A C Attack to Inject a Megalm Session

No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic
Vulnerabilities in Matrix".

Transcript:
https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/

Links: 

• https://nebuchadnezzar-megolm.github.io/static/paper.pdf
• https://nebuchadnezzar-megolm.github.io
• Signal Private Group system: https://eprint.iacr.org/2019/1416.pdf
• https://signal.org/blog/signal-private-group-system/
• https://spec.matrix.org/latest/
• WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
• https://www.usenix.org/conference/usenixsecurity21/presentation/albrecht FS, PCS etc
• Other clients: https://nvd.nist.gov/vuln/detail/CVE-2022-39252 https://nvd.nist.gov/vuln/detail/CVE-2022-39254 https://nvd.nist.gov/vuln/detail/CVE-2022-39264 
• https://dadrian.io/blog/posts/roll-your-own-crypto/
• https://podcasts.apple.com/us/podcast/the-great-roll-your-own-crypto-debate-feat-filippo-valsorda/id1578405214?i=1000530617719 
• WhatsApp End-to-End Encrypted Backups: https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsapp
• Roll your own and Telegram: https://mtpsym.github.io/ 

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)