Security Cryptography Whatever

We talk to Kevin Riggle (@kevinriggle) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half the audience!https://twitter.com/kevinriggleTranscript: https://securitycryptographywhatever.com/2022/11/24/software-safety-and-twitter-with-kevin-riggle/ErrataIt was the Mars Climate Orbiter that crashed due to a units mismatchDavid confused the Dreamliner with the 737 MaxLinkshttps://free-dissociation.com/blog/posts/2018/08/why-is-it-so-hard-to-build-safe-software/https://complexsystems.group/https://how.complexsystems.fail/https://noncombatant.org/2016/06/20/get-into-security-engineering/https://blog.nelhage.com/2010/03/security-doesnt-respect-abstraction/http://sunnyday.mit.edu/safer-world.pdfhttps://www.adaptivecapacitylabs.com/john-allspaw/https://www.etsy.com/codeascraft/blameless-postmortemshttps://increment.com/security/approachable-threat-modeling/https://www.nytimes.com/2022/11/17/arts/music/taylor-swift-tickets-ticketmaster.htmlhttps://www.hillelwayne.com/post/are-we-really-engineers/https://www.hillelwayne.com/post/we-are-not-special/https://www.hillelwayne.com/post/what-we-can-learn/https://lotr.fandom.com/wiki/Denethor_IIhttps://twitter.com/sarahjeong/status/1587597972136546304"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable CryptographicVulnerabilities in Matrix".Transcript:https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/Links: https://nebuchadnezzar-megolm.github.io/static/paper.pdfhttps://nebuchadnezzar-megolm.github.ioSignal Private Group system: https://eprint.iacr.org/2019/1416.pdfhttps://signal.org/blog/signal-private-group-system/https://spec.matrix.org/latest/WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdfhttps://www.usenix.org/conference/usenixsecurity21/presentation/albrecht FS, PCS etcOther clients: https://nvd.nist.gov/vuln/detail/CVE-2022-39252 https://nvd.nist.gov/vuln/detail/CVE-2022-39254 https://nvd.nist.gov/vuln/detail/CVE-2022-39264 https://dadrian.io/blog/posts/roll-your-own-crypto/https://podcasts.apple.com/us/podcast/the-great-roll-your-own-crypto-debate-feat-filippo-valsorda/id1578405214?i=1000530617719 WhatsApp End-to-End Encrypted Backups: https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsappRoll your own and Telegram: https://mtpsym.github.io/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

We have Sarah Harvey (@worldwise001 on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas:SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.htmlSOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/Transcript:https://securitycryptographywhatever.com/2022/10/16/SOC2-with-Sarah-Harvey/Links:Tailscale recent post on getting SOC2’d: https://tailscale.com/blog/soc2-type2/SSO Tax: https://sso.taxDavid’s previous job: https://getnametag.comDavid's other startup: https://censys.ioThomas works at https://fly.io"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers.Steven Chu: https://en.wikipedia.org/wiki/Steven_ChuCFB: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)CCFB: https://link.springer.com/chapter/10.1007/11502760_19XXTEA: https://en.wikipedia.org/wiki/XXTEACHERI: https://cseweb.ucsd.edu/~dstefan/cse227-spring20/papers/watson:cheri.pdfTranscript:https://securitycryptographywhatever.com/2022/09/29/nate-lawson-ii/Errata:Pedram Amini did in fact do Pai Mei"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.Transcript:https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/ReferencesIBM S/390: https://ieeexplore.ieee.org/document/5389176SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.htmlXbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_AttackGoogle Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/ErrataHMAC actually published in 1996, not 1997"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Are the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here.Transcript: https://securitycryptographywhatever.com/2022/08/11/hot-cryptanalytic-summer-with-steven-galbraith/Merch: https://merch.scwpodcast.comLinks:https://eprint.iacr.org/2022/975.pdfhttps://eprint.iacr.org/2022/1026.pdfhttps://ellipticnews.wordpress.com/2022/07/31/breaking-supersingular-isogeny-diffie-hellman-sidh/GPST active adaptive attack against SIDH: https://eprint.iacr.org/2016/859.pdfFailing to hash into supersingular isogeny graphs: https://eprint.iacr.org/2022/518.pdfhttps://research.nccgroup.com/2022/08/08/implementing-the-castryck-decru-sidh-key-recovery-attack-in-sagemath/Kuperberg attack via Peikert: https://eprint.iacr.org/2019/725.pdfSQISign: https://eprint.iacr.org/2020/1240.pdf(Post recording)  Breaking SIDH in polynomial time:https://eprint.iacr.org/2022/1038.pdf"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys!David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings.Transcript: https://securitycryptographywhatever.com/2022/08/11/passkeys-with-adam-langley/Links:GoogleIO PresentationWWDC PresentationW3C WebAuthNAdam's blog on passkeys and CABLECable / Hybrid PRCTAP spec from FIDONoise NKPSKDERPDon't forget about merch! https://merch.securitycryptographywhatever.com/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs.Transcript: https://securitycryptographywhatever.com/2022/06/17/hertzbleed/ Links:Hertzbleed Attack | ellipticnews (wordpress.com)https://www.hertzbleed.com/hertzbleed.pdfhttps://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920031Merch: https://merch.scwpodcast.com"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

The US government released a memo about moving to a zero-trust network architecture. What does this mean? We have one of the authors, Eric Mill, on to explain it to us.As always, your @SCWPod hosts are Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian).Transcript: https://securitycryptographywhatever.com/2022/06/10/omb-zero-trust-memo-with-eric-mill/Links:OMB MemoExecutive order on cybersecurity PIV card Derived PIVBeyondCorpHSTS Preloading.gov preloading Neither Rain, Nor Snow, Nor MITMEDR memoTechnology Transformation Services (TTS)Is it Christmas?"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

We talk about Tink with Sophie Schmieg, cryptographer and algebraic geometer at Google.Transcript: https://securitycryptographywhatever.com/2022/05/28/tink-with-sophie-schmieg/Links:Sophie: https://twitter.com/SchmiegSophieTink: https://github.com/google/tinkRWC talk: https://youtube.com/watch?t=1028&v=CiH6iqjWpt8Where to store keys: https://twitter.com/SchmiegSophie/status/1413502566797778948EAX mode: https://en.wikipedia.org/wiki/EAX_modeAES-GCM-SIV: https://en.wikipedia.org/wiki/AES-GCM-SIVDeterministic AEADs: https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#deterministic-authenticated-encryption-with-associated-dataThai Duong: https://twitter.com/XorNinjaAWS-SDK Vuln: https://twitter.com/XorNinja/status/1310587707605659649"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)