How does any of this cryptography stuff work, anyway? We trapped Steve Weis into answering our many questions. Transcript: https://securitycryptographywhatever.com/2023/06/29/why-do-we-think-anything-is-secure-with-steve-weis/ Links: - The Random Oracle Methodology, Revisited: https://eprint...
Elon's Encrypted DMs with Matthew Garrett
May 29, 2023 17:00 - 52 minutes - 36.1 MBAre Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped. Transcript: https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/ Links: https://mjg59.dreamwidth.org/66791.html https://help.twitter.com/en/using-twitter/encrypted-direct-messages https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypt...
WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi
May 06, 2023 07:00 - 55 minutes - 38.3 MBWhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works. Transcript: https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparency Links: https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/ https://github.com/facebook/akd Parkeet: https://eprint.iacr.org/2023/081.pdf CONIKS: https://eprint.iac...
Messaging Layer Security (MLS) with Raphael Robert
April 22, 2023 21:00 - 55 minutes - 37.8 MBMessaging Layer Security (MLS) 1.0 is (basically) here! We invited Raphael Robert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?) Transcript: https://securitycryptographywhatever.com/2023/04/22/mls/ Links: - https://messaginglayersecurity.rocks/ - https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html - https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html - https:...
Real World: Crypto (2023)
March 25, 2023 02:00 - 54 minutes - 37.7 MBReal World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken. Links https://rwc.iacr.org/2023/ https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Transcript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Threema with Kenny Paterson, Matteo Scarlata, & Kien Tuong Truong
January 27, 2023 06:00 - 1 hour - 43.9 MBAnother day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts. Transcript: https://securitycryptographywhatever.com/2023/01/27/threema/ Links: https://breakingthe3ma.app/ https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf https://thr...
Threema with Kenny Paterson, Matteo Scarlata and Kien Tuong Truong
January 27, 2023 06:00 - 1 hour - 43.9 MBAnother day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts. Transcript: https://securitycryptographywhatever.com/2023/01/27/threema/ Links: https://breakingthe3ma.app/ https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf https://thr...
Has RSA been destroyed by a quantum computer???
January 07, 2023 04:00 - 41 minutes - 28.4 MBThere's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die? Also some musings about Bruce Schneier. Errata: Schneier's honorary PhD is from the University of Westminster, not UW. Transcript: https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-computer/ Links: https://arxiv.org/pdf/2212.12372.pdf https://eprint.iacr.org/2021/232.pdf https://github.com/lducas/SchnorrGate https://swei...
End of Year Wrap Up
January 05, 2023 02:00 - 59 minutes - 40.8 MBDavid and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF. Transcript: https://securitycryptographywhatever.com/2023/01/04/end-of-year-wrap-up/ Links: https://tailscale.com/blog/tailnet-lock/ https://security.googleblog.com/2022/12/memory-safe-languages-in-android-13.html https://groups.google.com/a/chromium.org/g/...
Software Safety and Twitter with Kevin Riggle
November 24, 2022 08:00 - 58 minutes - 40.3 MBWe talk to Kevin Riggle (@kevinriggle) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half the audience! https://twitter.com/kevinriggle Transcript: https://securitycryptographywhatever.com/2022/11/24/software-safety-and-twitter-with-...
Matrix with Martin Albrecht and Dan Jones
November 02, 2022 05:00 - 1 hour - 45.6 MBNo not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic Vulnerabilities in Matrix". Transcript: https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/ Links: https://nebuchadnezzar-megolm.github.io/static/paper.pdf https://nebuchadnezzar-megolm.github....
Matrix with Martin Albrecht & Dan Jones
November 02, 2022 05:00 - 1 hour - 45.6 MBNo not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic Vulnerabilities in Matrix". Transcript: https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/ Links: https://nebuchadnezzar-megolm.github.io/static/paper.pdf https://nebuchadnezzar-megolm.github....
SOC2 with Sarah Harvey
October 16, 2022 21:00 - 1 hour - 42.3 MBWe have Sarah Harvey (@worldwise001 on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas: SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.html SOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/ Transcript: https://securitycryptographywhatever.com/2022/10/16/SOC2-with-Sarah-Harvey/ Links: Tailscale recent post on gett...
Nate Lawson II
September 29, 2022 21:00 - 1 hour - 57.2 MBThis episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers. Steven Chu: https://en.wikipedia.org/wiki/Steven_Chu CFB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB) CCFB: https://link.springer.com/chapter/10.1007/11502760_19 XXTEA: https://en.wikipedia.org/wiki/XXTEA CHERI: https://cseweb.ucsd.edu/~dstefan/cse227-spring20/papers/watson:cheri.pdf Transcript: https://securitycryptographywhatever.com/2022/09/29/nate-law...
Nate Lawson: Part 1
September 09, 2022 20:00 - 1 hour - 55.1 MBWe bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s. Transcript: https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/ References IBM S/390: https://ieeexplore.ieee.org/document/5389176 SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack Google Keyczar HMAC bug (reported by Nate): https://rdist.r...
Hot Cryptanalytic Summer feat. Steven Galbraith
August 11, 2022 18:00 - 52 minutes - 36.1 MBAre the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here. Transcript: https://share.descript.com/view/Xiv307FvOPA Merch: https://merch.scwpodcast.com Links: https://eprint.iacr.org/2022/975.pdf https://eprint.iacr.org/2022/1026.pdf https://ellipticnews.wordpress.com/2022/07/31/breaking-supersingular-isogeny-diffie-hellman-sidh/ GPST act...
Hot Cryptanalytic Summer with Steven Galbraith
August 11, 2022 18:00 - 52 minutes - 36.1 MBAre the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here. Transcript: https://securitycryptographywhatever.com/2022/08/11/hot-cryptanalytic-summer-with-steven-galbraith/ Merch: https://merch.scwpodcast.com Links: https://eprint.iacr.org/2022/975.pdf https://eprint.iacr.org/2022/1026.pdf https://ellipticnews.wordpress.com/2022/07/31/brea...
Passkeys with Adam Langley
August 11, 2022 16:00 - 1 hour - 43.3 MBAdam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys! David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings. Transcript: https://securitycryptographywhatever.com/2022/08/11/passkeys-with-adam-langley/ Links: GoogleIO Presentation WWDC Presentation W3C WebAuthN Adam's blog on passkeys and CABLE Cable ...
Passkeys feat. Adam Langley
August 11, 2022 16:00 - 1 hour - 43.3 MBAdam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys! David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings. Transcript: https://share.descript.com/view/pBAXADn8gKW Links: GoogleIO Presentation WWDC Presentation W3C WebAuthN Adam's blog on passkeys and CABLE Cable / Hybrid PR CTAP spec from FIDO Noi...
Hertzbleed
June 18, 2022 02:00 - 58 minutes - 40.3 MBSide channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs. Transcript: https://securitycryptographywhatever.com/2022/06/17/hertzbleed/ Links: Hertzbleed Attack | ellipticnews (wordpress.com) https://www.hertzbleed.com/hertzbleed.pdf https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920031 Merch: https://merch.scwpodcast.com "Security Cryptog...
OMB Zero Trust Memo with Eric Mill
June 11, 2022 01:00 - 1 hour - 41.6 MBThe US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill, on to explain it to us. As always, your @SCWPod hosts are Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian). Transcript: https://securitycryptographywhatever.com/2022/06/10/omb-zero-trust-memo-with-eric-mill/ Links: OMB Memo Executive order on cybersecurity PIV card Derived PIV BeyondCorp HSTS Pr...
OMB Zero Trust Memo, with Eric Mill
June 11, 2022 01:00 - 1 hour - 41.6 MBThe US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill, on to explain it to us. As always, your @SCWPod hosts are Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian). Transcript: https://share.descript.com/view/UayEVA596OK Links: OMB Memo Executive order on cybersecurity PIV card Derived PIV BeyondCorp HSTS Preloading .gov preloading Neither Rain, Nor...
Tink with Sophie Schmieg
May 28, 2022 21:00 - 1 hour - 46.1 MBWe talk about Tink with Sophie Schmieg, cryptographer and algebraic geometer at Google. Transcript: https://securitycryptographywhatever.com/2022/05/28/tink-with-sophie-schmieg/ Links: Sophie: https://twitter.com/SchmiegSophie Tink: https://github.com/google/tink RWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8 Where to store keys: https://twitter.com/SchmiegSophie/status/1413502566797778948 EAX mode: https://en.wikipedia.org/wiki/EAX_mode AES-GCM-SIV: https://en.wikipedia.o...
Tink, with Sophie Schmieg
May 28, 2022 21:00 - 1 hour - 46.1 MBWe talk about Tink with Sophie Schmieg, a cryptographer and algebraic geometer at Google. Transcript: https://beta-share.descript.com/view/v2Q5Ix8pvbD Links: Sophie: https://twitter.com/SchmiegSophie Tink: https://github.com/google/tink RWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8 Where to store keys: https://twitter.com/SchmiegSophie/status/1413502566797778948 EAX mode: https://en.wikipedia.org/wiki/EAX_mode AES-GCM-SIV: https://en.wikipedia.org/wiki/AES-GCM-SIV Determi...
Cancellable Crypto Takes and Real World Crypto
April 13, 2022 00:00 - 1 hour - 48.8 MBLive from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program! Transcript: https://securitycryptographywhatever.com/2022/04/12/cancellable-crypto-takes-and-real-world-crypto/ Links: Tony's twete: https://twitter.com/bascule/status/1512539700220805124 Real World Crypto 2022: https://rwc.iacr.org/2022 Merch! https://merch.scwpodcast.com Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com...
Cancellable Crypto Takes, and Real World Crypto
April 13, 2022 00:00 - 1 hour - 48.8 MBLive from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program! Transcript: https://securitycryptographywhatever.com/2022/04/12/cancellable-crypto-takes-and-real-world-crypto/ Links: Tony's twete: https://twitter.com/bascule/status/1512539700220805124 Real World Crypto 2022: https://rwc.iacr.org/2022 Merch! https://merch.scwpodcast.com Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com...
Cancellable Crypto Takes, and Real World Crypto
April 13, 2022 00:00 - 1 hour - 48.8 MBLive from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program! Transcript: https://share.descript.com/view/GiVlw4qKV2i Links: Tony's twete: https://twitter.com/bascule/status/1512539700220805124 Real World Crypto 2022: https://rwc.iacr.org/2022 Merch! https://merch.scwpodcast.com Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptog...
Lattices and Michigan Football with Chris Peikert
March 13, 2022 03:00 - 1 hour - 48.1 MBWe're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time! Transcript: https://securitycryptographywhatever.com/2022/03/12/lattices-and-michigan-football-with-chris-peikert/ Slides: https://web.eecs.umich.edu/~cpeikert/pubs/slides-qcrypt.pdf Links: He G...
Lattices and Michigan Football, feat. Chris Peikert
March 13, 2022 03:00 - 1 hour - 48.1 MBWe're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time! Transcript: https://share.descript.com/view/El2a4Z7OLsd Slides: https://web.eecs.umich.edu/~cpeikert/pubs/slides-qcrypt.pdf Links: He Gives C-Sieves on the CSIDH: https://eprint.iacr.org/2019/725...
Biscuits with Geoffroy Couprie
January 29, 2022 06:00 - 58 minutes - 40.5 MBWe've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my! 🍪 Transcript: https://securitycryptographywhatever.com/2022/01/29/biscuits-with-geoffroy-couprie/ Links: Biscuits V2: https://www.biscuitsec.org Experiments iterating on Biscuits: https://github.com/biscuit-auth/biscuit/tree/master/experimentations Apache Pulsar: https://pulsar.apache.org Spec: https://github.com/biscuit-auth...
Biscuits, feat. Geoffroy Couprie
January 29, 2022 06:00 - 58 minutes - 40.5 MBWe've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my! 🍪 Transcript: https://beta-share.descript.com/view/jHZJPab0n4g Links: Biscuits V2: https://www.biscuitsec.org Experiments iterating on Biscuits: https://github.com/biscuit-auth/biscuit/tree/master/experimentations Apache Pulsar: https://pulsar.apache.org Spec: https://github.com/biscuit-auth/biscuit/blob/master/SPECIFICATIONS...
Tailscale with Avery Pennarun and Brad Fitzpatrick
January 15, 2022 09:00 - 1 hour - 53.8 MB“Can I Tailscale my Chromecast?” You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM. Transcript: https://securitycryptographywhatever.com/2022/01/15/tailscale-with-avery-pennarun-brad-fitzpatrick/ People: Avery Pennarun (@apenwarr) Brad Fitzpatrick (@bradfitz) Deirdre Connolly (@durumcrustulum) Thomas Ptacek (@tqbf) David Adrian (@davidcadrian) @SCWPod Links:...
Tailscale with Avery Pennarun & Brad Fitzpatrick
January 15, 2022 09:00 - 1 hour - 53.8 MB“Can I Tailscale my Chromecast?” You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM. Transcript: https://securitycryptographywhatever.com/2022/01/15/tailscale-with-avery-pennarun-brad-fitzpatrick/ People: Avery Pennarun (@apenwarr) Brad Fitzpatrick (@bradfitz) Deirdre Connolly (@durumcrustulum) Thomas Ptacek (@tqbf) David Adrian (@davidcadrian) @SCWPod Links:...
Tailscale, feat. Avery Pennarun and Brad Fitzpatrick
January 15, 2022 09:00 - 1 hour - 53.8 MB“Can I Tailscale my Chromecast?” You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM. People: Avery Pennarun (@apenwarr) Brad Fitzpatrick (@bradfitz) Deirdre Connolly (@durumcrustulum) Thomas Ptacek (@tqbf) David Adrian (@davidcadrian) @SCWPod Links: DERP server: https://github.com/tailscale/tailscale/tree/main/derp https://xtermjs.org/ The Tail at Scale : h...
The feeling's mutual: mTLS, feat. Colm MacCárthaigh
December 29, 2021 06:00 - 1 hour - 48.4 MBWe recorded this months ago, and now it's finally up! Colm MacCárthaigh joined us to chat about all things TLS, S2N, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC. Transcript: https://share.descript.com/view/tjrQu8wZKT0 Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian
The feeling's mutual: mTLS, feat. Colm MacCarthaigh
December 29, 2021 06:00 - 1 hour - 48.4 MBWe recorded this months ago, and now it's finally up! Colm MacCarthaigh joined us to chat about all things TLS, S2N, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC. Transcript: https://share.descript.com/view/tjrQu8wZKT0 Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian
The feeling's mutual: mTLS with Colm MacCárthaigh
December 29, 2021 06:00 - 1 hour - 48.4 MBWe recorded this months ago, and now it's finally up! Colm MacCárthaigh joined us to chat about all things TLS, S2N, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC. Transcript: https://securitycryptographywhatever.com/2021/12/29/the-feeling-s-mutual-mtls-with-colm-maccarthaigh/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" i...
Holiday Call-in Spectacular!
December 22, 2021 02:00 - 1 hour - 56.4 MBHappy New Year! Feliz Navidad! Merry Yule! Happy Hannukah! Pour one out for the log4j incident responders! We did a call-in episode on Twitter Spaces and recorded it, so that's why the audio sounds different. We talked about BLOCKCHAIN/Web3 (blech), testing, post-quantum crypto, client certificates, ssh client certificates, threshold cryptography, U2F/WebAuthn, car fob attacks, geese, and more! Transcript: https://securitycryptographywhatever.com/2021/12/21/holiday-call-in-spectacular/ F...
WireGuard with Jason Donenfeld
December 05, 2021 22:00 - 1 hour - 55.7 MBHey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more! Transcript: https://securitycryptographywhatever.com/2021/12/05/wireguard-with-jason-donenfeld/ Links: WireGuard: https://www.wireguard.com Tamarin: https://tamarin-prover.github.io IDApro: https://hex-rays.com/ida-pro NIST PQC: https://cs...
WireGuard, feat. Jason Donenfeld
December 05, 2021 22:00 - 1 hour - 55.7 MBHey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more! Transcript: https://share.descript.com/view/olVgXGtRpsY Links: WireGuard: https://www.wireguard.com Tamarin: https://tamarin-prover.github.io IDApro: https://hex-rays.com/ida-pro NIST PQC: https://csrc.nist.gov/projects/post-quantum-cryptog...
PAKEs, oPRFs, algebra with George Tankersley
October 26, 2021 23:00 - 1 hour - 51.6 MBA conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. With special guest, George Tankersley! Transcript: https://securitycryptographywhatever.com/2021/10/26/pakes-oprfs-algebra-with-george-tankersley/ Links: SRP deprecation: https://blog.cryptographyengineering.com/should-you-use-srp OPAQUE: https://www.i...
PAKEs, oPRFs, algebra, feat. George Tankersley
October 26, 2021 23:00 - 1 hour - 51.6 MBA conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. With special guest, George Tankersley! Transcript: https://share.descript.com/view/X8x8oO2Q8Tw Links: SRP deprecation: https://blog.cryptographyengineering.com/should-you-use-srp OPAQUE: https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.html obfs: http...