Episode 10: Exploiting Authenticated Encryption Key Commitment!
Cryptography FM1 Joulu 2020

Episode 10: Exploiting Authenticated Encryption Key Commitment!

Authenticated encryption such as AES-GCM or ChaCha20-Poly1305 is used in a wide variety of applications, including potentially in settings for which it was not originally designed. A question given relatively little attention is whether an authenticated encryption scheme guarantees “key commitment”: the notion that ciphertext should decrypt to a valid plaintext only under the key that was used to generate the ciphertext.

In reality, however, protocols and applications do rely on key commitment. A new paper by engineers at Google, the University of Haifa and Amazon demonstrates three recent applications where missing key commitment is exploitable in practice. They construct AES-GCM ciphertext which can be decrypted to two plaintexts valid under a wide variety of file formats, such as PDF, Windows executables, and DICOM; and the results may shock you.

Links and papers discussed in the show:

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Ange Albertini and Stefan Kölbl.

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(24)

Episode 24: CryptoHack's Collection of Cryptic Conundrums!

Episode 24: CryptoHack's Collection of Cryptic Conundrums!

For several years, CryptoHack has been a free platform for learning modern cryptography through fun and challenging programming puzzles. From toy ciphers to post-quantum cryptography, CryptoHack has a...

27 Helmi 202349min

Episode 23: Psychic Signatures in Java!

Episode 23: Psychic Signatures in Java!

On April 19th 2022, Neil Madden disclosed a vulnerability in many popular Java runtimes and development kits. The vulnerability, dubbed "Psychic Signatures", lies in the cryptography for ECDSA signatu...

25 Tammi 202353min

Episode 22: Three Lessons from Threema: Breaking a Secure Messenger!

Episode 22: Three Lessons from Threema: Breaking a Secure Messenger!

Threema is a Swiss encrypted messaging application. It has more than 10 million users and more than 7000 on-premise customers. Prominent users of Threema include the Swiss Government and the Swiss Arm...

16 Tammi 202352min

Episode 21: Proving Fundamental Equivalencies in Isogeny Mathematics!

Episode 21: Proving Fundamental Equivalencies in Isogeny Mathematics!

Benjamin Wesolowski talks about his latest paper in which he mathematically proved that the two fundamental problems underlying isogeny-based cryptography are equivalent. Links and papers discussed i...

24 Elo 202146min

Episode 20: Cryptanalysis of GPRS: GEA-1 and GEA-2!

Episode 20: Cryptanalysis of GPRS: GEA-1 and GEA-2!

A team of cryptanalysits presents the first publicly available cryptanalytic attacks on the GEA-1 and GEA-2 algorithms. Instead of providing full 64-bit security, they show that the initial state of G...

20 Heinä 202142min

Episode 19: Cross-Protocol Attacks on TLS with ALPACA!

Episode 19: Cross-Protocol Attacks on TLS with ALPACA!

TLS is an internet standard to secure the communication between servers and clients on the internet, for example that of web servers, FTP servers, and Email servers. This is possible because TLS was d...

12 Heinä 202141min

Episode 18: Optimizing Cryptography for Microcontrollers!

Episode 18: Optimizing Cryptography for Microcontrollers!

Nadim talks with Peter Schwabe and Matthias Kannwischer about the considerations — both in terms of security and performance — when implementing cryptographic primitives for low-level and embedded pla...

23 Kesä 202136min

Episode 17: Breaking Wi-Fi With Frame Attacks!

Episode 17: Breaking Wi-Fi With Frame Attacks!

Wi-Fi is a pretty central technology to our daily lives, whether at home or at the office. Given that so much sensitive data is regularly exchanged between Wi-Fi devices, a number of standards have be...

1 Kesä 202135min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
rss-ootsa-kuullut-tasta
ootsa-kuullut-tasta-2
rss-vaalirankkurit-podcast
viisupodi
tervo-halme
otetaan-yhdet
rss-podme-livebox
rss-asiastudio
rss-pinnalla
the-ulkopolitist
et-sa-noin-voi-sanoo-esittaa
rss-girls-finish-f1rst
rss-ulkopoditiikkaa
linda-maria
rss-raha-talous-ja-politiikka
rss-50100-podcast
rss-toisten-taskuilla