Cryptography FM

Symbolic Software
  • 4.7 (13)
  • MATHEMATICS
Cryptography FM

Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM.

  1. 02/27/2023

    Episode 24: CryptoHack's Collection of Cryptic Conundrums!

    For several years, CryptoHack has been a free platform for learning modern cryptography through fun and challenging programming puzzles. From toy ciphers to post-quantum cryptography, CryptoHack has a wide-ranging and ever increasing library of puzzles for both the aspiring and accomplished cryptographer. On this episode, Nadim and Lucas are joined by Giacomo Pope and Laurence Tennant, the founders of CryptoHack, to discuss how the platform came to be, and how it evolved, as well as how to improve cryptographic pedagogy more broadly. Special Guests: Giacomo Pope and Laurence Tennant. Sponsored By: Symbolic Software: This episode is sponsored by Symbolic Software. Symbolic Software helps you bring in the experience and knowledge necessary to design, or prove secure, state-of-the-art cryptographic systems for new solutions. We've helped design and formally verify some of the world's most widely used cryptographic protocols.Links: CryptoHack — A fun, free platform for learning modern cryptographySome Cryptography Books I Like — This is just a brief post going over a few books on Cryptography I’ve read, and would potentially recommend to people interested in the topic.

    49 min

  2. 01/25/2023

    Episode 23: Psychic Signatures in Java!

    On April 19th 2022, Neil Madden disclosed a vulnerability in many popular Java runtimes and development kits. The vulnerability, dubbed "Psychic Signatures", lies in the cryptography for ECDSA signatures and allows an attacker to bypass signature checks entirely for these signatures. How are popular cryptographic protocol implementations in Java affected? What's the state of Java cryptography as a whole? Join Neil, Nadim and Lucas as they discuss. Music composed by Yasunori Mitsuda. Special Guest: Neil Madden. Sponsored By: Symbolic Software: Dr. Kobushi's Labyrinthine Laboratory® is a puzzle game that has been described as “a combination between Pac-Man and chess”. Guide the adventurous Ayla as she attempts to rescue her dog, Falafel, from the confines of a mysterious towering laboratory deep within a solitary forest. Dr. Kobushi's Labyrinthine Laboratory combines puzzle and strategy elements with an engaging storyline full of memorable characters and biting humor.IACR: AfricaCrypt is an annual International Conference on the Theory and Applications of Cryptology. AfricaCrypt is a major scientific event that seeks to advance and promote the field of cryptology on the African continent. The conference has systematically drawn some excellent contributions to the field, and has seen many renown researchers deliver keynote presentations. The conference has always been organized in cooperation with the International Association for Cryptologic Research (IACR).Links: CVE-2022-21449: Psychic Signatures in JavaCVE-2022-21449 Proof of Concept — CVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server.Bitwarden design flaw: Server side iterations — In the aftermath of the LastPass breach it became increasingly clear that LastPass didn’t protect their users as well as they should have. When people started looking for alternatives, two favorites emerged: 1Password and Bitwarden. But do these do a better job at protecting sensitive data?API Security in Action — A web API is an efficient way to communicate with an application or service. However, this convenience opens your systems to new security risks. API Security in Action gives you the skills to build strong, safe APIs you can confidently expose to the world. Inside, you’ll learn to construct secure and scalable REST APIs, deliver machine-to-machine interaction in a microservices architecture, and provide protection in resource-constrained IoT (Internet of Things) environments.Illuminated Security News — A low-volume newsletter covering application security, applied cryptography, and identity & access management (IAM) topics. Every newsletter covers one topic in depth with links to interesting articles and podcasts from the wider community.

    53 min

  3. 01/16/2023

    Episode 22: Three Lessons from Threema: Breaking a Secure Messenger!

    Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, Kien and Matteo from the ETH Zurich Applied Cryptography Group present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice. Links and papers discussed in the show: Three Lessons from Threema Special Guests: Kenny Paterson, Kien Tuong Truong, and Matteo Scarlata. Sponsored By: Symbolic Software: This episode is sponsored by Symbolic Software. Symbolic Software helps you bring in the experience and knowledge necessary to design, or prove secure, state-of-the-art cryptographic systems for new solutions. We've helped design and formally verify some of the world's most widely used cryptographic protocols.Links: Three Lessons from Threema: Analysis of a Secure Messenger

    52 min

  4. 08/24/2021

    Episode 21: Proving Fundamental Equivalencies in Isogeny Mathematics!

    Benjamin Wesolowski talks about his latest paper in which he mathematically proved that the two fundamental problems underlying isogeny-based cryptography are equivalent. Links and papers discussed in the show: The supersingular isogeny path and endomorphism ring problems are equivalent Episode 5: Isogeny-based Cryptography for Dummies! Music composed by Toby Fox and performed by Sean Schafianski. Special Guest: Benjamin Wesolowski. Sponsored By: Capsule Social: At Capsule Social, Inc. we are building a platform for decentralized discourse. A place where content creators, writers, and thinkers have full ownership and control over their speech, and enjoy resilience from censorship and takedowns. Capsule Social is hiring decentralized technology engineers, and we'd be thrilled for you to apply.Links: The supersingular isogeny path and endomorphism ring problems are equivalentEpisode 5: Isogeny-based Cryptography for Dummies!

    47 min

  5. 07/20/2021

    Episode 20: Cryptanalysis of GPRS: GEA-1 and GEA-2!

    A team of cryptanalysits presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, they show that the initial state of GEA-1 can be recovered from as little as 65 bits of known keystream (with at least 24 bits coming from one frame) in time 240 GEA-1 evaluations and using 44.5 GiB of memory. The attack on GEA-1 is based on an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance. This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design. Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2 Music composed by Toby Fox and performed by Sean Schafianski. Special Guests: Gaëtan Leurent and Håvard Raddum. Links: Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2

    43 min

  6. 07/12/2021

    Episode 19: Cross-Protocol Attacks on TLS with ALPACA!

    TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. Links and papers discussed in the show: ALPACA Attack Website Music composed by Toby Fox and performed by Sean Schafianski. Special Guests: Marcus Brinkmann and Robert Merget. Sponsored By: Capsule Social: At Capsule Social, Inc. we are building a platform for decentralized discourse. A place where content creators, writers, and thinkers have full ownership and control over their speech, and enjoy resilience from censorship and takedowns. Capsule Social is hiring decentralized technology engineers, and we'd be thrilled for you to apply.Links: ALPACA Attack

    42 min

  7. 06/23/2021

    Episode 18: Optimizing Cryptography for Microcontrollers!

    Nadim talks with Peter Schwabe and Matthias Kannwischer about the considerations — both in terms of security and performance — when implementing cryptographic primitives for low-level and embedded platforms. Links and papers discussed in the show: Optimizing crypto on embedded microcontrollers Implementing post-quantum cryptography on embedded microcontrollers Optimizing crypto on embedded microcontrollers (ASEC 2018) Music composed by Toby Fox and performed by Sean Schafianski. Special Guests: Matthias Kannwischer and Peter Schwabe. Sponsored By: Capsule Social: At Capsule Social, Inc. we are building a platform for decentralized discourse. A place where content creators, writers, and thinkers have full ownership and control over their speech, and enjoy resilience from censorship and takedowns. Capsule Social is hiring decentralized technology engineers, and we'd be thrilled for you to apply.

    37 min

  8. 06/01/2021

    Episode 17: Breaking Wi-Fi With Frame Attacks!

    Wi-Fi is a pretty central technology to our daily lives, whether at home or at the office. Given that so much sensitive data is regularly exchanged between Wi-Fi devices, a number of standards have been developed to ensure the privacy and authentication of Wi-Fi communications. However, a recent paper shows that every single Wi-Fi network protection standard since 1997, from WEP all the way to WPA3, is exposed to a critical vulnerability that allows the exfiltration of sensitive data. How far does this new attack go? How does it work? And why wasn’t it discovered before? We’ll discuss this and more in this episode of Cryptography FM. Links and papers discussed in the show: Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd Release the Kraken: New KRACKs in the 802.11 Standard Music composed by Toby Fox and performed by Sean Schafianski. Special Guest: Mathy Vanhoef. Sponsored By: Capsule Social: At Capsule Social, Inc. we are building a platform for decentralized discourse. A place where content creators, writers, and thinkers have full ownership and control over their speech, and enjoy resilience from censorship and takedowns. Capsule Social is hiring decentralized technology engineers, and we'd be thrilled for you to apply.Links: Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation — In this paper, we present three design flaws in the 802.11 standard that underpins Wi-Fi. One design flaw is in the frame aggregation functionality, and another two are in the frame fragmentation functionality. These design flaws enable an adversary to forge encrypted frames in various ways, which in turn enables exfiltration of sensitive data. We also discovered common implementation flaws related to aggregation and fragmentation, which further worsen the impact of our attacks. Our results affect all protected Wi-Fi networks, ranging from WEP all the way to WPA3, meaning the discovered flaws have been part of Wi-Fi since its release in 1997. In our experiments, all devices were vulnerable to one or more of our attacks, confirming that all Wi-Fi devices are likely affected. Finally, we present a tool to test whether devices are affected by any of the vulnerabilities, and we discuss countermeasures to prevent our attacks.Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd — We systematically analyze WPA3 and EAP-pwd, find denial-of- service and downgrade attacks, present severe vulnerabilities in all implementations, reveal side-channels that enable offline dictionary attacks, and propose design fixes which are being officially adopted.Release the Kraken: New KRACKs in the 802.11 Standard — We improve key reinstallation attacks (KRACKs) against 802.11 by generalizing known attacks, systematically analyzing all hand- shakes, bypassing 802.11’s official countermeasure, auditing (flawed) patches, and enhancing attacks using implementation-specific bugs.

    36 min
See All (24)

Ratings & Reviews

4.7
out of 5
13 Ratings

About

Cryptography FM is a regular podcast with news and a featured interview covering the latest developments in theoretical and applied cryptography. Whether it's a new innovative paper on lattice-based cryptography or a novel attack on a secure messaging protocol, we'll get the people behind it on Cryptography FM.

Information

  • Creator
    Symbolic Software
  • Years Active
    2020 - 2023
  • Episodes
    24
  • Rating
    Clean
  • Copyright
    © 2024 Symbolic Software
  • Show Website
    Cryptography FM

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada