Shows
Security Cryptography WhateverVegas, Baby!We’re throwing a party in Vegas! Someone called it SCWPodCon last year, and the name stuck. It’s sponsored by Teleport, the infrastructure identity company. Get SSO for SSH! If Thomas was here, I’m sure he’d tell you that Fly.io uses Teleport internally. Oh also there's some thing called Black..pill? Black Pool? Something like that happening in Vegas, with crypto talks, so we chatted about them a bit, plus some other stuffSCWPodCon 2025: https://securitycryptographywhatever.com/events/blackhatTranscript: https://securitycryptographywhatever.com/2025/07/29/vegas-baby/Links:- Fault Injectio...2025-07-291h 00
Algorithms + Data Structures = ProgramsEpisode 244: High on AI (Part 1)In this episode, Conor and Bryce chat about AI, how it's changing the way we work and more.Link to Episode 244 on WebsiteDiscuss this episode, leave a comment, or ask a question (on GitHub)SocialsADSP: The Podcast: TwitterConor Hoekstra: Twitter | BlueSky | MastodonBryce Adelstein Lelbach: TwitterShow NotesDate Generated: 2025-07-01Date Released: 2025-07-25AI Poll ResultsAll of Conor's Vibe Coded ProjectsCursorClaude 4Vittorio's CamomillaGPU ModeADSP Episode 238: Recommended Podcast Discussions on AI & LLMsADSP Episode 239: Claude-Poisoned Dev Sipping Rocket FuelCoRecursive Episode 113: When AI...2025-07-251h 07
Tech Writer Koduje#79 Tech Writer koduje z AI, czyli latanie z drugim pilotem w praktyceOd niedawna mamy możliwość korzystania w pracy z pomocy sztucznej inteligencji, a konkretnie GitHub Copilota.Rozmawiamy o tym jak działa to narzędzie, jakie ma możliwości i w jaki sposób zmienia naszą pracę. Omawiamy konkretne przykłady zastosowania drugiego pilota w kodowaniu i tworzeniu dokumentacji i staramy się ocenić czy w ogólnym rozrachunku jest on dla nas pomocą, utrudnieniem czy zagrożeniem.Dźwięki wykorzystane w audycji pochodzą z kolekcji "107 Free Retro Game Sounds" dostępnej na stronie https://dominik-braun.net, udostępnianej na podstawie licencji Creative Commons license CC BY 4.0 (htt...2025-06-2339 minAlgorithms + Data Structures = ProgramsEpisode 239: Claude-Poisoned Dev Sipping Rocket FuelIn this episode, Conor recommends some articles on AI and LLMs.Link to Episode 239 on WebsiteDiscuss this episode, leave a comment, or ask a question (on GitHub)SocialsADSP: The Podcast: TwitterConor Hoekstra: Twitter | BlueSky | MastodonShow NotesDate Generated: 2025-06-19Date Released: 2025-06-20The Real Python Podcast Episode 253My AI Skeptic Friends Are All Nuts - Thomas PtacekI Think I’m Done Thinking About genAI For Now - GlyphAI Changes Everything - Armin RonacherIntro Song Info...2025-06-2005 min
The AI Daily Brief (Formerly The AI Breakdown): Artificial Intelligence News and AnalysisWhy AI Skeptics Are NutsToday on the AI Daily Brief, NLW dives into a provocative essay that's shaking up the AI conversation: "My AI Skeptic Friends Are All Nuts," by Thomas Ptacek. Focusing on AI-assisted coding, Thomas dismantles popular skeptic arguments, highlights why serious coders using AI agents are already far ahead, and explains why dismissing AI is no longer justifiable. Beyond coding, this episode explores how rapidly we're shifting from AI as mere assistants to true collaborative agents, transforming the way we work, compete, and innovate—whether you're ready or not.Source: https://fly.io/blog/youre-all-nuts/...2025-06-0820 min
The CloudcastThere Ain't Gonna Be Any Middle AnymoreAs we try and predict the future, we explore the possibilities of technology augmenting or replacing the middle of the bell curve. What has history taught us, and where do we expect it to repeat itself or at least rhyme?SHOW: 930SHOW TRANSCRIPT: The Cloudcast #930 TranscriptSHOW VIDEO: https://youtube.com/@TheCloudcastNET CLOUD NEWS OF THE WEEK: http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST: "CLOUDCAST BASICS"SHOW SPONSORS:[US CLOUD] C...2025-06-0818 min
Enrique Dans for dummiesBeyond the finish line: generative AI’s unknown potentialThe source is a blog post by Enrique Dans titled "Cuando juzgar a la inteligencia artificial generativa por lo que sabe hacer hoy es un completo error," arguing that evaluating generative AI solely on its current capabilities is short-sighted, comparing it to judging early aviation by the Wright brothers' initial flights. Dans discusses the limitations and progress of generative AI in complex tasks like programming and academic research, referencing critiques from developers like Thomas Ptacek and his own experiences using AI for structuring academic papers versus the actual research. The post also highlights the evolving role...2025-06-0415 min
Techmeme Ride HomeTue. 06/03 – Framing The AI DebateElon Musk is suddenly fundraising everywhere. An attempt to solve the nomenclature problem around hacking groups. Is the solution to more energy for data centers already hidden inside the grid? And the final two pieces today are two different takes on the great AI debate, our entire civilization is having right now.Sponsors:Oracle.com/techmemeLinks:Musk Taps Investors for Billions Days After Washington Exit (Bloomberg)'Forest Blizzard' vs 'Fancy Bear' - cyber companies hope to untangle weird hacker nicknames (Reuters)Gridcare thinks more than 100 GW of data center capacity is...2025-06-0316 minSecurity Cryptography WhateverE2EE Storage Done Right with Matilda Backendal Jonas Hofmann and Kien Tuong TruongIt seems like everyone that tries to deploy end-to-end encrypted cloudstorage seems to mess it up, often in new and creative ways. Our specialguests Matilda Backendal, Jonas Hofmann, and Kien Tuong Truong give us a tour through the breakage and discuss a new formal model of how to actually build a secure E2EE storage system.Watch on YouTube: https://youtu.be/sizLiK_byCwTranscript: https://securitycryptographywhatever.com/2025/05/19/e2ee-storage/Links:- https://brokencloudstorage.info- https://eprint.iacr.org/2024/1616.pdf2025-05-201h 02Security Cryptography WhateverPicking Quantum Resistant AlgorithmsMigrating the US government to quantum-resistant cryptography is hard, luckily the gamer presidents are on it. This episode is extremely not safe for work, nor does it reflect the political opinions of, well, anybody."Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)2025-03-2414 minSecurity Cryptography WhateverApple Pulls Advanced Data Protection in the UK with Matt Green and Joe HallApple has pulled the availability of their opt-in iCloud end-to-end encryption feature, called Advanced Data Protection, in the UK. This doesn't only affect UK Apple users, however. To help us make sense of this surprising move from the fruit company, we got Matt Green, Associate Professor at Johns Hopkins, and Joe Hall, Distinguished Technologist at the Internet Society, on the horn. Recorded Saturday February 22nd, 2025.Transcript: https://securitycryptographywhatever.com/2025/02/24/apple-pulls-adp-in-uk/Watch episode on YouTube: https://youtu.be/LAn_yOGUkR0Links:- https://www.lawfaremedia.org/article/apples-cloud-key-vault-and-secure-law-enforcement-access2025-02-2548 minSecurity Cryptography WhateverCryptanalyzing LLMs with Nicholas Carlini'Let us model our large language model as a hash function—' Sold.Our special guest Nicholas Carlini joins us to discuss differential cryptanalysis on LLMs and other attacks, just as the ones that made OpenAI turn off some features, hehehehe.Watch episode on YouTube: https://youtu.be/vZ64xPI2Rc0Transcript: https://securitycryptographywhatever.com/2025/01/28/cryptanalyzing-llms-with-nicholas-carlini/Links:- https://nicholas.carlini.com- “Stealing Part of a Production Language Model”: https://arxiv.org/pdf/2403.06634- ‘Why I attack"’: https://nicholas.carlini.com/writing/2024/why-i-attack.html- “Cryp...2025-01-281h 20Security Cryptography WhateverBiden’s Cyber-Everything Bagel with Carole HouseJust a few days before turning off the lights, the Biden administration dropped a huge cybersecurity executive order including a lot of good stuff, that hopefully [cross your fingers, knock wood, spin around three times and spit] will last into future administrations. We snagged some time with Carole House, outgoing Special Advisor and Acting Senior Director for Cybersecurity and Critical Infrastructure Policy, National Security Council in the Biden-Harris White House, to give us a brain dump.And now due to popular demand, with video of our actual human¹ faces! https://youtu.be/Pqw0W2crQiMT...2025-01-2157 minSecurity Cryptography WhateverQuantum Willow with John Schanck and Samuel JacquesTHE QUANTUM COMPUTERS ARE COMING...right? We got Samuel Jacques and John Schanck at short notice to answer that question plus a bunch of other about error correcting codes, logical qubits, T-gates, and more about Google's new quantum computer Willow.Transcript: https://securitycryptographywhatever.com/2024/12/18/quantum-willowLinks:- https://blog.google/technology/research/google-willow-quantum-chip/ - https://research.google/blog/making-quantum-error-correction-work/- https://blog.google/technology/google-deepmind/alphaqubit-quantum-error-correction/ - https://www.nature.com/articles/s41586-024-08449-y- Sam’s ‘Landscape of Quantum Computing’ chart: https://sam-jaques.appspot.com/quantum\_landscap...2024-12-1853 minSecurity Cryptography WhateverDual_EC_DRBG with Justin Schuh and Matthew GreenNothing we have ever recorded on SCW has brought so much joy toDavid. However, at several points during the episode, we may have witnessed Matthew Green's soul leave his body.Our esteemed guests Justin Schuh and Matt Green joined us to debate whether `Dual_EC_DRBG` was intentionally backdoored by the NSA or 'just' a major fuckup.Transcript: https://securitycryptographywhatever.com/2024/12/07/dual-ec-drbgLinks:- Dicky George at InfiltrateCon 2014, 'Life at Both Ends of the Barrel - An NSA Targeting Retrospective': [https://youtu.be/qq-LCyRp6bU?si=MyTBKomkIVaxSy1Q](https...2024-12-071h 07
Forward: Transport and Logistics Insurance podcastPort Strikes, Thefts and Other Risks in Global ShippingIn this podcast episode 🎙️ Gediminas Daukša and Thomas Ptacek discuss the recent port strike on the East Coast of the USA, its impact on the shippers, and how it overshadows broader risks such as cargo theft and cybersecurity threats. They emphasize the importance of proactive risk management and the need for innovative insurance solutions to address emerging challenges in the logistics sector.2024-10-1611 minSecurity Cryptography WhateverA Little Bit of Rust Goes a Long Way with Android's Jeff Vander StoepYou may not be rewriting the world in Rust, but if you follow the findings of the Android team and our guest Jeff Vander Stoep, you'll drive down your memory-unsafety vulnerabilities more than 2X below the industry average over time! 🎉Transcript: https://securitycryptographywhatever.com/2024/10/15/a-little-bit-of-rust-goes-a-long-way/Links:- https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html- “Safe Coding”: https://dl.acm.org/doi/10.1145/3651621- “effectiveness of security design”: https://docs.google.com/presentation/d/16LZ6T-tcjgp3T8_N3m0pa5kNA1DwIsuMcQYDhpMU7uU/edit#slide=id.g3e7cac054a_0_89- https://security.googleblog...2024-10-151h 13Security Cryptography WhateverCampaign Security with [REDACTED]With the 2024 United States Presidential Election right around the corner, we talk to an unnamed guest who has worked on cybersecurity for political campaigns in the United States since 2004. We recorded this in late August, 2024.Transcript: https://securitycryptographywhatever.com/2024/10/13/campaign-security/Links:- Active Measures by Thomas Rind: https://us.macmillan.com/books/9780374287269/activemeasures- Aurora: https://en.wikipedia.org/wiki/Operation\_Aurora- Google APP announcement, October 2017: https://www.wired.com/story/google-advanced-protection-locks-down-accounts/- XXD: https://linux.die.net/man/1/xxd- Adobe Reader October 2016 Security Update: https://helpx...2024-10-131h 23Security Cryptography WhateverTelegram with Matthew GreenWe finally have an excuse to tear down Telegram! Their CEO got arrested by the French, apparently not because the cryptography in Telegram is bad, but special guest Matt Green joined us to talk about how the cryptography is bad anyway, and you probably shouldn't use Telegram as a secure messenger of any kind!Transcript: https://securitycryptographywhatever.com/2024/09/06/telegramLinks:- https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/- Lavabit / Ladar Levinson: https://en.wikipedia.org/wiki/Lavabit- Pavel Durov indictment statement from French authorities: https://www.tribunal-de-paris.justice.fr/sites...2024-09-071h 04Security Cryptography WhateverSummertime SadnessAre you going to be in Vegas during BlackHat / DEF CON? We're hosting a mixer, sponsored by Observa! We have limited capacity, so please only register if you can actually come. Location details are in the confirmation email. Tickets will be released in batches, so if you get waitlisted, there's a good chance you still get in. Looking forward to seeing you in Vegas!Ticket Link: https://www.eventbrite.com/e/scwpod-vegas-2024-tickets-946939099337We talk about CrowdStrike in this episode, but we know we made some mistakes:The sys files may be code in...2024-07-2557 minSecurity Cryptography WhateverZero Day Markets with Mark DowdWe have Mark Dowd on, founder of Aziumuth Security and one of the authors of The Art of Software Security Assessment, to talk about the market for zero day vulnerabilities, and how mitigations affect monetizing offensive security work.Transcript: https://securitycryptographywhatever.com/2024/06/24/mdowd/Links:https://www.azimuthsecurity.com/https://www.vigilantlabs.com/https://github.com/mdowd79/presentations/blob/main/bluehat2023-mdowd-final.pdfhttps://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Hack-Different-Pwning-IOS-14-With-Generation-Z-Bug-wp.pdfhttps://i.blackhat.com/USA-19/Wednesday/us-19-Shwartz-Selling-0-Days-To-Governments-And-Offensive-Security-Companies.pdf"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf...2024-06-241h 25Security Cryptography WhateverekriykykTranscript: https://securitycryptographywhatever.com/2024/05/25/ekr/Links:- https://hovav.net/ucsd/dist/draft-shacham-tls-fasttrack-00.txt- https://crypto.stanford.edu/~dabo/pubs/papers/fasttrack.pdf- https://datatracker.ietf.org/doc/html/rfc8446- SoK: SCT Auditing in Certificate Transparency: https://arxiv.org/pdf/2203.01661- A hard look at Certificate Transparency, Part I: Transparency Systems: https://educatedguesswork.org/posts/transparency-part-1/- A hard look at Certificate Transparency: CT in Reality: https://educatedguesswork.org/posts/transparency-part-2/- E2EE on the web: is the web really that bad? https...2024-05-241h 48Security Cryptography WhateverSTIR/SHAKEN with Paul Grubbs and Josh BrownJosh Brown and Paul Grubbs join us to describe how those damned spam calls work, and how STIR/SHAKEN is supposed to try to stop them, but have other privacy and security implications as well. Transcript: https://securitycryptographywhatever.com/2024/04/30/stir-shaken/Links: - https://iacr.org/submit/files/slides/2024/rwc/rwc2024/98/slides.pdf- https://www.youtube.com/watch?v=3trxXF0-fRU- Paul Grubbs: https://web.eecs.umich.edu/~paulgrub/"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)2024-04-301h 01Security Cryptography WhateverCryptography Tier List(NSFW) Three AI-generated guests rank cryptography things into a tier list. Play along at home and make your own tier list: https://tiermaker.com/create/cryptography-15683166This episode is definitely not safe for work and definitely a parody. Do not base your decision in the 2024 election off of this podcast episode. No campaigns have endorsed this podcast."Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)2024-03-2319 minSecurity Cryptography WhateverPost-Quantum iMessage with Douglas StebilaApple iMessage is getting a big upgrade! Not only are they rolling out ratcheting, but they’re going post-quantum, AND they’re doing post-quantum ratcheting! Douglas Stebila joined us to talk about his security analysis of the new PQ3 protocol update and not indulge our wild Apple speculations:Transcript: https://securitycryptographywhatever.com/2024/03/03/post-quantum-imessage-with-douglas-stebila/Links:- https://security.apple.com/blog/imessage-pq3/- Security analysis of the iMessage PQ3 protocolhttps://security.apple.com/assets/files/A_Formal_Analysis_of_the_iMessage_PQ3_Messaging_Protocol_Basin_et_al.pdf- Ratcheting design: http...2024-03-0355 minSecurity Cryptography WhateverHigh-assurance Post-Quantum Crypto with Franziskus Kiefer and Karthik BhargavanWe welcome Franziskus and Karthik from Cryspen to discuss their new high-assurance implementation of ML-KEM (the final form of Kyber), discussing how formal methods can both help provide correctness guarantees, security assurances, and performance wins for your crypto code!Transcript: https://securitycryptographywhatever.com/2024/01/29/high-assurance-kyber/Links:- https://cryspen.com/post/ml-kem-implementation/- https://github.com/cryspen/libcrux/- https://github.com/formosa-crypto/libjade- https://cryspen.com/post/pqxdh/- https://eprint.iacr.org/2023/1933.pdf- Franziskus Kiefer: https://franziskuskiefer.de/- Karthik Bhargavan: https://bhargavan.info/2024-01-3056 minSecurity Cryptography WhateverEncrypting Facebook Messenger with Jon Millican and Timothy BuckFacebook Messenger has finally been end-to-end encrypted, a couple of years after Mark Zuckerberg announced it! Plus Instagram DMs are trialing ephemeral E2EE DMs too! We invited on Jon Millican and Timothy Buck from Meta to discuss this major cross-platform endeavor, and how David Bowie fits into their personal Labyrinth.Transcript: https://securitycryptographywhatever.com/2023/12/28/e2ee-fb-messenger/Links:- https://www.facebook.com/notes/2420600258234172- https://eprint.iacr.org/2022/1044.pdf- https://engineering.fb.com/2023/12/06/security/building-end-to-end-security-for-messenger/- https://www.theverge.com/2023/12/6/23991501/facebook-messenger-default-end-to-end-encryption-meta- https://www.threads.net/@jonmillican...2023-12-2859 minSecurity Cryptography WhateverAttacking Lattice-based Cryptography with Martin AlbrechtReturning champion Martin Albrecht joins us to help explain how we measure the security of lattice-based cryptosystems like Kyber and Dilithium against attackers. QRAM, BKZ, LLL, oh my!Transcript: https://securitycryptographywhatever.com/2023/11/13/lattice-attacks/Links:- https://pq-crystals.org/kyber/index.shtml- https://pq-crystals.org/dilithium/index.shtml- https://eprint.iacr.org/2019/930.pdf- https://en.wikipedia.org/wiki/Short_integer_solution_problem- Frodo: https://eprint.iacr.org/2016/659- https://csrc.nist.gov/CSRC/media/Events/third-pqc-standardization-conference/documents/accepted-papers/ribeiro-saber-pq-key-pqc2021.pdf- https://en.wikipedia...2023-11-1357 minSecurity Cryptography WhateverSignal's Post-Quantum PQXDH, Same-Origin Policy, E2EE in the Browser RevistedWe're back! Signal rolled out a protocol change to be post-quantum resilient! Someone was caught intercepting Jabber TLS via certificate transparency! Was the same-origin policy in web browers just a dirty hack all along? Plus secure message format formalisms, and even more beating of the dead horse that is E2EE in the browser.Transcript: https://securitycryptographywhatever.com/2023/11/07/PQXDH-etcLinks:- https://zfnd.org/so-you-want-to-build-an-end-to-end-encrypted-web-app/- https://github.com/superfly/macaroon- https://cryspen.com/post/pqxdh/- https://eprint.iacr.org/2023/1390.pdf"Security Cryptography Whatever" is...2023-11-071h 19Security Cryptography Whatever'Jerry Solinas deserves a raise' with Steve WeisWe explore how the NIST curve parameter seeds were generated, as best we can, with returning champion Steve Weis!“At the point where we find an intelligible English string that generates theNIST P-curve seeds, nobody serious is going to take the seed provenance concerns seriously anymore.”Transcript: https://securitycryptographywhatever.com/2023/10/12/the-nist-curvesLinks:- Steve’s post: https://saweis.net/posts/nist-curve-seed-origins.html- ANSI X9.62 ECDSA: https://safecurves.cr.yp.to/grouper.ieee.org/groups/1363/private/x9-62-09-20-98.pdf / FIPS 186-2 https://csrc.nist.gov/files...2023-10-1257 minSecurity Cryptography WhateverCruel Summer: hybrid signatures, Downfall, Zenbleed, 2G downgradesWe're back from our summer vacation! We're covering a bunch of stuff we saw and did:Transcript: https://securitycryptographywhatever.com/2023/09/13/cruel-summer/Links:- Zenbleed: https://lock.cmpxchg8b.com/zenbleed.html- Downfall: https://downfall.page- Post-quantum Yubikeys: https://security.googleblog.com/2023/08/toward-quantum-resilient-security-keys.html"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)2023-09-1358 min