32 episodes

Some cryptography & security people talk about security, cryptography, and whatever else is happening.

Security Cryptography Whatever Deirdre Connolly, Thomas Ptacek, David Adrian

    • Technology
    • 4.9 • 42 Ratings

Some cryptography & security people talk about security, cryptography, and whatever else is happening.

    Elon's Encrypted DMs with Matthew Garrett

    Elon's Encrypted DMs with Matthew Garrett

    Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.

    Transcript: 
    https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/

    Links:
    https://mjg59.dreamwidth.org/66791.html
    https://help.twitter.com/en/using-twitter/encrypted-direct-messages
    https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/
    BrokenKDF2BytesGenerator: https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java#L70
    Analysis from sweis: https://twitter.com/sweis/status/1657082478727933954?s=20
    https://signal.org/docs/specifications/x3dh/
    https://signal.org/docs/specifications/doubleratchet/
    https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages
    Trail of Bits has not audited nor signed a contract yet, per Platformer: https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted

    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 52 min
    WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi

    WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi

    WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works.

    Transcript: 
    https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparency

    Links: 
    https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/
    https://github.com/facebook/akd
    Parkeet: https://eprint.iacr.org/2023/081.pdf
    CONIKS: https://eprint.iacr.org/2014/1004.pdf
    SEEMless: https://eprint.iacr.org/2018/607.pdf
    WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
    Keybase key transparency: https://book.keybase.io/docs/server

    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 55 min
    Messaging Layer Security (MLS) with Raphael Robert

    Messaging Layer Security (MLS) with Raphael Robert

    Messaging Layer Security (MLS) 1.0 is (basically) here! We invited Raphael
    Robert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?)

    Transcript:
    https://securitycryptographywhatever.com/2023/04/22/mls/

    Links:
    - https://messaginglayersecurity.rocks/
    - https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html
    - https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html
    - https://github.com/openmls/openmls
    - https://eprint.iacr.org/2022/1533.pdf
    - https://eprint.iacr.org/2020/1327.pdf
    - https://eprint.iacr.org/2022/559.pdf
    - https://signal.org/docs/
    - https://en.wikipedia.org/wiki/Key_encapsulation_mechanism
    - https://twitter.com/beurdouche/status/1220617962182389760
    - https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#mls-ciphersuites
    - https://www.ietf.org/archive/id/draft-ietf-mls-federation-02.html
    - https://datatracker.ietf.org/wg/mimi/documents/
    - https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en
    - Yes in the protocol document this is 1.0: https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#section-6

    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 55 min
    Real World: Crypto (2023)

    Real World: Crypto (2023)

    Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken.

    Links
    https://rwc.iacr.org/2023/https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
    Transcript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/



    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 54 min
    Threema with Kenny Paterson, Matteo Scarlata, & Kien Tuong Truong

    Threema with Kenny Paterson, Matteo Scarlata, & Kien Tuong Truong

    Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts.

    Transcript:
    https://securitycryptographywhatever.com/2023/01/27/threema/

    Links:
    https://breakingthe3ma.app/
    https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf
    https://threema.ch/en/blog/posts/ibex

    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 1 hr 3 min
    Has RSA been destroyed by a quantum computer???

    Has RSA been destroyed by a quantum computer???

    There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die?

    Also some musings about Bruce Schneier.

    Errata:
    Schneier's honorary PhD is from the University of Westminster, not UW.

    Transcript:
    https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-computer/

    Links:

    https://arxiv.org/pdf/2212.12372.pdf
    https://eprint.iacr.org/2021/232.pdf
    https://github.com/lducas/SchnorrGate
    https://sweis.medium.com/did-schnorr-destroy-rsa-show-me-the-factors-dcb1bb980ab0
    https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html
    https://scottaaronson.blog/?p=6957




    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    • 41 min

Customer Reviews

4.9 out of 5
42 Ratings

42 Ratings

Ragnaroekk ,

Found my new favorite podcast!

Stumbled across this podcast while trying to supplement an applied cryptography class. I couldn’t be more please with the content and excitement the hosts have about cryptography. Definitely worth a listen!

Andrew Brinker ,

Favorite podcast

The mix of serious technical competency and lack of ego of the three hosts makes this podcast a delight. Although the release schedule is haphazard, every episode is worth the wait. I always feel like I’ve learned something new at the end of each episode, and I’ve gone back to many of the episodes and learned more on re-listening. I highly recommend this podcast!

Dmnius ,

Rude host makes it unlistenable

This has great guests, covers great topics, and would be a great podcast. However Thomas Ptacek has no grasp of how to convey information, how to ask facilitating questions, and definitely doesn’t know how to avoid being rude to the hosts and audience.
I thought maybe it was just him on a podcast, then I saw some Black Hat talks which included him and he insults his fellow panelists, the audience, and does his best to do the same: turn it into a 1 man Thomas show.
I’ve given up suffering through this podcast to try and hear good material and guests, there’s better content out there, better and more respectful hosts, and better things to do with my time than fight a migraine listening to someone so narcissistic and rude.

Top Podcasts In Technology

Boston Consulting Group BCG
Lex Fridman
Jason Calacanis
Jack Rhysider
The New York Times
Vox Media Podcast Network

You Might Also Like

Adam Gordon Bell - Software Developer
Changelog Media
Changelog Media
Cybereason
Jack Rhysider
Michael Bazzell