Security Cryptography Whatever

By: Deirdre Connolly Thomas Ptacek David Adrian
  • Summary

  • Some cryptography & security people talk about security, cryptography, and whatever else is happening.
    © 2024 Security Cryptography Whatever
    Show More Show Less
Episodes
  • A Little Bit of Rust Goes a Long Way with Android's Jeff Vander Stoep
    Oct 15 2024

    You may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉

    Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/

    Links:
    - https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html
    - “Safe Coding”: https://dl.acm.org/doi/10.1145/3651621
    - “effectiveness of security design”: https://docs.google.com/presentation/d/16LZ6T-tcjgp3T8_N3m0pa5kNA1DwIsuMcQYDhpMU7uU/edit#slide=id.g3e7cac054a_0_89
    - https://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html
    - https://github.com/google/crubit
    - https://github.com/google/autocxx
    - https://en.wikipedia.org/wiki/Stagefright_(bug)
    - https://security.googleblog.com/2021/04/rust-in-android-platform.html
    - https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md
    - https://www.usenix.org/conference/usenixsecurity22/presentation/alexopoulos
    -https://kb.meinbergglobal.com/kb/time_sync/ntp/ntp_vulnerabilities_reported_2023-04
    - https://blog.isosceles.com/the-legacy-of-stagefright/
    - https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/
    - https://www.youtube.com/watch?v=QrrH2lcl9ew
    - https://source.android.com/docs/setup/build/rust/building-rust-modules/overview
    - https://github.com/rust-lang/rust-bindgen
    - https://security.googleblog.com/2021/06/rustc-interop-in-android-platform.html


    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Show More Show Less
    1 hr and 14 mins
  • Campaign Security with [REDACTED]
    Oct 13 2024

    With the 2024 United States Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late August, 2024.

    Transcript: https://securitycryptographywhatever.com/2024/10/13/campaign-security/

    Links:

    - Active Measures by Thomas Rind: https://us.macmillan.com/books/9780374287269/activemeasures
    - Aurora: https://en.wikipedia.org/wiki/Operation\_Aurora
    - Google APP announcement, October 2017: https://www.wired.com/story/google-advanced-protection-locks-down-accounts/
    - XXD: https://linux.die.net/man/1/xxd
    - Adobe Reader October 2016 Security Update: https://helpx.adobe.com/security/products/acrobat/apsb16-33.html


    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Show More Show Less
    1 hr and 24 mins
  • Telegram with Matthew Green
    Sep 7 2024

    We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind!


    Transcript: https://securitycryptographywhatever.com/2024/09/06/telegram

    Links:

    - https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
    - Lavabit / Ladar Levinson: https://en.wikipedia.org/wiki/Lavabit
    - Pavel Durov indictment statement from French authorities: https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-08/2024-08-28%20-%20CP%20TELEGRAM%20mise%20en%20examen.pdf
    - MTProto 2.0 protocol spec: https://core.telegram.org/api/end-to-end
    - https://words.filippo.io/dispatches/telegram-ecdh/
    - MTProto 1.0 (old no longer used): - https://web.archive.org/web/20131220000537/https://core.telegram.org/api/end-to-end#key-generation
    - OTR: https://otr.cypherpunks.ca/otr-wpes.pdf
    - AES and sha2 used in ‘Infinite Garble Extension’ mode: https://eprint.iacr.org/2015/1177.pdf
    - Four Attacks and a Proof for Telegram: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833666
    - History of Telegram e2ee chats availability: https://en.wikipedia.org/wiki/Telegram_(software)#Architecture
    - https://securitycryptographywhatever.com/2023/01/27/threema/
    - https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/
    - https://en.wikipedia.org/wiki/Matrix_(protocol), introduced in September 2014


    "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

    Show More Show Less
    1 hr and 4 mins

What listeners say about Security Cryptography Whatever

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.