8 episodes

Some cryptography & security people talk about security, cryptography, and whatever else is happening.

Security. Cryptography. Whatever‪.‬ Deirdre Connolly, Thomas Ptacek, David Adrian

    • Technology
    • 5.0 • 16 Ratings

Some cryptography & security people talk about security, cryptography, and whatever else is happening.

    PAKEs, oPRFs, algebra, feat. George Tankersley

    PAKEs, oPRFs, algebra, feat. George Tankersley

    A conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more.

    With special guest, George Tankersley!

    Transcript: https://share.descript.com/view/X8x8oO2Q8Tw

    Links: 
    SRP deprecation: https://blog.cryptographyengineering.com/should-you-use-srpOPAQUE: https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.htmlobfs: https://github.com/shadowsocks/simple-obfsElligator: https://elligator.cr.yp.toHash to Curve: https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-12.htmlMagic Wormhole: https://github.com/magic-wormhole/magic-wormholeBiscuits: https://github.com/CleverCloud/biscuitRistretto: https://ristretto.groupMonero signature bug: https://www.getmonero.org/ru/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.htmlSIDH smooth-order supersingular curves: https://link.springer.com/chapter/10.1007/978-3-662-53018-4_21

    • 1 hr 15 min
    "Patch, Damnit!"

    "Patch, Damnit!"

    A lot of fixes got pushed in the past week! Please apply your updates!
    Apple, Chrome, Matrix, Azure, and more nonsense.

    Find us at:
    https://twitter.com/scwpod
    https://twitter.com/durumcrustulum
    https://twitter.com/tqbf
    https://twitter.com/davidcadrian

    Links!
    The accuvant story in MIT Technology Review
    All the Apple platforms patched FORCEDENTRY no-click 0-day
    Chrome patched some 0-days that were being exploited in the wild
    PASETO update

    Transcript:
    https://share.descript.com/view/Um4im6a3dqj

    • 1 hr 14 min
    How to be a Certificate Authority, feat. Ryan Sleevi

    How to be a Certificate Authority, feat. Ryan Sleevi

    Not the hero the internet deserves, but the one we need: it's Ryan Sleevi!

    We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman.


    Find us at:
    https://twitter.com/scwpod
    https://twitter.com/durumcrustulum
    https://twitter.com/tqbf
    https://twitter.com/davidcadrian

    • 1 hr 34 min
    Apple's CSAM Detection, feat. Matthew Green

    Apple's CSAM Detection, feat. Matthew Green

    We're talking about Apple's new proposed client-side CSAM detection system. We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green.

    We cover how Apple's system works, what it does (and doesn't), where we have unanswered questions, and where some of the gaps are.

    Find us at:
    https://twitter.com/scwpod
    https://twitter.com/durumcrustulum
    https://twitter.com/tqbf
    https://twitter.com/davidcadrian

    Links:
    https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdf
    https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf
    https://www.law.cornell.edu/uscode/text/18/2258A
    https://www.missingkids.org/content/dam/missingkids/gethelp/2020-reports-by-esp.pdf
    https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT
    https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does
    https://research.fb.com/blog/2021/02/understanding-the-intentions-of-child-sexual-abuse-material-csam-sharers/
    https://www.nytimes.com/interactive/2019/11/09/us/internet-child-sex-abuse.html
    https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf

    • 52 min
    Platform Security Part Deux, feat. Justin Schuh

    Platform Security Part Deux, feat. Justin Schuh

    We did not run out of things to talk about: Chrome vs. Safari vs. Firefox. Rust vs. C++. Bug bounties vs. exploit development. The Peace Corps vs. The Marine Corps.

    Find us at:
    https://twitter.com/scwpod
    https://twitter.com/durumcrustulum
    https://twitter.com/tqbf
    https://twitter.com/davidcadrian

    • 1 hr 20 min
    What do we do about JWT? feat. Jonathan Rudenberg

    What do we do about JWT? feat. Jonathan Rudenberg

    🔥JWT🔥

    We talk about all sorts of tokens: JWT, PASETO, Protobuf Tokens, Macaroons, and Biscuits. With the great Jonathan Rudenberg!

    After we recorded this, Thomas went deep on tokens even beyond what we talked about here: https://fly.io/blog/api-tokens-a-tedious-survey/

    Find us at:
    https://twitter.com/durumcrustulum
    https://twitter.com/tqbf
    https://twitter.com/davidcadrian
    https://twitter.com/scwpod

    • 1 hr 14 min

Customer Reviews

5.0 out of 5
16 Ratings

16 Ratings

elagergren ,

good podcast

pretty dope

Top Podcasts In Technology

You Might Also Like