Security Cryptography Whatever
Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades
Sep 13, 2023
The hosts discuss their summer vacation experiences and touch on topics like pixel attacks, 2G deprecation, and writing modem firmware. They explore vulnerabilities Zenbleed, Downfall, Spectre, and Meltdown, discussing technical details, risks, and potential exploitation. They also talk about software and firmware vulnerabilities, downgrade attacks, and crypto talks at conferences. The chapter covers lattice-based Kyber and dilithium schemes, the need to check old papers, and explore alternatives in cryptography. They discuss issues with authentic code, X-509, SSL slippery slope, and call for reviews.
58:35
AI Summary
AI Chapters
Episode notes
Podcast summary created with Snipd AI
Quick takeaways
- The hosts discuss the challenges and vulnerabilities of using JWTs, highlighting the importance of understanding the difference between RSA signed and RSA encrypted tokens.
- They mention the competition for shorter post-quantum signatures and the potential use of ski-scheme signatures in the future.
Deep dives
Summary of Podcast Episode
In this podcast episode, the hosts discuss various topics including Black Hat, cryptography, and the implementation of a post-quantum secure variant of FIDO2. They also touch on the challenges of using JWTs, the danger of confusing RSA signed and RSA encrypted tokens, and the vulnerability of using password encryption in JWTs. Additionally, they mention the competition for shorter post-quantum signatures and the potential use of ski-scheme signatures in the future. The hosts also address the complexities of X.509 certificates, the need to check key usage bits, and the importance of utilizing separate hierarchies for distinct purposes. They wrap up the episode by encouraging listeners to leave positive reviews for the podcast.
