September 09, 2022

Nate Lawson: Part 1

Listen Later

1 hour 20 minutes

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.

Transcript:
https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/

References

IBM S/390: https://ieeexplore.ieee.org/document/5389176
SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack
Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/

Errata

HMAC actually published in 1996, not 1997
"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Cryptography Whatever

By Deirdre Connolly, Thomas Ptacek, David Adrian

4.9

7777 ratings

September 09, 2022

Nate Lawson: Part 1

Listen Later

1 hour 20 minutes

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.

Transcript:
https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/

References

IBM S/390: https://ieeexplore.ieee.org/document/5389176
SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack
Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/

Errata

HMAC actually published in 1996, not 1997
"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

...more

More shows like Security Cryptography Whatever

Software Engineering Radio by se-radio@computer.org

Software Engineering Radio

273 Listeners

Risky Business by Patrick Gray

Risky Business

370 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

639 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

288 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

369 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

626 Listeners

Late Night Linux by The Late Night Linux Family

Late Night Linux

164 Listeners

Click Here by Recorded Future News

Click Here

416 Listeners

Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

Syntax - Tasty Web Development Treats

982 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,965 Listeners

Signals and Threads by Jane Street

Signals and Threads

74 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

59 Listeners

The 404 Media Podcast by 404 Media

The 404 Media Podcast

319 Listeners

Complex Systems with Patrick McKenzie (patio11) by Patrick McKenzie

Complex Systems with Patrick McKenzie (patio11)

123 Listeners