Cryptography Podcast

For several years, CryptoHack has been a free platform for learning modern cryptography through fun and challenging programming puzzles. From toy ciphers to post-quantum cryptography, CryptoHack has a wide-ranging and ever increasing library of puzzles for both the aspiring and accomplished cryptographer. On this episode, Nadim and Lucas are joined…

Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts. Transcript: https://securitycryptographywhatever.co…

On April 19th 2022, Neil Madden disclosed a vulnerability in many popular Java runtimes and development kits. The vulnerability, dubbed "Psychic Signatures", lies in the cryptography for ECDSA signatures and allows an attacker to bypass signature checks entirely for these signatures. How are popular cryptographic protocol implementations in Java af…

Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, K…

There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die? Also some musings about Bruce Schneier. Errata: Schneier's honorary PhD is from the University of Westminster, not UW. Transcript: https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-…

David and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF. Transcript: https://securitycryptographywhatever.com/2023/01/04/end-of-year-wrap-up/ Links: https://tailscale.com…

We talk to Kevin Riggle (@kevinriggle) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half …

No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic Vulnerabilities in Matrix". Transcript: https://securitycryptographywhatever.com/2022/11/02…

We have Sarah Harvey (@worldwise001 on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas: SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.html SOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-se…

This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers. Steven Chu: https://en.wikipedia.org/wiki/Steven_Chu CFB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB) CCFB: https://link.springer.com/chapter/10.1007/11502760_19 XXTEA: https://en.wikipedia.org/wiki/XXTEA CHERI: https…

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s. Transcript: https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/ References IBM S/390: https://ieeexplore.ieee.org/document/5389176 SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft…

Are the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here. Transcript: https://securitycryptographywhatever.com/2022/08/11/hot-cryptanalytic-summer-with-steven-galbraith/ Merch: https://merch.scwpodca…

Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys! David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings. Transcript: https://securitycryptographywhatever.com/20…

Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs. Transcript: https://securitycryptographywhatever.com/2022/06/17/hertzbleed/ Links: Hertzbleed Attack | ellipticnews (wordpress.com) https://www.hertzb…

The US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill, on to explain it to us. As always, your @SCWPod hosts are Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian). Transcript: https://securitycryptographywhatever.com/2…

We talk about Tink with Sophie Schmieg, cryptographer and algebraic geometer at Google. Transcript: https://securitycryptographywhatever.com/2022/05/28/tink-with-sophie-schmieg/ Links: Sophie: https://twitter.com/SchmiegSophie Tink: https://github.com/google/tink RWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8 Where to store keys: https://…

Live from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program! Transcript: https://securitycryptographywhatever.com/2022/04/12/cancellable-crypto-takes-and-real-world-crypto/ Links: Tony's twete: https://twitter.com/bascule/status/1512539700220805124 Real World Crypto 2022: https://rwc.ia…

We're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time! Transcript: https://securitycryptographywhatever.com/…

We've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my! 🍪 Transcript: https://securitycryptographywhatever.com/2022/01/29/biscuits-with-geoffroy-couprie/ Links: Biscuits V2: https://www.biscuitsec.org Experiments iterating on Biscuits: https://g…

“Can I Tailscale my Chromecast?” You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM. Transcript: https://securitycryptographywhatever.com/2022/01/15/tailscale-with-avery-pennarun-brad-fitzpatrick/ People: Avery Pennarun (@apen…

We recorded this months ago, and now it's finally up! Colm MacCárthaigh joined us to chat about all things TLS, S2N, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC. Transcript: https://securitycryptographywhatever.com/2021/12/29/the-feeling-s-mutual-mtls-with-colm-maccarthaigh/ Find us at: https://twitte…

Happy New Year! Feliz Navidad! Merry Yule! Happy Hannukah! Pour one out for the log4j incident responders! We did a call-in episode on Twitter Spaces and recorded it, so that's why the audio sounds different. We talked about BLOCKCHAIN/Web3 (blech), testing, post-quantum crypto, client certificates, ssh client certificates, threshold cryptography, …

Hey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more! Transcript: https://securitycryptographywhatever.com/2021/12/05/wireguard-with-jason-donenfeld/ Links…

A conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. With special guest, George Tankersley! Transcript: https://securitycryptographywhatever.com/2021/10/26/pakes-oprfs…

A lot of fixes got pushed in the past week! Please apply your updates! Apple, Chrome, Matrix, Azure, and more nonsense. Transcript: https://securitycryptographywhatever.com/2021/09/20/patch-damnit/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum https://twitter.com/tqbf https://twitter.com/davidcadrian Links! The accuvant …

Not the hero the internet deserves, but the one we need: it's Ryan Sleevi! We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman…

We're talking about Apple's new proposed client-side CSAM detection system. We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green. We…

Benjamin Wesolowski talks about his latest paper in which he mathematically proved that the two fundamental problems underlying isogeny-based cryptography are equivalent. Links and papers discussed in the show: The supersingular isogeny path and endomorphism ring problems are equivalent Episode 5: Isogeny-based Cryptography for Dummies! Music compo…

We did not run out of things to talk about: Chrome vs. Safari vs. Firefox. Rust vs. C++. Bug bounties vs. exploit development. The Peace Corps vs. The Marine Corps. Transcript: https://securitycryptographywhatever.com/2021/08/21/platform-security-part-deux-with-justin-schuh/ Find us at: https://twitter.com/scwpod https://twitter.com/durumcrustulum …

🔥JWT🔥 We talk about all sorts of tokens: JWT, PASETO, Protobuf Tokens, Macaroons, and Biscuits. With the great Jonathan Rudenberg! After we recorded this, Thomas went deep on tokens even beyond what we talked about here: https://fly.io/blog/api-tokens-a-tedious-survey/ Transcript: https://securitycryptographywhatever.com/2021/08/12/what-do-we-do-ab…

Special guest Filippo Valsorda joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general. After we recorded this, David went even deeper on 'rolling your own crypto' in a blog post here: https://dadrian.io/blog/posts/roll-your-own-crypto/ Transcript: https://security…

Deirdre, Thomas and David talk about NSO group, Pegasus, whether iOS a burning trash fire, the zero-day market, and whether rewriting all of iOS in Swift is a viable strategy for reducing all these vulns. Transcript: https://securitycryptographywhatever.com/2021/07/26/nso-group-pegasus-zero-days-i-os-message-security/ Find us at: https://twitter.co…

A team of cryptanalysits presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, they show that the initial state of GEA-1 can be recovered from as little as 65 bits of known keystream (with at least 24 bits coming from one frame) in time 240 GEA-1 evaluations and usi…

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols. ALPACA is an application layer protocol con…

Nadim talks with Peter Schwabe and Matthias Kannwischer about the considerations — both in terms of security and performance — when implementing cryptographic primitives for low-level and embedded platforms. Links and papers discussed in the show: Optimizing crypto on embedded microcontrollers Implementing post-quantum cryptography on embedded micr…

Wi-Fi is a pretty central technology to our daily lives, whether at home or at the office. Given that so much sensitive data is regularly exchanged between Wi-Fi devices, a number of standards have been developed to ensure the privacy and authentication of Wi-Fi communications. However, a recent paper shows that every single Wi-Fi network protectio…

Contact discovery is a core feature in popular mobile messaging apps such as WhatsApp, Signal and Telegram that lets users grant access to their address book in order to discover which of their contacts are on that messaging service. While contact discovery is critical for WhatsApp, Signal and Telegram to function properly, privacy concerns arise w…

Secure multi-party computation is a fascinating field in cryptography, researching how to allow multiple parties to compute secure operations over inputs while keeping those inputs private. This makes multi-party computation a super relevant technology in areas such as code signing, hospital records and more. But what does it take to bring secure m…

On March 1st, 2021, a curious paper appeared on the Cryptology ePrint Archive: senior cryptographer Claus Peter Schnorr submitted research that claims to use lattice mathematics to improve the fast factoring of integers so much that he was able to completely “destroy the RSA cryptosystem” -- certainly a serious claim. Strangely, while the paper’s e…