
32 episodes

Security Cryptography Whatever Deirdre Connolly, Thomas Ptacek, David Adrian
-
- Technology
-
-
4.9 • 42 Ratings
-
Some cryptography & security people talk about security, cryptography, and whatever else is happening.
-
Elon's Encrypted DMs with Matthew Garrett
Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.
Transcript:
https://securitycryptographywhatever.com/2023/05/29/elons-encrypted-dms-with-matthew-garrett/
Links:
https://mjg59.dreamwidth.org/66791.html
https://help.twitter.com/en/using-twitter/encrypted-direct-messages
https://www.techdirt.com/2023/05/11/twitter-launches-not-actually-encrypted-encrypted-dms/
BrokenKDF2BytesGenerator: https://github.com/bcgit/bc-java/blob/master/prov/src/main/java/org/bouncycastle/jce/provider/BrokenKDF2BytesGenerator.java#L70
Analysis from sweis: https://twitter.com/sweis/status/1657082478727933954?s=20
https://signal.org/docs/specifications/x3dh/
https://signal.org/docs/specifications/doubleratchet/
https://support.signal.org/hc/en-us/articles/360007059752-Backup-and-Restore-Messages
Trail of Bits has not audited nor signed a contract yet, per Platformer: https://www.platformer.news/p/why-you-cant-trust-twitters-encrypted
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian) -
WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi
WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works.
Transcript:
https://securitycryptographywhatever.com/2023/05/06/whatsapp-key-transparency
Links:
https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/
https://github.com/facebook/akd
Parkeet: https://eprint.iacr.org/2023/081.pdf
CONIKS: https://eprint.iacr.org/2014/1004.pdf
SEEMless: https://eprint.iacr.org/2018/607.pdf
WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
Keybase key transparency: https://book.keybase.io/docs/server
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian) -
Messaging Layer Security (MLS) with Raphael Robert
Messaging Layer Security (MLS) 1.0 is (basically) here! We invited Raphael
Robert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?)
Transcript:
https://securitycryptographywhatever.com/2023/04/22/mls/
Links:
- https://messaginglayersecurity.rocks/
- https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html
- https://messaginglayersecurity.rocks/mls-architecture/draft-ietf-mls-architecture.html
- https://github.com/openmls/openmls
- https://eprint.iacr.org/2022/1533.pdf
- https://eprint.iacr.org/2020/1327.pdf
- https://eprint.iacr.org/2022/559.pdf
- https://signal.org/docs/
- https://en.wikipedia.org/wiki/Key_encapsulation_mechanism
- https://twitter.com/beurdouche/status/1220617962182389760
- https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#mls-ciphersuites
- https://www.ietf.org/archive/id/draft-ietf-mls-federation-02.html
- https://datatracker.ietf.org/wg/mimi/documents/
- https://competition-policy.ec.europa.eu/dma/dma-workshops/interoperability-workshop_en
- Yes in the protocol document this is 1.0: https://messaginglayersecurity.rocks/mls-protocol/draft-ietf-mls-protocol.html#section-6
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian) -
Real World: Crypto (2023)
Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken.
Links
https://rwc.iacr.org/2023/https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
Transcript: https://securitycryptographywhatever.com/2023/03/24/rwc-2023/
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian) -
Threema with Kenny Paterson, Matteo Scarlata, & Kien Tuong Truong
Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for some stunt cryptography, like 2 Fast 2 Furious stunts.
Transcript:
https://securitycryptographywhatever.com/2023/01/27/threema/
Links:
https://breakingthe3ma.app/
https://threema.ch/press-files/2_documentation/cryptography_whitepaper.pdf
https://threema.ch/en/blog/posts/ibex
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian) -
Has RSA been destroyed by a quantum computer???
There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die?
Also some musings about Bruce Schneier.
Errata:
Schneier's honorary PhD is from the University of Westminster, not UW.
Transcript:
https://securitycryptographywhatever.com/2023/01/06/has-rsa-been-destroyed-by-a-quantum-computer/
Links:
https://arxiv.org/pdf/2212.12372.pdf
https://eprint.iacr.org/2021/232.pdf
https://github.com/lducas/SchnorrGate
https://sweis.medium.com/did-schnorr-destroy-rsa-show-me-the-factors-dcb1bb980ab0
https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html
https://scottaaronson.blog/?p=6957
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
Customer Reviews
Found my new favorite podcast!
Stumbled across this podcast while trying to supplement an applied cryptography class. I couldn’t be more please with the content and excitement the hosts have about cryptography. Definitely worth a listen!
Favorite podcast
The mix of serious technical competency and lack of ego of the three hosts makes this podcast a delight. Although the release schedule is haphazard, every episode is worth the wait. I always feel like I’ve learned something new at the end of each episode, and I’ve gone back to many of the episodes and learned more on re-listening. I highly recommend this podcast!
Rude host makes it unlistenable
This has great guests, covers great topics, and would be a great podcast. However Thomas Ptacek has no grasp of how to convey information, how to ask facilitating questions, and definitely doesn’t know how to avoid being rude to the hosts and audience.
I thought maybe it was just him on a podcast, then I saw some Black Hat talks which included him and he insults his fellow panelists, the audience, and does his best to do the same: turn it into a 1 man Thomas show.
I’ve given up suffering through this podcast to try and hear good material and guests, there’s better content out there, better and more respectful hosts, and better things to do with my time than fight a migraine listening to someone so narcissistic and rude.