September 09, 2022

Nate Lawson: Part 1

Listen Later

1 hour 20 minutes

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.

Transcript:
https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/

References

IBM S/390: https://ieeexplore.ieee.org/document/5389176
SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack
Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/

Errata

HMAC actually published in 1996, not 1997
"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Cryptography Whatever

By Deirdre Connolly, Thomas Ptacek, David Adrian

4.9

7777 ratings

September 09, 2022

Nate Lawson: Part 1

Listen Later

1 hour 20 minutes

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.

Transcript:
https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/

References

IBM S/390: https://ieeexplore.ieee.org/document/5389176
SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack
Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/

Errata

HMAC actually published in 1996, not 1997
"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

...more

More shows like Security Cryptography Whatever

Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

Software Engineering Radio - the podcast for professional software developers

272 Listeners

Risky Business by Patrick Gray

Risky Business

361 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

627 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

283 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

363 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

627 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,003 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

311 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,876 Listeners

Dwarkesh Podcast by Dwarkesh Patel

Dwarkesh Podcast

355 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

47 Listeners

The 404 Media Podcast by 404 Media

The 404 Media Podcast

312 Listeners

Complex Systems with Patrick McKenzie (patio11) by Patrick McKenzie

Complex Systems with Patrick McKenzie (patio11)

116 Listeners

The Pragmatic Engineer by Gergely Orosz

The Pragmatic Engineer

52 Listeners