Episodios

  • Episode 24: CryptoHack's Collection of Cryptic Conundrums!

    Episode 24: CryptoHack's Collection of Cryptic Conundrums!
    Feb 27 2023
    For several years, CryptoHack has been a free platform for learning modern cryptography through fun and challenging programming puzzles. From toy ciphers to post-quantum cryptography, CryptoHack has a wide-ranging and ever increasing library of puzzles for both the aspiring and accomplished cryptographer. On this episode, Nadim and Lucas are joined by Giacomo Pope and Laurence Tennant, the founders of CryptoHack, to discuss how the platform came to be, and how it evolved, as well as how to improve cryptographic pedagogy more broadly. Special Guests: Giacomo Pope and Laurence Tennant.
    Más Menos
    49 m
  • Episode 23: Psychic Signatures in Java!

    Episode 23: Psychic Signatures in Java!
    Jan 25 2023
    On April 19th 2022, Neil Madden disclosed a vulnerability in many popular Java runtimes and development kits. The vulnerability, dubbed "Psychic Signatures", lies in the cryptography for ECDSA signatures and allows an attacker to bypass signature checks entirely for these signatures. How are popular cryptographic protocol implementations in Java affected? What's the state of Java cryptography as a whole? Join Neil, Nadim and Lucas as they discuss. Music composed by Yasunori Mitsuda. Special Guest: Neil Madden.
    Más Menos
    53 m
  • Episode 22: Three Lessons from Threema: Breaking a Secure Messenger!

    Episode 22: Three Lessons from Threema: Breaking a Secure Messenger!
    Jan 16 2023
    Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Army, as well as the current Chancellor of Germany, Olaf Scholz. Threema has been widely advertised as a secure alternative to other messengers. Kenny, Kien and Matteo from the ETH Zurich Applied Cryptography Group present seven attacks against the cryptographic protocols used by Threema, in three distinct threat models. All the attacks are accompanied by proof-of-concept implementations that demonstrate their feasibility in practice. Links and papers discussed in the show: * Three Lessons from Threema (https://breakingthe3ma.app/) Special Guests: Kenny Paterson, Kien Tuong Truong, and Matteo Scarlata.
    Más Menos
    52 m
  • Episode 21: Proving Fundamental Equivalencies in Isogeny Mathematics!

    Episode 21: Proving Fundamental Equivalencies in Isogeny Mathematics!
    Aug 24 2021
    Benjamin Wesolowski talks about his latest paper in which he mathematically proved that the two fundamental problems underlying isogeny-based cryptography are equivalent. Links and papers discussed in the show: * The supersingular isogeny path and endomorphism ring problems are equivalent (https://eprint.iacr.org/2021/919) * Episode 5: Isogeny-based Cryptography for Dummies! (https://www.cryptography.fm/5) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guest: Benjamin Wesolowski.
    Más Menos
    47 m
  • Episode 20: Cryptanalysis of GPRS: GEA-1 and GEA-2!

    Episode 20: Cryptanalysis of GPRS: GEA-1 and GEA-2!
    Jul 20 2021
    A team of cryptanalysits presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, they show that the initial state of GEA-1 can be recovered from as little as 65 bits of known keystream (with at least 24 bits coming from one frame) in time 240 GEA-1 evaluations and using 44.5 GiB of memory. The attack on GEA-1 is based on an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance. This unusual pattern indicates that the weakness is intentionally hidden to limit the security level to 40 bit by design. Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2 (https://eprint.iacr.org/2021/819) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guests: Gaëtan Leurent and Håvard Raddum.
    Más Menos
    43 m
  • Episode 19: Cross-Protocol Attacks on TLS with ALPACA!

    Episode 19: Cross-Protocol Attacks on TLS with ALPACA!
    Jul 12 2021
    TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was designed to be application layer independent, which allows its use in many diverse communication protocols. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. Links and papers discussed in the show: * ALPACA Attack Website (https://alpaca-attack.com/) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guests: Marcus Brinkmann and Robert Merget.
    Más Menos
    42 m
  • Episode 18: Optimizing Cryptography for Microcontrollers!

    Episode 18: Optimizing Cryptography for Microcontrollers!
    Jun 23 2021
    Nadim talks with Peter Schwabe and Matthias Kannwischer about the considerations — both in terms of security and performance — when implementing cryptographic primitives for low-level and embedded platforms. Links and papers discussed in the show: * Optimizing crypto on embedded microcontrollers (https://cryptojedi.org/peter/data/coins-20170830.pdf) * Implementing post-quantum cryptography on embedded microcontrollers (https://cryptojedi.org/peter/data/graz-20190917.pdf) * Optimizing crypto on embedded microcontrollers (ASEC 2018) (https://cryptojedi.org/peter/data/asec-20181210.pdf) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guests: Matthias Kannwischer and Peter Schwabe.
    Más Menos
    37 m
  • Episode 17: Breaking Wi-Fi With Frame Attacks!

    Episode 17: Breaking Wi-Fi With Frame Attacks!
    Jun 1 2021
    Wi-Fi is a pretty central technology to our daily lives, whether at home or at the office. Given that so much sensitive data is regularly exchanged between Wi-Fi devices, a number of standards have been developed to ensure the privacy and authentication of Wi-Fi communications. However, a recent paper shows that every single Wi-Fi network protection standard since 1997, from WEP all the way to WPA3, is exposed to a critical vulnerability that allows the exfiltration of sensitive data. How far does this new attack go? How does it work? And why wasn’t it discovered before? We’ll discuss this and more in this episode of Cryptography FM. Links and papers discussed in the show: * Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation (https://papers.mathyvanhoef.com/usenix2021.pdf) * Dragonblood: Analyzing the Dragonfly Handshake of WPA3 and EAP-pwd (https://papers.mathyvanhoef.com/dragonblood.pdf) * Release the Kraken: New KRACKs in the 802.11 Standard (https://papers.mathyvanhoef.com/ccs2018.pdf) Music composed by Toby Fox and performed by Sean Schafianski (https://seanschafianski.bandcamp.com/). Special Guest: Mathy Vanhoef.
    Más Menos
    36 m