Security Cryptography Whatever Deirdre Connolly, Thomas Ptacek, David Adrian

Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.

Transcript: 
https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/

Links:
https://mjg59.dreamwidth.org/66791.html
https://help.twitter.com/en/using-twitter/encrypted-direct-messages
https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/
BrokenKDF2BytesGenerator: https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java#L70
Analysis from sweis: https://twitter.com/sweis/status/1657082478727933954?s=20
https://signal.org/docs/specifications/x3dh/
https://signal.org/docs/specifications/doubleratchet/
https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages
Trail of Bits has not audited nor signed a contract yet, per Platformer: https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works.

Transcript: 
https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparency

Links: 
https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/
https://github.com/facebook/akd
Parkeet: https://eprint.iacr.org/2023/081.pdf
CONIKS: https://eprint.iacr.org/2014/1004.pdf
SEEMless: https://eprint.iacr.org/2018/607.pdf
WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
Keybase key transparency: https://book.keybase.io/docs/server

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Messaging Layer Security (MLS) 1.0 is (basically) here! We invited Raphael
Robert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?)

Transcript:
https://securitycryptographywhatever.com/2023/04/22/mls/

Links:
- https://messaginglayersecurity.rocks/
- https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html
- https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html
- https://github.com/openmls/openmls
- https://eprint.iacr.org/2022/1533.pdf
- https://eprint.iacr.org/2020/1327.pdf
- https://eprint.iacr.org/2022/559.pdf
- https://signal.org/docs/
- https://en.wikipedia.org/wiki/Key_encapsulation_mechanism
- https://twitter.com/beurdouche/status/1220617962182389760
- https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#mls-ciphersuites
- https://www.ietf.org/archive/id/draft-ietf-mls-federation-02.html
- https://datatracker.ietf.org/wg/mimi/documents/
- https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en
- Yes in the protocol document this is 1.0: https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#section-6

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken.

Links
https://rwc.iacr.org/2023/https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
Transcript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/



"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts.

Transcript:
https://securitycryptographywhatever.com/2023/01/27/threema/

Links:
https://breakingthe3ma.app/
https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf
https://threema.ch/en/blog/posts/ibex

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die?

Also some musings about Bruce Schneier.

Errata:
Schneier's honorary PhD is from the University of Westminster, not UW.

Transcript:
https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-computer/

Links:

https://arxiv.org/pdf/2212.12372.pdf
https://eprint.iacr.org/2021/232.pdf
https://github.com/lducas/SchnorrGate
https://sweis.medium.com/did-schnorr-destroy-rsa-show-me-the-factors-dcb1bb980ab0
https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html
https://scottaaronson.blog/?p=6957




"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)