<?xml version="1.0" encoding="UTF-8" ?>
<?xml-stylesheet href="https://feeds.buzzsprout.com/styles.xsl" type="text/xsl"?>
<rss version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:podcast="https://podcastindex.org/namespace/1.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<atom:link href="https://feeds.buzzsprout.com/1822302.rss" rel="self" type="application/rss+xml" />
<atom:link href="https://pubsubhubbub.appspot.com/" rel="hub" xmlns="http://www.w3.org/2005/Atom" />
<title>Security. Cryptography. Whatever.</title>
<lastBuildDate>Fri, 25 Nov 2022 17:31:01 -0500</lastBuildDate>
<link>https://securitycryptographywhatever.com</link>
<language>en-us</language>
<copyright>© 2022 Security. Cryptography. Whatever.</copyright>
<podcast:locked>yes</podcast:locked>
<podcast:guid>867836ea-7d1d-5bf7-9fd1-7f76415d62ab</podcast:guid>
<itunes:author>Deirdre Connolly, Thomas Ptacek, David Adrian</itunes:author>
<itunes:type>episodic</itunes:type>
<itunes:explicit>true</itunes:explicit>
<description><![CDATA[Some cryptography & security people talk about security, cryptography, and whatever else is happening.]]></description>
<itunes:keywords>security, cryptography, whatever</itunes:keywords>
<itunes:owner>
<itunes:name>Deirdre Connolly, Thomas Ptacek, David Adrian</itunes:name>
</itunes:owner>
<image>
<url>https://storage.buzzsprout.com/variants/frpkkktyji9epsau1rvyvzig8e2s/60854458c4d1acdf4e1c2f79c4137142d85d78e379bdafbd69bd34c85f5819ad.jpg</url>
<title>Security. Cryptography. Whatever.</title>
<link>https://securitycryptographywhatever.com</link>
</image>
<itunes:image href="https://storage.buzzsprout.com/variants/frpkkktyji9epsau1rvyvzig8e2s/60854458c4d1acdf4e1c2f79c4137142d85d78e379bdafbd69bd34c85f5819ad.jpg" />
<itunes:category text="Technology" />
<itunes:category text="Science">
<itunes:category text="Mathematics" />
</itunes:category>
<itunes:category text="News">
<itunes:category text="Tech News" />
</itunes:category>
<item>
<itunes:title>Software Safety and Twitter, with Kevin Riggle</itunes:title>
<title>Software Safety and Twitter, with Kevin Riggle</title>
<description><![CDATA[<p>We talk to Kevin Riggle (<a href='https://twitter.com/kevinriggle'>@kevinriggle</a>) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half the audience!<br/><br/><a href='https://twitter.com/kevinriggle'>https://twitter.com/kevinriggle<br/></a><br/><b>Transcript: </b><a href='https://beta-share.descript.com/view/WTrQGK4xEVj'>https://beta-share.descript.com/view/WTrQGK4xEVj</a><b> </b><br/><br/><b>Errata</b></p><ul><li>It was the Mars Climate Orbiter that crashed due to a units mismatch</li><li>David confused the Dreamliner with the 737 Max</li></ul><p><b>Links</b></p><ul><li><a href='https://free-dissociation.com/blog/posts/2018/08/why-is-it-so-hard-to-build-safe-software/'>https://free-dissociation.com/blog/posts/2018/08/why-is-it-so-hard-to-build-safe-software/</a></li><li><a href='https://complexsystems.group/'>https://complexsystems.group/</a></li><li><a href='https://how.complexsystems.fail/'>https://how.complexsystems.fail/</a></li><li><a href='https://noncombatant.org/2016/06/20/get-into-security-engineering/'>https://noncombatant.org/2016/06/20/get-into-security-engineering/</a></li><li><a href='https://blog.nelhage.com/2010/03/security-doesnt-respect-abstraction/'>https://blog.nelhage.com/2010/03/security-doesnt-respect-abstraction/</a></li><li><a href='http://sunnyday.mit.edu/safer-world.pdf'>http://sunnyday.mit.edu/safer-world.pdf</a></li><li><a href='https://www.adaptivecapacitylabs.com/john-allspaw/'>https://www.adaptivecapacitylabs.com/john-allspaw/</a></li><li><a href='https://www.etsy.com/codeascraft/blameless-postmortems'>https://www.etsy.com/codeascraft/blameless-postmortems</a></li><li><a href='https://increment.com/security/approachable-threat-modeling/'>https://increment.com/security/approachable-threat-modeling/</a></li><li><a href='https://www.nytimes.com/2022/11/17/arts/music/taylor-swift-tickets-ticketmaster.html'>https://www.nytimes.com/2022/11/17/arts/music/taylor-swift-tickets-ticketmaster.html</a></li><li><a href='https://www.hillelwayne.com/post/are-we-really-engineers/'>https://www.hillelwayne.com/post/are-we-really-engineers/</a></li><li><a href='https://www.hillelwayne.com/post/we-are-not-special/'>https://www.hillelwayne.com/post/we-are-not-special/</a></li><li><a href='https://www.hillelwayne.com/post/what-we-can-learn/'>https://www.hillelwayne.com/post/what-we-can-learn/</a></li><li><a href='https://lotr.fandom.com/wiki/Denethor_II'>https://lotr.fandom.com/wiki/Denethor_II</a></li><li><a href='https://twitter.com/sarahjeong/status/1587597972136546304'>https://twitter.com/sarahjeong/status/1587597972136546304</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>We talk to Kevin Riggle (<a href='https://twitter.com/kevinriggle'>@kevinriggle</a>) about complexity and safety. We also talk about the Twitter acquisition. While recording, we discovered a new failure mode where Kevin couldn't hear Thomas, but David and Deirdre could, so there's not much Thomas this episode. If you ever need to get Thomas to voluntarily stop talking, simply mute him to half the audience!<br/><br/><a href='https://twitter.com/kevinriggle'>https://twitter.com/kevinriggle<br/></a><br/><b>Transcript: </b><a href='https://beta-share.descript.com/view/WTrQGK4xEVj'>https://beta-share.descript.com/view/WTrQGK4xEVj</a><b> </b><br/><br/><b>Errata</b></p><ul><li>It was the Mars Climate Orbiter that crashed due to a units mismatch</li><li>David confused the Dreamliner with the 737 Max</li></ul><p><b>Links</b></p><ul><li><a href='https://free-dissociation.com/blog/posts/2018/08/why-is-it-so-hard-to-build-safe-software/'>https://free-dissociation.com/blog/posts/2018/08/why-is-it-so-hard-to-build-safe-software/</a></li><li><a href='https://complexsystems.group/'>https://complexsystems.group/</a></li><li><a href='https://how.complexsystems.fail/'>https://how.complexsystems.fail/</a></li><li><a href='https://noncombatant.org/2016/06/20/get-into-security-engineering/'>https://noncombatant.org/2016/06/20/get-into-security-engineering/</a></li><li><a href='https://blog.nelhage.com/2010/03/security-doesnt-respect-abstraction/'>https://blog.nelhage.com/2010/03/security-doesnt-respect-abstraction/</a></li><li><a href='http://sunnyday.mit.edu/safer-world.pdf'>http://sunnyday.mit.edu/safer-world.pdf</a></li><li><a href='https://www.adaptivecapacitylabs.com/john-allspaw/'>https://www.adaptivecapacitylabs.com/john-allspaw/</a></li><li><a href='https://www.etsy.com/codeascraft/blameless-postmortems'>https://www.etsy.com/codeascraft/blameless-postmortems</a></li><li><a href='https://increment.com/security/approachable-threat-modeling/'>https://increment.com/security/approachable-threat-modeling/</a></li><li><a href='https://www.nytimes.com/2022/11/17/arts/music/taylor-swift-tickets-ticketmaster.html'>https://www.nytimes.com/2022/11/17/arts/music/taylor-swift-tickets-ticketmaster.html</a></li><li><a href='https://www.hillelwayne.com/post/are-we-really-engineers/'>https://www.hillelwayne.com/post/are-we-really-engineers/</a></li><li><a href='https://www.hillelwayne.com/post/we-are-not-special/'>https://www.hillelwayne.com/post/we-are-not-special/</a></li><li><a href='https://www.hillelwayne.com/post/what-we-can-learn/'>https://www.hillelwayne.com/post/what-we-can-learn/</a></li><li><a href='https://lotr.fandom.com/wiki/Denethor_II'>https://lotr.fandom.com/wiki/Denethor_II</a></li><li><a href='https://twitter.com/sarahjeong/status/1587597972136546304'>https://twitter.com/sarahjeong/status/1587597972136546304</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author></itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/11753287-software-safety-and-twitter-with-kevin-riggle.mp3" length="42217743" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-11753287</guid>
<pubDate>Thu, 24 Nov 2022 03:00:00 -0500</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11753287/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11753287/transcript.json" type="application/json" />
<itunes:duration>3516</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:season>2</itunes:season>
<itunes:episode>7</itunes:episode>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Matrix, with Martin Albrecht & Dan Jones</itunes:title>
<title>Matrix, with Martin Albrecht & Dan Jones</title>
<description><![CDATA[<p>No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic<br/>Vulnerabilities in Matrix".<br/><br/><b>Links:</b> </p><ul><li>https://nebuchadnezzar-megolm.github.io/static/paper.pdf</li><li>https://nebuchadnezzar-megolm.github.io</li><li>Signal Private Group system: https://eprint.iacr.org/2019/1416.pdf</li><li>https://signal.org/blog/signal-private-group-system/</li><li>https://spec.matrix.org/latest/</li><li>WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf</li><li>https://www.usenix.org/conference/usenixsecurity21/presentation/albrecht FS, PCS etc</li><li>Other clients: https://nvd.nist.gov/vuln/detail/CVE-2022-39252 https://nvd.nist.gov/vuln/detail/CVE-2022-39254 https://nvd.nist.gov/vuln/detail/CVE-2022-39264 </li><li>https://dadrian.io/blog/posts/roll-your-own-crypto/</li><li>https://podcasts.apple.com/us/podcast/the-great-roll-your-own-crypto-debate-feat-filippo-valsorda/id1578405214?i=1000530617719 </li><li>WhatsApp End-to-End Encrypted Backups: https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsapp</li><li>Roll your own and Telegram: https://mtpsym.github.io/ </li></ul><p><br/><b>Transcript</b>: https://beta-share.descript.com/view/u3VFzjvqrql<br/><br/>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>.<br/><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>No not the movie: the secure group messaging protocol! Or rather all the bugs and vulns that a team of researchers found when trying to formalize said protocol. Martin Albrecht and Dan Jones joined us to walk us through "Practically-exploitable Cryptographic<br/>Vulnerabilities in Matrix".<br/><br/><b>Links:</b> </p><ul><li>https://nebuchadnezzar-megolm.github.io/static/paper.pdf</li><li>https://nebuchadnezzar-megolm.github.io</li><li>Signal Private Group system: https://eprint.iacr.org/2019/1416.pdf</li><li>https://signal.org/blog/signal-private-group-system/</li><li>https://spec.matrix.org/latest/</li><li>WhatsApp Security Whitepaper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf</li><li>https://www.usenix.org/conference/usenixsecurity21/presentation/albrecht FS, PCS etc</li><li>Other clients: https://nvd.nist.gov/vuln/detail/CVE-2022-39252 https://nvd.nist.gov/vuln/detail/CVE-2022-39254 https://nvd.nist.gov/vuln/detail/CVE-2022-39264 </li><li>https://dadrian.io/blog/posts/roll-your-own-crypto/</li><li>https://podcasts.apple.com/us/podcast/the-great-roll-your-own-crypto-debate-feat-filippo-valsorda/id1578405214?i=1000530617719 </li><li>WhatsApp End-to-End Encrypted Backups: https://blog.whatsapp.com/end-to-end-encrypted-backups-on-whatsapp</li><li>Roll your own and Telegram: https://mtpsym.github.io/ </li></ul><p><br/><b>Transcript</b>: https://beta-share.descript.com/view/u3VFzjvqrql<br/><br/>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>.<br/><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/11614796-matrix-with-martin-albrecht-dan-jones.mp3" length="47835808" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-11614796</guid>
<pubDate>Wed, 02 Nov 2022 01:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11614796/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11614796/transcript.json" type="application/json" />
<itunes:duration>3984</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:season>2</itunes:season>
<itunes:episode>6</itunes:episode>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>SOC2, with Sarah Harvey</itunes:title>
<title>SOC2, with Sarah Harvey</title>
<description><![CDATA[<p>We have Sarah Harvey (<a href='https://twitter.com/worldwise001'>@worldwise001</a> on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas:</p><ul><li>SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.html</li><li>SOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/</li></ul><p><b>Links:</b></p><ul><li>Tailscale recent post on getting SOC2’d: <a href='https://tailscale.com/blog/soc2-type2/'>https://tailscale.com/blog/soc2-type2/</a></li><li>SSO Tax: <a href='https://sso.tax/'>https://sso.tax</a></li><li>David’s previous job: <a href='https://getnametag.com/'>https://getnametag.com</a></li><li>David's other startup: <a href='https://censys.io/'>https://censys.io</a></li><li>Thomas works at <a href='https://fly.io/'>https://fly.io</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>.<br/><br/><b>Transcript</b>: <a href='https://beta-share.descript.com/view/XF24jrLSOX9'>https://beta-share.descript.com/view/XF24jrLSOX9</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>We have Sarah Harvey (<a href='https://twitter.com/worldwise001'>@worldwise001</a> on Twitter) to talk about SOC2, what it means, how to get it, and if it's important or not. The discussion centers around two blog posts written by Thomas:</p><ul><li>SOC2 Starting Seven: https://latacora.micro.blog/2020/03/12/the-soc-starting.html</li><li>SOC2 at Fly: https://fly.io/blog/soc2-the-screenshots-will-continue-until-security-improves/</li></ul><p><b>Links:</b></p><ul><li>Tailscale recent post on getting SOC2’d: <a href='https://tailscale.com/blog/soc2-type2/'>https://tailscale.com/blog/soc2-type2/</a></li><li>SSO Tax: <a href='https://sso.tax/'>https://sso.tax</a></li><li>David’s previous job: <a href='https://getnametag.com/'>https://getnametag.com</a></li><li>David's other startup: <a href='https://censys.io/'>https://censys.io</a></li><li>Thomas works at <a href='https://fly.io/'>https://fly.io</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>.<br/><br/><b>Transcript</b>: <a href='https://beta-share.descript.com/view/XF24jrLSOX9'>https://beta-share.descript.com/view/XF24jrLSOX9</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/11510254-soc2-with-sarah-harvey.mp3" length="44390119" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-11510254</guid>
<pubDate>Sun, 16 Oct 2022 17:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11510254/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11510254/transcript.json" type="application/json" />
<itunes:duration>3697</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:season>2</itunes:season>
<itunes:episode>5</itunes:episode>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Nate Lawson II</itunes:title>
<title>Nate Lawson II</title>
<description><![CDATA[<p>This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers.</p><ul><li>Steven Chu: <a href='https://en.wikipedia.org/wiki/Steven_Chu'>https://en.wikipedia.org/wiki/Steven_Chu</a></li><li>CFB: <a href='https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)'>https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)</a></li><li>CCFB: <a href='https://link.springer.com/chapter/10.1007/11502760_19'>https://link.springer.com/chapter/10.1007/11502760_19</a></li><li>XXTEA: <a href='https://en.wikipedia.org/wiki/XXTEA'>https://en.wikipedia.org/wiki/XXTEA</a></li><li>CHERI: <a href='https://cseweb.ucsd.edu/~dstefan/cse227-spring20/papers/watson:cheri.pdf'>https://cseweb.ucsd.edu/~dstefan/cse227-spring20/papers/watson:cheri.pdf</a></li></ul><p><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>.<br/><br/><b>Transcript</b>: <a href='https://share.descript.com/view/0KOcX9TR05p'>https://share.descript.com/view/0KOcX9TR05p</a><br/><br/><b>Errata</b>:</p><ul><li>Pedram Amini did in fact do Pai Mei</li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>This episode got delayed because David got COVID. Anyway, here's Nate Lawson: The Two Towers.</p><ul><li>Steven Chu: <a href='https://en.wikipedia.org/wiki/Steven_Chu'>https://en.wikipedia.org/wiki/Steven_Chu</a></li><li>CFB: <a href='https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)'>https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher_feedback_(CFB)</a></li><li>CCFB: <a href='https://link.springer.com/chapter/10.1007/11502760_19'>https://link.springer.com/chapter/10.1007/11502760_19</a></li><li>XXTEA: <a href='https://en.wikipedia.org/wiki/XXTEA'>https://en.wikipedia.org/wiki/XXTEA</a></li><li>CHERI: <a href='https://cseweb.ucsd.edu/~dstefan/cse227-spring20/papers/watson:cheri.pdf'>https://cseweb.ucsd.edu/~dstefan/cse227-spring20/papers/watson:cheri.pdf</a></li></ul><p><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>.<br/><br/><b>Transcript</b>: <a href='https://share.descript.com/view/0KOcX9TR05p'>https://share.descript.com/view/0KOcX9TR05p</a><br/><br/><b>Errata</b>:</p><ul><li>Pedram Amini did in fact do Pai Mei</li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/11410130-nate-lawson-ii.mp3" length="60011534" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-11410130</guid>
<pubDate>Thu, 29 Sep 2022 17:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11410130/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11410130/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11410130/transcript.srt" type="application/srt" />
<itunes:duration>4999</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:season>2</itunes:season>
<itunes:episode>4</itunes:episode>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Nate Lawson: Part 1</itunes:title>
<title>Nate Lawson: Part 1</title>
<description><![CDATA[<p>We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.<br/><br/><b>References</b></p><ul><li>IBM S/390: https://ieeexplore.ieee.org/document/5389176</li><li>SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html</li><li>Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack</li><li>Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/</li></ul><p><b>Errata</b></p><ul><li>HMAC actually published in 1996, not 1997</li><li>"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card</li></ul><p><br/>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>.<br/><br/><b>Transcript</b>: <a href='https://share.descript.com/view/lhzrbt6hDeL'>https://share.descript.com/view/lhzrbt6hDeL</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.<br/><br/><b>References</b></p><ul><li>IBM S/390: https://ieeexplore.ieee.org/document/5389176</li><li>SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html</li><li>Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack</li><li>Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/</li></ul><p><b>Errata</b></p><ul><li>HMAC actually published in 1996, not 1997</li><li>"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card</li></ul><p><br/>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>.<br/><br/><b>Transcript</b>: <a href='https://share.descript.com/view/lhzrbt6hDeL'>https://share.descript.com/view/lhzrbt6hDeL</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/11291490-nate-lawson-part-1.mp3" length="57754251" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-11291490</guid>
<pubDate>Fri, 09 Sep 2022 16:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11291490/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11291490/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/11291490/transcript.srt" type="application/srt" />
<itunes:duration>4811</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:season>2</itunes:season>
<itunes:episode>3</itunes:episode>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Hot Cryptanalytic Summer feat. Steven Galbraith</itunes:title>
<title>Hot Cryptanalytic Summer feat. Steven Galbraith</title>
<description><![CDATA[<p>Are the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here.<br/><br/><b>Transcript:</b> <a href='https://share.descript.com/view/Xiv307FvOPA'>https://share.descript.com/view/Xiv307FvOPA</a><br/><br/><b>Merch</b>: <a href='https://merch.scwpodcast.com/'>https://merch.scwpodcast.com</a><br/><br/><b>Links:</b></p><ul><li><a href='https://eprint.iacr.org/2022/975.pdf'>https://eprint.iacr.org/2022/975.pdf</a></li><li><a href='https://eprint.iacr.org/2022/1026.pdf'>https://eprint.iacr.org/2022/1026.pdf</a></li><li><a href='https://ellipticnews.wordpress.com/2022/07/31/breaking-supersingular-isogeny-diffie-hellman-sidh/'>https://ellipticnews.wordpress.com/2022/07/31/breaking-supersingular-isogeny-diffie-hellman-sidh/</a></li><li>GPST active adaptive attack against SIDH: <a href='https://eprint.iacr.org/2016/859.pdf'>https://eprint.iacr.org/2016/859.pdf</a></li><li>Failing to hash into supersingular isogeny graphs: <a href='https://eprint.iacr.org/2022/975.pdf'>https://eprint.iacr.org/2022/518.pdf</a></li><li><a href='https://eprint.iacr.org/2022/975.pdf'>https://research.nccgroup.com/2022/08/08/implementing-the-castryck-decru-sidh-key-recovery-attack-in-sagemath/</a></li><li>Kuperberg attack via Peikert: <a href='https://eprint.iacr.org/2019/725'>https://eprint.iacr.org/2019/725</a>.pdf</li><li>SQISign: <a href='https://eprint.iacr.org/2020/1240.pdf'>https://eprint.iacr.org/2020/1240.pdf</a></li><li>(Post recording) Breaking SIDH in polynomial time:<br/><a href='https://eprint.iacr.org/2022/975.pdf'>https://eprint.iacr.org/2022/1038.pdf</a></li></ul><p><br/>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>. </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>Are the isogenies kaput?! There's a new attack that breaks all the known parameter sets for SIDH/SIKE, so Steven Galbraith helps explain where the hell this came from, and where isogeny crypto goes from here.<br/><br/><b>Transcript:</b> <a href='https://share.descript.com/view/Xiv307FvOPA'>https://share.descript.com/view/Xiv307FvOPA</a><br/><br/><b>Merch</b>: <a href='https://merch.scwpodcast.com/'>https://merch.scwpodcast.com</a><br/><br/><b>Links:</b></p><ul><li><a href='https://eprint.iacr.org/2022/975.pdf'>https://eprint.iacr.org/2022/975.pdf</a></li><li><a href='https://eprint.iacr.org/2022/1026.pdf'>https://eprint.iacr.org/2022/1026.pdf</a></li><li><a href='https://ellipticnews.wordpress.com/2022/07/31/breaking-supersingular-isogeny-diffie-hellman-sidh/'>https://ellipticnews.wordpress.com/2022/07/31/breaking-supersingular-isogeny-diffie-hellman-sidh/</a></li><li>GPST active adaptive attack against SIDH: <a href='https://eprint.iacr.org/2016/859.pdf'>https://eprint.iacr.org/2016/859.pdf</a></li><li>Failing to hash into supersingular isogeny graphs: <a href='https://eprint.iacr.org/2022/975.pdf'>https://eprint.iacr.org/2022/518.pdf</a></li><li><a href='https://eprint.iacr.org/2022/975.pdf'>https://research.nccgroup.com/2022/08/08/implementing-the-castryck-decru-sidh-key-recovery-attack-in-sagemath/</a></li><li>Kuperberg attack via Peikert: <a href='https://eprint.iacr.org/2019/725'>https://eprint.iacr.org/2019/725</a>.pdf</li><li>SQISign: <a href='https://eprint.iacr.org/2020/1240.pdf'>https://eprint.iacr.org/2020/1240.pdf</a></li><li>(Post recording) Breaking SIDH in polynomial time:<br/><a href='https://eprint.iacr.org/2022/975.pdf'>https://eprint.iacr.org/2022/1038.pdf</a></li></ul><p><br/>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>. </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/11123170-hot-cryptanalytic-summer-feat-steven-galbraith.mp3" length="37883482" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-11123170</guid>
<pubDate>Thu, 11 Aug 2022 14:00:00 -0400</pubDate>
<itunes:duration>3155</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:season>2</itunes:season>
<itunes:episode>2</itunes:episode>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Passkeys feat. Adam Langley</itunes:title>
<title>Passkeys feat. Adam Langley</title>
<description><![CDATA[<p>Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys!<br/><br/>David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings.<br/><br/><b>Transcript</b>: <a href='https://share.descript.com/view/pBAXADn8gKW'>https://share.descript.com/view/pBAXADn8gKW</a><br/><br/><b>Links</b>:</p><ul><li><a href='https://www.youtube.com/watch?v=xghjqgj4peA&t=540s'>GoogleIO Presentation</a></li><li><a href='https://developer.apple.com/videos/play/wwdc2022/10092/'>WWDC Presentation</a></li><li><a href='https://w3c.github.io/webauthn/'>W3C WebAuthN</a></li><li>Adam's blog on <a href='https://www.imperialviolet.org/2022/07/04/passkeys.html'>passkeys</a> and <a href='https://www.imperialviolet.org/2021/10/20/cablev2.html'>CABLE</a></li><li><a href='https://github.com/w3c/webauthn/pull/1755'>Cable / Hybrid PR</a></li><li><a href='https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html'>CTAP spec </a>from FIDO</li><li>Noise <a href='https://noiseexplorer.com/patterns/NKpsk0/'>NKPSK</a></li><li><a href='https://tailscale.com/blog/how-tailscale-works/'>DERP</a></li></ul><p><br/><b>Don't forget about merch!</b> <a href='https://merch.securitycryptographywhatever.com/'>https://merch.securitycryptographywhatever.com/</a><br/><br/>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>. </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>Adam Langley (Google) comes on the podcast to talk about the evolution of WebAuthN and Passkeys!<br/><br/>David's audio was a little finicky in this one. Believe us, it sounded worse before we edited it. Also, we occasionally accidentally refer to U2F as UTF. That's because we just really love strings.<br/><br/><b>Transcript</b>: <a href='https://share.descript.com/view/pBAXADn8gKW'>https://share.descript.com/view/pBAXADn8gKW</a><br/><br/><b>Links</b>:</p><ul><li><a href='https://www.youtube.com/watch?v=xghjqgj4peA&t=540s'>GoogleIO Presentation</a></li><li><a href='https://developer.apple.com/videos/play/wwdc2022/10092/'>WWDC Presentation</a></li><li><a href='https://w3c.github.io/webauthn/'>W3C WebAuthN</a></li><li>Adam's blog on <a href='https://www.imperialviolet.org/2022/07/04/passkeys.html'>passkeys</a> and <a href='https://www.imperialviolet.org/2021/10/20/cablev2.html'>CABLE</a></li><li><a href='https://github.com/w3c/webauthn/pull/1755'>Cable / Hybrid PR</a></li><li><a href='https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html'>CTAP spec </a>from FIDO</li><li>Noise <a href='https://noiseexplorer.com/patterns/NKpsk0/'>NKPSK</a></li><li><a href='https://tailscale.com/blog/how-tailscale-works/'>DERP</a></li></ul><p><br/><b>Don't forget about merch!</b> <a href='https://merch.securitycryptographywhatever.com/'>https://merch.securitycryptographywhatever.com/</a><br/><br/>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>. </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Deirdre Connolly, Thomas Ptacek, David Adrian</itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/11122508-passkeys-feat-adam-langley.mp3" length="45395760" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-11122508</guid>
<pubDate>Thu, 11 Aug 2022 12:00:00 -0400</pubDate>
<itunes:duration>3781</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:season>2</itunes:season>
<itunes:episode>1</itunes:episode>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Hertzbleed</itunes:title>
<title>Hertzbleed</title>
<description><![CDATA[<p>Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs.<br/><br/><b>Transcript</b>: <a href='https://share.descript.com/view/lPM4lsxha63'>https://share.descript.com/view/lPM4lsxha63</a><br/><br/><b> Links:</b></p><ul><li><a href='https://ellipticnews.wordpress.com/2022/06/14/hertzbleed-attack/'><b>Hertzbleed Attack | ellipticnews (wordpress.com)</b></a></li><li><a href='https://www.hertzbleed.com/hertzbleed.pdf'><b>https://www.hertzbleed.com/hertzbleed.pdf</b></a></li><li><a href='https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920031'><b>https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920031</b></a></li></ul><p><b>Merch</b>: <a href='https://merch.scwpodcast.com/'>https://merch.scwpodcast.com</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>. </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>Side channels! Frequency scaling! Key encapsulation, oh my! We're talking about the new Hertzbleed paper, but also cryptography conferences, 'passkeys', and end-to-end encrypting yer twitter.com DMs.<br/><br/><b>Transcript</b>: <a href='https://share.descript.com/view/lPM4lsxha63'>https://share.descript.com/view/lPM4lsxha63</a><br/><br/><b> Links:</b></p><ul><li><a href='https://ellipticnews.wordpress.com/2022/06/14/hertzbleed-attack/'><b>Hertzbleed Attack | ellipticnews (wordpress.com)</b></a></li><li><a href='https://www.hertzbleed.com/hertzbleed.pdf'><b>https://www.hertzbleed.com/hertzbleed.pdf</b></a></li><li><a href='https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920031'><b>https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3920031</b></a></li></ul><p><b>Merch</b>: <a href='https://merch.scwpodcast.com/'>https://merch.scwpodcast.com</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>. </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/10812724-hertzbleed.mp3" length="42256933" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-10812724</guid>
<pubDate>Fri, 17 Jun 2022 22:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/10812724/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/10812724/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/10812724/transcript.srt" type="application/srt" />
<itunes:duration>3519</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>OMB Zero Trust Memo, with Eric Mill</itunes:title>
<title>OMB Zero Trust Memo, with Eric Mill</title>
<description><![CDATA[<p>The US government <a href='https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf'>released a memo</a> about moving to a zero-trust network architecture. What does this mean? We have one of the authors, <a href='https://konklone.com/'>Eric Mill</a>, on to explain it to us.<br/><br/>As always, your <a href='https://twitter.com/scwpod'>@SCWPod</a> hosts are Deirdre Connolly (<a href='https://twitter.com/durumcrustulum'>@durumcrustulum</a>), Thomas Ptacek (<a href='https://twitter.com/tqbf'>@tqbf</a>), and David Adrian (<a href='https://twitter.com/davidcadrian'>@davidcadrian</a>).<br/><br/>Transcript: <a href='https://share.descript.com/view/UayEVA596OK'>https://share.descript.com/view/UayEVA596OK</a><br/><br/>Links:</p><ul><li><a href='https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf'>OMB Memo</a></li><li><a href='https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity'>Executive order on cybersecurity</a> </li><li><a href='https://www.oit.va.gov/programs/piv/index.cfm'>PIV card</a> <ul><li><a href='https://csrc.nist.gov/publications/detail/sp/800-157/final'>Derived PIV</a></li></ul></li><li><a href='https://cloud.google.com/beyondcorp'>BeyondCorp</a></li><li><a href='https://hstspreload.org/'>HSTS Preloading</a><ul><li><a href='https://home.dotgov.gov/management/preloading/'>.gov preloading</a> </li></ul></li><li><a href='https://jhalderm.com/pub/papers/mail-imc15.pdf'>Neither Rain, Nor Snow, Nor MITM</a></li><li><a href='https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf'>EDR memo</a></li><li><a href='https://join.tts.gsa.gov/'>Technology Transformation Services (TTS)</a></li><li><a href='https://isitchristmas.com/'>Is it Christmas?</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>The US government <a href='https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf'>released a memo</a> about moving to a zero-trust network architecture. What does this mean? We have one of the authors, <a href='https://konklone.com/'>Eric Mill</a>, on to explain it to us.<br/><br/>As always, your <a href='https://twitter.com/scwpod'>@SCWPod</a> hosts are Deirdre Connolly (<a href='https://twitter.com/durumcrustulum'>@durumcrustulum</a>), Thomas Ptacek (<a href='https://twitter.com/tqbf'>@tqbf</a>), and David Adrian (<a href='https://twitter.com/davidcadrian'>@davidcadrian</a>).<br/><br/>Transcript: <a href='https://share.descript.com/view/UayEVA596OK'>https://share.descript.com/view/UayEVA596OK</a><br/><br/>Links:</p><ul><li><a href='https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf'>OMB Memo</a></li><li><a href='https://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity'>Executive order on cybersecurity</a> </li><li><a href='https://www.oit.va.gov/programs/piv/index.cfm'>PIV card</a> <ul><li><a href='https://csrc.nist.gov/publications/detail/sp/800-157/final'>Derived PIV</a></li></ul></li><li><a href='https://cloud.google.com/beyondcorp'>BeyondCorp</a></li><li><a href='https://hstspreload.org/'>HSTS Preloading</a><ul><li><a href='https://home.dotgov.gov/management/preloading/'>.gov preloading</a> </li></ul></li><li><a href='https://jhalderm.com/pub/papers/mail-imc15.pdf'>Neither Rain, Nor Snow, Nor MITM</a></li><li><a href='https://www.whitehouse.gov/wp-content/uploads/2021/10/M-22-01.pdf'>EDR memo</a></li><li><a href='https://join.tts.gsa.gov/'>Technology Transformation Services (TTS)</a></li><li><a href='https://isitchristmas.com/'>Is it Christmas?</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Deirdre Connolly, Thomas Ptacek, David Adrian</itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/10767220-omb-zero-trust-memo-with-eric-mill.mp3" length="43620286" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-10767220</guid>
<pubDate>Fri, 10 Jun 2022 21:00:00 -0400</pubDate>
<itunes:duration>3633</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Tink, with Sophie Schmieg</itunes:title>
<title>Tink, with Sophie Schmieg</title>
<description><![CDATA[<p>We talk about Tink with Sophie Schmieg, a cryptographer and algebraic geometer at Google.<br/><br/>Transcript: <a href='https://beta-share.descript.com/view/v2Q5Ix8pvbD'>https://beta-share.descript.com/view/v2Q5Ix8pvbD</a><br/><br/>Links:</p><ul><li>Sophie: <a href='https://twitter.com/SchmiegSophie'>https://twitter.com/SchmiegSophie</a></li><li>Tink: <a href='https://github.com/google/tink'>https://github.com/google/tink</a></li><li>RWC talk: <a href='https://youtube.com/watch?t=1028&v=CiH6iqjWpt8'>https://youtube.com/watch?t=1028&v=CiH6iqjWpt8</a></li><li>Where to store keys: <a href='https://twitter.com/SchmiegSophie/status/1413502566797778948'>https://twitter.com/SchmiegSophie/status/1413502566797778948</a></li><li>EAX mode: <a href='https://en.wikipedia.org/wiki/EAX_mode'>https://en.wikipedia.org/wiki/EAX_mode</a></li><li>AES-GCM-SIV: <a href='https://en.wikipedia.org/wiki/AES-GCM-SIV'>https://en.wikipedia.org/wiki/AES-GCM-SIV</a></li><li>Deterministic AEADs: <a href='https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#deterministic-authenticated-encryption-with-associated-data'>https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#deterministic-authenticated-encryption-with-associated-data</a></li><li>Thai Duong: <a href='https://twitter.com/XorNinja'>https://twitter.com/XorNinja</a></li><li>AWS-SDK Vuln: <a href='https://twitter.com/XorNinja/status/1310587707605659649'>https://twitter.com/XorNinja/status/1310587707605659649</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>. </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>We talk about Tink with Sophie Schmieg, a cryptographer and algebraic geometer at Google.<br/><br/>Transcript: <a href='https://beta-share.descript.com/view/v2Q5Ix8pvbD'>https://beta-share.descript.com/view/v2Q5Ix8pvbD</a><br/><br/>Links:</p><ul><li>Sophie: <a href='https://twitter.com/SchmiegSophie'>https://twitter.com/SchmiegSophie</a></li><li>Tink: <a href='https://github.com/google/tink'>https://github.com/google/tink</a></li><li>RWC talk: <a href='https://youtube.com/watch?t=1028&v=CiH6iqjWpt8'>https://youtube.com/watch?t=1028&v=CiH6iqjWpt8</a></li><li>Where to store keys: <a href='https://twitter.com/SchmiegSophie/status/1413502566797778948'>https://twitter.com/SchmiegSophie/status/1413502566797778948</a></li><li>EAX mode: <a href='https://en.wikipedia.org/wiki/EAX_mode'>https://en.wikipedia.org/wiki/EAX_mode</a></li><li>AES-GCM-SIV: <a href='https://en.wikipedia.org/wiki/AES-GCM-SIV'>https://en.wikipedia.org/wiki/AES-GCM-SIV</a></li><li>Deterministic AEADs: <a href='https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#deterministic-authenticated-encryption-with-associated-data'>https://github.com/google/tink/blob/master/docs/PRIMITIVES.md#deterministic-authenticated-encryption-with-associated-data</a></li><li>Thai Duong: <a href='https://twitter.com/XorNinja'>https://twitter.com/XorNinja</a></li><li>AWS-SDK Vuln: <a href='https://twitter.com/XorNinja/status/1310587707605659649'>https://twitter.com/XorNinja/status/1310587707605659649</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a>, <a href='https://twitter.com/tqbf'>Thomas Ptacek</a>, and <a href='https://twitter.com/davidcadrian'>David Adrian</a>. </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security Cryptography Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/10697566-tink-with-sophie-schmieg.mp3" length="48294380" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-10697566</guid>
<pubDate>Sat, 28 May 2022 17:00:00 -0400</pubDate>
<itunes:duration>4022</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Cancellable Crypto Takes, and Real World Crypto </itunes:title>
<title>Cancellable Crypto Takes, and Real World Crypto </title>
<description><![CDATA[<p>Live from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program!<br/><br/>Transcript: <a href='https://share.descript.com/view/GiVlw4qKV2i'>https://share.descript.com/view/GiVlw4qKV2i</a><br/><br/>Links:<br/><br/>Tony's twete: <a href='https://twitter.com/bascule/status/1512539700220805124'>https://twitter.com/bascule/status/1512539700220805124</a><br/>Real World Crypto 2022: <a href='https://rwc.iacr.org/2022'>https://rwc.iacr.org/2022</a><br/>Merch! <a href='https://merch.scwpodcast.com'>https://merch.scwpodcast.com</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>Live from Amsterdam, it's cancellable crypto hot takes! A fun little meme, plus a preview of the Real World Crypto program!<br/><br/>Transcript: <a href='https://share.descript.com/view/GiVlw4qKV2i'>https://share.descript.com/view/GiVlw4qKV2i</a><br/><br/>Links:<br/><br/>Tony's twete: <a href='https://twitter.com/bascule/status/1512539700220805124'>https://twitter.com/bascule/status/1512539700220805124</a><br/>Real World Crypto 2022: <a href='https://rwc.iacr.org/2022'>https://rwc.iacr.org/2022</a><br/>Merch! <a href='https://merch.scwpodcast.com'>https://merch.scwpodcast.com</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/10428127-cancellable-crypto-takes-and-real-world-crypto.mp3" length="51191514" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-10428127</guid>
<pubDate>Tue, 12 Apr 2022 20:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/10428127/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/10428127/transcript.json" type="application/json" />
<itunes:duration>4264</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Lattices and Michigan Football, feat. Chris Peikert</itunes:title>
<title>Lattices and Michigan Football, feat. Chris Peikert</title>
<description><![CDATA[<p>We're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time!<br/><br/>Transcript: <a href='https://share.descript.com/view/El2a4Z7OLsd'>https://share.descript.com/view/El2a4Z7OLsd</a><br/><br/>Slides: <a href='https://web.eecs.umich.edu/~cpeikert/pubs/slides-qcrypt.pdf'>https://web.eecs.umich.edu/~cpeikert/pubs/slides-qcrypt.pdf</a><br/><br/>Links:<br/><br/>He Gives C-Sieves on the CSIDH:<b> </b><a href='https://eprint.iacr.org/2019/725'>https://eprint.iacr.org/2019/725</a><br/>Lattice-based Cryptography: <a href='https://cims.nyu.edu/~regev/papers/pqc.pdf'>https://cims.nyu.edu/~regev/papers/pqc.pdf</a><br/>NIST PQC Competition: <a href='https://csrc.nist.gov/Projects/post-quantum-cryptography'>https://csrc.nist.gov/Projects/post-quantum-cryptography</a><br/> The 2nd Bar Ilan Winter School on Cryptography Lattice- Based Cryptography and Applications: <a href='https://www.youtube.com/playlist?list=PL8Vt-7cSFnw2OmpCmPLLwSx0-Yqb2ptqO'>https://www.youtube.com/playlist?list=PL8Vt-7cSFnw2OmpCmPLLwSx0-Yqb2ptqO</a><br/>A Decade of Lattice Cryptography: <a href='https://eprint.iacr.org/2015/939.pdf'>https://eprint.iacr.org/2015/939.pdf</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>We're back! With an episode on lattice-based cryptography, with Professor Chris Peikert of the University of Michigan, David's alma mater. When we recorded this, Michigan football had just beaten Ohio for the first time in a bajillion years, so you get a nerdy coda on college football this time!<br/><br/>Transcript: <a href='https://share.descript.com/view/El2a4Z7OLsd'>https://share.descript.com/view/El2a4Z7OLsd</a><br/><br/>Slides: <a href='https://web.eecs.umich.edu/~cpeikert/pubs/slides-qcrypt.pdf'>https://web.eecs.umich.edu/~cpeikert/pubs/slides-qcrypt.pdf</a><br/><br/>Links:<br/><br/>He Gives C-Sieves on the CSIDH:<b> </b><a href='https://eprint.iacr.org/2019/725'>https://eprint.iacr.org/2019/725</a><br/>Lattice-based Cryptography: <a href='https://cims.nyu.edu/~regev/papers/pqc.pdf'>https://cims.nyu.edu/~regev/papers/pqc.pdf</a><br/>NIST PQC Competition: <a href='https://csrc.nist.gov/Projects/post-quantum-cryptography'>https://csrc.nist.gov/Projects/post-quantum-cryptography</a><br/> The 2nd Bar Ilan Winter School on Cryptography Lattice- Based Cryptography and Applications: <a href='https://www.youtube.com/playlist?list=PL8Vt-7cSFnw2OmpCmPLLwSx0-Yqb2ptqO'>https://www.youtube.com/playlist?list=PL8Vt-7cSFnw2OmpCmPLLwSx0-Yqb2ptqO</a><br/>A Decade of Lattice Cryptography: <a href='https://eprint.iacr.org/2015/939.pdf'>https://eprint.iacr.org/2015/939.pdf</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/10238739-lattices-and-michigan-football-feat-chris-peikert.mp3" length="50443981" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-10238739</guid>
<pubDate>Sat, 12 Mar 2022 22:00:00 -0500</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/10238739/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/10238739/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/10238739/transcript.srt" type="application/srt" />
<itunes:duration>4201</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Biscuits, feat. Geoffroy Couprie</itunes:title>
<title>Biscuits, feat. Geoffroy Couprie</title>
<description><![CDATA[<p>We've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my! 🍪 <br/><br/>Transcript: <a href='https://beta-share.descript.com/view/jHZJPab0n4g'>https://beta-share.descript.com/view/jHZJPab0n4g</a><br/><br/>Links:<br/><br/><b>Biscuits V2</b>: <a href='https://www.biscuitsec.org/'><b>https://www.biscuitsec.org</b></a><br/><br/><b>Experiments iterating on Biscuits: </b><a href='https://github.com/biscuit-auth/biscuit/tree/master/experimentations'><b>https://github.com/biscuit-auth/biscuit/tree/master/experimentations</b></a><b><br/><br/>Apache Pulsar: </b><a href='https://pulsar.apache.org/'><b>https://pulsar.apache.org</b></a><b><br/><br/>Spec: </b><a href='https://github.com/biscuit-auth/biscuit/blob/master/SPECIFICATIONS.md'><b>https://github.com/biscuit-auth/biscuit/blob/master/SPECIFICATIONS.md</b></a><b><br/></b><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>We've trashed JWTs, discussed PASETO, Macaroons, and now, Biscuits! Actually, multiple iterations of Biscuits! Pairings and gamma signatures and Datalog, oh my! 🍪 <br/><br/>Transcript: <a href='https://beta-share.descript.com/view/jHZJPab0n4g'>https://beta-share.descript.com/view/jHZJPab0n4g</a><br/><br/>Links:<br/><br/><b>Biscuits V2</b>: <a href='https://www.biscuitsec.org/'><b>https://www.biscuitsec.org</b></a><br/><br/><b>Experiments iterating on Biscuits: </b><a href='https://github.com/biscuit-auth/biscuit/tree/master/experimentations'><b>https://github.com/biscuit-auth/biscuit/tree/master/experimentations</b></a><b><br/><br/>Apache Pulsar: </b><a href='https://pulsar.apache.org/'><b>https://pulsar.apache.org</b></a><b><br/><br/>Spec: </b><a href='https://github.com/biscuit-auth/biscuit/blob/master/SPECIFICATIONS.md'><b>https://github.com/biscuit-auth/biscuit/blob/master/SPECIFICATIONS.md</b></a><b><br/></b><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9973086-biscuits-feat-geoffroy-couprie.mp3" length="42448279" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9973086</guid>
<pubDate>Sat, 29 Jan 2022 01:00:00 -0500</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9973086/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9973086/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9973086/transcript.srt" type="application/srt" />
<itunes:duration>3535</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Tailscale, feat. Avery Pennarun and Brad Fitzpatrick</itunes:title>
<title>Tailscale, feat. Avery Pennarun and Brad Fitzpatrick</title>
<description><![CDATA[<p>“Can I Tailscale my Chromecast?” <br/><br/>You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM.<br/><br/>People:</p><ul><li>Avery Pennarun (@apenwarr)</li><li>Brad Fitzpatrick (@bradfitz)</li><li>Deirdre Connolly (@durumcrustulum)</li><li>Thomas Ptacek (@tqbf)</li><li>David Adrian (@davidcadrian)</li><li>@SCWPod</li></ul><p>Links:</p><ul><li>DERP server: <a href='https://github.com/tailscale/tailscale/tree/main/derp'>https://github.com/tailscale/tailscale/tree/main/derp</a></li><li><a href='https://xtermjs.org/'>https://xtermjs.org/</a></li><li>The Tail at Scale : <a href='https://research.google/pubs/pub40801/'>https://research.google/pubs/pub40801/</a></li><li>Raft: <a href='https://raft.github.io/'>https://raft.github.io/</a></li><li>Litestream: <a href='https://litestream.io/'>https://litestream.io/</a></li><li>MagicDNS: <a href='https://tailscale.com/kb/1081/magicdns/'>https://tailscale.com/kb/1081/magicdns/</a></li><li>Netstack: <a href='https://github.com/google/netstack'>https://github.com/google/netstack</a></li></ul><p>Transcript: <a href='https://share.descript.com/view/2NAe5jEcEqB'>https://share.descript.com/view/2NAe5jEcEqB</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>“Can I Tailscale my Chromecast?” <br/><br/>You love Tailscale, I love Tailscale, we loved talking to Avery Pennarun and Brad Fitzpatrick from Tailscale about, I dunno, Go generics. Oh, and TAILSCALE! And DNS. And WASM.<br/><br/>People:</p><ul><li>Avery Pennarun (@apenwarr)</li><li>Brad Fitzpatrick (@bradfitz)</li><li>Deirdre Connolly (@durumcrustulum)</li><li>Thomas Ptacek (@tqbf)</li><li>David Adrian (@davidcadrian)</li><li>@SCWPod</li></ul><p>Links:</p><ul><li>DERP server: <a href='https://github.com/tailscale/tailscale/tree/main/derp'>https://github.com/tailscale/tailscale/tree/main/derp</a></li><li><a href='https://xtermjs.org/'>https://xtermjs.org/</a></li><li>The Tail at Scale : <a href='https://research.google/pubs/pub40801/'>https://research.google/pubs/pub40801/</a></li><li>Raft: <a href='https://raft.github.io/'>https://raft.github.io/</a></li><li>Litestream: <a href='https://litestream.io/'>https://litestream.io/</a></li><li>MagicDNS: <a href='https://tailscale.com/kb/1081/magicdns/'>https://tailscale.com/kb/1081/magicdns/</a></li><li>Netstack: <a href='https://github.com/google/netstack'>https://github.com/google/netstack</a></li></ul><p>Transcript: <a href='https://share.descript.com/view/2NAe5jEcEqB'>https://share.descript.com/view/2NAe5jEcEqB</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9890092-tailscale-feat-avery-pennarun-and-brad-fitzpatrick.mp3" length="56456982" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9890092</guid>
<pubDate>Sat, 15 Jan 2022 04:00:00 -0500</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9890092/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9890092/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9890092/transcript.srt" type="application/srt" />
<itunes:duration>4702</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>true</itunes:explicit>
</item>
<item>
<itunes:title>The feeling's mutual: mTLS, feat. Colm MacCárthaigh</itunes:title>
<title>The feeling's mutual: mTLS, feat. Colm MacCárthaigh</title>
<description><![CDATA[<p>We recorded this months ago, and now it's finally up!<br/> <br/>Colm MacCárthaigh joined us to chat about all things TLS, <a href='https://github.com/aws/s2n-tls'>S2N</a>, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC.<br/><br/>Transcript: <a href='https://share.descript.com/view/tjrQu8wZKT0'>https://share.descript.com/view/tjrQu8wZKT0</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>We recorded this months ago, and now it's finally up!<br/> <br/>Colm MacCárthaigh joined us to chat about all things TLS, <a href='https://github.com/aws/s2n-tls'>S2N</a>, MTLS, SSH, fuzzing, formal verification, implementing state machines, and of course, DNSSEC.<br/><br/>Transcript: <a href='https://share.descript.com/view/tjrQu8wZKT0'>https://share.descript.com/view/tjrQu8wZKT0</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9801340-the-feeling-s-mutual-mtls-feat-colm-maccarthaigh.mp3" length="50797603" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9801340</guid>
<pubDate>Wed, 29 Dec 2021 01:00:00 -0500</pubDate>
<itunes:duration>4231</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Holiday Call-in Spectacular!</itunes:title>
<title>Holiday Call-in Spectacular!</title>
<description><![CDATA[<p>Happy New Year! Feliz Navidad! Merry Yule! Happy Hannukah! Pour one out for the log4j incident responders!<br/><br/>We did a call-in episode on Twitter Spaces and recorded it, so that's why the audio sounds different. We talked about BLOCKCHAIN/Web3 (blech), testing, post-quantum crypto, client certificates, ssh client certificates, threshold cryptography, U2F/WebAuthn, car fob attacks, geese, and more!<br/><br/>Transcript: <a href='https://share.descript.com/view/N9ROtj1AiW0'>https://share.descript.com/view/N9ROtj1AiW0</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/> </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>Happy New Year! Feliz Navidad! Merry Yule! Happy Hannukah! Pour one out for the log4j incident responders!<br/><br/>We did a call-in episode on Twitter Spaces and recorded it, so that's why the audio sounds different. We talked about BLOCKCHAIN/Web3 (blech), testing, post-quantum crypto, client certificates, ssh client certificates, threshold cryptography, U2F/WebAuthn, car fob attacks, geese, and more!<br/><br/>Transcript: <a href='https://share.descript.com/view/N9ROtj1AiW0'>https://share.descript.com/view/N9ROtj1AiW0</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/> </p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9767820-holiday-call-in-spectacular.mp3" length="59171550" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9767820</guid>
<pubDate>Tue, 21 Dec 2021 21:00:00 -0500</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9767820/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9767820/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9767820/transcript.srt" type="application/srt" />
<itunes:duration>4929</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>WireGuard, feat. Jason Donenfeld</itunes:title>
<title>WireGuard, feat. Jason Donenfeld</title>
<description><![CDATA[<p>Hey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more!<br/><br/>Transcript: <a href='https://share.descript.com/view/olVgXGtRpsY'>https://share.descript.com/view/olVgXGtRpsY</a><br/><br/>Links: </p><ul><li><b>WireGuard: </b><a href='https://blog.cryptographyengineering.com/should-you-use-srp'>https://www.wireguard.com</a></li><li><b>Tamarin</b>: <a href='https://tamarin-prover.github.io'>https://tamarin-prover.github.io</a></li><li><b>IDApro</b>: <a href='https://hex-rays.com/ida-pro'>https://hex-rays.com/ida-pro</a></li><li><b>NIST PQC</b>: <a href='https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions'>https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions</a></li><li><b>WireGuard Patreon</b>: <a href='https://www.patreon.com/zx2c4'>https://www.patreon.com/zx2c4</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>Hey, a new episode! We had a fantastic conversation with Jason Donenfeld, creator of our favorite modern VPN protocol: WireGuard! We touched on kernel hacking, formal verification, post-quantum cryptography, developing with disassemblers, and more!<br/><br/>Transcript: <a href='https://share.descript.com/view/olVgXGtRpsY'>https://share.descript.com/view/olVgXGtRpsY</a><br/><br/>Links: </p><ul><li><b>WireGuard: </b><a href='https://blog.cryptographyengineering.com/should-you-use-srp'>https://www.wireguard.com</a></li><li><b>Tamarin</b>: <a href='https://tamarin-prover.github.io'>https://tamarin-prover.github.io</a></li><li><b>IDApro</b>: <a href='https://hex-rays.com/ida-pro'>https://hex-rays.com/ida-pro</a></li><li><b>NIST PQC</b>: <a href='https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions'>https://csrc.nist.gov/projects/post-quantum-cryptography/round-3-submissions</a></li><li><b>WireGuard Patreon</b>: <a href='https://www.patreon.com/zx2c4'>https://www.patreon.com/zx2c4</a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9667632-wireguard-feat-jason-donenfeld.mp3" length="58418604" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9667632</guid>
<pubDate>Sun, 05 Dec 2021 17:00:00 -0500</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9667632/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9667632/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9667632/transcript.srt" type="application/srt" />
<itunes:duration>4866</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>true</itunes:explicit>
</item>
<item>
<itunes:title>PAKEs, oPRFs, algebra, feat. George Tankersley</itunes:title>
<title>PAKEs, oPRFs, algebra, feat. George Tankersley</title>
<description><![CDATA[<p>A conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. <br/><br/>With special guest, George Tankersley!<br/><br/>Transcript: <a href='https://share.descript.com/view/X8x8oO2Q8Tw'>https://share.descript.com/view/X8x8oO2Q8Tw</a><br/><br/>Links: </p><ul><li><b>SRP deprecation: </b><a href='https://blog.cryptographyengineering.com/should-you-use-srp'>https://blog.cryptographyengineering.com/should-you-use-srp</a></li><li><b>OPAQUE: </b><a href='https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.html'>https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.html</a></li><li><b>obfs: </b><a href='https://github.com/shadowsocks/simple-obfs'><b>https://github.com/shadowsocks/simple-obfs</b></a></li><li><b>Elligator: </b><a href='https://elligator.cr.yp.to/'><b>https://elligator.cr.yp.to</b></a></li><li><b>Hash to Curve: </b><a href='https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-12.html'><b>https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-12.html</b></a></li><li><b>Magic Wormhole: </b><a href='https://github.com/magic-wormhole/magic-wormhole'><b>https://github.com/magic-wormhole/magic-wormhole</b></a></li><li><b>Biscuits: </b><a href='https://github.com/CleverCloud/biscuit'><b>https://github.com/CleverCloud/biscuit</b></a></li><li><b>Ristretto: </b><a href='https://ristretto.group/'><b>https://ristretto.group</b></a></li><li><b>Monero signature bug: </b><a href='https://www.getmonero.org/ru/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html'><b>https://www.getmonero.org/ru/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html</b></a></li><li><b>SIDH smooth-order supersingular curves: </b><a href='https://link.springer.com/chapter/10.1007/978-3-662-53018-4_21'><b>https://link.springer.com/chapter/10.1007/978-3-662-53018-4_21</b></a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>A conversation that started with PAKEs (password-authenticated key exchanges) and touched on some cool math things: PRFs, finite fields, elliptic curve groups, anonymity protocols, hashing to curve groups, prime order groups, and more. <br/><br/>With special guest, George Tankersley!<br/><br/>Transcript: <a href='https://share.descript.com/view/X8x8oO2Q8Tw'>https://share.descript.com/view/X8x8oO2Q8Tw</a><br/><br/>Links: </p><ul><li><b>SRP deprecation: </b><a href='https://blog.cryptographyengineering.com/should-you-use-srp'>https://blog.cryptographyengineering.com/should-you-use-srp</a></li><li><b>OPAQUE: </b><a href='https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.html'>https://www.ietf.org/id/draft-irtf-cfrg-opaque-06.html</a></li><li><b>obfs: </b><a href='https://github.com/shadowsocks/simple-obfs'><b>https://github.com/shadowsocks/simple-obfs</b></a></li><li><b>Elligator: </b><a href='https://elligator.cr.yp.to/'><b>https://elligator.cr.yp.to</b></a></li><li><b>Hash to Curve: </b><a href='https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-12.html'><b>https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-12.html</b></a></li><li><b>Magic Wormhole: </b><a href='https://github.com/magic-wormhole/magic-wormhole'><b>https://github.com/magic-wormhole/magic-wormhole</b></a></li><li><b>Biscuits: </b><a href='https://github.com/CleverCloud/biscuit'><b>https://github.com/CleverCloud/biscuit</b></a></li><li><b>Ristretto: </b><a href='https://ristretto.group/'><b>https://ristretto.group</b></a></li><li><b>Monero signature bug: </b><a href='https://www.getmonero.org/ru/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html'><b>https://www.getmonero.org/ru/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html</b></a></li><li><b>SIDH smooth-order supersingular curves: </b><a href='https://link.springer.com/chapter/10.1007/978-3-662-53018-4_21'><b>https://link.springer.com/chapter/10.1007/978-3-662-53018-4_21</b></a></li></ul><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9439685-pakes-oprfs-algebra-feat-george-tankersley.mp3" length="54135700" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9439685</guid>
<pubDate>Tue, 26 Oct 2021 19:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9439685/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9439685/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9439685/transcript.srt" type="application/srt" />
<itunes:duration>4509</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>"Patch, Damnit!"</itunes:title>
<title>"Patch, Damnit!"</title>
<description><![CDATA[<p>A lot of fixes got pushed in the past week! Please apply your updates! <br/>Apple, Chrome, Matrix, Azure, and more nonsense.<br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/>Links!<br/><a href='https://www.technologyreview.com/2021/09/15/1035813/us-sold-iphone-exploit-uae'>The accuvant story in MIT Technology Review</a><br/>All the Apple platforms <a href='https://support.apple.com/en-us/HT212807'>patched</a> <a href='https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/'>FORCEDENTRY</a> no-click 0-day<br/>Chrome <a href='https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html'>patched some 0-days</a> that were being exploited in the wild<br/>PASETO <a href='https://paragonie.com/blog/2021/09/promoting-misuse-resistance-in-paseto-libraries'>update</a> <br/><br/>Transcript: <br/><a href='https://share.descript.com/view/Um4im6a3dqj'>https://share.descript.com/view/Um4im6a3dqj</a><br/><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>A lot of fixes got pushed in the past week! Please apply your updates! <br/>Apple, Chrome, Matrix, Azure, and more nonsense.<br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/>Links!<br/><a href='https://www.technologyreview.com/2021/09/15/1035813/us-sold-iphone-exploit-uae'>The accuvant story in MIT Technology Review</a><br/>All the Apple platforms <a href='https://support.apple.com/en-us/HT212807'>patched</a> <a href='https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/'>FORCEDENTRY</a> no-click 0-day<br/>Chrome <a href='https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html'>patched some 0-days</a> that were being exploited in the wild<br/>PASETO <a href='https://paragonie.com/blog/2021/09/promoting-misuse-resistance-in-paseto-libraries'>update</a> <br/><br/>Transcript: <br/><a href='https://share.descript.com/view/Um4im6a3dqj'>https://share.descript.com/view/Um4im6a3dqj</a><br/><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9225773-patch-damnit.mp3" length="53974830" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9225773</guid>
<pubDate>Mon, 20 Sep 2021 04:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9225773/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9225773/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9225773/transcript.srt" type="application/srt" />
<itunes:duration>4496</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>How to be a Certificate Authority, feat. Ryan Sleevi</itunes:title>
<title>How to be a Certificate Authority, feat. Ryan Sleevi</title>
<description><![CDATA[<p>Not the hero the internet deserves, but the one we need: it's Ryan Sleevi!<br/><br/>We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman.<br/><br/><br/>Transcript: <a href='https://share.descript.com/view/61pZGOJlqu6'>https://share.descript.com/view/61pZGOJlqu6</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>Not the hero the internet deserves, but the one we need: it's Ryan Sleevi!<br/><br/>We get into the weeds on becoming a certificate authority, auditing said authorities, DNSSEC, DANE, taking over country code top level domains, Luxembourg, X.509, ASN.1, CBOR, more JSON (!), ACME, Let's Encrypt, and more, on this extra lorge episode with the web PKI's Batman.<br/><br/><br/>Transcript: <a href='https://share.descript.com/view/61pZGOJlqu6'>https://share.descript.com/view/61pZGOJlqu6</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9146390-how-to-be-a-certificate-authority-feat-ryan-sleevi.mp3" length="67838713" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9146390</guid>
<pubDate>Mon, 06 Sep 2021 04:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9146390/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9146390/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9146390/transcript.srt" type="application/srt" />
<itunes:duration>5651</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Apple's CSAM Detection, feat. Matthew Green</itunes:title>
<title>Apple's CSAM Detection, feat. Matthew Green</title>
<description><![CDATA[<p>We're talking about Apple's new proposed <a href='https://www.apple.com/child-safety/'>client-side CSAM detection system</a>. We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green.<br/><br/>We cover how Apple's system works, what it does (and doesn't), where we have unanswered questions, and where some of the gaps are.<br/><br/>Transcript: <a href='https://share.descript.com/view/cEni6L9rMxI'>https://share.descript.com/view/cEni6L9rMxI</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/>Links:<br/><a href='https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdf'>https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdf</a></p><p><a href='https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf'>https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf</a></p><p><a href='https://www.law.cornell.edu/uscode/text/18/2258A'>https://www.law.cornell.edu/uscode/text/18/2258A</a></p><p><a href='https://www.missingkids.org/content/dam/missingkids/gethelp/2020-reports-by-esp.pdf'>https://www.missingkids.org/content/dam/missingkids/gethelp/2020-reports-by-esp.pdf</a></p><p><a href='https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT'>https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT</a></p><p><a href='https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does'>https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does</a></p><p><a href='https://research.fb.com/blog/2021/02/understanding-the-intentions-of-child-sexual-abuse-material-csam-sharers/'>https://research.fb.com/blog/2021/02/understanding-the-intentions-of-child-sexual-abuse-material-csam-sharers/</a></p><p><a href='https://www.nytimes.com/interactive/2019/11/09/us/internet-child-sex-abuse.html'>https://www.nytimes.com/interactive/2019/11/09/us/internet-child-sex-abuse.html</a></p><p><a href='https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf'>https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf</a></p><p><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>We're talking about Apple's new proposed <a href='https://www.apple.com/child-safety/'>client-side CSAM detection system</a>. We weren't sure if we were going to cover this, and then we realized that not all of us have been paying super close attention to what the hell this thing is, and have a lot of questions about it. So we're talking about it, with our special guest Professor Matthew Green.<br/><br/>We cover how Apple's system works, what it does (and doesn't), where we have unanswered questions, and where some of the gaps are.<br/><br/>Transcript: <a href='https://share.descript.com/view/cEni6L9rMxI'>https://share.descript.com/view/cEni6L9rMxI</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/>Links:<br/><a href='https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdf'>https://www.apple.com/child-safety/pdf/CSAM_Detection_Technical_Summary.pdf</a></p><p><a href='https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf'>https://www.apple.com/child-safety/pdf/Apple_PSI_System_Security_Protocol_and_Analysis.pdf</a></p><p><a href='https://www.law.cornell.edu/uscode/text/18/2258A'>https://www.law.cornell.edu/uscode/text/18/2258A</a></p><p><a href='https://www.missingkids.org/content/dam/missingkids/gethelp/2020-reports-by-esp.pdf'>https://www.missingkids.org/content/dam/missingkids/gethelp/2020-reports-by-esp.pdf</a></p><p><a href='https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT'>https://www.reuters.com/article/us-apple-fbi-icloud-exclusive/exclusive-apple-dropped-plan-for-encrypting-backups-after-fbi-complained-sources-idUSKBN1ZK1CT</a></p><p><a href='https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does'>https://en.wikipedia.org/wiki/The_purpose_of_a_system_is_what_it_does</a></p><p><a href='https://research.fb.com/blog/2021/02/understanding-the-intentions-of-child-sexual-abuse-material-csam-sharers/'>https://research.fb.com/blog/2021/02/understanding-the-intentions-of-child-sexual-abuse-material-csam-sharers/</a></p><p><a href='https://www.nytimes.com/interactive/2019/11/09/us/internet-child-sex-abuse.html'>https://www.nytimes.com/interactive/2019/11/09/us/internet-child-sex-abuse.html</a></p><p><a href='https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf'>https://www.apple.com/child-safety/pdf/Expanded_Protections_for_Children_Frequently_Asked_Questions.pdf</a></p><p><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Deirdre Connolly, Thomas Ptacek, David Adrian</itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9099774-apple-s-csam-detection-feat-matthew-green.mp3" length="38147868" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9099774</guid>
<pubDate>Fri, 27 Aug 2021 23:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9099774/transcript" type="text/html" />
<itunes:duration>3177</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>Platform Security Part Deux, feat. Justin Schuh</itunes:title>
<title>Platform Security Part Deux, feat. Justin Schuh</title>
<description><![CDATA[<p>We did not run out of things to talk about: Chrome vs. Safari vs. Firefox. Rust vs. C++. Bug bounties vs. exploit development. The Peace Corps vs. The Marine Corps.<br/><br/>Transcript: <a href='https://share.descript.com/view/DpeqIOCREyZ'>https://share.descript.com/view/DpeqIOCREyZ</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>We did not run out of things to talk about: Chrome vs. Safari vs. Firefox. Rust vs. C++. Bug bounties vs. exploit development. The Peace Corps vs. The Marine Corps.<br/><br/>Transcript: <a href='https://share.descript.com/view/DpeqIOCREyZ'>https://share.descript.com/view/DpeqIOCREyZ</a><br/><br/>Find us at:<br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><br/></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9063230-platform-security-part-deux-feat-justin-schuh.mp3" length="57649694" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9063230</guid>
<pubDate>Sat, 21 Aug 2021 00:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9063230/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9063230/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9063230/transcript.srt" type="application/srt" />
<podcast:soundbite startTime="4324.471" duration="48.0" />
<itunes:duration>4802</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>What do we do about JWT? feat. Jonathan Rudenberg</itunes:title>
<title>What do we do about JWT? feat. Jonathan Rudenberg</title>
<description><![CDATA[<p>🔥JWT🔥<br/><br/>We talk about all sorts of tokens: JWT, PASETO, Protobuf Tokens, Macaroons, and Biscuits. With the great Jonathan Rudenberg!<br/><br/>After we recorded this, Thomas went deep on tokens even beyond what we talked about here: <a href='https://fly.io/blog/api-tokens-a-tedious-survey/'>https://fly.io/blog/api-tokens-a-tedious-survey/</a><br/><br/>Transcript: <a href='https://share.descript.com/view/pb428e60pPo'>https://share.descript.com/view/pb428e60pPo</a><br/><br/>Find us at:<br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>🔥JWT🔥<br/><br/>We talk about all sorts of tokens: JWT, PASETO, Protobuf Tokens, Macaroons, and Biscuits. With the great Jonathan Rudenberg!<br/><br/>After we recorded this, Thomas went deep on tokens even beyond what we talked about here: <a href='https://fly.io/blog/api-tokens-a-tedious-survey/'>https://fly.io/blog/api-tokens-a-tedious-survey/</a><br/><br/>Transcript: <a href='https://share.descript.com/view/pb428e60pPo'>https://share.descript.com/view/pb428e60pPo</a><br/><br/>Find us at:<br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf</a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a><br/><a href='https://twitter.com/scwpod'>https://twitter.com/scwpod</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/9020991-what-do-we-do-about-jwt-feat-jonathan-rudenberg.mp3" length="53973358" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-9020991</guid>
<pubDate>Thu, 12 Aug 2021 16:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9020991/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9020991/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/9020991/transcript.srt" type="application/srt" />
<podcast:soundbite startTime="0.0" duration="30.0" />
<itunes:duration>4496</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>The Great "Roll Your Own Crypto" Debate, feat. Filippo Valsorda</itunes:title>
<title>The Great "Roll Your Own Crypto" Debate, feat. Filippo Valsorda</title>
<description><![CDATA[<p>Special guest <a href='https://twitter.com/filosottile'>Filippo Valsorda</a> joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general.<br/><br/>After we recorded this, David went even deeper on 'rolling your own crypto' in a blog post here: <a href='https://dadrian.io/blog/posts/roll-your-own-crypto/'>https://dadrian.io/blog/posts/roll-your-own-crypto/</a><br/><br/>Transcript: <a href='https://share.descript.com/view/2tqKjLxleKM'>https://share.descript.com/view/2tqKjLxleKM</a><br/><br/>Links:<br/><a href='https://peter.website/meow-hash-cryptanalysis'>https://peter.website/meow-hash-cryptanalysis</a><br/><a href='https://arxiv.org/pdf/2107.04940.pdf'>https://arxiv.org/pdf/2107.04940.pdf</a><br/><a href='https://ristretto.group/'>https://ristretto.group</a><br/><a href='https://filippo.io/heartbleed'>https://filippo.io/heartbleed</a><br/><br/>Find us at:<br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf </a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>Special guest <a href='https://twitter.com/filosottile'>Filippo Valsorda</a> joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general.<br/><br/>After we recorded this, David went even deeper on 'rolling your own crypto' in a blog post here: <a href='https://dadrian.io/blog/posts/roll-your-own-crypto/'>https://dadrian.io/blog/posts/roll-your-own-crypto/</a><br/><br/>Transcript: <a href='https://share.descript.com/view/2tqKjLxleKM'>https://share.descript.com/view/2tqKjLxleKM</a><br/><br/>Links:<br/><a href='https://peter.website/meow-hash-cryptanalysis'>https://peter.website/meow-hash-cryptanalysis</a><br/><a href='https://arxiv.org/pdf/2107.04940.pdf'>https://arxiv.org/pdf/2107.04940.pdf</a><br/><a href='https://ristretto.group/'>https://ristretto.group</a><br/><a href='https://filippo.io/heartbleed'>https://filippo.io/heartbleed</a><br/><br/>Find us at:<br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf </a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/8953842-the-great-roll-your-own-crypto-debate-feat-filippo-valsorda.mp3" length="43797827" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-8953842</guid>
<pubDate>Sat, 31 Jul 2021 18:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/8953842/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/8953842/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/8953842/transcript.srt" type="application/srt" />
<itunes:duration>3648</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
<item>
<itunes:title>NSO group, Pegasus, Zero-Days, i(OS|Message) security</itunes:title>
<title>NSO group, Pegasus, Zero-Days, i(OS|Message) security</title>
<description><![CDATA[<p>Deirdre, Thomas and David talk about NSO group, Pegasus, whether iOS a burning trash fire, the zero-day market, and whether rewriting all of iOS in Swift is a viable strategy for reducing all these vulns.<br/><br/>Transcript: <a href='https://share.descript.com/view/PQRb3nsY7N4'>https://share.descript.com/view/PQRb3nsY7N4</a><br/><br/>Find us at:<br/><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf </a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></description>
<content:encoded><![CDATA[<p>Deirdre, Thomas and David talk about NSO group, Pegasus, whether iOS a burning trash fire, the zero-day market, and whether rewriting all of iOS in Swift is a viable strategy for reducing all these vulns.<br/><br/>Transcript: <a href='https://share.descript.com/view/PQRb3nsY7N4'>https://share.descript.com/view/PQRb3nsY7N4</a><br/><br/>Find us at:<br/><br/><a href='https://twitter.com/durumcrustulum'>https://twitter.com/durumcrustulum</a><br/><a href='https://twitter.com/tqbf'>https://twitter.com/tqbf </a><br/><a href='https://twitter.com/davidcadrian'>https://twitter.com/davidcadrian</a></p><p>"Security. Cryptography. Whatever." is hosted by <a href='https://twitter.com/durumcrustulum'>Deirdre Connolly</a> (@durumcrustulum), <a href='https://twitter.com/tqbf'>Thomas Ptacek</a> (@tqbf), and <a href='https://twitter.com/davidcadrian'>David Adrian</a> (@davidcadrian).</p>]]></content:encoded>
<itunes:author>Security, Cryptography, Whatever </itunes:author>
<enclosure url="https://www.buzzsprout.com/1822302/8926799-nso-group-pegasus-zero-days-i-os-message-security.mp3" length="42922244" type="audio/mpeg" />
<guid isPermaLink="false">Buzzsprout-8926799</guid>
<pubDate>Mon, 26 Jul 2021 19:00:00 -0400</pubDate>
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/8926799/transcript" type="text/html" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/8926799/transcript.json" type="application/json" />
<podcast:transcript url="https://feeds.buzzsprout.com/1822302/8926799/transcript.srt" type="application/srt" />
<itunes:duration>3575</itunes:duration>
<itunes:keywords></itunes:keywords>
<itunes:episodeType>full</itunes:episodeType>
<itunes:explicit>false</itunes:explicit>
</item>
</channel>
</rss>