(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166This episode is definitely not safe for work and definitely a parody.

Post-Quantum iMessage with Douglas Stebila

Mar 3rd, 2024 55m 34s

Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol

High-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik Bhargavan

Jan 29th, 2024 56m 13s

We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performa

Encrypting Facebook Messenger with Jon Millican and Timothy Buck

Dec 23rd, 2023 59m 35s

Facebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major

Attacking Lattice-based Cryptography with Martin Albrecht

Nov 13th, 2023 57m 20s

Returning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my!Transcript: https://securitycryptographywhatever.com/2023/1

Signal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser Revisted

Nov 7th, 2023 1h 19m

We're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message fo

'Jerry Solinas deserves a raise' with Steve Weis

Oct 12th, 2023 57m 31s

We explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis!“At the point where we find an intelligible English string that generates theNIST P-curve seeds, nobody serious is going to take th

Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades

Sep 13th, 2023 58m 35s

We're back from our summer vacation! We're covering a bunch of stuff we saw and did:Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/Links:- Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html- Downfall: https://downf

Why do we think anything is secure, with Steve Weis

Jun 29th, 2023 46m 17s

What does P vs NP have to do with cryptography? Why do people love and laugh about the random oracle model? What's an oracle? What do you mean factoring and discrete log don't have proofs of hardness? How does any of this cryptography stuff wor

Elon's Encrypted DMs with Matthew Garrett

May 29th, 2023 52m 28s

Are Twitter’s new encrypted DMs unreadable even if you put a gun to Elon’s head? We invited Matthew Garrett on to do a deep decompiled dive into what kind of cryptography actually shipped.Transcript: https://securitycryptographywhatever.com/202

WhatsApp Key Transparency with Jasleen Malvai and Kevin Lewi

May 6th, 2023 55m 43s

WhatsApp has announced they’re rolling out key transparency! Doing this at WhatsApp-scale (aka billions and biiillions of keys) is a significant task, so we talked to Jasleen Malvai and Kevin Lewi about how it works.Transcript: https://security

Messaging Layer Security (MLS) with Raphael Robert

Apr 22nd, 2023 55m 2s

Messaging Layer Security (MLS) 1.0 is (basically) here! We invited RaphaelRobert, coauthor of the MLS specification to explain it to us and answer our annoying questions (read: why does this exist?)Transcript:https://securitycryptographywhateve

Real World: Crypto (2023)

Mar 25th, 2023 54m 51s

Real World Cryptography 2023 is happening any moment now in Tokyo. Also, some phone basebands are broken.Linkshttps://rwc.iacr.org/2023/https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.htmlTranscript: http

Threema with Kenny Paterson, Matteo Scarlata and Kien Tuong Truong

Jan 27th, 2023 1h 3m

Another day, another ostensibly secure messenger that quails under the gaze of some intrepid cryptographers. This time, it's Threema, and the gaze belongs to Kenny Paterson, Matteo Scarlata, and Kien Tuong Truong from ETH Zurich. Get ready for

Has RSA been destroyed by a quantum computer???

Jan 7th, 2023 41m 16s

There's a paper that claims one can factor a RSA-2048 modulus with the help of a 372-qubit quantum computer. Are we all gonna die?Also some musings about Bruce Schneier.Errata:Schneier's honorary PhD is from the University of Westminster, not U

End of Year Wrap Up

Jan 5th, 2023 59m 27s

David and Deirdre gab about some stuff we didn't get to or just recently happened, like Tailscale's new Tailnet Lock, the Okta breach, what the fuck CISOs are for anyway, Rust in Android and Chrome, passkeys support, and of course, SBF.Transcri

Software Safety and Twitter with Kevin Riggle

Nov 24th, 2022 58m 36s

We talk to Kevin Riggle (@kevinriggle) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much

Matrix with Martin Albrecht and Dan Jones

Nov 2nd, 2022 1h 6m

No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable

SOC2 with Sarah Harvey

Oct 16th, 2022 1h 1m

We have Sarah Harvey (@worldwise001 on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas:SOC2 Starting Seven: https://latacora.micro.blog/2020

Nate Lawson II

Sep 29th, 2022 1h 23m

This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers.Steven Chu: https://en.wikipedia.org/wiki/Steven_ChuCFB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)CCFB: https:

Nate Lawson: Part 1

Sep 9th, 2022 1h 20m

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.Transcript:https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/ReferencesIBM S/390: https://ieeexplore.iee

Hot Cryptanalytic Summer with Steven Galbraith

Aug 11th, 2022 52m 35s

Are the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here.Transcript: https://securitycryptogr

Passkeys with Adam Langley

Aug 11th, 2022 1h 3m

Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys!David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as

Hertzbleed

Jun 18th, 2022 58m 39s

Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs.Transcript: https://securitycryptographywhate

OMB Zero Trust Memo with Eric Mill

Jun 11th, 2022 1h

The US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill, on to explain it to us.As always, your @SCWPod hosts are Deirdre Connolly (@durumcrustulum), Thomas