Security Cryptography Whatever
66 episodes - English - Latest episode: 18 days ago - ★★★★★ - 61 ratingsSome cryptography & security people talk about security, cryptography, and whatever else is happening.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
WireGuard with Jason Donenfeld
December 05, 2021 22:00 - 1 hour - 55.7 MBHey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more! Transcript: https://securitycryptographywhatever.com/2021/12/05/wireguard-with-jason-donenfeld/ Links: WireGuard: https://www.wireguard.com Tamarin: https://tamarin-prover.github.io IDApro: https://hex-rays.com/ida-pro NIST PQC: https://cs...
PAKEs, oPRFs, algebra, feat. George Tankersley
October 26, 2021 23:00 - 1 hour - 51.6 MBA conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. With special guest, George Tankersley! Transcript: https://share.descript.com/view/X8x8oO2Q8Tw Links: SRP deprecation: https://blog.cryptographyengineering.com/should-you-use-srp OPAQUE: https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.html obfs: http...
PAKEs, oPRFs, algebra with George Tankersley
October 26, 2021 23:00 - 1 hour - 51.6 MBA conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. With special guest, George Tankersley! Transcript: https://securitycryptographywhatever.com/2021/10/26/pakes-oprfs-algebra-with-george-tankersley/ Links: SRP deprecation: https://blog.cryptographyengineering.com/should-you-use-srp OPAQUE: https://www.i...
"Patch, Damnit!"
September 20, 2021 08:00 - 1 hour - 51.5 MBA lot of fixes got pushed in the past week! Please apply your updates! Apple, Chrome, Matrix, Azure, and more nonsense. Transcript: https://securitycryptographywhatever.com/2021/09/20/patch-damnit/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian Links! The accuvant story in MIT Technology Review All the Apple platforms patched FORCEDENTRY no-click 0-day Chrome patched some 0-days that were being exploited...
A "Patch, Damnit!" News Roundup
September 20, 2021 08:00 - 1 hour - 51.5 MBA lot of fixes got pushed in the past week! Please apply your updates! Apple, Chrome, Matrix, Azure, and more nonsense. Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian Links! The accuvant story in MIT Technology Review All the Apple platforms patched FORCEDENTRY no-click 0-day Chrome patched some 0-days that were being exploited in the wild PASETO update Transcript: https://share.descript.com/view/Um4im...
How to be a Certificate Authority, feat. Ryan Sleevi
September 06, 2021 08:00 - 1 hour - 64.7 MBNot the hero the internet deserves, but the one we need: it's Ryan Sleevi! We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman. Transcript: https://share.descript.com/view/61pZGOJlqu6 Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twi...
How to be a Certificate Authority with Ryan Sleevi
September 06, 2021 08:00 - 1 hour - 64.7 MBNot the hero the internet deserves, but the one we need: it's Ryan Sleevi! We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman. Transcript: https://securitycryptographywhatever.com/2021/09/06/how-to-be-a-certificate-authority-with-ryan-sleevi/ Find us at: https://twit...
Apple's CSAM Detection, feat. Matthew Green
August 28, 2021 03:00 - 52 minutes - 36.4 MBWe're talking about Apple's new proposed client-side CSAM detection system. We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green. We cover how Apple's system works, what it does (and doesn't), where we have unanswered questions, and where some of the gaps are. Transcript: htt...
Apple's CSAM Detection with Matthew Green
August 28, 2021 03:00 - 52 minutes - 36.4 MBWe're talking about Apple's new proposed client-side CSAM detection system. We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green. We cover how Apple's system works, what it does (and doesn't), where we have unanswered questions, and where some of the gaps are. Transcript: ht...
Platform Security Part Deux with Justin Schuh
August 21, 2021 04:00 - 1 hour - 55 MBWe did not run out of things to talk about: Chrome vs. Safari vs. Firefox. Rust vs. C++. Bug bounties vs. exploit development. The Peace Corps vs. The Marine Corps. Transcript: https://securitycryptographywhatever.com/2021/08/21/platform-security-part-deux-with-justin-schuh/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Th...
Platform Security Part Deux, feat. Justin Schuh
August 21, 2021 04:00 - 1 hour - 55 MBWe did not run out of things to talk about: Chrome vs. Safari vs. Firefox. Rust vs. C++. Bug bounties vs. exploit development. The Peace Corps vs. The Marine Corps. Transcript: https://share.descript.com/view/DpeqIOCREyZ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian
What do we do about JWT? feat. Jonathan Rudenberg
August 12, 2021 20:00 - 1 hour - 51.5 MB🔥JWT🔥 We talk about all sorts of tokens: JWT, PASETO, Protobuf Tokens, Macaroons, and Biscuits. With the great Jonathan Rudenberg! After we recorded this, Thomas went deep on tokens even beyond what we talked about here: https://fly.io/blog/api-tokens-a-tedious-survey/ Transcript: https://share.descript.com/view/pb428e60pPo Find us at: https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian https://twitter.com/scwpod
What do we do about JWT? with Jonathan Rudenberg
August 12, 2021 20:00 - 1 hour - 51.5 MB🔥JWT🔥 We talk about all sorts of tokens: JWT, PASETO, Protobuf Tokens, Macaroons, and Biscuits. With the great Jonathan Rudenberg! After we recorded this, Thomas went deep on tokens even beyond what we talked about here: https://fly.io/blog/api-tokens-a-tedious-survey/ Transcript: https://securitycryptographywhatever.com/2021/08/12/what-do-we-do-about-jwt-with-jonathan-rudenberg/ Find us at: https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian http...
The Great "Roll Your Own Crypto" Debate, feat. Filippo Valsorda
July 31, 2021 22:00 - 1 hour - 41.8 MBSpecial guest Filippo Valsorda joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general. After we recorded this, David went even deeper on 'rolling your own crypto' in a blog post here: https://dadrian.io/blog/posts/roll-your-own-crypto/ Transcript: https://share.descript.com/view/2tqKjLxleKM Links: https://peter.website/meow-hash-cryptanalysis https://arxiv.org/pdf/2107.04940.pdf https://ristretto.group ...
The Great "Roll Your Own Crypto" Debate with Filippo Valsorda
July 31, 2021 22:00 - 1 hour - 41.8 MBSpecial guest Filippo Valsorda joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general. After we recorded this, David went even deeper on 'rolling your own crypto' in a blog post here: https://dadrian.io/blog/posts/roll-your-own-crypto/ Transcript: https://securitycryptographywhatever.com/2021/07/31/the-great-roll-your-own-crypto-debate-with-filippo-valsorda/ Links: https://peter.website/meow-hash-crypt...
NSO group, Pegasus, Zero-Days, i(OS|Message) security
July 26, 2021 23:00 - 59 minutes - 40.9 MBDeirdre, Thomas and David talk about NSO group, Pegasus, whether iOS a burning trash fire, the zero-day market, and whether rewriting all of iOS in Swift is a viable strategy for reducing all these vulns. Transcript: https://securitycryptographywhatever.com/2021/07/26/nso-group-pegasus-zero-days-i-os-message-security/ Find us at: https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian "Security Cryptography Whatever" is hosted by Deirdre Connolly (...