September 09, 2022

Nate Lawson: Part 1

Listen Later

1 hour 20 minutes

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.

Transcript:
https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/

References

IBM S/390: https://ieeexplore.ieee.org/document/5389176
SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack
Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/

Errata

HMAC actually published in 1996, not 1997
"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Security Cryptography Whatever

By Deirdre Connolly, Thomas Ptacek, David Adrian

4.9

7777 ratings

September 09, 2022

Nate Lawson: Part 1

Listen Later

1 hour 20 minutes

We bring on Nate Lawson of Root Labs to talk about a little bit of everything, starting with cryptography in the 1990s.

Transcript:
https://securitycryptographywhatever.com/2022/09/09/nate-lawson-part-1/

References

IBM S/390: https://ieeexplore.ieee.org/document/5389176
SSLv2 Spec: https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Xbox 360 HMAC: https://beta.ivc.no/wiki/index.php/Xbox_360_Timing_Attack
Google Keyczar HMAC bug (reported by Nate): https://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/

Errata

HMAC actually published in 1996, not 1997
"That was one of the first, I think hardware applications of DPA was, was, um, satellite TV cards." Not true, they first were able to break Mondex, a MasterCard smart card

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

...more

More shows like Security Cryptography Whatever

Security Now (Audio) by TWiT

Security Now (Audio)

1,983 Listeners

Software Engineering Radio - the podcast for professional software developers by se-radio@computer.org

Software Engineering Radio - the podcast for professional software developers

274 Listeners

Risky Business by Patrick Gray

Risky Business

365 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

636 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

621 Listeners

Hacked by Hacked

Hacked

183 Listeners

Late Night Linux by The Late Night Linux Family

Late Night Linux

162 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

312 Listeners

Click Here by Recorded Future News

Click Here

415 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,913 Listeners

2.5 Admins by The Late Night Linux Family

2.5 Admins

92 Listeners

Dwarkesh Podcast by Dwarkesh Patel

Dwarkesh Podcast

426 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

127 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

43 Listeners

Oxide and Friends by Oxide Computer Company

Oxide and Friends

47 Listeners