Security Cryptography Whatever

Mar 26, 20261h 16m#5

Returning champion Nicholas Carlini comes back to talk about using Claude for vulnerability research, and the current vulnpocalypse. It's all very high-brow stuff, and the gang learns some bitter lessons. Watch on YouTub

Mar 10, 20268m#4

Standardizing cryptography involves a lot of opinions. Luckily, the gamer presidents are on it. Come on, you all know the drill. This is the last time I do this. "Security Cryptography Whatever" is hosted by Deirdre Conn

Feb 2, 20261h 12m#3

The Python cryptography module, pyca/cryptography , has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex

Dec 31, 202556m#2

The International Association of Cryptologic Research held their regular election using secure voting software called Helios…and lost the keys to decrypt the results, leaving them with no choice but to throw out the vote

Oct 31, 202556m#1

Apple announced its new suite of memory security improvements from the top of the stack all the way to the bottom, so we dug through what they did and how they did it (performantly). Watch on YouTube: https://www.youtube

Aug 23, 20251h 11m#12

There was a bug in an OpenPGP library which finally gave us an excuse to tear encrypted email via PGP to shreds. Our special guest William Woodruff joined us to help explain the vuln and indulge our gnashing of teeth on

Aug 16, 20251h 25m#11

We chat with friend of the pod and special guest Alex Gaynor, former deputy chief technologist at the FTC and all around good Security Person™. Join for nerdery about WebAuthn, stay for accidentally melting down GitHub A

Jul 29, 20251h 0m#10

We’re throwing a party in Vegas! Someone called it SCWPodCon last year, and the name stuck. It’s sponsored by Teleport, the infrastructure identity company. Get SSO for SSH! If Thomas was here, I’m sure he’d tell you tha

May 19, 20251h 2m#9

It seems like everyone that tries to deploy end-to-end encrypted cloud storage seems to mess it up, often in new and creative ways. Our special guests Matilda Backendal, Jonas Hofmann, and Kien Tuong Truong give us a tou

Mar 24, 202514m#11

Migrating the US government to quantum-resistant cryptography is hard, luckily the gamer presidents are on it. This episode is extremely not safe for work, nor does it reflect the political opinions of, well, anybody. "S

Feb 25, 202548m#10

Apple has pulled the availability of their opt-in iCloud end-to-end encryption feature, called Advanced Data Protection, in the UK. This doesn't only affect UK Apple users, however. To help us make sense of this surprisi

Jan 28, 20251h 20m#8

'Let us model our large language model as a hash function—' Sold. Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs and other attacks, just as the ones that made OpenAI turn off so

Jan 21, 202557m#7

Just a few days before turning off the lights, the Biden administration dropped a huge cybersecurity executive order including a lot of good stuff, that hopefully [cross your fingers, knock wood, spin around three times

Dec 18, 202453m#6

THE QUANTUM COMPUTERS ARE COMING...right? We got Samuel Jacques and John Schanck at short notice to answer that question plus a bunch of other about error correcting codes, logical qubits, T-gates, and more about Google'

Dec 7, 20241h 7m#5

Nothing we have ever recorded on SCW has brought so much joy to David. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body. Our esteemed guests Justin Schuh and Matt G

Oct 15, 20241h 13m#4

You may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry avera

Oct 13, 20241h 23m#3

With the 2024 United States Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late Aug

Sep 7, 20241h 4m#2

We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography

Jul 25, 202457m#1

Are you going to be in Vegas during BlackHat / DEF CON? We're hosting a mixer, sponsored by Observa ! We have limited capacity, so please only register if you can actually come. Location details are in the confirmation e

Jun 24, 20241h 25m#11

We have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive

May 24, 20241h 48m#10

iykyk Transcript: https://securitycryptographywhatever.com/2024/05/25/ekr/ Links: - https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt - https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf - https://d

Apr 30, 20241h 1m#9

Josh Brown and Paul Grubbs join us to describe how those damned spam calls work, and how STIR/SHAKEN is supposed to try to stop them, but have other privacy and security implications as well. Transcript: https://security

Mar 23, 202419m#8

(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166 This episode is definitely not safe for work

Mar 3, 202455m#7

Apple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis

Jan 29, 202456m#6

We welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security