Security Cryptography Whatever

Matrix with Martin Albrecht and Dan Jones

Nov 2, 2022

01:06:24

Creator website

Highlights

AI Chapters

Episode notes

End to End Encrypted Backups

01:40

A Semi Trusted Impersonation Attack in the Matrix Protocol

03:15

Is There a Multi Device Secure Messaging System?

02:35

Introduction

2min

Matrix

2min

The Key Idea Is Matrix Derivatives

2min

Is Matrix More Like Slack Than Signal?

2min

What Should You Expect to Trust a Matrix Server?

2min

Authenticating Group Membership Requests in a Matrix Room

3min

Do You Consider Valid Attacks That the Designers Consider?

2min

What's the Point of Out of Band Verification?

2min

The Trusted Home Server Attack

2min

10.

Is There a Multi Device Secure Messaging System?

3min

11.

Is It Inherent in Their Design Choice?

2min

12.

Getting Private Group Membership on Top of a Signal Service

2min

13.

The Key Device Identifier Confusion

2min

14.

Is That a Root Cryptographic Identity?

2min

15.

The Man in the Middle Attack

3min

16.

A Taxi Attack on Megalm

2min

17.

A Semi Trusted Impersonation Attack in the Matrix Protocol

3min

18.

What's the Impact of Injecting a Mega Home Session Into Another Client?

2min

19.

You Can't Have Strong Confidentiality Without Authentication

2min

20.

A C Attack to Inject a Megalm Session

3min

21.

Is This a Bug in the Afflection Client?

2min

22.

End to End Encrypted Backups

2min

23.

The Paper Is Great, but You Can't Exploit It, Right?

2min

24.

Is Message Backup a Thing That You Shouldn't Have?

3min

25.

Doing Engineering of Any Kind of Level of Security Is Not Easy

4min

26.

Is That All of Omega Old and the Secure Backup?

2min

27.

The Impossibility of Multi Party Encrypted Group Messages

2min

28.

MLS and Group Key Agreement - What's That?

2min

29.

Is There a Security Definition for Group Membership?

2min

30.

Is There Any Work on Formal Analysis of a Federated Environment?

2min

31.

How Does Signal Work With a Federated Model?

3min

No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic
Vulnerabilities in Matrix".

Transcript:
https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/

Links:

https://nebuchadnezzar-megolm.github.io/static/paper.pdf
https://nebuchadnezzar-megolm.github.io
Signal Private Group system: https://eprint.iacr.org/2019/1416.pdf
https://signal.org/blog/signal-private-group-system/
https://spec.matrix.org/latest/
WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
https://www.usenix.org/conference/usenixsecurity21/presentation/albrecht FS, PCS etc
Other clients: https://nvd.nist.gov/vuln/detail/CVE-2022-39252 https://nvd.nist.gov/vuln/detail/CVE-2022-39254 https://nvd.nist.gov/vuln/detail/CVE-2022-39264
https://dadrian.io/blog/posts/roll-your-own-crypto/
https://podcasts.apple.com/us/podcast/the-great-roll-your-own-crypto-debate-feat-filippo-valsorda/id1578405214?i=1000530617719
WhatsApp End-to-End Encrypted Backups: https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsapp
Roll your own and Telegram: https://mtpsym.github.io/

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Get the app