September 09, 2022

Nate Lawson: Part 1

Listen Later

1 hour 20 minutes

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.

Transcript:
https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/

References

IBM S/390: https://ieeexplore.ieee.org/document/5389176
SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack
Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/

Errata

HMAC actually published in 1996, not 1997
"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Cryptography Whatever

By Deirdre Connolly, Thomas Ptacek, David Adrian

4.9

7272 ratings

September 09, 2022

Nate Lawson: Part 1

Listen Later

1 hour 20 minutes

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.

Transcript:
https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/

References

IBM S/390: https://ieeexplore.ieee.org/document/5389176
SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack
Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/

Errata

HMAC actually published in 1996, not 1997
"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

...more

More shows like Security Cryptography Whatever

Security Now (Audio) by TWiT

Security Now (Audio)

1,952 Listeners

Risky Business by Patrick Gray

Risky Business

362 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

285 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

372 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,010 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

308 Listeners

Click Here by Recorded Future News

Click Here

390 Listeners

Malicious Life by Malicious Life

Malicious Life

923 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,822 Listeners

CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

CoRecursive: Coding Stories

185 Listeners

Hacking Humans by N2K Networks

Hacking Humans

304 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

118 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

32 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

48 Listeners

No Such Podcast by National Security Agency (NSA)

No Such Podcast

205 Listeners