Security Cryptography Whatever
Some cryptography & security people talk about security, cryptography, and whatever else is happening.
Episodes
46 episodes since 2021
Telegram with Matthew Green
We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you ...
September 06, 2024
•
Season 4
•
Episode 2
•
1:04:04
Summertime Sadness
Are you going to be in Vegas during BlackHat / DEF CON? We're hosting a mixer, sponsored by Observa! We have limited capacity, so please only register if you can actually come. Location details are in the confi...
July 24, 2024
•
Season 4
•
Episode 1
•
57:26
Zero Day Markets with Mark Dowd
We have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive security work.T...
June 24, 2024
•
Season 3
•
Episode 11
•
1:25:49
ekr
iykykTranscript: https://securitycryptographywhatever.com/2024/05/25/ekr/Links:- https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt- https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf- https://da...
May 24, 2024
•
Season 3
•
Episode 10
•
1:48:16
STIR/SHAKEN with Paul Grubbs and Josh Brown
Josh Brown and Paul Grubbs join us to describe how those damned spam calls work, and how STIR/SHAKEN is supposed to try to stop them, but have other privacy and security implications as well. Transcript: https://securitycryptograph...
April 30, 2024
•
Season 3
•
Episode 9
•
1:01:47
Cryptography Tier List
(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166This episode is definitely not safe for work and definitely a ...
March 23, 2024
•
Season 3
•
Episode 8
•
19:28
Post-Quantum iMessage with Douglas Stebila
Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol ...
March 03, 2024
•
Season 3
•
Episode 7
•
55:34
High-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik Bhargavan
We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performa...
January 29, 2024
•
Season 3
•
Episode 6
•
56:13
Encrypting Facebook Messenger with Jon Millican and Timothy Buck
Facebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major ...
December 28, 2023
•
Season 3
•
Episode 5
•
59:35
Attacking Lattice-based Cryptography with Martin Albrecht
Returning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my!Transcript: https://securitycryptographywhatever.co...
November 13, 2023
•
Season 3
•
Episode 4
•
57:20
Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted
We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message fo...
November 07, 2023
•
Season 3
•
Episode 3
•
1:19:05
'Jerry Solinas deserves a raise' with Steve Weis
We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis!“At the point where we find an intelligible English string that generates theNIST P-curve seeds, nobody serious is goin...
October 11, 2023
•
Season 3
•
Episode 2
•
57:31
Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades
We're back from our summer vacation! We're covering a bunch of stuff we saw and did:Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/Links:- Zenbleed: https://lock.cmpxchg8b.com/zenbleed....
September 13, 2023
•
Season 3
•
Episode 1
•
58:35
Why do we think anything is secure, with Steve Weis
What does P vs NP have to do with cryptography? Why do people love and laugh about the random oracle model? What's an oracle? What do you mean factoring and discrete log don't have proofs of hardness? How does any of this cryptography stuff wor...
June 29, 2023
•
Season 2
•
Episode 15
•
46:17
Elon's Encrypted DMs with Matthew Garrett
Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.Transcript: https://securitycryptograph...
May 29, 2023
•
Season 2
•
Episode 14
•
52:28
WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi
WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works.Transcript:
May 06, 2023
•
Season 2
•
Episode 13
•
55:43
Messaging Layer Security (MLS) with Raphael Robert
Messaging Layer Security (MLS) 1.0 is (basically) here! We invited RaphaelRobert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?)Transcript:https://securitycry...
April 22, 2023
•
Season 2
•
Episode 12
•
55:02
Real World: Crypto (2023)
Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken.Linkshttps://rwc.iacr.org/2023/https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-base...
March 24, 2023
•
Season 2
•
Episode 11
•
54:51
Threema with Kenny Paterson, Matteo Scarlata and Kien Tuong Truong
Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for ...
January 27, 2023
•
Season 2
•
Episode 10
•
1:03:55
Has RSA been destroyed by a quantum computer???
There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die?Also some musings about Bruce Schneier.Errata:Schneier's honorary PhD is from the University o...
January 06, 2023
•
Season 2
•
Episode 9
•
41:16
End of Year Wrap Up
David and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF....
January 04, 2023
•
Season 2
•
Episode 8
•
59:27
Software Safety and Twitter with Kevin Riggle
We talk to Kevin Riggle (@kevinriggle) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, bu...
November 24, 2022
•
Season 2
•
Episode 7
•
58:36
Matrix with Martin Albrecht and Dan Jones
No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable...
November 02, 2022
•
Season 2
•
Episode 6
•
1:06:24