This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Konten disediakan oleh Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Mirip dengan Security Cryptography Whatever
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
We help founders make something people want.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
The Data Skeptic Podcast features interviews and discussion of topics related to data science, statistics, machine learning, artificial intelligence and the like, all from the perspective of applying critical thinking and the scientific method to evaluate the veracity of claims and efficacy of approaches.
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
))
Dual_EC_DRBG with Justin Schuh and Matthew Green
Manage episode 454348422 series 2956114
Konten disediakan oleh Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Nothing we have ever recorded on SCW has brought so much joy to
David. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body.
Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup.
Transcript: https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbg
Links:
- Dicky George at InfiltrateCon 2014, 'Life at Both Ends of the Barrel - An NSA Targeting Retrospective': [https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q](https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q)
- Dicky George: [https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/](https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/)
- NYTimes on Sigint Enabling Project: [https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html](https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html)
- On the Practical Exploitability of Dual EC
in TLS Implementations: [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf)
- Wired - Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA [https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/](https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/)
- ProPublica - Revealed: The NSA's Secret Campaign to Crack, Undermine Internet Security [https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption](https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption)
- DDoSecrets - Sigint Enabling Project: [https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf](https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf)
- IAD: [https://www.iad.gov/](https://www.iad.gov/)
- Ars Technica - “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic: [https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/](https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/)
- 2015 IMPORTANT JUNIPER SECURITY ANNOUNCEMENT: [https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554](https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554)
- Extended Random Values for TLS: [https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00](https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00)
- The Art of Software Security Assessment: [https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426)
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Chapter
1. Dual_EC_DRBG with Justin Schuh and Matthew Green (00:00:00)
2. Debate on Dual EC Backdoor (00:00:12)
3. NSA's Dual EC Backdoor Controversy (00:10:08)
4. Technical Director Explains NSA's Randomness Method (00:16:43)
5. NSA's Dual EC Backdoor Dilemma (00:20:30)
6. Debate on Intentional Crime vs Negligence (00:31:47)
7. Discussion on NetScreen Firewall Vulnerability (00:44:06)
8. NSA's Dual EC Backdoor Debate (00:50:17)
9. Cryptographers Debate NSA's Dual EC Backdoor (01:02:16)
10. Debate on Backdoor Intent and Capability (01:06:20)
50 episode
Bagikan
Manage episode 454348422 series 2956114
Konten disediakan oleh Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Nothing we have ever recorded on SCW has brought so much joy to
David. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body.
Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup.
Transcript: https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbg
Links:
- Dicky George at InfiltrateCon 2014, 'Life at Both Ends of the Barrel - An NSA Targeting Retrospective': [https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q](https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q)
- Dicky George: [https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/](https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/)
- NYTimes on Sigint Enabling Project: [https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html](https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html)
- On the Practical Exploitability of Dual EC
in TLS Implementations: [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf)
- Wired - Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA [https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/](https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/)
- ProPublica - Revealed: The NSA's Secret Campaign to Crack, Undermine Internet Security [https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption](https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption)
- DDoSecrets - Sigint Enabling Project: [https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf](https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf)
- IAD: [https://www.iad.gov/](https://www.iad.gov/)
- Ars Technica - “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic: [https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/](https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/)
- 2015 IMPORTANT JUNIPER SECURITY ANNOUNCEMENT: [https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554](https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554)
- Extended Random Values for TLS: [https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00](https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00)
- The Art of Software Security Assessment: [https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426)
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Chapter
1. Dual_EC_DRBG with Justin Schuh and Matthew Green (00:00:00)
2. Debate on Dual EC Backdoor (00:00:12)
3. NSA's Dual EC Backdoor Controversy (00:10:08)
4. Technical Director Explains NSA's Randomness Method (00:16:43)
5. NSA's Dual EC Backdoor Dilemma (00:20:30)
6. Debate on Intentional Crime vs Negligence (00:31:47)
7. Discussion on NetScreen Firewall Vulnerability (00:44:06)
8. NSA's Dual EC Backdoor Debate (00:50:17)
9. Cryptographers Debate NSA's Dual EC Backdoor (01:02:16)
10. Debate on Backdoor Intent and Capability (01:06:20)
50 episode
Όλα τα επεισόδια
×
Selamat datang di Player FM!
Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.
Mirip dengan Security Cryptography Whatever
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
We help founders make something people want.
…
continue reading
Monday through Friday, Marketplace demystifies the digital economy in less than 10 minutes. We look past the hype and ask tough questions about an industry that’s constantly changing.
…
continue reading
TechStuff is a show about technology. And it’s not just how technology works. Join host Jonathan Strickland as he explores the people behind the tech, the companies that market it and how technology affects our lives and culture.
…
continue reading
The Data Skeptic Podcast features interviews and discussion of topics related to data science, statistics, machine learning, artificial intelligence and the like, all from the perspective of applying critical thinking and the scientific method to evaluate the veracity of claims and efficacy of approaches.
…
continue reading
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !
Offline dengan aplikasi Player FM !
