No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic
Vulnerabilities in Matrix".
Transcript:
https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/
Links:
- https://nebuchadnezzar-megolm.github.io/static/paper.pdf
- https://nebuchadnezzar-megolm.github.io
- Signal Private Group system: https://eprint.iacr.org/2019/1416.pdf
- https://signal.org/blog/signal-private-group-system/
- https://spec.matrix.org/latest/
- WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
- https://www.usenix.org/conference/usenixsecurity21/presentation/albrecht FS, PCS etc
- Other clients: https://nvd.nist.gov/vuln/detail/CVE-2022-39252 https://nvd.nist.gov/vuln/detail/CVE-2022-39254 https://nvd.nist.gov/vuln/detail/CVE-2022-39264
- https://dadrian.io/blog/posts/roll-your-own-crypto/
- https://podcasts.apple.com/us/podcast/the-great-roll-your-own-crypto-debate-feat-filippo-valsorda/id1578405214?i=1000530617719
- WhatsApp End-to-End Encrypted Backups: https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsapp
- Roll your own and Telegram: https://mtpsym.github.io/
"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)
