Security Cryptography Whatever

Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades

Sep 13, 2023

The hosts discuss their summer vacation experiences and touch on topics like pixel attacks, 2G deprecation, and writing modem firmware. They explore vulnerabilities Zenbleed, Downfall, Spectre, and Meltdown, discussing technical details, risks, and potential exploitation. They also talk about software and firmware vulnerabilities, downgrade attacks, and crypto talks at conferences. The chapter covers lattice-based Kyber and dilithium schemes, the need to check old papers, and explore alternatives in cryptography. They discuss issues with authentic code, X-509, SSL slippery slope, and call for reviews.

58:35

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The hosts discuss the challenges and vulnerabilities of using JWTs, highlighting the importance of understanding the difference between RSA signed and RSA encrypted tokens.

They mention the competition for shorter post-quantum signatures and the potential use of ski-scheme signatures in the future.

Deep dives

Summary of Podcast Episode

In this podcast episode, the hosts discuss various topics including Black Hat, cryptography, and the implementation of a post-quantum secure variant of FIDO2. They also touch on the challenges of using JWTs, the danger of confusing RSA signed and RSA encrypted tokens, and the vulnerability of using password encryption in JWTs. Additionally, they mention the competition for shorter post-quantum signatures and the potential use of ski-scheme signatures in the future. The hosts also address the complexities of X.509 certificates, the need to check key usage bits, and the importance of utilizing separate hierarchies for distinct purposes. They wrap up the episode by encouraging listeners to leave positive reviews for the podcast.

Introduction

2min

Vulnerabilities Zenbleed, Downfall, Spectre, and Meltdown

13min

Software and Firmware Vulnerabilities

5min

Downgrade Attacks and Crypto Talks at Conferences

25min

Kyber, Dilithium, and the Quest for Post-Quantum Secure Signatures

6min

Exploring Papers, Alternatives, and Metaphors in Cryptography

2min

Discussion about X-509, SSL lipery slope, and the mess of authentic code

2min

Casual Conversation and Call for Reviews

3min

We're back from our summer vacation! We're covering a bunch of stuff we saw and did:

Transcript:
https://securitycryptographywhatever.com/2023/09/13/cruel-summer/

Links:
- Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html
- Downfall: https://downfall.page
- Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Security Cryptography Whatever

Cruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgrades

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Summary of Podcast Episode

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights