Security Cryptography Whatever

Nothing we have ever recorded on SCW has brought so much joy toDavid. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body.Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup.Transcript: https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbgLinks:- Dicky George at InfiltrateCon 2014, 'Life at Both Ends of the Barrel - An NSA Targeting Retrospective': [https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q](https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q)- Dicky George: [https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/](https://www.nsa.gov/Press-Room/Digital-Media-Center/Biographies/Biography-View-Page/Article/3330261/richard-dickie-george/)- NYTimes on Sigint Enabling Project: [https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html](https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html)- On the Practical Exploitability of Dual ECin TLS Implementations: [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-checkoway.pdf)- Wired - Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA [https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/](https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/)- ProPublica - Revealed: The NSA's Secret Campaign to Crack, Undermine Internet Security [https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption](https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption)- DDoSecrets - Sigint Enabling Project: [https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf](https://data.ddosecrets.com/Snowden%20archive/sigint-enabling-project.pdf)- IAD: [https://www.iad.gov/](https://www.iad.gov/)- Ars Technica - “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic: [https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/](https://web.archive.org/web/20151222023311/http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/)- 2015 IMPORTANT JUNIPER SECURITY ANNOUNCEMENT: [https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554](https://web.archive.org/web/20151221171526/http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554)- Extended Random Values for TLS: [https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00](https://datatracker.ietf.org/doc/html/draft-rescorla-tls-extended-random-00)- The Art of Software Security Assessment: [https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426](https://www.amazon.com/Art-Software-Security-Assessment-Vulnerabilities/dp/0321444426)"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

You may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/Links:- https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html- “Safe Coding”: https://dl.acm.org/doi/10.1145/3651621- “effectiveness of security design”: https://docs.google.com/presentation/d/16LZ6T-tcjgp3T8_N3m0pa5kNA1DwIsuMcQYDhpMU7uU/edit#slide=id.g3e7cac054a_0_89- https://security.googleblog.com/2024/02/improving-interoperability-between-rust-and-c.html- https://github.com/google/crubit- https://github.com/google/autocxx- https://en.wikipedia.org/wiki/Stagefright_(bug)- https://security.googleblog.com/2021/04/rust-in-android-platform.html- https://chromium.googlesource.com/chromium/src/+/master/docs/security/rule-of-2.md- https://www.usenix.org/conference/usenixsecurity22/presentation/alexopoulos-https://kb.meinbergglobal.com/kb/time_sync/ntp/ntp_vulnerabilities_reported_2023-04- https://blog.isosceles.com/the-legacy-of-stagefright/- https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/- https://www.youtube.com/watch?v=QrrH2lcl9ew- https://source.android.com/docs/setup/build/rust/building-rust-modules/overview- https://github.com/rust-lang/rust-bindgen- https://security.googleblog.com/2021/06/rustc-interop-in-android-platform.html"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

With the 2024 United States Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late August, 2024.Transcript: https://securitycryptographywhatever.com/2024/10/13/campaign-security/Links:- Active Measures by Thomas Rind: https://us.macmillan.com/books/9780374287269/activemeasures- Aurora: https://en.wikipedia.org/wiki/Operation\_Aurora- Google APP announcement, October 2017: https://www.wired.com/story/google-advanced-protection-locks-down-accounts/- XXD: https://linux.die.net/man/1/xxd- Adobe Reader October 2016 Security Update: https://helpx.adobe.com/security/products/acrobat/apsb16-33.html"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

We finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind!Transcript: https://securitycryptographywhatever.com/2024/09/06/telegramLinks:- https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/- Lavabit / Ladar Levinson: https://en.wikipedia.org/wiki/Lavabit- Pavel Durov indictment statement from French authorities: https://www.tribunal-de-paris.justice.fr/sites/default/files/2024-08/2024-08-28%20-%20CP%20TELEGRAM%20mise%20en%20examen.pdf- MTProto 2.0 protocol spec: https://core.telegram.org/api/end-to-end- https://words.filippo.io/dispatches/telegram-ecdh/- MTProto 1.0 (old no longer used): - https://web.archive.org/web/20131220000537/https://core.telegram.org/api/end-to-end#key-generation- OTR: https://otr.cypherpunks.ca/otr-wpes.pdf- AES and sha2 used in ‘Infinite Garble Extension’ mode: https://eprint.iacr.org/2015/1177.pdf- Four Attacks and a Proof for Telegram: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9833666- History of Telegram e2ee chats availability: https://en.wikipedia.org/wiki/Telegram_(software)#Architecture- https://securitycryptographywhatever.com/2023/01/27/threema/- https://securitycryptographywhatever.com/2022/11/02/Matrix-with-Martin-Albrecht-Dan-Jones/- https://en.wikipedia.org/wiki/Matrix_(protocol), introduced in September 2014"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)