{"version":"1.0.0","segments":[{"speaker":"Deirdre","startTime":13.125,"endTime":13.815,"body":"Hello."},{"speaker":"Deirdre","startTime":13.965,"endTime":16.365,"body":"Welcome to Security"},{"speaker":"Deirdre","startTime":13.965,"endTime":16.365,"body":"Cryptography, whatever."},{"speaker":"Deirdre","startTime":16.425,"endTime":17.235,"body":"I'm Deirdre."},{"speaker":"David","startTime":17.685,"endTime":18.465,"body":"I am David."},{"speaker":"Thomas","startTime":19.545,"endTime":19.825,"body":"I am..."},{"speaker":"Thomas","startTime":20.595,"endTime":21.135,"body":"Thomas?"},{"speaker":"Thomas","startTime":21.225,"endTime":22.035,"body":"I'm Thomas."},{"speaker":"Deirdre","startTime":22.215,"endTime":24.345,"body":"You, you,"},{"speaker":"Deirdre","startTime":22.215,"endTime":24.345,"body":"you're, you are Thomas,"},{"speaker":"David","startTime":24.495,"endTime":25.365,"body":"We sure hope."},{"speaker":"Thomas","startTime":26.175,"endTime":26.775,"body":"Pretty sure"},{"speaker":"Deirdre","startTime":27.195,"endTime":29.205,"body":"coming live"},{"speaker":"Deirdre","startTime":27.195,"endTime":29.205,"body":"from your new studio."},{"speaker":"Thomas","startTime":30.255,"endTime":31.335,"body":"it's, it is, it's true."},{"speaker":"Thomas","startTime":31.365,"endTime":32.385,"body":"I'm in my new place."},{"speaker":"Thomas","startTime":32.385,"endTime":33.045,"body":"I'm very happy."},{"speaker":"Deirdre","startTime":33.735,"endTime":34.095,"body":"Cool."},{"speaker":"Deirdre","startTime":34.605,"endTime":35.325,"body":"Uh, hi."},{"speaker":"Deirdre","startTime":35.355,"endTime":35.925,"body":"We're back."},{"speaker":"Deirdre","startTime":36.105,"endTime":38.625,"body":"Back from our summer vacation"},{"speaker":"Deirdre","startTime":36.105,"endTime":38.625,"body":"and we're gonna go tell you what"},{"speaker":"Deirdre","startTime":38.625,"endTime":40.155,"body":"we did on our summer vacation."},{"speaker":"Deirdre","startTime":40.515,"endTime":43.635,"body":"Uh, it involved things like"},{"speaker":"Deirdre","startTime":40.515,"endTime":43.635,"body":"Black Hat, and DEF CON, and"},{"speaker":"Deirdre","startTime":43.635,"endTime":45.435,"body":"CRYPTO, and other things."},{"speaker":"Deirdre","startTime":45.555,"endTime":49.065,"body":"So, uh, this is mostly"},{"speaker":"Deirdre","startTime":45.555,"endTime":49.065,"body":"us talking about all of"},{"speaker":"Deirdre","startTime":49.065,"endTime":51.435,"body":"those, and maybe some other"},{"speaker":"Deirdre","startTime":49.065,"endTime":51.435,"body":"stuff that caught our eye,"},{"speaker":"Deirdre","startTime":52.005,"endTime":53.535,"body":"uh, since we last spoke."},{"speaker":"Deirdre","startTime":53.565,"endTime":57.735,"body":"Things like PIxel attacks,"},{"speaker":"Deirdre","startTime":53.565,"endTime":57.735,"body":"why you should deprecate 2G,"},{"speaker":"Deirdre","startTime":58.005,"endTime":61.695,"body":"why you should write your,"},{"speaker":"Deirdre","startTime":58.005,"endTime":61.695,"body":"uh, your modem firmware in the"},{"speaker":"Deirdre","startTime":61.695,"endTime":66.612,"body":"memory-safe language, and why"},{"speaker":"Deirdre","startTime":61.695,"endTime":66.612,"body":"it's annoying to call everything"},{"speaker":"Deirdre","startTime":66.612,"endTime":70.542,"body":"that uses classical crypto and"},{"speaker":"Deirdre","startTime":66.612,"endTime":70.542,"body":"post quantum crypto 'hybrid',"},{"speaker":"Deirdre","startTime":70.95,"endTime":73.11,"body":"e, even if that means a"},{"speaker":"Deirdre","startTime":70.95,"endTime":73.11,"body":"different thing in every single"},{"speaker":"Deirdre","startTime":73.11,"endTime":74.13,"body":"setting that you use it in."},{"speaker":"Deirdre","startTime":74.13,"endTime":74.61,"body":"Anyway!"},{"speaker":"Deirdre","startTime":75.13,"endTime":78.34,"body":"So we went to Black Hat,"},{"speaker":"Deirdre","startTime":75.13,"endTime":78.34,"body":"and by we, I mean myself and"},{"speaker":"Deirdre","startTime":78.34,"endTime":81.7,"body":"David, what did you think"},{"speaker":"Deirdre","startTime":78.34,"endTime":81.7,"body":"of Black Hat this year?"},{"speaker":"Deirdre","startTime":81.7,"endTime":82.1,"body":"David?"},{"speaker":"David","startTime":82.615,"endTime":84.585,"body":"Mostly I"},{"speaker":"David","startTime":82.615,"endTime":84.585,"body":"just Mmissed Thomas"},{"speaker":"Deirdre","startTime":84.76,"endTime":85.05,"body":"yeah."},{"speaker":"Thomas","startTime":87.08,"endTime":87.55,"body":"you guys both"},{"speaker":"David","startTime":87.565,"endTime":91.195,"body":"is distinguished enough"},{"speaker":"David","startTime":87.565,"endTime":91.195,"body":"that, um, uh, he doesn't"},{"speaker":"David","startTime":91.195,"endTime":92.755,"body":"need to come to Black Hat."},{"speaker":"David","startTime":92.755,"endTime":94.045,"body":"People come to him instead."},{"speaker":"Deirdre","startTime":94.255,"endTime":94.795,"body":"Mm-hmm."},{"speaker":"Deirdre","startTime":95.335,"endTime":99.085,"body":"He almost lured us all to"},{"speaker":"Deirdre","startTime":95.335,"endTime":99.085,"body":"come to Chicago instead"},{"speaker":"Deirdre","startTime":99.085,"endTime":101.395,"body":"of Las Vegas in August."},{"speaker":"Thomas","startTime":101.56,"endTime":102.82,"body":"I have a"},{"speaker":"Thomas","startTime":101.56,"endTime":102.82,"body":"giant new front porch."},{"speaker":"Thomas","startTime":102.82,"endTime":103.96,"body":"We're gonna have"},{"speaker":"Thomas","startTime":102.82,"endTime":103.96,"body":"front porch con."},{"speaker":"Deirdre","startTime":104.695,"endTime":105.265,"body":"I think"},{"speaker":"Thomas","startTime":105.37,"endTime":107.2,"body":"just people will show"},{"speaker":"Thomas","startTime":105.37,"endTime":107.2,"body":"up and be on my front porch."},{"speaker":"Thomas","startTime":107.2,"endTime":107.57,"body":"It's gonna be great."},{"speaker":"David","startTime":107.665,"endTime":109.975,"body":"A good chunk of my"},{"speaker":"David","startTime":107.665,"endTime":109.975,"body":"Black Hat was spent doing"},{"speaker":"David","startTime":109.975,"endTime":114.595,"body":"Cabana Con, at one point"},{"speaker":"David","startTime":109.975,"endTime":114.595,"body":"showing up to the wrong cabana."},{"speaker":"David","startTime":114.595,"endTime":116.875,"body":"It's very easy to tell"},{"speaker":"David","startTime":114.595,"endTime":116.875,"body":"which cabana's associated"},{"speaker":"David","startTime":116.88,"endTime":117.835,"body":"with security people."},{"speaker":"David","startTime":118.135,"endTime":118.705,"body":"Um,"},{"speaker":"Deirdre","startTime":119.935,"endTime":124.315,"body":"Yeah, maybe, maybe"},{"speaker":"Deirdre","startTime":119.935,"endTime":124.315,"body":"next year it'll be Porch"},{"speaker":"Deirdre","startTime":124.375,"endTime":125.555,"body":"Con instead of Black Hat."},{"speaker":"Thomas","startTime":126.475,"endTime":128.635,"body":"You guys were suckers"},{"speaker":"Thomas","startTime":126.475,"endTime":128.635,"body":"and you guys both went to,"},{"speaker":"Thomas","startTime":128.635,"endTime":131.425,"body":"uh, disease con and, uh,"},{"speaker":"Deirdre","startTime":131.705,"endTime":132.885,"body":"Did not get a disease."},{"speaker":"David","startTime":133.015,"endTime":136.535,"body":"got sick because we wore"},{"speaker":"David","startTime":133.015,"endTime":136.535,"body":"masks in the situation so that"},{"speaker":"David","startTime":136.535,"endTime":137.855,"body":"it made sense to wear masks in."},{"speaker":"Deirdre","startTime":138.19,"endTime":140.74,"body":"I was also"},{"speaker":"Deirdre","startTime":138.19,"endTime":140.74,"body":"just not around a lot."},{"speaker":"Deirdre","startTime":140.77,"endTime":144.52,"body":"I was going to and fro"},{"speaker":"Deirdre","startTime":140.77,"endTime":144.52,"body":"a lot and, uh, but yeah."},{"speaker":"Deirdre","startTime":144.55,"endTime":147.22,"body":"I got, I got Covid"},{"speaker":"Deirdre","startTime":144.55,"endTime":147.22,"body":"last year at Vegas."},{"speaker":"Deirdre","startTime":147.28,"endTime":148.63,"body":"Uh, I did not get it this year."},{"speaker":"Deirdre","startTime":148.66,"endTime":149.2,"body":"Magic."},{"speaker":"Deirdre","startTime":149.77,"endTime":150.25,"body":"Magical."},{"speaker":"David","startTime":150.845,"endTime":153.325,"body":"Also, in early June,"},{"speaker":"David","startTime":150.845,"endTime":153.325,"body":"I made up a pre-existing"},{"speaker":"David","startTime":153.325,"endTime":155.155,"body":"condition and went and"},{"speaker":"David","startTime":153.325,"endTime":155.155,"body":"got another booster."},{"speaker":"Deirdre","startTime":155.215,"endTime":155.995,"body":"Oh, hell yeah."},{"speaker":"Deirdre","startTime":155.995,"endTime":156.925,"body":"You're smart."},{"speaker":"Deirdre","startTime":157.255,"endTime":159.775,"body":"I wanted that and well,"},{"speaker":"Deirdre","startTime":157.255,"endTime":159.775,"body":"I'm waiting for the new,"},{"speaker":"Deirdre","startTime":159.775,"endTime":161.275,"body":"new one, the updated one."},{"speaker":"Deirdre","startTime":161.305,"endTime":161.725,"body":"Anyway."},{"speaker":"Deirdre","startTime":162.255,"endTime":164.442,"body":"But yeah, we did not get"},{"speaker":"Deirdre","startTime":162.255,"endTime":164.442,"body":"diseased at Disease Con."},{"speaker":"Deirdre","startTime":164.472,"endTime":165.312,"body":"It was nice."},{"speaker":"Thomas","startTime":166.272,"endTime":168.012,"body":"My, my, the question"},{"speaker":"Thomas","startTime":166.272,"endTime":168.012,"body":"I was building towards"},{"speaker":"Thomas","startTime":168.012,"endTime":170.592,"body":"was, did you see any talks"},{"speaker":"Thomas","startTime":168.012,"endTime":170.592,"body":"that were worth seeing?"},{"speaker":"Deirdre","startTime":171.072,"endTime":173.382,"body":"I liked a couple"},{"speaker":"Deirdre","startTime":171.072,"endTime":173.382,"body":"of Black Hat talks."},{"speaker":"Deirdre","startTime":173.382,"endTime":179.289,"body":"So one of the headliners"},{"speaker":"Deirdre","startTime":173.382,"endTime":179.289,"body":"was yet another, processor"},{"speaker":"Deirdre","startTime":179.319,"endTime":183.732,"body":"micro architectural"},{"speaker":"Deirdre","startTime":179.319,"endTime":183.732,"body":"vulnerability, specific to Intel"},{"speaker":"Deirdre","startTime":183.737,"endTime":185.742,"body":"processors called Downfall."},{"speaker":"Thomas","startTime":185.922,"endTime":186.192,"body":"Okay."},{"speaker":"Thomas","startTime":186.192,"endTime":188.742,"body":"Before you go there,"},{"speaker":"Thomas","startTime":186.192,"endTime":188.742,"body":"before you go to Downfall,"},{"speaker":"Thomas","startTime":189.162,"endTime":191.922,"body":"I, because the, I have"},{"speaker":"Thomas","startTime":189.162,"endTime":191.922,"body":"the, I have the chronology"},{"speaker":"Thomas","startTime":191.922,"endTime":193.422,"body":"for this stuff vividly."},{"speaker":"Thomas","startTime":193.632,"endTime":195.702,"body":"This is all what we did on"},{"speaker":"Thomas","startTime":193.632,"endTime":195.702,"body":"our summer vacation, and I'm"},{"speaker":"Thomas","startTime":195.702,"endTime":196.992,"body":"gonna keep the chronology here."},{"speaker":"Thomas","startTime":197.202,"endTime":198.882,"body":"So there's, you're"},{"speaker":"Thomas","startTime":197.202,"endTime":198.882,"body":"talking about Downfall."},{"speaker":"Deirdre","startTime":199.477,"endTime":199.697,"body":"yes,"},{"speaker":"Thomas","startTime":199.797,"endTime":202.017,"body":"Downfall was,"},{"speaker":"Thomas","startTime":199.797,"endTime":202.017,"body":"it was like a, it was a"},{"speaker":"Thomas","startTime":202.017,"endTime":203.157,"body":"registered Black Hat talk."},{"speaker":"Thomas","startTime":203.157,"endTime":205.467,"body":"Like it was like the reviewers"},{"speaker":"Thomas","startTime":203.157,"endTime":205.467,"body":"reviewed it and all that."},{"speaker":"Thomas","startTime":205.527,"endTime":206.577,"body":"I think we knew it was coming."},{"speaker":"Thomas","startTime":206.577,"endTime":207.237,"body":"I think so."},{"speaker":"Thomas","startTime":207.237,"endTime":207.597,"body":"Right."},{"speaker":"Thomas","startTime":207.837,"endTime":211.107,"body":"Um, but that's Downfall"},{"speaker":"Thomas","startTime":207.837,"endTime":211.107,"body":"hits Intel processors."},{"speaker":"Thomas","startTime":211.617,"endTime":214.797,"body":"We have some Intel processors"},{"speaker":"Thomas","startTime":211.617,"endTime":214.797,"body":"where I work, but we have, um,"},{"speaker":"Thomas","startTime":214.977,"endTime":217.407,"body":"quite a few more AMD processors,"},{"speaker":"Thomas","startTime":217.677,"endTime":219.357,"body":"like most of our"},{"speaker":"Thomas","startTime":217.677,"endTime":219.357,"body":"fleet is AMD Epic."},{"speaker":"Thomas","startTime":220.352,"endTime":225.147,"body":"uh, because of what I think,"},{"speaker":"Thomas","startTime":220.352,"endTime":225.147,"body":"I'm not sure, but I think was"},{"speaker":"Thomas","startTime":225.147,"endTime":233.577,"body":"an embargo, snafu, um, Tavis"},{"speaker":"Thomas","startTime":225.147,"endTime":233.577,"body":"Ormandy found probably, I think"},{"speaker":"Thomas","startTime":233.847,"endTime":237.267,"body":"maybe credibly the all time"},{"speaker":"Thomas","startTime":233.847,"endTime":237.267,"body":"greatest microarchitecture—"},{"speaker":"Thomas","startTime":237.657,"endTime":240.027,"body":"it's certainly the, the,"},{"speaker":"Thomas","startTime":237.657,"endTime":240.027,"body":"in my opinion, the best"},{"speaker":"Thomas","startTime":240.032,"endTime":241.497,"body":"microarchitecture attack ever,"},{"speaker":"Deirdre","startTime":241.647,"endTime":241.857,"body":"Uh huh"},{"speaker":"Thomas","startTime":242.397,"endTime":245.197,"body":"on AMD hosts called,"},{"speaker":"Thomas","startTime":242.397,"endTime":245.197,"body":"they called it Zenbleed"},{"speaker":"Thomas","startTime":245.222,"endTime":247.527,"body":"for the Zen architecture,"},{"speaker":"Thomas","startTime":245.222,"endTime":247.527,"body":"which of course happens to"},{"speaker":"Thomas","startTime":247.527,"endTime":248.937,"body":"be most of my server fleet."},{"speaker":"Thomas","startTime":249.237,"endTime":253.722,"body":"Um, So this is like, I"},{"speaker":"Thomas","startTime":249.237,"endTime":253.722,"body":"think like two weeks before,"},{"speaker":"Thomas","startTime":253.992,"endTime":256.182,"body":"uh, the Downfall thing"},{"speaker":"Thomas","startTime":253.992,"endTime":256.182,"body":"came out at Black Hat or"},{"speaker":"Thomas","startTime":256.182,"endTime":257.802,"body":"whatever, there's Zenbleed."},{"speaker":"Thomas","startTime":257.802,"endTime":259.632,"body":"And Zenbleed was amazing."},{"speaker":"Thomas","startTime":259.842,"endTime":261.642,"body":"So you, you've got"},{"speaker":"Thomas","startTime":259.842,"endTime":261.642,"body":"the Downfall thing."},{"speaker":"Thomas","startTime":261.642,"endTime":263.142,"body":"We should, we should talk"},{"speaker":"Thomas","startTime":261.642,"endTime":263.142,"body":"about Downfall, although,"},{"speaker":"Thomas","startTime":263.142,"endTime":265.932,"body":"like, I, I sort of barely"},{"speaker":"Thomas","startTime":263.142,"endTime":265.932,"body":"understand Downfall."},{"speaker":"Thomas","startTime":265.937,"endTime":269.827,"body":"Um, but Zenbleed ed is, is"},{"speaker":"Thomas","startTime":265.937,"endTime":269.827,"body":"Zenbleed is freaking awesome"},{"speaker":"Thomas","startTime":269.887,"endTime":271.777,"body":"and also horrible, but"},{"speaker":"Deirdre","startTime":271.927,"endTime":272.137,"body":"Yeah."},{"speaker":"Deirdre","startTime":273.007,"endTime":275.197,"body":"Alright, we're gonna cover"},{"speaker":"Deirdre","startTime":273.007,"endTime":275.197,"body":"Downfall really quick"},{"speaker":"Deirdre","startTime":275.227,"endTime":277.687,"body":"because I think Zenbleed is"},{"speaker":"Deirdre","startTime":275.227,"endTime":277.687,"body":"probably more interesting."},{"speaker":"Deirdre","startTime":277.692,"endTime":280.24,"body":"Um, Downfall is basically"},{"speaker":"Deirdre","startTime":277.692,"endTime":280.24,"body":"on Intel processors."},{"speaker":"Deirdre","startTime":280.24,"endTime":283.087,"body":"They have these gather"},{"speaker":"Deirdre","startTime":280.24,"endTime":283.087,"body":"instructions, and when"},{"speaker":"Deirdre","startTime":283.087,"endTime":286.072,"body":"they're, it's, it reminds"},{"speaker":"Deirdre","startTime":283.087,"endTime":286.072,"body":"me a lot of like garbage"},{"speaker":"Deirdre","startTime":286.072,"endTime":290.512,"body":"collection, but like speculative"},{"speaker":"Deirdre","startTime":286.072,"endTime":290.512,"body":"execution, garbage collection."},{"speaker":"Deirdre","startTime":290.512,"endTime":294.442,"body":"So like you did some speculative"},{"speaker":"Deirdre","startTime":290.512,"endTime":294.442,"body":"execution and then the"},{"speaker":"Deirdre","startTime":294.442,"endTime":297.862,"body":"processor under the hood is"},{"speaker":"Deirdre","startTime":294.442,"endTime":297.862,"body":"giving itself an instruction"},{"speaker":"Deirdre","startTime":297.862,"endTime":301.672,"body":"to like clean up some shit"},{"speaker":"Deirdre","startTime":297.862,"endTime":301.672,"body":"it allocated on registers"},{"speaker":"Deirdre","startTime":301.882,"endTime":303.832,"body":"that it needs to get rid of."},{"speaker":"Deirdre","startTime":304.222,"endTime":308.659,"body":"And it turns out that you can"},{"speaker":"Deirdre","startTime":304.222,"endTime":308.659,"body":"run like a co-thread, uh, or"},{"speaker":"Deirdre","startTime":308.659,"endTime":312.589,"body":"hyper thread on one of these"},{"speaker":"Deirdre","startTime":308.659,"endTime":312.589,"body":"cores, and you can maliciously"},{"speaker":"Deirdre","startTime":312.589,"endTime":317.509,"body":"leak information based on what"},{"speaker":"Deirdre","startTime":312.589,"endTime":317.509,"body":"is being gathered up by the sort"},{"speaker":"Deirdre","startTime":317.509,"endTime":320.869,"body":"of cleanup instruction, that"},{"speaker":"Deirdre","startTime":317.509,"endTime":320.869,"body":"is only on Intel processors,"},{"speaker":"Deirdre","startTime":320.874,"endTime":323.089,"body":"that's only used for its"},{"speaker":"Deirdre","startTime":320.874,"endTime":323.089,"body":"vector instructions, it's"},{"speaker":"Deirdre","startTime":323.089,"endTime":327.989,"body":"SIMD instructions, but also"},{"speaker":"Deirdre","startTime":323.089,"endTime":327.989,"body":"for its AES-NI and SHA-NI"},{"speaker":"Deirdre","startTime":328.009,"endTime":329.869,"body":"instruction sets, which."},{"speaker":"Deirdre","startTime":330.184,"endTime":333.694,"body":"Yes, those are, it's"},{"speaker":"Deirdre","startTime":330.184,"endTime":333.694,"body":"like built in supposedly."},{"speaker":"Deirdre","startTime":333.934,"endTime":334.504,"body":"I don't know."},{"speaker":"Deirdre","startTime":334.774,"endTime":338.314,"body":"I think most people think those"},{"speaker":"Deirdre","startTime":334.774,"endTime":338.314,"body":"AES-NI instructions are constant"},{"speaker":"Deirdre","startTime":338.319,"endTime":340.804,"body":"time and not very leaky."},{"speaker":"Deirdre","startTime":340.924,"endTime":343.774,"body":"Turns out they are"},{"speaker":"Deirdre","startTime":340.924,"endTime":343.774,"body":"leaky on intel."},{"speaker":"Deirdre","startTime":344.134,"endTime":346.564,"body":"Um, they released"},{"speaker":"Deirdre","startTime":344.134,"endTime":346.564,"body":"some micro patches."},{"speaker":"Deirdre","startTime":346.864,"endTime":347.854,"body":"It's only Intel."},{"speaker":"Deirdre","startTime":348.492,"endTime":352.722,"body":"it's annoying if you have"},{"speaker":"Deirdre","startTime":348.492,"endTime":352.722,"body":"any like super optimized like"},{"speaker":"Deirdre","startTime":352.722,"endTime":356.892,"body":"targeting backends, finite field"},{"speaker":"Deirdre","startTime":352.722,"endTime":356.892,"body":"arithmetic implementations that"},{"speaker":"Deirdre","startTime":356.892,"endTime":359.802,"body":"will like, be really fucking"},{"speaker":"Deirdre","startTime":356.892,"endTime":359.802,"body":"fast on Intel with vector"},{"speaker":"Deirdre","startTime":359.802,"endTime":362.322,"body":"instructions or, you know,"},{"speaker":"Deirdre","startTime":359.802,"endTime":362.322,"body":"some weird intrinsics you have."},{"speaker":"Deirdre","startTime":362.772,"endTime":364.122,"body":"You might have to"},{"speaker":"Deirdre","startTime":362.772,"endTime":364.122,"body":"be careful about it."},{"speaker":"Deirdre","startTime":364.127,"endTime":366.702,"body":"If you're a cloud provider,"},{"speaker":"Deirdre","startTime":364.127,"endTime":366.702,"body":"you turn off hyperthreading"},{"speaker":"Deirdre","startTime":366.732,"endTime":369.222,"body":"or you turn off if you have"},{"speaker":"Deirdre","startTime":366.732,"endTime":369.222,"body":"a VM provider, you turn"},{"speaker":"Deirdre","startTime":369.222,"endTime":372.132,"body":"off that sort of stuff if"},{"speaker":"Deirdre","startTime":369.222,"endTime":372.132,"body":"you have Intel processors."},{"speaker":"Deirdre","startTime":372.912,"endTime":373.452,"body":"But that's it?"},{"speaker":"Thomas","startTime":374.267,"endTime":376.547,"body":"So I'm, I'm gonna say"},{"speaker":"Thomas","startTime":374.267,"endTime":376.547,"body":"this just so somebody can,"},{"speaker":"Thomas","startTime":376.577,"endTime":378.797,"body":"after they eventually hear"},{"speaker":"Thomas","startTime":376.577,"endTime":378.797,"body":"this, can correct me about"},{"speaker":"Thomas","startTime":378.797,"endTime":379.967,"body":"this or set me straight."},{"speaker":"Thomas","startTime":379.967,"endTime":383.747,"body":"But like, one thing about"},{"speaker":"Thomas","startTime":379.967,"endTime":383.747,"body":"this is, um, Zenbleed was"},{"speaker":"Thomas","startTime":383.747,"endTime":386.897,"body":"released like I think maybe"},{"speaker":"Thomas","startTime":383.747,"endTime":386.897,"body":"by accident a couple weeks"},{"speaker":"Thomas","startTime":386.902,"endTime":390.509,"body":"before, Downfall was published"},{"speaker":"Thomas","startTime":386.902,"endTime":390.509,"body":"and both of them were, were"},{"speaker":"Thomas","startTime":390.509,"endTime":393.119,"body":"released with exploit code or"},{"speaker":"Thomas","startTime":390.509,"endTime":393.119,"body":"with proof of concept code or"},{"speaker":"Thomas","startTime":393.119,"endTime":393.869,"body":"whatever you wanna call it."},{"speaker":"Thomas","startTime":393.869,"endTime":394.199,"body":"Right."},{"speaker":"Thomas","startTime":394.439,"endTime":396.379,"body":"Um, well in Zenbleed's"},{"speaker":"Thomas","startTime":394.439,"endTime":396.379,"body":"case, let's properly call"},{"speaker":"Thomas","startTime":396.379,"endTime":398.714,"body":"it exploit code, 'cause it"},{"speaker":"Thomas","startTime":396.379,"endTime":398.714,"body":"was exploit code, right?"},{"speaker":"Thomas","startTime":398.924,"endTime":400.754,"body":"Um, it, it really worked."},{"speaker":"Thomas","startTime":400.784,"endTime":403.304,"body":"He just ran the Zenbleed ex,"},{"speaker":"Thomas","startTime":400.784,"endTime":403.304,"body":"you know, the, the ze bleed,"},{"speaker":"Thomas","startTime":403.304,"endTime":407.024,"body":"exploit exploit thing and"},{"speaker":"Thomas","startTime":403.304,"endTime":407.024,"body":"everything that was hitting"},{"speaker":"Thomas","startTime":407.024,"endTime":410.49,"body":"strlen or strcopy anywhere in"},{"speaker":"Thomas","startTime":407.024,"endTime":410.49,"body":"your system, was showing up"},{"speaker":"Thomas","startTime":410.49,"endTime":412.29,"body":"just in text on your screen."},{"speaker":"Thomas","startTime":412.29,"endTime":412.77,"body":"Right?"},{"speaker":"Thomas","startTime":412.8,"endTime":417.825,"body":"So Downfall also had, proof of"},{"speaker":"Thomas","startTime":412.8,"endTime":417.825,"body":"concept code, but all of the"},{"speaker":"Thomas","startTime":417.825,"endTime":420.165,"body":"code that I read and in the"},{"speaker":"Thomas","startTime":417.825,"endTime":420.165,"body":"paper they make reference to"},{"speaker":"Thomas","startTime":420.165,"endTime":424.515,"body":"this, relies on pteditor, which"},{"speaker":"Thomas","startTime":420.165,"endTime":424.515,"body":"is like a kernel module, um,"},{"speaker":"Thomas","startTime":424.815,"endTime":426.585,"body":"which you would not be running."},{"speaker":"Deirdre","startTime":427.53,"endTime":427.62,"body":"Right."},{"speaker":"Deirdre","startTime":427.71,"endTime":428.1,"body":"Okay."},{"speaker":"Deirdre","startTime":428.66,"endTime":428.78,"body":"Hmm."},{"speaker":"Thomas","startTime":429.165,"endTime":432.345,"body":"So I, I'm not totally"},{"speaker":"Thomas","startTime":429.165,"endTime":432.345,"body":"clear on which— I assume that"},{"speaker":"Thomas","startTime":432.35,"endTime":434.565,"body":"this is just to set up the"},{"speaker":"Thomas","startTime":432.35,"endTime":434.565,"body":"test environment and make"},{"speaker":"Thomas","startTime":434.565,"endTime":435.555,"body":"things, you know, obvious."},{"speaker":"Thomas","startTime":435.555,"endTime":437.715,"body":"But like they, they"},{"speaker":"Thomas","startTime":435.555,"endTime":437.715,"body":"released a proof of"},{"speaker":"Thomas","startTime":437.715,"endTime":440.745,"body":"concept thing that involved"},{"speaker":"Thomas","startTime":437.715,"endTime":440.745,"body":"installing a kernel module."},{"speaker":"Thomas","startTime":441.075,"endTime":444.015,"body":"Um, Which is like, okay,"},{"speaker":"Thomas","startTime":441.075,"endTime":444.015,"body":"I'm just not gonna install"},{"speaker":"Thomas","startTime":444.015,"endTime":446.475,"body":"that kernel module, which"},{"speaker":"Thomas","startTime":444.015,"endTime":446.475,"body":"obviously that's not like"},{"speaker":"Thomas","startTime":446.475,"endTime":447.405,"body":"the whole attack, right?"},{"speaker":"Thomas","startTime":447.405,"endTime":449.699,"body":"But like, I don't"},{"speaker":"Thomas","startTime":447.405,"endTime":449.699,"body":"fully understand, how"},{"speaker":"Thomas","startTime":449.699,"endTime":451.019,"body":"exploitable Downfall was?"},{"speaker":"Thomas","startTime":451.199,"endTime":455.099,"body":"In particular, just how"},{"speaker":"Thomas","startTime":451.199,"endTime":455.099,"body":"situational Downfall was?"},{"speaker":"Thomas","startTime":455.332,"endTime":458.212,"body":"So like if you, if you read"},{"speaker":"Thomas","startTime":455.332,"endTime":458.212,"body":"the Downfall paper, they talk"},{"speaker":"Thomas","startTime":458.217,"endTime":461.212,"body":"about like finding gadgets in"},{"speaker":"Thomas","startTime":458.217,"endTime":461.212,"body":"the kernel, which is like a,"},{"speaker":"Thomas","startTime":461.212,"endTime":464.872,"body":"a classic like Spectre type"},{"speaker":"Thomas","startTime":461.212,"endTime":464.872,"body":"specx thing where like, um,"},{"speaker":"Thomas","startTime":465.247,"endTime":467.767,"body":"You know, there are particular"},{"speaker":"Thomas","startTime":465.247,"endTime":467.767,"body":"places in the kernel where"},{"speaker":"Thomas","startTime":467.767,"endTime":469.927,"body":"you can, you know, pick"},{"speaker":"Thomas","startTime":467.767,"endTime":469.927,"body":"up leaked data from right?"},{"speaker":"Thomas","startTime":469.927,"endTime":471.967,"body":"Because of, you know,"},{"speaker":"Thomas","startTime":469.927,"endTime":471.967,"body":"vulnerability to"},{"speaker":"Thomas","startTime":472.027,"endTime":473.647,"body":"speculative ex execution."},{"speaker":"Thomas","startTime":473.797,"endTime":478.07,"body":"It, it seemed to me, reading the"},{"speaker":"Thomas","startTime":473.797,"endTime":478.07,"body":"Downfall paper, that Downfall"},{"speaker":"Thomas","startTime":478.07,"endTime":480.02,"body":"kind of followed the same"},{"speaker":"Thomas","startTime":478.07,"endTime":480.02,"body":"pattern, like you'd need to"},{"speaker":"Thomas","startTime":480.02,"endTime":481.25,"body":"know what you were targeting."},{"speaker":"Thomas","startTime":481.58,"endTime":482.15,"body":"Um, and"},{"speaker":"Thomas","startTime":482.15,"endTime":484.49,"body":"again, Zenbleed, you just"},{"speaker":"Thomas","startTime":482.15,"endTime":484.49,"body":"ran Zenbleed and you can"},{"speaker":"Thomas","startTime":484.49,"endTime":485.45,"body":"see passwords on the screen."},{"speaker":"Deirdre","startTime":485.87,"endTime":487.82,"body":"Yeah, Downfall, you"},{"speaker":"Deirdre","startTime":485.87,"endTime":487.82,"body":"definitely have to target a"},{"speaker":"Deirdre","startTime":487.82,"endTime":493.22,"body":"victim process or thread, and"},{"speaker":"Deirdre","startTime":487.82,"endTime":493.22,"body":"you want to try to be co-located"},{"speaker":"Deirdre","startTime":493.22,"endTime":496.55,"body":"or, you know, co hyper-threaded"},{"speaker":"Deirdre","startTime":493.22,"endTime":496.55,"body":"on the same core to try and"},{"speaker":"Deirdre","startTime":496.555,"endTime":500.45,"body":"get the leaked stuff from your"},{"speaker":"Deirdre","startTime":496.555,"endTime":500.45,"body":"victim co-thread, basically."},{"speaker":"Deirdre","startTime":500.789,"endTime":504.504,"body":"yeah, you need to know, you have"},{"speaker":"Deirdre","startTime":500.789,"endTime":504.504,"body":"to target something specifically"},{"speaker":"Deirdre","startTime":504.504,"endTime":507.384,"body":"to get some bang for your buck"},{"speaker":"Deirdre","startTime":504.504,"endTime":507.384,"body":"as far as I understand it."},{"speaker":"Deirdre","startTime":507.714,"endTime":509.364,"body":"So yeah, Zenbleed"},{"speaker":"Deirdre","startTime":507.714,"endTime":509.364,"body":"sounds a lot worse."},{"speaker":"David","startTime":509.564,"endTime":516.927,"body":"Zenbleed is leaking a"},{"speaker":"David","startTime":509.564,"endTime":516.927,"body":"wide register, whereas Spectre"},{"speaker":"David","startTime":516.947,"endTime":521.607,"body":"and Meltdown, and I think"},{"speaker":"David","startTime":516.947,"endTime":521.607,"body":"Downfall are leaking like bytes"},{"speaker":"David","startTime":521.627,"endTime":523.577,"body":"in memory sometimes, right?"},{"speaker":"David","startTime":523.577,"endTime":524.237,"body":"Like, like"},{"speaker":"Deirdre","startTime":524.612,"endTime":526.382,"body":"I don't even know"},{"speaker":"Deirdre","startTime":524.612,"endTime":526.382,"body":"if they're leaking in memory."},{"speaker":"Deirdre","startTime":526.382,"endTime":528.752,"body":"I think they might be"},{"speaker":"Deirdre","startTime":526.382,"endTime":528.752,"body":"leaking in registers on the"},{"speaker":"Thomas","startTime":528.852,"endTime":529.712,"body":"For, for ble?"},{"speaker":"Thomas","startTime":529.712,"endTime":529.912,"body":"Yes."},{"speaker":"Thomas","startTime":529.942,"endTime":532.442,"body":"It's directly off of"},{"speaker":"Thomas","startTime":529.942,"endTime":532.442,"body":"the registers, so."},{"speaker":"David","startTime":532.487,"endTime":532.727,"body":"Yeah."},{"speaker":"David","startTime":532.727,"endTime":535.697,"body":"But, but for like Spectre and"},{"speaker":"David","startTime":532.727,"endTime":535.697,"body":"Meltdown, you're effectively"},{"speaker":"David","startTime":535.997,"endTime":539.927,"body":"leaking, like from memory and,"},{"speaker":"David","startTime":535.997,"endTime":539.927,"body":"and Downfall, is, is Downfall"},{"speaker":"David","startTime":539.927,"endTime":541.337,"body":"a register or is it memory?"},{"speaker":"Thomas","startTime":542.177,"endTime":542.357,"body":"No."},{"speaker":"Thomas","startTime":542.357,"endTime":543.737,"body":"My understanding is"},{"speaker":"Thomas","startTime":542.357,"endTime":543.737,"body":"that Downfall, if the"},{"speaker":"Thomas","startTime":543.737,"endTime":547.607,"body":"gather instructions in"},{"speaker":"Thomas","startTime":543.737,"endTime":547.607,"body":"the, like the micro ops"},{"speaker":"Thomas","startTime":547.607,"endTime":548.597,"body":"that implement, gather,"},{"speaker":"Thomas","startTime":548.597,"endTime":550.822,"body":"or however gather is implemented"},{"speaker":"Thomas","startTime":548.597,"endTime":550.822,"body":"under the hood of the"},{"speaker":"Thomas","startTime":550.822,"endTime":554.627,"body":"microarchitecture, that what's"},{"speaker":"Thomas","startTime":550.822,"endTime":554.627,"body":"happening is the CPU um, uses"},{"speaker":"Thomas","startTime":554.627,"endTime":556.775,"body":"like a temporary buffer, so"},{"speaker":"Thomas","startTime":554.627,"endTime":556.775,"body":"what you're doing is you're"},{"speaker":"Thomas","startTime":556.775,"endTime":559.025,"body":"doing like a non-contiguous"},{"speaker":"Thomas","startTime":556.775,"endTime":559.025,"body":"read, so you're like picking"},{"speaker":"Thomas","startTime":559.025,"endTime":561.545,"body":"up bytes from random places"},{"speaker":"Thomas","startTime":559.025,"endTime":561.545,"body":"in memory or, or whatever,"},{"speaker":"Thomas","startTime":561.545,"endTime":563.975,"body":"right, and then assembling"},{"speaker":"Thomas","startTime":561.545,"endTime":563.975,"body":"them into a single read."},{"speaker":"Thomas","startTime":564.155,"endTime":566.885,"body":"The CPU is allocating a buffer"},{"speaker":"Thomas","startTime":564.155,"endTime":566.885,"body":"to do that, and that buffer is"},{"speaker":"Thomas","startTime":566.885,"endTime":568.385,"body":"aliasable, is my understanding."},{"speaker":"Thomas","startTime":568.685,"endTime":571.205,"body":"Um, so I'm, I'm, I'm"},{"speaker":"Thomas","startTime":568.685,"endTime":571.205,"body":"really fuzzy on Downfall."},{"speaker":"Thomas","startTime":571.205,"endTime":573.575,"body":"So again, somebody just calling"},{"speaker":"Thomas","startTime":571.205,"endTime":573.575,"body":"me an idiot online and tell"},{"speaker":"Thomas","startTime":573.575,"endTime":575.105,"body":"me what the, what the right"},{"speaker":"Thomas","startTime":573.575,"endTime":575.105,"body":"way to think of this is."},{"speaker":"Thomas","startTime":575.285,"endTime":576.755,"body":"But that's, that, that's"},{"speaker":"Thomas","startTime":575.285,"endTime":576.755,"body":"what I understand to"},{"speaker":"Thomas","startTime":576.755,"endTime":577.595,"body":"be happening, right?"},{"speaker":"Thomas","startTime":577.595,"endTime":577.745,"body":"Is"},{"speaker":"David","startTime":577.89,"endTime":578.31,"body":"Mm-hmm."},{"speaker":"Thomas","startTime":578.545,"endTime":580.865,"body":"the, the leak here is"},{"speaker":"Thomas","startTime":578.545,"endTime":580.865,"body":"in a temporal buffer that's"},{"speaker":"Thomas","startTime":580.865,"endTime":584.08,"body":"being used, to kind of add up"},{"speaker":"Thomas","startTime":580.865,"endTime":584.08,"body":"the bytes that you're trying"},{"speaker":"Thomas","startTime":584.08,"endTime":585.08,"body":"to read, non-contiguously."},{"speaker":"Deirdre","startTime":585.405,"endTime":585.705,"body":"Yeah,"},{"speaker":"Thomas","startTime":586.6,"endTime":587.89,"body":"Ze is hilarious."},{"speaker":"David","startTime":588.33,"endTime":591.51,"body":"well this is act, I"},{"speaker":"David","startTime":588.33,"endTime":591.51,"body":"think, somewhat counterintuitive"},{"speaker":"David","startTime":591.51,"endTime":594.15,"body":"then, but like, I think like"},{"speaker":"David","startTime":591.51,"endTime":594.15,"body":"leaking a register is just"},{"speaker":"David","startTime":594.15,"endTime":595.8,"body":"way worse than leaking memory."},{"speaker":"David","startTime":596.514,"endTime":598.584,"body":"At least if it's"},{"speaker":"David","startTime":596.514,"endTime":598.584,"body":"like a big register."},{"speaker":"David","startTime":598.614,"endTime":598.854,"body":"Right?"},{"speaker":"David","startTime":598.854,"endTime":599.124,"body":"Right."},{"speaker":"David","startTime":599.124,"endTime":601.704,"body":"Because like everything is"},{"speaker":"David","startTime":599.124,"endTime":601.704,"body":"going through that's, you"},{"speaker":"David","startTime":601.704,"endTime":603.804,"body":"don't have to like find stuff."},{"speaker":"David","startTime":604.074,"endTime":607.164,"body":"Whereas in with like Spectre"},{"speaker":"David","startTime":604.074,"endTime":607.164,"body":"and Meltdown, you have, you"},{"speaker":"David","startTime":607.164,"endTime":610.494,"body":"do this whole process to"},{"speaker":"David","startTime":607.164,"endTime":610.494,"body":"like find specific parts of"},{"speaker":"David","startTime":610.494,"endTime":611.994,"body":"memory and recombine things."},{"speaker":"David","startTime":611.994,"endTime":616.914,"body":"Whereas like if you leak a"},{"speaker":"David","startTime":611.994,"endTime":616.914,"body":"a 24 byte register, that's"},{"speaker":"David","startTime":616.914,"endTime":620.334,"body":"like, um, always has,"},{"speaker":"David","startTime":616.914,"endTime":620.334,"body":"that's primarily used for"},{"speaker":"David","startTime":620.334,"endTime":622.674,"body":"like comparing contiguous"},{"speaker":"David","startTime":620.334,"endTime":622.674,"body":"bits of chunks of memory."},{"speaker":"David","startTime":622.674,"endTime":623.734,"body":"Like yeah, you're"},{"speaker":"David","startTime":622.674,"endTime":623.734,"body":"just gonna get."},{"speaker":"David","startTime":624.534,"endTime":627.864,"body":"Useful stuff for free, whereas"},{"speaker":"David","startTime":624.534,"endTime":627.864,"body":"you had to put effort in"},{"speaker":"Thomas","startTime":629.049,"endTime":629.289,"body":"So"},{"speaker":"David","startTime":629.574,"endTime":629.864,"body":"this."},{"speaker":"Thomas","startTime":630.399,"endTime":633.009,"body":"Ze Bleeded is,"},{"speaker":"Thomas","startTime":630.399,"endTime":633.009,"body":"yeah, Ze Bleeded is a, is a"},{"speaker":"Thomas","startTime":633.009,"endTime":634.939,"body":"register file use-after-free."},{"speaker":"Thomas","startTime":635.289,"endTime":636.909,"body":"Like literally"},{"speaker":"Thomas","startTime":635.289,"endTime":636.909,"body":"that's what it is."},{"speaker":"Thomas","startTime":636.999,"endTime":639.622,"body":"So You know, if, if we're"},{"speaker":"Thomas","startTime":636.999,"endTime":639.622,"body":"thinking in terms of writing"},{"speaker":"Thomas","startTime":639.622,"endTime":641.842,"body":"assembly instructions, there's"},{"speaker":"Thomas","startTime":639.622,"endTime":641.842,"body":"no such thing as freeing, right?"},{"speaker":"Thomas","startTime":642.082,"endTime":644.212,"body":"The the analogous thing that"},{"speaker":"Thomas","startTime":642.082,"endTime":644.212,"body":"we're doing with registers"},{"speaker":"Thomas","startTime":644.212,"endTime":646.612,"body":"is clearing them, like"},{"speaker":"Thomas","startTime":644.212,"endTime":646.612,"body":"we're writing zeros to them."},{"speaker":"Thomas","startTime":646.912,"endTime":649.762,"body":"And so like the, the"},{"speaker":"Thomas","startTime":646.912,"endTime":649.762,"body":"'freeing' here is, um, as an"},{"speaker":"Thomas","startTime":649.762,"endTime":653.482,"body":"optimization, when you zero"},{"speaker":"Thomas","startTime":649.762,"endTime":653.482,"body":"out a range of registers,"},{"speaker":"Thomas","startTime":653.725,"endTime":656.515,"body":"the architecture, like the"},{"speaker":"Thomas","startTime":653.725,"endTime":656.515,"body":"AMD architecture will set a"},{"speaker":"Thomas","startTime":656.515,"endTime":659.565,"body":"flag, saying these registers"},{"speaker":"Thomas","startTime":656.515,"endTime":659.565,"body":"are, are now zeroed out."},{"speaker":"Thomas","startTime":659.565,"endTime":661.035,"body":"They've been freed, right?"},{"speaker":"Thomas","startTime":661.065,"endTime":662.625,"body":"Which means that something"},{"speaker":"Thomas","startTime":661.065,"endTime":662.625,"body":"else can just write to"},{"speaker":"Thomas","startTime":662.625,"endTime":664.965,"body":"them because, you know, the"},{"speaker":"Thomas","startTime":662.625,"endTime":664.965,"body":"architecture's just gonna"},{"speaker":"Thomas","startTime":664.965,"endTime":666.525,"body":"assume from that point on"},{"speaker":"Thomas","startTime":664.965,"endTime":666.525,"body":"that whatever's there, it"},{"speaker":"Thomas","startTime":666.525,"endTime":667.545,"body":"might as well have been zeros."},{"speaker":"Thomas","startTime":667.545,"endTime":667.905,"body":"Right?"},{"speaker":"Thomas","startTime":668.055,"endTime":669.625,"body":"So, the registers are freed."},{"speaker":"Thomas","startTime":669.625,"endTime":670.915,"body":"They get used somewhere else."},{"speaker":"Thomas","startTime":670.915,"endTime":673.915,"body":"Something else aliases that,"},{"speaker":"Thomas","startTime":670.915,"endTime":673.915,"body":"that those same underlying"},{"speaker":"Thomas","startTime":673.915,"endTime":676.525,"body":"physical registers to,"},{"speaker":"Thomas","startTime":673.915,"endTime":676.525,"body":"you know, some logical"},{"speaker":"Thomas","startTime":676.525,"endTime":677.305,"body":"register somewhere, right?"},{"speaker":"Thomas","startTime":677.305,"endTime":679.295,"body":"They get written to just"},{"speaker":"Thomas","startTime":677.305,"endTime":679.295,"body":"like any use-after-free"},{"speaker":"Thomas","startTime":679.315,"endTime":680.095,"body":"attack, right?"},{"speaker":"Thomas","startTime":680.185,"endTime":683.245,"body":"But the thing that freed them"},{"speaker":"Thomas","startTime":680.185,"endTime":683.245,"body":"was executed speculatively."},{"speaker":"Thomas","startTime":683.28,"endTime":683.73,"body":"Right."},{"speaker":"Deirdre","startTime":683.91,"endTime":684.2,"body":"Yeah."},{"speaker":"Thomas","startTime":684.27,"endTime":686.52,"body":"you mis-predict the"},{"speaker":"Thomas","startTime":684.27,"endTime":686.52,"body":"branch, you roll it back"},{"speaker":"Thomas","startTime":686.73,"endTime":689.22,"body":"and they didn't catch all"},{"speaker":"Thomas","startTime":686.73,"endTime":689.22,"body":"the corner cases for it."},{"speaker":"Thomas","startTime":689.34,"endTime":692.22,"body":"So there are places where you"},{"speaker":"Thomas","startTime":689.34,"endTime":692.22,"body":"can roll it back and whatever"},{"speaker":"Thomas","startTime":692.22,"endTime":696.15,"body":"data was written into the, the,"},{"speaker":"Thomas","startTime":692.22,"endTime":696.15,"body":"the XMM registers is still there"},{"speaker":"Thomas","startTime":696.15,"endTime":699.0,"body":"after the, uh, the MISP Predict"},{"speaker":"Thomas","startTime":696.15,"endTime":699.0,"body":"rolls back, the zeroing out."},{"speaker":"Thomas","startTime":699.36,"endTime":701.37,"body":"Um, so it's like you're, you're"},{"speaker":"Thomas","startTime":699.36,"endTime":701.37,"body":"basically, you're tricking"},{"speaker":"Thomas","startTime":701.37,"endTime":702.93,"body":"other processes into writing."},{"speaker":"Thomas","startTime":703.435,"endTime":705.325,"body":"Inter registers that"},{"speaker":"Thomas","startTime":703.435,"endTime":705.325,"body":"you're gonna get to see."},{"speaker":"Thomas","startTime":705.745,"endTime":706.495,"body":"Which is awesome."},{"speaker":"Thomas","startTime":706.525,"endTime":707.485,"body":"Just a really awesome bug."},{"speaker":"Thomas","startTime":707.725,"endTime":711.865,"body":"The, the point was made"},{"speaker":"Thomas","startTime":707.725,"endTime":711.865,"body":"on the orange site, that"},{"speaker":"Thomas","startTime":712.035,"endTime":715.465,"body":"OpenBSD for instance, so"},{"speaker":"Thomas","startTime":712.035,"endTime":715.465,"body":"the here, the huge problem"},{"speaker":"Thomas","startTime":715.465,"endTime":720.475,"body":"with Zenbleed is that modern"},{"speaker":"Thomas","startTime":715.465,"endTime":720.475,"body":"libc's all vectorize their"},{"speaker":"Thomas","startTime":720.475,"endTime":721.885,"body":"string instructions, right?"},{"speaker":"Thomas","startTime":722.005,"endTime":723.865,"body":"Because these are all operations"},{"speaker":"Thomas","startTime":722.005,"endTime":723.865,"body":"where you're doing things"},{"speaker":"Thomas","startTime":723.865,"endTime":726.445,"body":"with a bunch of bytes at the"},{"speaker":"Thomas","startTime":723.865,"endTime":726.445,"body":"same time that most of them"},{"speaker":"Thomas","startTime":726.445,"endTime":727.825,"body":"vectorize pretty nicely, right?"},{"speaker":"David","startTime":728.215,"endTime":729.385,"body":"That is a"},{"speaker":"David","startTime":728.215,"endTime":729.385,"body":"good thing to do."},{"speaker":"Deirdre","startTime":729.76,"endTime":730.18,"body":"Yeah."},{"speaker":"Thomas","startTime":730.48,"endTime":731.86,"body":"so it makes a lot of"},{"speaker":"Thomas","startTime":730.48,"endTime":731.86,"body":"sense if you're dealing with"},{"speaker":"Thomas","startTime":731.86,"endTime":733.6,"body":"a string and you have like,"},{"speaker":"Thomas","startTime":731.86,"endTime":733.6,"body":"you know, registers that you"},{"speaker":"Thomas","startTime":733.6,"endTime":736.0,"body":"can load 16 bytes at a time"},{"speaker":"Thomas","startTime":733.6,"endTime":736.0,"body":"into, you just load the string"},{"speaker":"Thomas","startTime":736.0,"endTime":737.74,"body":"into it and then do vector"},{"speaker":"Thomas","startTime":736.0,"endTime":737.74,"body":"operations on it, right?"},{"speaker":"Thomas","startTime":737.89,"endTime":743.41,"body":"So all of the libc's string and"},{"speaker":"Thomas","startTime":737.89,"endTime":743.41,"body":"buffer operations for Microsoft"},{"speaker":"Thomas","startTime":743.41,"endTime":747.655,"body":"and glibc go through these"},{"speaker":"Thomas","startTime":743.41,"endTime":747.655,"body":"xm, the via the AVX registers,"},{"speaker":"Thomas","startTime":747.67,"endTime":748.21,"body":"whatever they're called."},{"speaker":"Thomas","startTime":748.21,"endTime":749.29,"body":"I always forget what"},{"speaker":"Thomas","startTime":748.21,"endTime":749.29,"body":"they're called, right?"},{"speaker":"Thomas","startTime":749.29,"endTime":752.795,"body":"But like, The Y X M M and Y m"},{"speaker":"Thomas","startTime":749.29,"endTime":752.795,"body":"M registers, they, all of the"},{"speaker":"Thomas","startTime":752.795,"endTime":754.475,"body":"string data that you're dealing"},{"speaker":"Thomas","startTime":752.795,"endTime":754.475,"body":"with in a program is gonna"},{"speaker":"Thomas","startTime":754.475,"endTime":755.525,"body":"go through those registers."},{"speaker":"Thomas","startTime":755.525,"endTime":758.705,"body":"You basically get to like sniff"},{"speaker":"Thomas","startTime":755.525,"endTime":758.705,"body":"every string that's going the"},{"speaker":"Thomas","startTime":758.705,"endTime":762.879,"body":"CPU, um, which again, like you"},{"speaker":"Thomas","startTime":758.705,"endTime":762.879,"body":"run the, you, you type make and"},{"speaker":"Thomas","startTime":762.879,"endTime":765.429,"body":"you get like a little Zenbleed"},{"speaker":"Thomas","startTime":762.879,"endTime":765.429,"body":"executable and then you type dot"},{"speaker":"Thomas","startTime":765.429,"endTime":768.099,"body":"four slash Zenbleed and there's"},{"speaker":"Thomas","startTime":765.429,"endTime":768.099,"body":"like passwords on your screen."},{"speaker":"Thomas","startTime":768.549,"endTime":768.939,"body":"It was amazing."},{"speaker":"David","startTime":769.139,"endTime":773.549,"body":"Yeah, it seems like,"},{"speaker":"David","startTime":769.139,"endTime":773.549,"body":"like way worse than like"},{"speaker":"David","startTime":773.549,"endTime":774.849,"body":"Spectre and Meltdown were."},{"speaker":"Deirdre","startTime":775.184,"endTime":775.334,"body":"I"},{"speaker":"David","startTime":775.379,"endTime":777.599,"body":"in terms of like"},{"speaker":"David","startTime":775.379,"endTime":777.599,"body":"actual security impact"},{"speaker":"Deirdre","startTime":778.184,"endTime":778.634,"body":"well."},{"speaker":"David","startTime":779.309,"endTime":780.929,"body":"and, and I think"},{"speaker":"David","startTime":779.309,"endTime":780.929,"body":"that's because it's hitting"},{"speaker":"David","startTime":780.959,"endTime":783.629,"body":"these registers and not"},{"speaker":"David","startTime":780.959,"endTime":783.629,"body":"hitting, like, memory."},{"speaker":"David","startTime":783.689,"endTime":784.859,"body":"You don't have to"},{"speaker":"David","startTime":783.689,"endTime":784.859,"body":"target anything."},{"speaker":"David","startTime":784.859,"endTime":785.759,"body":"Everything's coming to you."},{"speaker":"David","startTime":785.759,"endTime":786.779,"body":"You just sit there and you wait."},{"speaker":"Deirdre","startTime":787.199,"endTime":788.939,"body":"I think"},{"speaker":"Deirdre","startTime":787.199,"endTime":788.939,"body":"it's fixable though."},{"speaker":"Deirdre","startTime":789.029,"endTime":791.699,"body":"Like you literally just have"},{"speaker":"Deirdre","startTime":789.029,"endTime":791.699,"body":"to recompile your software,"},{"speaker":"Deirdre","startTime":792.149,"endTime":794.729,"body":"in theory, and you just"},{"speaker":"Deirdre","startTime":792.149,"endTime":794.729,"body":"say, no vector instructions"},{"speaker":"Deirdre","startTime":794.729,"endTime":795.809,"body":"and you're, you're done."},{"speaker":"Deirdre","startTime":795.869,"endTime":796.199,"body":"You're you."},{"speaker":"David","startTime":796.244,"endTime":797.924,"body":"Well, that's"},{"speaker":"David","startTime":796.244,"endTime":797.924,"body":"not really a fix."},{"speaker":"Deirdre","startTime":798.329,"endTime":798.989,"body":"No."},{"speaker":"David","startTime":799.064,"endTime":799.964,"body":"my computer off."},{"speaker":"Deirdre","startTime":800.069,"endTime":802.649,"body":"Yeah, but like"},{"speaker":"Deirdre","startTime":800.069,"endTime":802.649,"body":"as opposed to Spectre"},{"speaker":"Deirdre","startTime":802.649,"endTime":804.599,"body":"Meltdown, where it was"},{"speaker":"Deirdre","startTime":802.649,"endTime":804.599,"body":"like, what do we do?"},{"speaker":"Deirdre","startTime":804.599,"endTime":807.569,"body":"It's like, well, you could"},{"speaker":"Deirdre","startTime":804.599,"endTime":807.569,"body":"deploy process isolation"},{"speaker":"Deirdre","startTime":807.569,"endTime":808.859,"body":"for all of your software."},{"speaker":"Deirdre","startTime":809.129,"endTime":810.179,"body":"It's like, that's really hard."},{"speaker":"Deirdre","startTime":810.179,"endTime":813.899,"body":"It's like, okay, well we have"},{"speaker":"Deirdre","startTime":810.179,"endTime":813.899,"body":"to fix all the processors,"},{"speaker":"Deirdre","startTime":814.409,"endTime":815.209,"body":"or you know, deploy."},{"speaker":"Deirdre","startTime":816.119,"endTime":816.539,"body":"Yeah."},{"speaker":"David","startTime":816.599,"endTime":818.699,"body":"I mean, aAMD id a"},{"speaker":"David","startTime":816.599,"endTime":818.699,"body":"microcode update, right?"},{"speaker":"David","startTime":818.699,"endTime":819.179,"body":"Like it,"},{"speaker":"Deirdre","startTime":819.299,"endTime":822.839,"body":"Yeah, so I think, you"},{"speaker":"Deirdre","startTime":819.299,"endTime":822.839,"body":"know, yes, it's very bad, but"},{"speaker":"Deirdre","startTime":822.839,"endTime":827.129,"body":"if you can do a quote software"},{"speaker":"Deirdre","startTime":822.839,"endTime":827.129,"body":"fix, which is recompile by"},{"speaker":"Deirdre","startTime":827.129,"endTime":829.859,"body":"telling your compiler, do"},{"speaker":"Deirdre","startTime":827.129,"endTime":829.859,"body":"not use vector instructions,"},{"speaker":"Deirdre","startTime":829.859,"endTime":832.169,"body":"and you get a little bit"},{"speaker":"Deirdre","startTime":829.859,"endTime":832.169,"body":"of a performance hit, your"},{"speaker":"Deirdre","startTime":832.169,"endTime":836.579,"body":"mileage may vary what little"},{"speaker":"Deirdre","startTime":832.169,"endTime":836.579,"body":"bit means to you, but that's"},{"speaker":"Deirdre","startTime":836.939,"endTime":839.339,"body":"tractable as a remediation."},{"speaker":"Deirdre","startTime":839.369,"endTime":841.469,"body":"Whereas Spectre and Meltdown,"},{"speaker":"Deirdre","startTime":839.369,"endTime":841.469,"body":"at least, you know, for the"},{"speaker":"Deirdre","startTime":841.469,"endTime":844.454,"body":"first year of it was just"},{"speaker":"Deirdre","startTime":841.469,"endTime":844.454,"body":"like, What the fuck do we do?"},{"speaker":"Deirdre","startTime":844.454,"endTime":848.204,"body":"And it's like, uh, you"},{"speaker":"Deirdre","startTime":844.454,"endTime":848.204,"body":"know, Chrome: deploy process"},{"speaker":"Deirdre","startTime":848.204,"endTime":852.164,"body":"isolation, uh, you know,"},{"speaker":"Deirdre","startTime":848.204,"endTime":852.164,"body":"add retpolines or, you"},{"speaker":"Deirdre","startTime":852.164,"endTime":855.014,"body":"know, whatever, uh, you"},{"speaker":"Deirdre","startTime":852.164,"endTime":855.014,"body":"know, have this very bespoke"},{"speaker":"Deirdre","startTime":855.019,"endTime":858.254,"body":"little gadget to protect"},{"speaker":"Deirdre","startTime":855.019,"endTime":858.254,"body":"your, uh, your compilation."},{"speaker":"Deirdre","startTime":858.254,"endTime":859.214,"body":"That's not as easy."},{"speaker":"Deirdre","startTime":859.544,"endTime":859.994,"body":"So"},{"speaker":"David","startTime":860.354,"endTime":862.214,"body":"well we, we did"},{"speaker":"David","startTime":860.354,"endTime":862.214,"body":"manage to deploy, like"},{"speaker":"David","startTime":862.214,"endTime":863.534,"body":"process isolation too, right?"},{"speaker":"David","startTime":863.539,"endTime":864.944,"body":"Like Chrome did this."},{"speaker":"David","startTime":865.124,"endTime":866.354,"body":"Chrome had already"},{"speaker":"David","startTime":865.124,"endTime":866.354,"body":"been working on it."},{"speaker":"David","startTime":866.414,"endTime":869.234,"body":"Site isolation was in flight,"},{"speaker":"David","startTime":866.414,"endTime":869.234,"body":"and then it got accelerated"},{"speaker":"David","startTime":869.624,"endTime":871.644,"body":"and released with perhaps a"},{"speaker":"David","startTime":869.624,"endTime":871.644,"body":"larger performance impacts"},{"speaker":"David","startTime":871.644,"endTime":875.444,"body":"than it might've, uh, if"},{"speaker":"David","startTime":871.644,"endTime":875.444,"body":"it like, just went at the"},{"speaker":"David","startTime":875.444,"endTime":876.674,"body":"regular pace of things."},{"speaker":"David","startTime":876.704,"endTime":879.284,"body":"But, but all of that has been"},{"speaker":"David","startTime":876.704,"endTime":879.284,"body":"like since clawed back, like,"},{"speaker":"Deirdre","startTime":879.689,"endTime":880.679,"body":"Clawed back."},{"speaker":"David","startTime":880.709,"endTime":883.199,"body":"Yeah, I, I, I mean,"},{"speaker":"David","startTime":880.709,"endTime":883.199,"body":"uh, uh, all of the performance"},{"speaker":"David","startTime":883.199,"endTime":885.299,"body":"impact of site isolation"},{"speaker":"David","startTime":883.199,"endTime":885.299,"body":"has been mitigated by future"},{"speaker":"David","startTime":885.299,"endTime":886.319,"body":"performance improvements."},{"speaker":"David","startTime":886.589,"endTime":890.099,"body":"However, every time, uh,"},{"speaker":"David","startTime":886.589,"endTime":890.099,"body":"Chrome gets like 10% faster,"},{"speaker":"David","startTime":890.099,"endTime":893.069,"body":"users open 10% more tabs"},{"speaker":"David","startTime":890.099,"endTime":893.069,"body":"and websites get 10% slower."},{"speaker":"David","startTime":893.074,"endTime":895.469,"body":"And so everything just feels"},{"speaker":"David","startTime":893.074,"endTime":895.469,"body":"like it gets worse over time."},{"speaker":"Deirdre","startTime":895.709,"endTime":897.869,"body":"But yeah, I'm"},{"speaker":"Deirdre","startTime":895.709,"endTime":897.869,"body":"just making the point that"},{"speaker":"Deirdre","startTime":898.229,"endTime":899.819,"body":"that's not an easy lift."},{"speaker":"Deirdre","startTime":899.849,"endTime":903.029,"body":"That was like a major"},{"speaker":"Deirdre","startTime":899.849,"endTime":903.029,"body":"architectural endeavor for your"},{"speaker":"Deirdre","startTime":903.089,"endTime":905.039,"body":"large software applications."},{"speaker":"David","startTime":905.189,"endTime":907.829,"body":"Yeah, but also the only"},{"speaker":"David","startTime":905.189,"endTime":907.829,"body":"software that it applies to"},{"speaker":"David","startTime":907.829,"endTime":911.099,"body":"is like web browsers, and they"},{"speaker":"David","startTime":907.829,"endTime":911.099,"body":"did it like, even like Firefox"},{"speaker":"David","startTime":911.099,"endTime":915.029,"body":"and, and Safari have done"},{"speaker":"David","startTime":911.099,"endTime":915.029,"body":"various forms of this as well."},{"speaker":"David","startTime":915.179,"endTime":917.459,"body":"Uh, I would say like"},{"speaker":"David","startTime":915.179,"endTime":917.459,"body":"that's largely mitigated."},{"speaker":"David","startTime":917.459,"endTime":920.459,"body":"I can, I can feel like three"},{"speaker":"David","startTime":917.459,"endTime":920.459,"body":"platform security and web"},{"speaker":"David","startTime":920.459,"endTime":923.249,"body":"platform security people staring"},{"speaker":"David","startTime":920.459,"endTime":923.249,"body":"at me sideways while I say that."},{"speaker":"David","startTime":923.249,"endTime":923.699,"body":"But like, I."},{"speaker":"Deirdre","startTime":925.424,"endTime":925.784,"body":"Yeah."},{"speaker":"Deirdre","startTime":926.024,"endTime":928.214,"body":"But yeah, it's a lot."},{"speaker":"Thomas","startTime":930.254,"endTime":930.824,"body":"So what else?"},{"speaker":"Thomas","startTime":930.824,"endTime":931.154,"body":"What else?"},{"speaker":"Thomas","startTime":931.364,"endTime":932.084,"body":"What else was a black"},{"speaker":"Deirdre","startTime":932.149,"endTime":933.314,"body":"else did we do?"},{"speaker":"Deirdre","startTime":933.644,"endTime":936.644,"body":"Um, okay, so the other one"},{"speaker":"Deirdre","startTime":933.644,"endTime":936.644,"body":"that uh, really tickled"},{"speaker":"Deirdre","startTime":936.644,"endTime":941.354,"body":"several of my favorite"},{"speaker":"Deirdre","startTime":936.644,"endTime":941.354,"body":"things was, uh, the Android?"},{"speaker":"Deirdre","startTime":941.384,"endTime":944.894,"body":"I think it was the Android Red"},{"speaker":"Deirdre","startTime":941.384,"endTime":944.894,"body":"team was like, oh, we found that"},{"speaker":"Deirdre","startTime":944.894,"endTime":949.069,"body":"the PIxel modem, firmware, I"},{"speaker":"Deirdre","startTime":944.894,"endTime":949.069,"body":"think it was the PIxel 6  modem"},{"speaker":"Deirdre","startTime":949.069,"endTime":953.745,"body":"firmware, had an out of bounds"},{"speaker":"Deirdre","startTime":949.069,"endTime":953.745,"body":"or out of band memory error, or"},{"speaker":"Deirdre","startTime":954.045,"endTime":956.805,"body":"two out of bound, uh, two CVEs."},{"speaker":"Deirdre","startTime":957.225,"endTime":961.665,"body":"And they were able to leverage"},{"speaker":"Deirdre","startTime":957.225,"endTime":961.665,"body":"these two with a malicious, uh,"},{"speaker":"Deirdre","startTime":961.695,"endTime":967.095,"body":"mobile base station to force a"},{"speaker":"Deirdre","startTime":961.695,"endTime":967.095,"body":"downgrade to 2G mobile security."},{"speaker":"Deirdre","startTime":967.395,"endTime":971.262,"body":"And using these, memory safety"},{"speaker":"Deirdre","startTime":967.395,"endTime":971.262,"body":"vulnerabilities in the modem"},{"speaker":"Deirdre","startTime":971.262,"endTime":975.732,"body":"firmware, with the insecurity"},{"speaker":"Deirdre","startTime":971.262,"endTime":975.732,"body":"of 2G as a protocol, they're"},{"speaker":"Deirdre","startTime":975.732,"endTime":979.302,"body":"able to like shove several,"},{"speaker":"Deirdre","startTime":975.732,"endTime":979.302,"body":"I think like 200 bytes,"},{"speaker":"Deirdre","startTime":979.302,"endTime":983.672,"body":"256 bytes, arbitrarily into"},{"speaker":"Deirdre","startTime":979.302,"endTime":983.672,"body":"the heap and overwrite, uh,"},{"speaker":"Deirdre","startTime":983.702,"endTime":986.342,"body":"stuff in the heap, and able"},{"speaker":"Deirdre","startTime":983.702,"endTime":986.342,"body":"to just like get a full"},{"speaker":"Deirdre","startTime":986.347,"endTime":988.442,"body":"on foothold in your PIxel."},{"speaker":"Deirdre","startTime":988.652,"endTime":991.292,"body":"And so then when you switched"},{"speaker":"Deirdre","startTime":988.652,"endTime":991.292,"body":"off of your malicious base"},{"speaker":"Deirdre","startTime":991.292,"endTime":994.172,"body":"station to a, you know,"},{"speaker":"Deirdre","startTime":991.292,"endTime":994.172,"body":"a, a reliable, trusted"},{"speaker":"Deirdre","startTime":994.172,"endTime":996.052,"body":"base station, they, still"},{"speaker":"Deirdre","startTime":994.172,"endTime":996.052,"body":"had a foothold on you."},{"speaker":"Deirdre","startTime":996.412,"endTime":998.422,"body":"And so in their demo they were"},{"speaker":"Deirdre","startTime":996.412,"endTime":998.422,"body":"able to be like, oh, you're"},{"speaker":"Deirdre","startTime":998.422,"endTime":1001.842,"body":"trying to reset your Twitter"},{"speaker":"Deirdre","startTime":998.422,"endTime":1001.842,"body":"password or X Twitter password."},{"speaker":"Deirdre","startTime":1002.082,"endTime":1004.692,"body":"We're able to intercept all"},{"speaker":"Deirdre","startTime":1002.082,"endTime":1004.692,"body":"of your, you know, security"},{"speaker":"Deirdre","startTime":1004.697,"endTime":1006.012,"body":"codes and, and everything."},{"speaker":"Deirdre","startTime":1006.012,"endTime":1008.652,"body":"We're able to overtake your"},{"speaker":"Deirdre","startTime":1006.012,"endTime":1008.652,"body":"account or, you know, that"},{"speaker":"Deirdre","startTime":1008.652,"endTime":1014.322,"body":"was a very, um, in my opinion,"},{"speaker":"Deirdre","startTime":1008.652,"endTime":1014.322,"body":"low stakes demo of what they"},{"speaker":"Deirdre","startTime":1014.322,"endTime":1016.422,"body":"would be able to do when"},{"speaker":"Deirdre","startTime":1014.322,"endTime":1016.422,"body":"they have like a full on"},{"speaker":"Deirdre","startTime":1016.422,"endTime":1018.162,"body":"foothold in your PIxel device."},{"speaker":"Thomas","startTime":1018.407,"endTime":1020.657,"body":"So this is like, this is"},{"speaker":"Thomas","startTime":1018.407,"endTime":1020.657,"body":"a vulnerability in the baseband."},{"speaker":"Deirdre","startTime":1020.897,"endTime":1022.157,"body":"Yes, yes."},{"speaker":"Deirdre","startTime":1022.187,"endTime":1027.527,"body":"But they were able to"},{"speaker":"Deirdre","startTime":1022.187,"endTime":1027.527,"body":"force by setting up a, uh,"},{"speaker":"Deirdre","startTime":1027.527,"endTime":1028.757,"body":"a malicious base station."},{"speaker":"Deirdre","startTime":1028.757,"endTime":1032.207,"body":"They were able to force you to"},{"speaker":"Deirdre","startTime":1028.757,"endTime":1032.207,"body":"downgrade to 2G, and that's how"},{"speaker":"Deirdre","startTime":1032.207,"endTime":1033.467,"body":"they were able to exploit it."},{"speaker":"Deirdre","startTime":1033.467,"endTime":1036.677,"body":"There were two, like"},{"speaker":"Deirdre","startTime":1033.467,"endTime":1036.677,"body":"two CVEs and they were"},{"speaker":"Deirdre","startTime":1037.037,"endTime":1038.357,"body":"out of band or whatever."},{"speaker":"Deirdre","startTime":1038.362,"endTime":1042.197,"body":"And at the very end, like the"},{"speaker":"Deirdre","startTime":1038.362,"endTime":1042.197,"body":"whole talk, I was like, so you"},{"speaker":"Deirdre","startTime":1042.317,"endTime":1045.287,"body":"one, yeah, 2G's bad, but like"},{"speaker":"Deirdre","startTime":1042.317,"endTime":1045.287,"body":"you wouldn't have been able to"},{"speaker":"Deirdre","startTime":1045.287,"endTime":1047.867,"body":"pull this off if this was like,"},{"speaker":"Deirdre","startTime":1045.287,"endTime":1047.867,"body":"you didn't have these memory"},{"speaker":"Deirdre","startTime":1047.867,"endTime":1050.507,"body":"safety issues in the firmware"},{"speaker":"Deirdre","startTime":1047.867,"endTime":1050.507,"body":"implementation of the modem."},{"speaker":"Deirdre","startTime":1050.897,"endTime":1053.207,"body":"And at the very last slide"},{"speaker":"Deirdre","startTime":1050.897,"endTime":1053.207,"body":"of their presentation,"},{"speaker":"Deirdre","startTime":1053.212,"endTime":1055.667,"body":"they're like, yep, we're"},{"speaker":"Deirdre","startTime":1053.212,"endTime":1055.667,"body":"experimenting with rewriting"},{"speaker":"Deirdre","startTime":1055.667,"endTime":1057.257,"body":"this modem firmware in Rust."},{"speaker":"Deirdre","startTime":1057.257,"endTime":1057.527,"body":"I'm like, yay."},{"speaker":"Thomas","startTime":1059.612,"endTime":1061.622,"body":"So hold,"},{"speaker":"Thomas","startTime":1059.612,"endTime":1061.622,"body":"hold on a second."},{"speaker":"Thomas","startTime":1061.622,"endTime":1062.552,"body":"I'm just, I'm just"},{"speaker":"Thomas","startTime":1061.622,"endTime":1062.552,"body":"trying to get my"},{"speaker":"Thomas","startTime":1062.552,"endTime":1063.002,"body":"head around it."},{"speaker":"Thomas","startTime":1063.002,"endTime":1063.212,"body":"Right."},{"speaker":"Deirdre","startTime":1063.317,"endTime":1063.437,"body":"yeah."},{"speaker":"Deirdre","startTime":1063.437,"endTime":1064.037,"body":"Yeah."},{"speaker":"Thomas","startTime":1064.052,"endTime":1065.912,"body":"they've got code"},{"speaker":"Thomas","startTime":1064.052,"endTime":1065.912,"body":"execution in the baseband"},{"speaker":"Thomas","startTime":1065.912,"endTime":1066.692,"body":"on the PIxel phone."},{"speaker":"Thomas","startTime":1066.962,"endTime":1068.792,"body":"What does that, what does"},{"speaker":"Thomas","startTime":1066.962,"endTime":1068.792,"body":"that directly get you?"},{"speaker":"Deirdre","startTime":1069.047,"endTime":1070.487,"body":"Um, it just"},{"speaker":"Thomas","startTime":1070.622,"endTime":1071.792,"body":"How do you go"},{"speaker":"Thomas","startTime":1070.622,"endTime":1071.792,"body":"from there to Twitter"},{"speaker":"Thomas","startTime":1071.792,"endTime":1072.692,"body":"is, I guess my question."},{"speaker":"Deirdre","startTime":1072.867,"endTime":1073.457,"body":"Yeah, yeah, yeah."},{"speaker":"Deirdre","startTime":1073.457,"endTime":1073.997,"body":"I'm"},{"speaker":"David","startTime":1074.267,"endTime":1075.707,"body":"Uh, I think you mean x."},{"speaker":"Deirdre","startTime":1076.127,"endTime":1076.457,"body":"Yeah."},{"speaker":"Deirdre","startTime":1076.547,"endTime":1079.397,"body":"Ex Twitter or, yes."},{"speaker":"Deirdre","startTime":1079.757,"endTime":1080.957,"body":"Uh, attacker fully"},{"speaker":"Thomas","startTime":1080.982,"endTime":1082.262,"body":"from there to Twiter?"},{"speaker":"Deirdre","startTime":1082.622,"endTime":1085.382,"body":"The attacker"},{"speaker":"Deirdre","startTime":1082.622,"endTime":1085.382,"body":"fully controls up to 255"},{"speaker":"Deirdre","startTime":1085.382,"endTime":1087.812,"body":"bytes written into one"},{"speaker":"Deirdre","startTime":1085.382,"endTime":1087.812,"body":"byte buffer on the heap."},{"speaker":"Deirdre","startTime":1088.172,"endTime":1090.962,"body":"Allows us to overwrite heap"},{"speaker":"Deirdre","startTime":1088.172,"endTime":1090.962,"body":"header of the next adjacent"},{"speaker":"Deirdre","startTime":1090.962,"endTime":1093.872,"body":"chunk with fully controlled"},{"speaker":"Deirdre","startTime":1090.962,"endTime":1093.872,"body":"data, uh, allow them to"},{"speaker":"Deirdre","startTime":1093.872,"endTime":1096.932,"body":"write a limited number of"},{"speaker":"Deirdre","startTime":1093.872,"endTime":1096.932,"body":"controlled bytes in the heap"},{"speaker":"Deirdre","startTime":1096.932,"endTime":1098.912,"body":"and corrupt adjacent e objects."},{"speaker":"Thomas","startTime":1099.362,"endTime":1100.892,"body":"in the baseband, yes."},{"speaker":"Thomas","startTime":1100.922,"endTime":1102.722,"body":"But from there"},{"speaker":"Thomas","startTime":1100.922,"endTime":1102.722,"body":"they're getting, what?"},{"speaker":"Thomas","startTime":1102.722,"endTime":1105.032,"body":"Are they just like, can"},{"speaker":"Thomas","startTime":1102.722,"endTime":1105.032,"body":"they just watch 2G S M"},{"speaker":"Thomas","startTime":1105.032,"endTime":1106.052,"body":"S messages or something?"},{"speaker":"Thomas","startTime":1106.052,"endTime":1106.472,"body":"Or"},{"speaker":"Deirdre","startTime":1106.667,"endTime":1110.207,"body":"I think so because"},{"speaker":"Deirdre","startTime":1106.667,"endTime":1110.207,"body":"I forget if it was SMS or if"},{"speaker":"Deirdre","startTime":1110.207,"endTime":1114.527,"body":"it was, uh, TOTP Mu, I guess"},{"speaker":"Deirdre","startTime":1110.207,"endTime":1114.527,"body":"it was, it must've been s"},{"speaker":"Deirdre","startTime":1114.527,"endTime":1115.847,"body":"m s I forget from the demo."},{"speaker":"Deirdre","startTime":1116.117,"endTime":1118.127,"body":"Um, but yeah, they, like,"},{"speaker":"Deirdre","startTime":1116.117,"endTime":1118.127,"body":"they were just getting an"},{"speaker":"Deirdre","startTime":1118.127,"endTime":1121.757,"body":"authentication challenge"},{"speaker":"Deirdre","startTime":1118.127,"endTime":1121.757,"body":"that was not FIDO and uh,"},{"speaker":"Deirdre","startTime":1121.787,"endTime":1123.887,"body":"they were able to intercept"},{"speaker":"Deirdre","startTime":1121.787,"endTime":1123.887,"body":"and they're like, ha, I have"},{"speaker":"Deirdre","startTime":1123.887,"endTime":1125.237,"body":"your Twitter account now."},{"speaker":"David","startTime":1125.552,"endTime":1128.312,"body":"If there's like any"},{"speaker":"David","startTime":1125.552,"endTime":1128.312,"body":"memory mapped io between"},{"speaker":"David","startTime":1128.312,"endTime":1132.032,"body":"like the baseband and the"},{"speaker":"David","startTime":1128.312,"endTime":1132.032,"body":"operating system, you probably"},{"speaker":"David","startTime":1132.032,"endTime":1135.302,"body":"can effectively create a"},{"speaker":"David","startTime":1132.032,"endTime":1135.302,"body":"use-after-free in the kernel."},{"speaker":"David","startTime":1135.362,"endTime":1138.302,"body":"But I don't know the, uh, what"},{"speaker":"David","startTime":1135.362,"endTime":1138.302,"body":"the interface is there, but"},{"speaker":"Deirdre","startTime":1138.662,"endTime":1139.472,"body":"I don't"},{"speaker":"Deirdre","startTime":1139.472,"endTime":1140.482,"body":"think they went that"},{"speaker":"David","startTime":1140.582,"endTime":1142.592,"body":"doing evil things"},{"speaker":"David","startTime":1140.582,"endTime":1142.592,"body":"with it, like, I don't know."},{"speaker":"Deirdre","startTime":1142.892,"endTime":1143.182,"body":"Yeah."},{"speaker":"Thomas","startTime":1143.312,"endTime":1145.952,"body":"My antenna went up"},{"speaker":"Thomas","startTime":1143.312,"endTime":1145.952,"body":"because it occurred to me that"},{"speaker":"Thomas","startTime":1145.952,"endTime":1148.832,"body":"we're talking about a code"},{"speaker":"Thomas","startTime":1145.952,"endTime":1148.832,"body":"execution vulnerably in the"},{"speaker":"Thomas","startTime":1148.832,"endTime":1151.262,"body":"baseband, and this is like"},{"speaker":"Thomas","startTime":1148.832,"endTime":1151.262,"body":"just a classic message board"},{"speaker":"Thomas","startTime":1151.262,"endTime":1154.892,"body":"trope, which might be more"},{"speaker":"Thomas","startTime":1151.262,"endTime":1154.892,"body":"true than I thought it was."},{"speaker":"Thomas","startTime":1154.897,"endTime":1155.132,"body":"Right."},{"speaker":"Thomas","startTime":1155.132,"endTime":1158.072,"body":"But like the, the, the idea of"},{"speaker":"Thomas","startTime":1155.132,"endTime":1158.072,"body":"the baseband being compromised"},{"speaker":"Thomas","startTime":1158.072,"endTime":1161.102,"body":"is part of the design threat"},{"speaker":"Thomas","startTime":1158.072,"endTime":1161.102,"body":"for the threat model for both"},{"speaker":"Thomas","startTime":1161.102,"endTime":1163.532,"body":"the PIxel and the, you know,"},{"speaker":"Thomas","startTime":1161.102,"endTime":1163.532,"body":"like an iPhone or whatever."},{"speaker":"Thomas","startTime":1163.532,"endTime":1163.742,"body":"Right?"},{"speaker":"Thomas","startTime":1163.742,"endTime":1165.782,"body":"Like they assume the"},{"speaker":"Thomas","startTime":1163.742,"endTime":1165.782,"body":"base band can get popped."},{"speaker":"Deirdre","startTime":1166.057,"endTime":1166.477,"body":"Do they?"},{"speaker":"David","startTime":1166.842,"endTime":1167.312,"body":"I don't know."},{"speaker":"Thomas","startTime":1167.417,"endTime":1169.217,"body":"Yeah, so the, on"},{"speaker":"Thomas","startTime":1167.417,"endTime":1169.217,"body":"an iPhone, the baseband"},{"speaker":"Thomas","startTime":1169.217,"endTime":1170.277,"body":"is like a USB peripheral."},{"speaker":"Thomas","startTime":1170.277,"endTime":1172.277,"body":"It's not USB, it's H"},{"speaker":"Thomas","startTime":1170.277,"endTime":1172.277,"body":"six, but H six is just,"},{"speaker":"Thomas","startTime":1172.637,"endTime":1173.907,"body":"it's just on chip USB."},{"speaker":"Thomas","startTime":1173.927,"endTime":1174.347,"body":"Right."},{"speaker":"Thomas","startTime":1174.437,"endTime":1176.387,"body":"So there isn't any shared"},{"speaker":"Thomas","startTime":1174.437,"endTime":1176.387,"body":"memory there at all."},{"speaker":"Thomas","startTime":1176.392,"endTime":1177.707,"body":"It's, it's, it's a peripheral."},{"speaker":"Thomas","startTime":1177.887,"endTime":1182.012,"body":"So in theory, if you pop the"},{"speaker":"Thomas","startTime":1177.887,"endTime":1182.012,"body":"base band on an iPhone, all"},{"speaker":"Thomas","startTime":1182.012,"endTime":1183.692,"body":"your, I mean, you'll get control"},{"speaker":"Thomas","startTime":1182.012,"endTime":1183.692,"body":"of the base band, which is"},{"speaker":"Thomas","startTime":1183.692,"endTime":1185.732,"body":"why I'm wondering if that's"},{"speaker":"Thomas","startTime":1183.692,"endTime":1185.732,"body":"why the target is Twitter"},{"speaker":"Thomas","startTime":1185.972,"endTime":1188.882,"body":"is be, or anything that does"},{"speaker":"Thomas","startTime":1185.972,"endTime":1188.882,"body":"like, you know, phone system"},{"speaker":"Thomas","startTime":1188.882,"endTime":1190.322,"body":"based authentication is."},{"speaker":"Thomas","startTime":1190.327,"endTime":1192.392,"body":"'cause sure if you do that,"},{"speaker":"Thomas","startTime":1190.327,"endTime":1192.392,"body":"you can, like, you've got"},{"speaker":"Thomas","startTime":1192.392,"endTime":1194.312,"body":"control over its connection"},{"speaker":"Thomas","startTime":1192.392,"endTime":1194.312,"body":"to the phone system, which"},{"speaker":"Thomas","startTime":1194.312,"endTime":1196.052,"body":"is very powerful, right?"},{"speaker":"Thomas","startTime":1196.082,"endTime":1198.602,"body":"But you can't go into like, you"},{"speaker":"Thomas","startTime":1196.082,"endTime":1198.602,"body":"know, Twitter's process memory"},{"speaker":"Thomas","startTime":1198.607,"endTime":1199.562,"body":"and go read things out of it."},{"speaker":"Deirdre","startTime":1200.957,"endTime":1201.257,"body":"Yes."},{"speaker":"Deirdre","startTime":1201.287,"endTime":1204.677,"body":"It didn't seem like it was"},{"speaker":"Deirdre","startTime":1201.287,"endTime":1204.677,"body":"that, it was very explicitly"},{"speaker":"Deirdre","startTime":1204.707,"endTime":1208.202,"body":"we're doing an authentication"},{"speaker":"Deirdre","startTime":1204.707,"endTime":1208.202,"body":"challenge over a, well,"},{"speaker":"Deirdre","startTime":1208.262,"endTime":1212.732,"body":"phishable challenge credential,"},{"speaker":"Deirdre","startTime":1208.262,"endTime":1212.732,"body":"not something coming in a"},{"speaker":"Deirdre","startTime":1212.732,"endTime":1213.812,"body":"a completely different way."},{"speaker":"Deirdre","startTime":1213.812,"endTime":1217.262,"body":"And it might've been,"},{"speaker":"Deirdre","startTime":1213.812,"endTime":1217.262,"body":"yes, it was SMS."},{"speaker":"David","startTime":1217.277,"endTime":1217.997,"body":"think you're right."},{"speaker":"David","startTime":1218.147,"endTime":1220.007,"body":"Uh, and I think an Android"},{"speaker":"David","startTime":1218.147,"endTime":1220.007,"body":"does the same thing too."},{"speaker":"David","startTime":1220.007,"endTime":1223.487,"body":"And I can, I, I think I can"},{"speaker":"David","startTime":1220.007,"endTime":1223.487,"body":"think of specifically who,"},{"speaker":"David","startTime":1223.547,"endTime":1225.047,"body":"um, is responsible for that."},{"speaker":"David","startTime":1225.047,"endTime":1227.297,"body":"And it's probably like in"},{"speaker":"David","startTime":1225.047,"endTime":1227.297,"body":"between the time that I"},{"speaker":"David","startTime":1227.302,"endTime":1229.067,"body":"said I was wrong and when"},{"speaker":"David","startTime":1227.302,"endTime":1229.067,"body":"I said that originally,"},{"speaker":"David","startTime":1229.127,"endTime":1230.237,"body":"um, actively mad at me."},{"speaker":"Thomas","startTime":1234.017,"endTime":1235.727,"body":"But this is just in"},{"speaker":"Thomas","startTime":1234.017,"endTime":1235.727,"body":"keeping with our theme of"},{"speaker":"Thomas","startTime":1235.727,"endTime":1238.817,"body":"being aficionados of really"},{"speaker":"Thomas","startTime":1235.727,"endTime":1238.817,"body":"effective downgrade attacks,"},{"speaker":"Deirdre","startTime":1239.292,"endTime":1239.477,"body":"Yeah."},{"speaker":"Thomas","startTime":1239.477,"endTime":1242.507,"body":"from 3G to 2G and"},{"speaker":"Thomas","startTime":1239.477,"endTime":1242.507,"body":"then using that to, you"},{"speaker":"Thomas","startTime":1242.507,"endTime":1243.227,"body":"know, tickle a memory."},{"speaker":"Thomas","startTime":1243.227,"endTime":1246.407,"body":"Crops and vulnerability is high"},{"speaker":"Thomas","startTime":1243.227,"endTime":1246.407,"body":"quality, not as high quality"},{"speaker":"Thomas","startTime":1246.412,"endTime":1249.837,"body":"as if they somehow manage to"},{"speaker":"Thomas","startTime":1246.412,"endTime":1249.837,"body":"tunnel a 3G secret through 2G"},{"speaker":"Thomas","startTime":1249.837,"endTime":1252.287,"body":"and then get the 2G thing to"},{"speaker":"Thomas","startTime":1249.837,"endTime":1252.287,"body":"use that secret somehow that"},{"speaker":"Thomas","startTime":1252.497,"endTime":1256.007,"body":"exposed it to everything else,"},{"speaker":"Thomas","startTime":1252.497,"endTime":1256.007,"body":"but a close second to drown."},{"speaker":"Deirdre","startTime":1256.082,"endTime":1256.472,"body":"yeah."},{"speaker":"David","startTime":1256.937,"endTime":1258.947,"body":"Yeah, I, I was gonna"},{"speaker":"David","startTime":1256.937,"endTime":1258.947,"body":"say, we all know the best"},{"speaker":"David","startTime":1258.947,"endTime":1263.807,"body":"downgrade attack is going from"},{"speaker":"David","startTime":1258.947,"endTime":1263.807,"body":"TLS 1.3 to 1.2 to SSL V3, to SSL"},{"speaker":"Deirdre","startTime":1264.007,"endTime":1264.617,"body":"V2s."},{"speaker":"Deirdre","startTime":1264.722,"endTime":1267.152,"body":"I mean, you're, you're"},{"speaker":"Deirdre","startTime":1264.722,"endTime":1267.152,"body":"laughing, but Yes."},{"speaker":"Thomas","startTime":1269.567,"endTime":1271.007,"body":"I'm not"},{"speaker":"Thomas","startTime":1269.567,"endTime":1271.007,"body":"laughing ironically, I'm"},{"speaker":"Thomas","startTime":1271.087,"endTime":1271.767,"body":"laughing appreciatively"},{"speaker":"Deirdre","startTime":1272.242,"endTime":1272.532,"body":"Okay."},{"speaker":"Deirdre","startTime":1273.812,"endTime":1274.652,"body":"But yeah, I like that one."},{"speaker":"Deirdre","startTime":1274.712,"endTime":1275.172,"body":"It was fun."},{"speaker":"Deirdre","startTime":1276.272,"endTime":1276.492,"body":"It,"},{"speaker":"Thomas","startTime":1276.707,"endTime":1278.387,"body":"Cryptography talks"},{"speaker":"Thomas","startTime":1276.707,"endTime":1278.387,"body":"at Black Hat this year."},{"speaker":"Thomas","startTime":1278.387,"endTime":1283.127,"body":"So somebody, uh, extracted"},{"speaker":"Thomas","startTime":1278.387,"endTime":1283.127,"body":"keys by looking at fluctuations"},{"speaker":"Thomas","startTime":1283.127,"endTime":1283.767,"body":"in your power lights."},{"speaker":"Deirdre","startTime":1284.382,"endTime":1284.922,"body":"oh yeah."},{"speaker":"Thomas","startTime":1285.632,"endTime":1286.632,"body":"Neither of"},{"speaker":"Thomas","startTime":1285.632,"endTime":1286.632,"body":"you saw that talk."},{"speaker":"Deirdre","startTime":1287.342,"endTime":1287.822,"body":"I did not"},{"speaker":"David","startTime":1287.942,"endTime":1289.262,"body":"I did not see that one."},{"speaker":"David","startTime":1289.292,"endTime":1292.052,"body":"Um, so people in grad school"},{"speaker":"David","startTime":1289.292,"endTime":1292.052,"body":"when I was still a grad"},{"speaker":"David","startTime":1292.057,"endTime":1295.682,"body":"student, tried that and, um,"},{"speaker":"David","startTime":1292.057,"endTime":1295.682,"body":"and just absolutely failed."},{"speaker":"David","startTime":1295.687,"endTime":1297.702,"body":"And then like also might"},{"speaker":"David","startTime":1295.687,"endTime":1297.702,"body":"have accidentally DOS'd"},{"speaker":"David","startTime":1297.722,"endTime":1300.302,"body":"the inter, the Lake network"},{"speaker":"David","startTime":1297.722,"endTime":1300.302,"body":"connection for, for Michigan."},{"speaker":"David","startTime":1300.782,"endTime":1303.062,"body":"Um, but I'm glad that"},{"speaker":"David","startTime":1300.782,"endTime":1303.062,"body":"someone figured it out."},{"speaker":"Deirdre","startTime":1303.192,"endTime":1303.482,"body":"Yeah."},{"speaker":"David","startTime":1303.932,"endTime":1304.892,"body":"They were, they"},{"speaker":"David","startTime":1303.932,"endTime":1304.892,"body":"were kind of trying to"},{"speaker":"David","startTime":1304.892,"endTime":1305.792,"body":"do the reverse thing."},{"speaker":"David","startTime":1306.422,"endTime":1308.552,"body":"They were like, if we scan the"},{"speaker":"David","startTime":1306.422,"endTime":1308.552,"body":"internet and then we point a"},{"speaker":"David","startTime":1308.552,"endTime":1313.772,"body":"camera at, uh, ethernet port,"},{"speaker":"David","startTime":1308.552,"endTime":1313.772,"body":"can we figure out like what"},{"speaker":"David","startTime":1313.777,"endTime":1315.092,"body":"this thing's IP address is?"},{"speaker":"Thomas","startTime":1317.192,"endTime":1318.392,"body":"I, I like"},{"speaker":"Thomas","startTime":1317.192,"endTime":1318.392,"body":"that paper too."},{"speaker":"Thomas","startTime":1318.392,"endTime":1319.082,"body":"That's very good."},{"speaker":"Thomas","startTime":1319.202,"endTime":1321.152,"body":"But we're all, just from now"},{"speaker":"Thomas","startTime":1319.202,"endTime":1321.152,"body":"on, going to assume that if"},{"speaker":"Thomas","startTime":1321.152,"endTime":1323.432,"body":"anybody can see our power"},{"speaker":"Thomas","startTime":1321.152,"endTime":1323.432,"body":"LEDs, they can also read every"},{"speaker":"Thomas","startTime":1323.432,"endTime":1325.952,"body":"string that's going through"},{"speaker":"Thomas","startTime":1323.432,"endTime":1325.952,"body":"our, you know, X M M registers."},{"speaker":"Deirdre","startTime":1326.332,"endTime":1328.562,"body":"I mean, the only"},{"speaker":"Deirdre","startTime":1326.332,"endTime":1328.562,"body":"thing that blinks on any of my"},{"speaker":"Deirdre","startTime":1328.562,"endTime":1333.272,"body":"computers is the tiny YubiKey"},{"speaker":"Deirdre","startTime":1328.562,"endTime":1333.272,"body":"nano that's sticking outta my"},{"speaker":"Deirdre","startTime":1333.272,"endTime":1336.122,"body":"computer, and I don't even know"},{"speaker":"Deirdre","startTime":1333.272,"endTime":1336.122,"body":"what those, those lights mean."},{"speaker":"Deirdre","startTime":1336.122,"endTime":1336.512,"body":"So,"},{"speaker":"David","startTime":1338.327,"endTime":1340.277,"body":"the one I have"},{"speaker":"David","startTime":1338.327,"endTime":1340.277,"body":"blinks like blue and red"},{"speaker":"David","startTime":1340.277,"endTime":1341.267,"body":"when you need to tap it."},{"speaker":"David","startTime":1341.267,"endTime":1342.857,"body":"Otherwise, I don't"},{"speaker":"David","startTime":1341.267,"endTime":1342.857,"body":"think it blinks."},{"speaker":"Deirdre","startTime":1343.202,"endTime":1345.842,"body":"Uh, it just, it's"},{"speaker":"Deirdre","startTime":1343.202,"endTime":1345.842,"body":"doing something and it, yeah,"},{"speaker":"Deirdre","startTime":1345.842,"endTime":1348.632,"body":"it aggressively blinks at me"},{"speaker":"Deirdre","startTime":1345.842,"endTime":1348.632,"body":"when they're like, 'TAP ME'."},{"speaker":"David","startTime":1348.657,"endTime":1349.077,"body":"Mm-hmm."},{"speaker":"Deirdre","startTime":1349.382,"endTime":1351.002,"body":"Confirm"},{"speaker":"Deirdre","startTime":1349.382,"endTime":1351.002,"body":"for your proximity."},{"speaker":"Deirdre","startTime":1351.122,"endTime":1351.692,"body":"Human."},{"speaker":"Thomas","startTime":1352.787,"endTime":1355.397,"body":"And then we had two"},{"speaker":"Thomas","startTime":1352.787,"endTime":1355.397,"body":"crypto talks at Black Hat"},{"speaker":"Thomas","startTime":1355.427,"endTime":1356.897,"body":"that were about wallets,"},{"speaker":"Deirdre","startTime":1357.452,"endTime":1357.512,"body":"yeah."},{"speaker":"Thomas","startTime":1357.512,"endTime":1360.022,"body":"MPC,  TSSshock."},{"speaker":"Deirdre","startTime":1360.827,"endTime":1364.187,"body":"Yeah, there was a"},{"speaker":"Deirdre","startTime":1360.827,"endTime":1364.187,"body":"threshold, threshold attack on,"},{"speaker":"Deirdre","startTime":1364.397,"endTime":1368.717,"body":"I think it was ECDSA threshold,"},{"speaker":"Deirdre","startTime":1364.397,"endTime":1368.717,"body":"which is a much more complicated"},{"speaker":"Deirdre","startTime":1368.717,"endTime":1371.927,"body":"threshold signing scheme than"},{"speaker":"Deirdre","startTime":1368.717,"endTime":1371.927,"body":"the ones that I have worked"},{"speaker":"Deirdre","startTime":1371.927,"endTime":1376.067,"body":"on, which are Schnorr and very"},{"speaker":"Deirdre","startTime":1371.927,"endTime":1376.067,"body":"simple and short, and they"},{"speaker":"Deirdre","startTime":1376.067,"endTime":1376.937,"body":"have different properties."},{"speaker":"Deirdre","startTime":1376.937,"endTime":1382.637,"body":"So I I, it was funny 'cause"},{"speaker":"Deirdre","startTime":1376.937,"endTime":1382.637,"body":"um, they gave this result,"},{"speaker":"Deirdre","startTime":1382.637,"endTime":1386.867,"body":"this research at a, uh,"},{"speaker":"Deirdre","startTime":1382.637,"endTime":1386.867,"body":"Oh, gosh, what's it called?"},{"speaker":"Deirdre","startTime":1386.867,"endTime":1389.987,"body":"A workshop at CRYPTO, uh,"},{"speaker":"Deirdre","startTime":1386.867,"endTime":1389.987,"body":"CRYPTO in Santa Barbara,"},{"speaker":"Deirdre","startTime":1389.987,"endTime":1391.967,"body":"which was like a week after"},{"speaker":"Deirdre","startTime":1389.987,"endTime":1391.967,"body":"Black Hat and all that."},{"speaker":"Deirdre","startTime":1392.447,"endTime":1395.687,"body":"And it was very funny because,"},{"speaker":"Deirdre","startTime":1392.447,"endTime":1395.687,"body":"uh, I, I remember seeing it for"},{"speaker":"Deirdre","startTime":1395.687,"endTime":1398.897,"body":"the second time and being like,"},{"speaker":"Deirdre","startTime":1395.687,"endTime":1398.897,"body":"oh yeah, I know these guys."},{"speaker":"Deirdre","startTime":1398.927,"endTime":1400.127,"body":"I didn't know they"},{"speaker":"Deirdre","startTime":1398.927,"endTime":1400.127,"body":"were gonna be here."},{"speaker":"Deirdre","startTime":1400.607,"endTime":1403.067,"body":"Um, and then all the"},{"speaker":"Deirdre","startTime":1400.607,"endTime":1403.067,"body":"cryptographers in need, like,"},{"speaker":"Deirdre","startTime":1403.072,"endTime":1405.377,"body":"kind of like crypto attacks"},{"speaker":"Deirdre","startTime":1403.072,"endTime":1405.377,"body":"workshop walked up and they're"},{"speaker":"Deirdre","startTime":1405.377,"endTime":1410.432,"body":"like, so what do you recommend"},{"speaker":"Deirdre","startTime":1405.377,"endTime":1410.432,"body":"we do to like, Protect against"},{"speaker":"Deirdre","startTime":1410.432,"endTime":1412.622,"body":"these attacks, and they said,"},{"speaker":"Deirdre","startTime":1410.432,"endTime":1412.622,"body":"oh, I have no fucking clue."},{"speaker":"Deirdre","startTime":1412.652,"endTime":1414.722,"body":"Like I just, I just"},{"speaker":"Deirdre","startTime":1412.652,"endTime":1414.722,"body":"found the attacks."},{"speaker":"Deirdre","startTime":1414.962,"endTime":1417.602,"body":"I'm not, I don't have any"},{"speaker":"Deirdre","startTime":1414.962,"endTime":1417.602,"body":"suggestions of what to"},{"speaker":"Deirdre","startTime":1417.607,"endTime":1419.762,"body":"tell you to fix your crypto"},{"speaker":"Deirdre","startTime":1417.607,"endTime":1419.762,"body":"protocol to make a movement."},{"speaker":"Deirdre","startTime":1420.182,"endTime":1422.582,"body":"I, if I recall, it was just"},{"speaker":"Deirdre","startTime":1420.182,"endTime":1422.582,"body":"sort of like we were able to"},{"speaker":"Deirdre","startTime":1422.582,"endTime":1426.272,"body":"observe, somewhere between"},{"speaker":"Deirdre","startTime":1422.582,"endTime":1426.272,"body":"like a dozen and a hundred"},{"speaker":"Deirdre","startTime":1426.542,"endTime":1429.452,"body":"threshold signatures, and that"},{"speaker":"Deirdre","startTime":1426.542,"endTime":1429.452,"body":"was enough to put together a"},{"speaker":"Deirdre","startTime":1429.452,"endTime":1432.902,"body":"forgery that would validate,"},{"speaker":"Deirdre","startTime":1429.452,"endTime":1432.902,"body":"um, or something like that."},{"speaker":"Deirdre","startTime":1432.907,"endTime":1434.882,"body":"And that, yep, that"},{"speaker":"Deirdre","startTime":1432.907,"endTime":1434.882,"body":"sounds about right."},{"speaker":"Deirdre","startTime":1434.882,"endTime":1437.462,"body":"Like a lot of the, the attacks"},{"speaker":"Deirdre","startTime":1434.882,"endTime":1437.462,"body":"on threshold signature schemes"},{"speaker":"Deirdre","startTime":1437.462,"endTime":1441.662,"body":"are basically like, uh, the most"},{"speaker":"Deirdre","startTime":1437.462,"endTime":1441.662,"body":"naive ones, especially if you"},{"speaker":"Deirdre","startTime":1441.662,"endTime":1445.502,"body":"try to do, uh, thresholds, not,"},{"speaker":"Deirdre","startTime":1441.662,"endTime":1445.502,"body":"um, not necessarily the one that"},{"speaker":"Deirdre","startTime":1445.502,"endTime":1447.302,"body":"was presented, but other ones."},{"speaker":"Deirdre","startTime":1447.617,"endTime":1449.897,"body":"If you try to do just like a"},{"speaker":"Deirdre","startTime":1447.617,"endTime":1449.897,"body":"naive approach to threshold"},{"speaker":"Deirdre","startTime":1449.897,"endTime":1452.087,"body":"signatures, especially"},{"speaker":"Deirdre","startTime":1449.897,"endTime":1452.087,"body":"with Schnorr and especially"},{"speaker":"Deirdre","startTime":1452.087,"endTime":1455.897,"body":"deterministic nonces, which"},{"speaker":"Deirdre","startTime":1452.087,"endTime":1455.897,"body":"people like for deter, for"},{"speaker":"Deirdre","startTime":1455.897,"endTime":1457.157,"body":"signatures, for reasons."},{"speaker":"Deirdre","startTime":1457.697,"endTime":1460.577,"body":"Just like you just do more"},{"speaker":"Deirdre","startTime":1457.697,"endTime":1460.577,"body":"than one and you just do a"},{"speaker":"Deirdre","startTime":1460.582,"endTime":1463.187,"body":"little bit of arithmetic and"},{"speaker":"Deirdre","startTime":1460.582,"endTime":1463.187,"body":"you fucking, you can solve"},{"speaker":"Deirdre","startTime":1463.187,"endTime":1466.552,"body":"for the, the private key, the"},{"speaker":"Deirdre","startTime":1463.187,"endTime":1466.552,"body":"signing key, it's, it's really"},{"speaker":"Deirdre","startTime":1466.552,"endTime":1469.852,"body":"ridiculous how you just get more"},{"speaker":"Deirdre","startTime":1466.552,"endTime":1469.852,"body":"than one threshold signature"},{"speaker":"Deirdre","startTime":1469.852,"endTime":1474.442,"body":"from honest parties and like a"},{"speaker":"Deirdre","startTime":1469.852,"endTime":1474.442,"body":"slightly not well built enough"},{"speaker":"Deirdre","startTime":1474.442,"endTime":1477.442,"body":"threshold signature scheme"},{"speaker":"Deirdre","startTime":1474.442,"endTime":1477.442,"body":"will just either spit out a"},{"speaker":"Deirdre","startTime":1477.442,"endTime":1481.192,"body":"forgery, you can compute or"},{"speaker":"Deirdre","startTime":1477.442,"endTime":1481.192,"body":"spit out the private key, uh,"},{"speaker":"Deirdre","startTime":1481.197,"endTime":1482.512,"body":"from a naive implementation."},{"speaker":"Deirdre","startTime":1482.512,"endTime":1485.812,"body":"So it was kind of like,"},{"speaker":"Deirdre","startTime":1482.512,"endTime":1485.812,"body":"yep, this sucks, but this is"},{"speaker":"Deirdre","startTime":1485.812,"endTime":1488.152,"body":"how they classically fail."},{"speaker":"Deirdre","startTime":1488.242,"endTime":1489.172,"body":"So that was fun."},{"speaker":"David","startTime":1490.297,"endTime":1492.617,"body":"Did you prefer"},{"speaker":"David","startTime":1490.297,"endTime":1492.617,"body":"hearing it at Black Hat"},{"speaker":"David","startTime":1492.617,"endTime":1495.857,"body":"or at CRYPTO slash did you"},{"speaker":"David","startTime":1492.617,"endTime":1495.857,"body":"actually hear it at Black Hat?"},{"speaker":"Deirdre","startTime":1496.292,"endTime":1498.872,"body":"I think I saw it very"},{"speaker":"Deirdre","startTime":1496.292,"endTime":1498.872,"body":"briefly at Black Hat and then"},{"speaker":"Deirdre","startTime":1498.872,"endTime":1501.302,"body":"I saw the whole thing, their"},{"speaker":"Deirdre","startTime":1498.872,"endTime":1501.302,"body":"whole presentation at CRYPTO."},{"speaker":"Deirdre","startTime":1501.572,"endTime":1504.902,"body":"I really wish they went"},{"speaker":"Deirdre","startTime":1501.572,"endTime":1504.902,"body":"into a little more detail."},{"speaker":"Deirdre","startTime":1505.202,"endTime":1508.772,"body":"Cryptographically, they went"},{"speaker":"Deirdre","startTime":1505.202,"endTime":1508.772,"body":"into detail about their attack."},{"speaker":"Deirdre","startTime":1509.012,"endTime":1511.292,"body":"But uh, at CRYPTO, I."},{"speaker":"Deirdre","startTime":1511.637,"endTime":1514.637,"body":"But it was just very funny to,"},{"speaker":"Deirdre","startTime":1511.637,"endTime":1514.637,"body":"it was in a session with a bunch"},{"speaker":"Deirdre","startTime":1514.637,"endTime":1519.197,"body":"of attacks against cryptography"},{"speaker":"Deirdre","startTime":1514.637,"endTime":1519.197,"body":"and them not having, I think"},{"speaker":"Deirdre","startTime":1519.197,"endTime":1521.357,"body":"they were better suited for"},{"speaker":"Deirdre","startTime":1519.197,"endTime":1521.357,"body":"a Black Hat audience than a"},{"speaker":"Deirdre","startTime":1521.362,"endTime":1523.577,"body":"CRYPTO audience, because they"},{"speaker":"Deirdre","startTime":1521.362,"endTime":1523.577,"body":"literally didn't have any sort"},{"speaker":"Deirdre","startTime":1523.577,"endTime":1527.237,"body":"of like, you should probably"},{"speaker":"Deirdre","startTime":1523.577,"endTime":1527.237,"body":"tweak it like, so to make this"},{"speaker":"Deirdre","startTime":1527.237,"endTime":1529.577,"body":"harder for me, they didn't"},{"speaker":"Deirdre","startTime":1527.237,"endTime":1529.577,"body":"have any suggestions like"},{"speaker":"Deirdre","startTime":1529.577,"endTime":1532.337,"body":"that because they're, they're"},{"speaker":"Deirdre","startTime":1529.577,"endTime":1532.337,"body":"much more of an attacker than"},{"speaker":"Deirdre","startTime":1532.342,"endTime":1534.587,"body":"a crypto builder, I guess."},{"speaker":"Deirdre","startTime":1534.592,"endTime":1534.977,"body":"I don't know."},{"speaker":"David","startTime":1535.442,"endTime":1537.872,"body":"And what was it like"},{"speaker":"David","startTime":1535.442,"endTime":1537.872,"body":"being in Santa Barbara during"},{"speaker":"David","startTime":1537.872,"endTime":1538.862,"body":"a hurricane for CRYPTO?"},{"speaker":"Deirdre","startTime":1539.117,"endTime":1540.407,"body":"Fucking"},{"speaker":"Deirdre","startTime":1539.117,"endTime":1540.407,"body":"awesome, because there"},{"speaker":"Deirdre","startTime":1540.407,"endTime":1541.547,"body":"was also an earthquake."},{"speaker":"Deirdre","startTime":1543.377,"endTime":1546.557,"body":"Um, the, the hurricane was lame"},{"speaker":"Deirdre","startTime":1543.377,"endTime":1546.557,"body":"because we were, we were far"},{"speaker":"Deirdre","startTime":1546.557,"endTime":1549.467,"body":"west enough that I was like,"},{"speaker":"Deirdre","startTime":1546.557,"endTime":1549.467,"body":"is, you know, is this your king?"},{"speaker":"Deirdre","startTime":1549.467,"endTime":1550.877,"body":"Is this your fucking hurricane?"},{"speaker":"Deirdre","startTime":1550.877,"endTime":1552.137,"body":"It was, it was lame."},{"speaker":"Deirdre","startTime":1552.137,"endTime":1554.417,"body":"It was a little bit of wind"},{"speaker":"Deirdre","startTime":1552.137,"endTime":1554.417,"body":"and a little bit of rain, and"},{"speaker":"Deirdre","startTime":1554.927,"endTime":1557.447,"body":"I was talking to my parents,"},{"speaker":"Deirdre","startTime":1554.927,"endTime":1557.447,"body":"I was like, this is a average"},{"speaker":"Deirdre","startTime":1557.452,"endTime":1559.367,"body":"day in Ireland sort of storm."},{"speaker":"Deirdre","startTime":1559.787,"endTime":1562.977,"body":"And then I was like, waiting"},{"speaker":"Deirdre","startTime":1559.787,"endTime":1562.977,"body":"for the wind to start or, exist"},{"speaker":"Deirdre","startTime":1562.977,"endTime":1565.857,"body":"at all, and I felt a little"},{"speaker":"Deirdre","startTime":1562.977,"endTime":1565.857,"body":"wobble and I was like, oh, I"},{"speaker":"Deirdre","startTime":1565.857,"endTime":1567.297,"body":"wonder if the wind is blowing."},{"speaker":"Deirdre","startTime":1567.387,"endTime":1568.947,"body":"And then like I looked"},{"speaker":"Deirdre","startTime":1567.387,"endTime":1568.947,"body":"outside, I was like, oh, it's"},{"speaker":"Deirdre","startTime":1568.947,"endTime":1571.887,"body":"not wind, it's not really"},{"speaker":"Deirdre","startTime":1568.947,"endTime":1571.887,"body":"blowing right, right now."},{"speaker":"Deirdre","startTime":1571.887,"endTime":1573.687,"body":"And then two minutes later"},{"speaker":"Deirdre","startTime":1571.887,"endTime":1573.687,"body":"it was like, 'earthquake!'"},{"speaker":"Deirdre","startTime":1573.717,"endTime":1574.107,"body":"And I was like, oh."},{"speaker":"Deirdre","startTime":1574.787,"endTime":1575.207,"body":"Great."},{"speaker":"Deirdre","startTime":1576.287,"endTime":1578.567,"body":"In the middle of my"},{"speaker":"Deirdre","startTime":1576.287,"endTime":1578.567,"body":"lame hurricane to get"},{"speaker":"Deirdre","startTime":1578.567,"endTime":1579.527,"body":"a lame earthquake."},{"speaker":"Deirdre","startTime":1579.587,"endTime":1580.007,"body":"Cool."},{"speaker":"Deirdre","startTime":1580.037,"endTime":1584.207,"body":"I've, I've checked all the"},{"speaker":"Deirdre","startTime":1580.037,"endTime":1584.207,"body":"boxes for my trip to whatever"},{"speaker":"Deirdre","startTime":1584.327,"endTime":1585.347,"body":"for my trip to California."},{"speaker":"Deirdre","startTime":1585.407,"endTime":1585.857,"body":"It was nice."},{"speaker":"Deirdre","startTime":1585.862,"endTime":1587.177,"body":"It was nice to see"},{"speaker":"Deirdre","startTime":1585.862,"endTime":1587.177,"body":"people, it was nice to"},{"speaker":"Deirdre","startTime":1587.177,"endTime":1587.927,"body":"eat the strawberries."},{"speaker":"Deirdre","startTime":1587.927,"endTime":1591.347,"body":"It was nice to be, uh,"},{"speaker":"Deirdre","startTime":1587.927,"endTime":1591.347,"body":"living in a dorm for a week."},{"speaker":"Deirdre","startTime":1591.407,"endTime":1592.037,"body":"That was fun."},{"speaker":"Deirdre","startTime":1592.187,"endTime":1594.047,"body":"I got to meet some old timers."},{"speaker":"Thomas","startTime":1594.817,"endTime":1598.027,"body":"You were talking about"},{"speaker":"Thomas","startTime":1594.817,"endTime":1598.027,"body":"threshold, ECDSA and I tuned"},{"speaker":"Thomas","startTime":1598.027,"endTime":1601.157,"body":"out and you went all the way"},{"speaker":"Thomas","startTime":1598.027,"endTime":1601.157,"body":"off the end of Threshold ECDSA."},{"speaker":"Thomas","startTime":1601.267,"endTime":1603.457,"body":"And somehow you guys were"},{"speaker":"Thomas","startTime":1601.267,"endTime":1603.457,"body":"talking about hurricanes"},{"speaker":"Thomas","startTime":1603.607,"endTime":1606.877,"body":"while I was reading the"},{"speaker":"Thomas","startTime":1603.607,"endTime":1606.877,"body":"last crypto thing from Black"},{"speaker":"Thomas","startTime":1606.877,"endTime":1608.287,"body":"Hat, I wanted to talk about."},{"speaker":"Thomas","startTime":1608.287,"endTime":1609.607,"body":"Did you guys JWT thing?"},{"speaker":"Deirdre","startTime":1610.112,"endTime":1612.182,"body":"Oh, I, no, no, no."},{"speaker":"David","startTime":1612.467,"endTime":1612.827,"body":"had not."},{"speaker":"David","startTime":1612.827,"endTime":1615.437,"body":"I'm really bad about going"},{"speaker":"David","startTime":1612.827,"endTime":1615.437,"body":"to talks when podcast."},{"speaker":"Thomas","startTime":1616.277,"endTime":1616.877,"body":"Oh, okay."},{"speaker":"Thomas","startTime":1616.877,"endTime":1620.357,"body":"So in, in fairness, last time I"},{"speaker":"Thomas","startTime":1616.877,"endTime":1620.357,"body":"went to Black Hat, which was the"},{"speaker":"Thomas","startTime":1620.357,"endTime":1621.737,"body":"one before the pandemic, so Wow."},{"speaker":"Thomas","startTime":1621.737,"endTime":1623.957,"body":"It was a while ago, but"},{"speaker":"Thomas","startTime":1621.737,"endTime":1623.957,"body":"last time I didn't leave"},{"speaker":"Thomas","startTime":1623.957,"endTime":1625.157,"body":"the hotel bar once."},{"speaker":"Thomas","startTime":1625.427,"endTime":1628.217,"body":"I, my room was like at an"},{"speaker":"Thomas","startTime":1625.427,"endTime":1628.217,"body":"elevator above the hotel bar,"},{"speaker":"Thomas","startTime":1628.217,"endTime":1630.437,"body":"so I would like get up in"},{"speaker":"Thomas","startTime":1628.217,"endTime":1630.437,"body":"the morning, go downstairs to"},{"speaker":"Thomas","startTime":1630.437,"endTime":1631.877,"body":"the bar, hang out in the bar."},{"speaker":"Thomas","startTime":1631.882,"endTime":1634.247,"body":"I think we went out for sushi"},{"speaker":"Thomas","startTime":1631.882,"endTime":1634.247,"body":"once, and then I would just"},{"speaker":"Thomas","startTime":1634.247,"endTime":1635.567,"body":"like, you know, spend the"},{"speaker":"Thomas","startTime":1634.247,"endTime":1635.567,"body":"day there and then go, it"},{"speaker":"Thomas","startTime":1635.567,"endTime":1638.497,"body":"was, my equivalent of a beach"},{"speaker":"Thomas","startTime":1635.567,"endTime":1638.497,"body":"vacation is being in a nice"},{"speaker":"Thomas","startTime":1638.497,"endTime":1640.147,"body":"hotel room above a bar, right?"},{"speaker":"Thomas","startTime":1640.297,"endTime":1642.877,"body":"But I didn't, I didn't, I didn't"},{"speaker":"Thomas","startTime":1640.297,"endTime":1642.877,"body":"once set foot on the floor,"},{"speaker":"Thomas","startTime":1642.877,"endTime":1643.867,"body":"the actual conference floor."},{"speaker":"Thomas","startTime":1644.017,"endTime":1647.587,"body":"So I, I completely endorse"},{"speaker":"Thomas","startTime":1644.017,"endTime":1647.587,"body":"your strategy of not"},{"speaker":"Thomas","startTime":1647.587,"endTime":1648.727,"body":"seeing any of these talks."},{"speaker":"Thomas","startTime":1648.787,"endTime":1653.107,"body":"But, um, the, the last one"},{"speaker":"Thomas","startTime":1648.787,"endTime":1653.107,"body":"here was three new attacks on"},{"speaker":"Thomas","startTime":1653.107,"endTime":1655.957,"body":"JWTs, which is a subject near"},{"speaker":"Thomas","startTime":1653.107,"endTime":1655.957,"body":"and dear to all of our hearts."},{"speaker":"Thomas","startTime":1656.197,"endTime":1658.987,"body":"I remember, like, I remember"},{"speaker":"Thomas","startTime":1656.197,"endTime":1658.987,"body":"being a little skeptical about"},{"speaker":"Thomas","startTime":1658.987,"endTime":1662.837,"body":"this when it was announced,"},{"speaker":"Thomas","startTime":1658.987,"endTime":1662.837,"body":"um, just because, pretty much"},{"speaker":"Thomas","startTime":1662.837,"endTime":1668.807,"body":"every obvious iteration of"},{"speaker":"Thomas","startTime":1662.837,"endTime":1668.807,"body":"JWT attacks, like the, the"},{"speaker":"Thomas","startTime":1668.807,"endTime":1672.467,"body":"verdict among people like us,"},{"speaker":"Thomas","startTime":1668.807,"endTime":1672.467,"body":"let's say, I was gonna say the"},{"speaker":"Thomas","startTime":1672.467,"endTime":1675.287,"body":"verdict among crypto literate"},{"speaker":"Thomas","startTime":1672.467,"endTime":1675.287,"body":"people, but instead, I'm gonna"},{"speaker":"Thomas","startTime":1675.292,"endTime":1677.627,"body":"narrow that down to people"},{"speaker":"Thomas","startTime":1675.292,"endTime":1677.627,"body":"like us, is that the problem"},{"speaker":"Thomas","startTime":1677.632,"endTime":1679.147,"body":"with JW T is JWT is bad, right?"},{"speaker":"Thomas","startTime":1679.907,"endTime":1682.937,"body":"But, um, in the service of"},{"speaker":"Thomas","startTime":1679.907,"endTime":1682.937,"body":"enumerating badness, we've"},{"speaker":"Thomas","startTime":1682.937,"endTime":1684.527,"body":"got three new attacks here."},{"speaker":"Thomas","startTime":1685.097,"endTime":1690.257,"body":"One of them is confusion between"},{"speaker":"Thomas","startTime":1685.097,"endTime":1690.257,"body":"signed between RSA signed."},{"speaker":"Thomas","startTime":1690.617,"endTime":1692.537,"body":"And RSA encrypted JWTs."},{"speaker":"Thomas","startTime":1692.807,"endTime":1694.757,"body":"Um, this is a wrinkle I"},{"speaker":"Thomas","startTime":1692.807,"endTime":1694.757,"body":"haven't thought about because"},{"speaker":"Thomas","startTime":1694.757,"endTime":1698.147,"body":"the idea of RSA encrypting a"},{"speaker":"David","startTime":1698.477,"endTime":1698.717,"body":"Wait"},{"speaker":"Thomas","startTime":1699.767,"endTime":1700.937,"body":"seems ridiculous to me."},{"speaker":"Thomas","startTime":1701.477,"endTime":1703.577,"body":"Um, but apparently"},{"speaker":"Thomas","startTime":1701.477,"endTime":1703.577,"body":"people do it right."},{"speaker":"Thomas","startTime":1703.667,"endTime":1705.977,"body":"Um, I'm, I'm outing my"},{"speaker":"Thomas","startTime":1703.667,"endTime":1705.977,"body":"own ignorance here, right?"},{"speaker":"Thomas","startTime":1705.977,"endTime":1707.327,"body":"But like, so it's obvious to me."},{"speaker":"Thomas","startTime":1707.477,"endTime":1710.327,"body":"It's, it's obvious to me"},{"speaker":"Thomas","startTime":1707.477,"endTime":1710.327,"body":"why people would RSA sign."},{"speaker":"Thomas","startTime":1710.672,"endTime":1714.062,"body":"Why, why people would use,"},{"speaker":"Thomas","startTime":1710.672,"endTime":1714.062,"body":"you know, RSA signed JWTs."},{"speaker":"Thomas","startTime":1714.272,"endTime":1716.282,"body":"'cause it's way more convenient"},{"speaker":"Thomas","startTime":1714.272,"endTime":1716.282,"body":"than doing key management,"},{"speaker":"Thomas","startTime":1716.282,"endTime":1718.112,"body":"which is a topic I will"},{"speaker":"Thomas","startTime":1716.282,"endTime":1718.112,"body":"get into when we talk about"},{"speaker":"Thomas","startTime":1718.112,"endTime":1719.732,"body":"macaroons at fly.io, right?"},{"speaker":"Thomas","startTime":1719.882,"endTime":1722.192,"body":"So I, I have a newfound"},{"speaker":"Thomas","startTime":1719.882,"endTime":1722.192,"body":"appreciation for why"},{"speaker":"Thomas","startTime":1722.192,"endTime":1724.082,"body":"people use public key"},{"speaker":"Thomas","startTime":1722.192,"endTime":1724.082,"body":"signatures and tokens."},{"speaker":"Thomas","startTime":1724.292,"endTime":1728.582,"body":"Um, but people also, and jwt,"},{"speaker":"Thomas","startTime":1724.292,"endTime":1728.582,"body":"JWT will let you do this."},{"speaker":"Thomas","startTime":1728.642,"endTime":1733.232,"body":"People also do RSA encrypted"},{"speaker":"Thomas","startTime":1728.642,"endTime":1733.232,"body":"tokens where the validation"},{"speaker":"Thomas","startTime":1733.232,"endTime":1737.012,"body":"of the token is 'does it"},{"speaker":"Thomas","startTime":1733.232,"endTime":1737.012,"body":"decrypt properly?' and so you."},{"speaker":"Thomas","startTime":1737.522,"endTime":1740.342,"body":"You can get situations"},{"speaker":"Thomas","startTime":1737.522,"endTime":1740.342,"body":"apparently where like the"},{"speaker":"Thomas","startTime":1740.342,"endTime":1744.032,"body":"developer will, like you have an"},{"speaker":"Thomas","startTime":1740.342,"endTime":1744.032,"body":"endpoint that will accept this"},{"speaker":"Thomas","startTime":1744.032,"endTime":1746.972,"body":"is, I'm saying these words out"},{"speaker":"Thomas","startTime":1744.032,"endTime":1746.972,"body":"loud and I'm trying the, the"},{"speaker":"Thomas","startTime":1746.977,"endTime":1748.472,"body":"talk comes with actual exploits."},{"speaker":"Thomas","startTime":1748.472,"endTime":1750.002,"body":"Like he found these"},{"speaker":"Thomas","startTime":1748.472,"endTime":1750.002,"body":"attacks, right?"},{"speaker":"Thomas","startTime":1750.002,"endTime":1751.232,"body":"This is all real stuff, right?"},{"speaker":"Thomas","startTime":1751.472,"endTime":1753.902,"body":"But like, there's an"},{"speaker":"Thomas","startTime":1751.472,"endTime":1753.902,"body":"endpoint that will take a"},{"speaker":"Thomas","startTime":1753.907,"endTime":1758.522,"body":"token that is either RSA"},{"speaker":"Thomas","startTime":1753.907,"endTime":1758.522,"body":"signed or isRSA encryptedd."},{"speaker":"Thomas","startTime":1759.242,"endTime":1761.402,"body":"Like either of those two"},{"speaker":"Thomas","startTime":1759.242,"endTime":1761.402,"body":"things could be true."},{"speaker":"Thomas","startTime":1761.407,"endTime":1763.892,"body":"And then so like the, the,"},{"speaker":"Thomas","startTime":1761.407,"endTime":1763.892,"body":"the vulnerability there is"},{"speaker":"Thomas","startTime":1763.892,"endTime":1766.052,"body":"you can get stuff signed."},{"speaker":"Thomas","startTime":1766.412,"endTime":1768.452,"body":"Um, or you, you could, you"},{"speaker":"Thomas","startTime":1766.412,"endTime":1768.452,"body":"could encrypt something with"},{"speaker":"Thomas","startTime":1768.457,"endTime":1772.382,"body":"the pub, with the key for a"},{"speaker":"Thomas","startTime":1768.457,"endTime":1772.382,"body":"signature and then by decrypting"},{"speaker":"Thomas","startTime":1772.382,"endTime":1773.792,"body":"it, it'll verify correctly."},{"speaker":"Thomas","startTime":1774.032,"endTime":1776.342,"body":"This is all, if you just pieced"},{"speaker":"Thomas","startTime":1774.032,"endTime":1776.342,"body":"together what you would do, if"},{"speaker":"Thomas","startTime":1776.347,"endTime":1779.852,"body":"you had a thing that arbitrarily"},{"speaker":"Thomas","startTime":1776.347,"endTime":1779.852,"body":"used signatures and encryption"},{"speaker":"Thomas","startTime":1779.852,"endTime":1782.222,"body":"with the same key pair,"},{"speaker":"Thomas","startTime":1779.852,"endTime":1782.222,"body":"like it's the obvious set of"},{"speaker":"David","startTime":1782.387,"endTime":1784.427,"body":"you get something"},{"speaker":"David","startTime":1782.387,"endTime":1784.427,"body":"signed and then you feed it"},{"speaker":"David","startTime":1784.427,"endTime":1787.367,"body":"to something, expecting to"},{"speaker":"David","startTime":1784.427,"endTime":1787.367,"body":"decrypt it, and then suddenly"},{"speaker":"David","startTime":1787.367,"endTime":1788.777,"body":"like anything that you can get."},{"speaker":"David","startTime":1789.107,"endTime":1792.137,"body":"Also as you could construct,"},{"speaker":"David","startTime":1789.107,"endTime":1792.137,"body":"so that it dec cribs valid"},{"speaker":"David","startTime":1792.137,"endTime":1793.127,"body":"and I think vice versa."},{"speaker":"Thomas","startTime":1793.982,"endTime":1795.302,"body":"Yeah, the other"},{"speaker":"Thomas","startTime":1793.982,"endTime":1795.302,"body":"way around this case,"},{"speaker":"Thomas","startTime":1795.302,"endTime":1797.402,"body":"it's, it's the, you get it"},{"speaker":"Thomas","startTime":1795.302,"endTime":1797.402,"body":"encrypted and that, and,"},{"speaker":"Thomas","startTime":1797.402,"endTime":1798.692,"body":"and that verifies it so."},{"speaker":"David","startTime":1798.857,"endTime":1799.517,"body":"That's interesting."},{"speaker":"David","startTime":1799.522,"endTime":1802.607,"body":"'cause the usual like textbook,"},{"speaker":"David","startTime":1799.522,"endTime":1802.607,"body":"oh, you screwed up your"},{"speaker":"David","startTime":1802.607,"endTime":1808.077,"body":"algorithms in a JWT is the"},{"speaker":"David","startTime":1802.607,"endTime":1808.077,"body":"hashed, uh, uh, is like HMACs"},{"speaker":"David","startTime":1808.097,"endTime":1812.147,"body":"confused with RSA public key"},{"speaker":"David","startTime":1808.097,"endTime":1812.147,"body":"where you end up using the"},{"speaker":"David","startTime":1812.147,"endTime":1815.537,"body":"public key as the secret for"},{"speaker":"David","startTime":1812.147,"endTime":1815.537,"body":"the HMAC and then that's, well,"},{"speaker":"David","startTime":1815.537,"endTime":1816.737,"body":"it's a public key, so it's not"},{"speaker":"Thomas","startTime":1816.917,"endTime":1817.697,"body":"yeah, exactly."},{"speaker":"Thomas","startTime":1818.217,"endTime":1820.427,"body":"So, so when I was thinking about"},{"speaker":"Thomas","startTime":1818.217,"endTime":1820.427,"body":"that, I was assuming it was"},{"speaker":"Thomas","startTime":1820.427,"endTime":1823.367,"body":"gonna be some like small wrinkle"},{"speaker":"Thomas","startTime":1820.427,"endTime":1823.367,"body":"on that, and it's conceptually"},{"speaker":"Thomas","startTime":1823.372,"endTime":1824.567,"body":"a very similar attack to that."},{"speaker":"Thomas","startTime":1824.597,"endTime":1827.807,"body":"Um, the precondition for that,"},{"speaker":"Thomas","startTime":1824.597,"endTime":1827.807,"body":"of having an end point that is"},{"speaker":"Thomas","startTime":1827.837,"endTime":1830.987,"body":"confus about whether a token"},{"speaker":"Thomas","startTime":1827.837,"endTime":1830.987,"body":"should be signed or encrypted."},{"speaker":"Thomas","startTime":1831.167,"endTime":1835.847,"body":"Sounds crazy to me, but,"},{"speaker":"Thomas","startTime":1831.167,"endTime":1835.847,"body":"okay, it's JWT, so whatever."},{"speaker":"Thomas","startTime":1836.027,"endTime":1836.927,"body":"Um, sure."},{"speaker":"David","startTime":1837.077,"endTime":1840.377,"body":"We've talked about this"},{"speaker":"David","startTime":1837.077,"endTime":1840.377,"body":"ad naum in previous podcasts,"},{"speaker":"David","startTime":1840.382,"endTime":1843.917,"body":"but I think this is why I like"},{"speaker":"David","startTime":1840.382,"endTime":1843.917,"body":"We slash I, it was like you can"},{"speaker":"David","startTime":1843.917,"endTime":1847.127,"body":"use JWTs but you need to like"},{"speaker":"David","startTime":1843.917,"endTime":1847.127,"body":"hard code all of your parameters"},{"speaker":"David","startTime":1847.127,"endTime":1850.397,"body":"and not accept other ones"},{"speaker":"David","startTime":1847.127,"endTime":1850.397,"body":"like is exactly this reason."},{"speaker":"David","startTime":1850.397,"endTime":1853.097,"body":"So you end up only having"},{"speaker":"David","startTime":1850.397,"endTime":1853.097,"body":"the one set that you care,"},{"speaker":"David","startTime":1853.102,"endTime":1856.457,"body":"which should probably just"},{"speaker":"David","startTime":1853.102,"endTime":1856.457,"body":"be like ECDSA signed ones."},{"speaker":"Deirdre","startTime":1856.602,"endTime":1856.892,"body":"Yeah,"},{"speaker":"Thomas","startTime":1857.012,"endTime":1859.232,"body":"I, I'm, I'm gonna try"},{"speaker":"Thomas","startTime":1857.012,"endTime":1859.232,"body":"to describe problem to you."},{"speaker":"Thomas","startTime":1859.562,"endTime":1859.982,"body":"Um,"},{"speaker":"Deirdre","startTime":1860.712,"endTime":1860.932,"body":"no."},{"speaker":"Thomas","startTime":1861.242,"endTime":1863.072,"body":"it's, it's, it's,"},{"speaker":"Thomas","startTime":1861.242,"endTime":1863.072,"body":"it's difficult for me because"},{"speaker":"Thomas","startTime":1863.072,"endTime":1867.782,"body":"I have a slide in front"},{"speaker":"Thomas","startTime":1863.072,"endTime":1867.782,"body":"of me that has JWS compact"},{"speaker":"Thomas","startTime":1867.787,"endTime":1872.822,"body":"serialization compared to"},{"speaker":"Thomas","startTime":1867.787,"endTime":1872.822,"body":"JWS flattened serialization."},{"speaker":"Deirdre","startTime":1873.382,"endTime":1873.672,"body":"What?"},{"speaker":"Thomas","startTime":1873.752,"endTime":1880.232,"body":"so in J W Ss, there"},{"speaker":"Thomas","startTime":1873.752,"endTime":1880.232,"body":"are two ways to serialize data."},{"speaker":"Deirdre","startTime":1880.682,"endTime":1881.792,"body":"No"},{"speaker":"Thomas","startTime":1881.792,"endTime":1886.592,"body":"JWT style, which is"},{"speaker":"Thomas","startTime":1881.792,"endTime":1886.592,"body":"base 64 strings separated by"},{"speaker":"Thomas","startTime":1886.592,"endTime":1889.502,"body":"periods, which is, you know,"},{"speaker":"Thomas","startTime":1886.592,"endTime":1889.502,"body":"you know it, you love it, right?"},{"speaker":"Thomas","startTime":1889.502,"endTime":1892.622,"body":"Like that's, and then"},{"speaker":"Thomas","startTime":1889.502,"endTime":1892.622,"body":"there's for, for, for reasons"},{"speaker":"Thomas","startTime":1892.622,"endTime":1893.822,"body":"passing, understanding."},{"speaker":"Thomas","startTime":1894.002,"endTime":1896.972,"body":"There's also flattened"},{"speaker":"Thomas","startTime":1894.002,"endTime":1896.972,"body":"format, which instead of"},{"speaker":"Thomas","startTime":1896.972,"endTime":1901.307,"body":"base 64 strings separated by"},{"speaker":"Thomas","startTime":1896.972,"endTime":1901.307,"body":"periods, which, in fairness"},{"speaker":"Thomas","startTime":1901.367,"endTime":1903.257,"body":"is a stupid format, right?"},{"speaker":"Thomas","startTime":1903.347,"endTime":1904.847,"body":"There's just JSON of that,"},{"speaker":"David","startTime":1905.072,"endTime":1907.022,"body":"Hey, it's easy"},{"speaker":"David","startTime":1905.072,"endTime":1907.022,"body":"to parse in a header."},{"speaker":"Thomas","startTime":1908.177,"endTime":1909.587,"body":"you have, but"},{"speaker":"Thomas","startTime":1908.177,"endTime":1909.587,"body":"you have to parse it."},{"speaker":"Thomas","startTime":1909.677,"endTime":1910.727,"body":"So, but"},{"speaker":"Thomas","startTime":1910.787,"endTime":1911.687,"body":"you could also just in."},{"speaker":"Deirdre","startTime":1911.852,"endTime":1913.982,"body":"and coatings"},{"speaker":"Deirdre","startTime":1911.852,"endTime":1913.982,"body":"and whatever."},{"speaker":"Deirdre","startTime":1913.987,"endTime":1914.242,"body":"Yeah."},{"speaker":"Thomas","startTime":1914.717,"endTime":1917.357,"body":"Instead of doing that,"},{"speaker":"Thomas","startTime":1914.717,"endTime":1917.357,"body":"you can just have a JSON Blob"},{"speaker":"Thomas","startTime":1917.537,"endTime":1920.207,"body":"where it's like the first blob"},{"speaker":"Thomas","startTime":1917.537,"endTime":1920.207,"body":"is this base 64 string, and"},{"speaker":"Thomas","startTime":1920.207,"endTime":1921.167,"body":"the second blob is this one."},{"speaker":"Thomas","startTime":1921.172,"endTime":1922.127,"body":"Just key value."},{"speaker":"Thomas","startTime":1922.127,"endTime":1922.607,"body":"Key value."},{"speaker":"Thomas","startTime":1922.612,"endTime":1923.447,"body":"Key value, right?"},{"speaker":"Thomas","startTime":1924.017,"endTime":1928.187,"body":"There are endpoints and"},{"speaker":"Thomas","startTime":1924.017,"endTime":1928.187,"body":"issuers that will alternately"},{"speaker":"Thomas","startTime":1928.192,"endTime":1929.897,"body":"use either or, right?"},{"speaker":"Thomas","startTime":1929.957,"endTime":1934.967,"body":"So like JW Crypto, the J JW"},{"speaker":"Thomas","startTime":1929.957,"endTime":1934.967,"body":"crypto Library, will first try"},{"speaker":"Thomas","startTime":1934.967,"endTime":1936.707,"body":"to decode a signature as JSON."},{"speaker":"Thomas","startTime":1937.547,"endTime":1938.867,"body":"it fails, it will fall back"},{"speaker":"Deirdre","startTime":1939.107,"endTime":1939.687,"body":"Oh no."},{"speaker":"Thomas","startTime":1939.827,"endTime":1941.867,"body":"DOT separated"},{"speaker":"Thomas","startTime":1939.827,"endTime":1941.867,"body":"base 64 strings."},{"speaker":"Deirdre","startTime":1942.367,"endTime":1943.027,"body":"Oh, no."},{"speaker":"Thomas","startTime":1945.287,"endTime":1947.267,"body":"It's, they, they"},{"speaker":"Thomas","startTime":1945.287,"endTime":1947.267,"body":"really have gone out of their"},{"speaker":"Thomas","startTime":1947.267,"endTime":1949.607,"body":"way to make a jungle gym out"},{"speaker":"Thomas","startTime":1947.267,"endTime":1949.607,"body":"of this whole system, right?"},{"speaker":"Thomas","startTime":1949.757,"endTime":1952.337,"body":"And then there are other things"},{"speaker":"Thomas","startTime":1949.757,"endTime":1952.337,"body":"that only use the flattened"},{"speaker":"Thomas","startTime":1952.337,"endTime":1953.447,"body":"JSON version of it, right?"},{"speaker":"Thomas","startTime":1953.537,"endTime":1957.977,"body":"So you can sign, you can have a"},{"speaker":"Thomas","startTime":1953.537,"endTime":1957.977,"body":"signed token, and then because"},{"speaker":"Thomas","startTime":1957.977,"endTime":1962.327,"body":"of the JSON Flattened format,"},{"speaker":"Thomas","startTime":1957.977,"endTime":1962.327,"body":"you can also take a valid"},{"speaker":"Thomas","startTime":1962.332,"endTime":1965.177,"body":"signature and then add a bunch"},{"speaker":"Thomas","startTime":1962.332,"endTime":1965.177,"body":"of additional JSON keys to it."},{"speaker":"Thomas","startTime":1965.477,"endTime":1967.892,"body":"Um, It will parse it as"},{"speaker":"Thomas","startTime":1965.477,"endTime":1967.892,"body":"if it was, oh, this is"},{"speaker":"Thomas","startTime":1967.892,"endTime":1969.572,"body":"the flat and signature,"},{"speaker":"Thomas","startTime":1967.892,"endTime":1969.572,"body":"the signature verifies."},{"speaker":"Thomas","startTime":1969.572,"endTime":1971.792,"body":"But then when you pass it"},{"speaker":"Thomas","startTime":1969.572,"endTime":1971.792,"body":"off to the application code,"},{"speaker":"Thomas","startTime":1972.002,"endTime":1973.952,"body":"it's like, oh, these are"},{"speaker":"Thomas","startTime":1972.002,"endTime":1973.952,"body":"just, this is signed data."},{"speaker":"Thomas","startTime":1973.952,"endTime":1974.462,"body":"This is great."},{"speaker":"Deirdre","startTime":1975.257,"endTime":1975.787,"body":"oh, no."},{"speaker":"Thomas","startTime":1975.902,"endTime":1978.242,"body":"those polyglot"},{"speaker":"Thomas","startTime":1975.902,"endTime":1978.242,"body":"tokens, which is"},{"speaker":"David","startTime":1978.347,"endTime":1979.757,"body":"Oh, Jesus."},{"speaker":"Thomas","startTime":1981.152,"endTime":1981.962,"body":"it's wonderful."},{"speaker":"David","startTime":1982.772,"endTime":1985.112,"body":"again, like every time"},{"speaker":"David","startTime":1982.772,"endTime":1985.112,"body":"that I've used JWTs, I've,"},{"speaker":"David","startTime":1985.112,"endTime":1987.662,"body":"I've, I joked about, it's easy"},{"speaker":"David","startTime":1985.112,"endTime":1987.662,"body":"to parse because I've doted"},{"speaker":"David","startTime":1987.662,"endTime":1989.102,"body":"my own parsing of that header."},{"speaker":"David","startTime":1989.132,"endTime":1994.202,"body":"'cause like if you have a sane"},{"speaker":"David","startTime":1989.132,"endTime":1994.202,"body":"JWT, like library, it probably"},{"speaker":"David","startTime":1994.202,"endTime":1996.962,"body":"isn't actually reaching into"},{"speaker":"David","startTime":1994.202,"endTime":1996.962,"body":"the http header for you."},{"speaker":"David","startTime":1996.967,"endTime":1999.122,"body":"And then like you can"},{"speaker":"David","startTime":1996.967,"endTime":1999.122,"body":"try and find some library"},{"speaker":"David","startTime":1999.122,"endTime":1999.902,"body":"to tie it together."},{"speaker":"David","startTime":1999.902,"endTime":2003.742,"body":"Or it can be like string dot"},{"speaker":"David","startTime":1999.902,"endTime":2003.742,"body":"explode dot, you know, if"},{"speaker":"David","startTime":2003.742,"endTime":2005.082,"body":"error does not equal nil."},{"speaker":"David","startTime":2005.392,"endTime":2007.582,"body":"And then like, pass the"},{"speaker":"David","startTime":2005.392,"endTime":2007.582,"body":"three parts into your"},{"speaker":"David","startTime":2007.582,"endTime":2009.022,"body":"JWT library yourself."},{"speaker":"Deirdre","startTime":2009.187,"endTime":2009.847,"body":"Mm-hmm."},{"speaker":"Thomas","startTime":2010.087,"endTime":2011.737,"body":"The third"},{"speaker":"Thomas","startTime":2010.087,"endTime":2011.737,"body":"vulnerability here is."},{"speaker":"Thomas","startTime":2012.487,"endTime":2014.077,"body":"It, it has high humor value."},{"speaker":"Thomas","startTime":2014.077,"endTime":2017.077,"body":"It doesn't have high real"},{"speaker":"Thomas","startTime":2014.077,"endTime":2017.077,"body":"world use value, but very"},{"speaker":"Thomas","startTime":2017.077,"endTime":2018.367,"body":"high humor value, right?"},{"speaker":"Thomas","startTime":2018.397,"endTime":2022.167,"body":"So in addition to being able"},{"speaker":"Thomas","startTime":2018.397,"endTime":2022.167,"body":"to encrypt a token with RSA"},{"speaker":"Thomas","startTime":2022.557,"endTime":2026.947,"body":"or sign a token with RSA,"},{"speaker":"Thomas","startTime":2022.557,"endTime":2026.947,"body":"or authenticate a token with"},{"speaker":"Thomas","startTime":2026.947,"endTime":2030.127,"body":"an HMAC or whatever else"},{"speaker":"Thomas","startTime":2026.947,"endTime":2030.127,"body":"you can do, you can also"},{"speaker":"Thomas","startTime":2030.347,"endTime":2033.127,"body":"encrypt a JWT with a password."},{"speaker":"Thomas","startTime":2033.307,"endTime":2035.077,"body":"I, I, I don't, whatever."},{"speaker":"Thomas","startTime":2035.197,"endTime":2035.557,"body":"Okay,"},{"speaker":"Deirdre","startTime":2036.492,"endTime":2036.942,"body":"does it"},{"speaker":"Thomas","startTime":2037.027,"endTime":2039.247,"body":"the, for"},{"speaker":"Thomas","startTime":2037.027,"endTime":2039.247,"body":"that, for that reason."},{"speaker":"David","startTime":2039.262,"endTime":2041.002,"body":"With a password Deirdre."},{"speaker":"David","startTime":2042.202,"endTime":2044.152,"body":"You encrypt it with a password."},{"speaker":"Deirdre","startTime":2044.152,"endTime":2044.662,"body":"It's like,"},{"speaker":"David","startTime":2044.782,"endTime":2046.952,"body":"Hi, I'd like to"},{"speaker":"David","startTime":2044.782,"endTime":2046.952,"body":"tell you about David's DLP"},{"speaker":"David","startTime":2046.972,"endTime":2048.802,"body":"solution where re-encrypt"},{"speaker":"David","startTime":2046.972,"endTime":2048.802,"body":"your data with a password."},{"speaker":"Thomas","startTime":2051.742,"endTime":2055.792,"body":"So look, I don't know,"},{"speaker":"Thomas","startTime":2051.742,"endTime":2055.792,"body":"it never even occurred to me"},{"speaker":"Thomas","startTime":2055.792,"endTime":2057.722,"body":"to look at password based JWT"},{"speaker":"Deirdre","startTime":2057.742,"endTime":2058.582,"body":"Oh my, I didn't"},{"speaker":"Thomas","startTime":2058.702,"endTime":2059.632,"body":"but it apparently"},{"speaker":"Deirdre","startTime":2060.502,"endTime":2061.072,"body":"Uh,"},{"speaker":"Thomas","startTime":2061.072,"endTime":2061.432,"body":"us did."},{"speaker":"Thomas","startTime":2061.432,"endTime":2063.952,"body":"And we only know it's a"},{"speaker":"Thomas","startTime":2061.432,"endTime":2063.952,"body":"thing because the only reason"},{"speaker":"Thomas","startTime":2063.952,"endTime":2066.232,"body":"it was in the spec was for"},{"speaker":"Thomas","startTime":2063.952,"endTime":2066.232,"body":"somebody to find this and write"},{"speaker":"Thomas","startTime":2066.232,"endTime":2067.312,"body":"this attack for it, right?"},{"speaker":"Thomas","startTime":2067.432,"endTime":2068.032,"body":"So,"},{"speaker":"David","startTime":2068.812,"endTime":2071.912,"body":"Watch as it turns out,"},{"speaker":"David","startTime":2068.812,"endTime":2071.912,"body":"like it's using like HPKE"},{"speaker":"David","startTime":2071.932,"endTime":2073.792,"body":"or like some super modern"},{"speaker":"Thomas","startTime":2073.792,"endTime":2073.852,"body":"is"},{"speaker":"Thomas","startTime":2073.852,"endTime":2074.452,"body":"nothing."},{"speaker":"Deirdre","startTime":2074.827,"endTime":2077.707,"body":"it, HPKE only became"},{"speaker":"Deirdre","startTime":2074.827,"endTime":2077.707,"body":"real like less than a year"},{"speaker":"Deirdre","startTime":2077.712,"endTime":2083.077,"body":"ago, so I, but sure, like if it"},{"speaker":"Deirdre","startTime":2077.712,"endTime":2083.077,"body":"uses a real K d F, like on that"},{"speaker":"Deirdre","startTime":2083.077,"endTime":2084.787,"body":"password, I will be shocked."},{"speaker":"Thomas","startTime":2084.862,"endTime":2086.842,"body":"It's a real K D F, so"},{"speaker":"David","startTime":2086.857,"endTime":2089.527,"body":"just don't understand,"},{"speaker":"David","startTime":2086.857,"endTime":2089.527,"body":"like, how, why wouldn't you"},{"speaker":"David","startTime":2089.527,"endTime":2092.957,"body":"just do the like, like we"},{"speaker":"David","startTime":2089.527,"endTime":2092.957,"body":"have symmetric, like HMAC"},{"speaker":"David","startTime":2092.977,"endTime":2096.277,"body":"ones, like why do we need,"},{"speaker":"David","startTime":2092.977,"endTime":2096.277,"body":"I guess because you, you're"},{"speaker":"David","startTime":2096.277,"endTime":2099.922,"body":"doing secret management"},{"speaker":"David","startTime":2096.277,"endTime":2099.922,"body":"by like, I remembering it?"},{"speaker":"David","startTime":2100.552,"endTime":2103.462,"body":"Like, I can't remember,"},{"speaker":"David","startTime":2100.552,"endTime":2103.462,"body":"a 32 byte secret."},{"speaker":"David","startTime":2103.462,"endTime":2104.422,"body":"I don't wanna put"},{"speaker":"David","startTime":2103.462,"endTime":2104.422,"body":"that in source."},{"speaker":"David","startTime":2104.422,"endTime":2106.822,"body":"I'll just remember"},{"speaker":"David","startTime":2104.422,"endTime":2106.822,"body":"that my JWT password is"},{"speaker":"David","startTime":2107.272,"endTime":2108.652,"body":"super secret password."},{"speaker":"Thomas","startTime":2109.507,"endTime":2111.607,"body":"Bearing in mind that"},{"speaker":"Thomas","startTime":2109.507,"endTime":2111.607,"body":"this is not like the, the most"},{"speaker":"Thomas","startTime":2111.607,"endTime":2113.257,"body":"world breaking attack ever."},{"speaker":"Thomas","startTime":2113.262,"endTime":2115.207,"body":"I, I guess it's actually"},{"speaker":"Thomas","startTime":2113.262,"endTime":2115.207,"body":"strictly speaking, the"},{"speaker":"Thomas","startTime":2115.207,"endTime":2116.677,"body":"most breaking attack"},{"speaker":"Thomas","startTime":2115.207,"endTime":2116.677,"body":"of these attacks."},{"speaker":"Thomas","startTime":2116.677,"endTime":2119.707,"body":"But I'll just give you the"},{"speaker":"Thomas","startTime":2116.677,"endTime":2119.707,"body":"token headers for when you're"},{"speaker":"Thomas","startTime":2119.707,"endTime":2121.507,"body":"doing password encryption and"},{"speaker":"Thomas","startTime":2119.707,"endTime":2121.507,"body":"you can see if you can guess"},{"speaker":"Thomas","startTime":2121.507,"endTime":2123.517,"body":"what the vulnerability is"},{"speaker":"Thomas","startTime":2121.507,"endTime":2123.517,"body":"here that he's documenting."},{"speaker":"Thomas","startTime":2123.522,"endTime":2124.117,"body":"Right?"},{"speaker":"Thomas","startTime":2124.147,"endTime":2125.527,"body":"This is not me"},{"speaker":"Thomas","startTime":2124.147,"endTime":2125.527,"body":"dunking on this talk."},{"speaker":"Thomas","startTime":2125.527,"endTime":2129.067,"body":"I, this is, this talk was"},{"speaker":"Thomas","startTime":2125.527,"endTime":2129.067,"body":"surprisingly, I, I was surprised"},{"speaker":"Thomas","startTime":2129.067,"endTime":2130.897,"body":"by how much better this talk"},{"speaker":"Thomas","startTime":2129.067,"endTime":2130.897,"body":"was than I expected it to be."},{"speaker":"Thomas","startTime":2130.897,"endTime":2131.527,"body":"This is good work."},{"speaker":"Thomas","startTime":2131.767,"endTime":2134.077,"body":"Um, not that you need me"},{"speaker":"Thomas","startTime":2131.767,"endTime":2134.077,"body":"to say this author of this"},{"speaker":"Thomas","startTime":2134.077,"endTime":2135.907,"body":"talk, but I'm just telling"},{"speaker":"Thomas","startTime":2134.077,"endTime":2135.907,"body":"you that I like this talk."},{"speaker":"Thomas","startTime":2136.147,"endTime":2139.417,"body":"So the keys in the token"},{"speaker":"Thomas","startTime":2136.147,"endTime":2139.417,"body":"header for this are alg, which"},{"speaker":"Thomas","startTime":2139.417,"endTime":2141.397,"body":"is just the algorithm that"},{"speaker":"Thomas","startTime":2139.417,"endTime":2141.397,"body":"you, that you're using to"},{"speaker":"Thomas","startTime":2141.397,"endTime":2142.867,"body":"encrypt the token with, right?"},{"speaker":"Thomas","startTime":2143.107,"endTime":2146.857,"body":"And then there's enc,"},{"speaker":"Thomas","startTime":2143.107,"endTime":2146.857,"body":"which I think is the K"},{"speaker":"Thomas","startTime":2146.857,"endTime":2147.757,"body":"D F that you're using."},{"speaker":"Thomas","startTime":2147.757,"endTime":2148.687,"body":"I think that's what it is."},{"speaker":"Thomas","startTime":2148.687,"endTime":2149.197,"body":"I'm not sure."},{"speaker":"Thomas","startTime":2149.227,"endTime":2151.357,"body":"But there's an, which is just"},{"speaker":"Thomas","startTime":2149.227,"endTime":2151.357,"body":"another algorithm, right?"},{"speaker":"Thomas","startTime":2151.717,"endTime":2154.957,"body":"There's P2S, which is, I"},{"speaker":"Deirdre","startTime":2155.137,"endTime":2155.587,"body":"Password"},{"speaker":"Thomas","startTime":2155.767,"endTime":2156.097,"body":"string."},{"speaker":"Thomas","startTime":2156.097,"endTime":2158.737,"body":"like the hashed password ha,"},{"speaker":"Thomas","startTime":2156.097,"endTime":2158.737,"body":"the password hashed string."},{"speaker":"Deirdre","startTime":2159.267,"endTime":2159.387,"body":"Hmm."},{"speaker":"Thomas","startTime":2159.997,"endTime":2164.017,"body":"And then there's P2C,"},{"speaker":"Thomas","startTime":2159.997,"endTime":2164.017,"body":"which is the iteration count on."},{"speaker":"Deirdre","startTime":2164.687,"endTime":2168.817,"body":"Oh, so literally"},{"speaker":"Deirdre","startTime":2164.687,"endTime":2168.817,"body":"you can just tell it"},{"speaker":"Deirdre","startTime":2168.817,"endTime":2170.137,"body":"like, don't, this is like."},{"speaker":"Deirdre","startTime":2170.737,"endTime":2171.847,"body":"The, what's"},{"speaker":"David","startTime":2171.927,"endTime":2172.437,"body":"tell me it's"},{"speaker":"David","startTime":2172.442,"endTime":2173.097,"body":"zero."},{"speaker":"Deirdre","startTime":2173.917,"endTime":2174.457,"body":"Like, oh"},{"speaker":"Thomas","startTime":2174.532,"endTime":2175.462,"body":"oh I don't"},{"speaker":"Thomas","startTime":2174.532,"endTime":2175.462,"body":"know about zero."},{"speaker":"Thomas","startTime":2175.462,"endTime":2176.812,"body":"Zero is a zero is"},{"speaker":"Thomas","startTime":2175.462,"endTime":2176.812,"body":"a good thought."},{"speaker":"Thomas","startTime":2176.812,"endTime":2177.052,"body":"Right."},{"speaker":"Thomas","startTime":2177.057,"endTime":2179.182,"body":"But the, the, the vulnerability"},{"speaker":"Thomas","startTime":2177.057,"endTime":2179.182,"body":"here is you can set it to like"},{"speaker":"Thomas","startTime":2179.182,"endTime":2182.542,"body":"4 billion and then just every"},{"speaker":"Thomas","startTime":2179.182,"endTime":2182.542,"body":"time you try to verify the"},{"speaker":"Thomas","startTime":2182.547,"endTime":2185.512,"body":"token, it's have to do, like"},{"speaker":"Thomas","startTime":2182.547,"endTime":2185.512,"body":"solve Bitcoin or whatever."},{"speaker":"Thomas","startTime":2185.512,"endTime":2185.782,"body":"Right."},{"speaker":"Thomas","startTime":2185.782,"endTime":2186.562,"body":"It's, it's great."},{"speaker":"Deirdre","startTime":2187.357,"endTime":2188.137,"body":"That's awesome."},{"speaker":"Thomas","startTime":2188.602,"endTime":2189.772,"body":"So it's a doss, right?"},{"speaker":"Thomas","startTime":2189.777,"endTime":2192.302,"body":"But it's like, but it's, it's,"},{"speaker":"Thomas","startTime":2189.777,"endTime":2192.302,"body":"it's, it's a very beautiful DOS."},{"speaker":"Thomas","startTime":2192.322,"endTime":2192.772,"body":"So,"},{"speaker":"Deirdre","startTime":2192.907,"endTime":2195.787,"body":"Yeah, there's"},{"speaker":"Deirdre","startTime":2192.907,"endTime":2195.787,"body":"no range of valid."},{"speaker":"Deirdre","startTime":2196.522,"endTime":2199.032,"body":"Count P two C in the spec?."},{"speaker":"Deirdre","startTime":2199.342,"endTime":2199.632,"body":"Like,"},{"speaker":"Thomas","startTime":2200.482,"endTime":2202.992,"body":"I mean, I'm, I'm"},{"speaker":"Thomas","startTime":2200.482,"endTime":2202.992,"body":"sure somewhere in some"},{"speaker":"Thomas","startTime":2202.992,"endTime":2205.582,"body":"spec there is a range of"},{"speaker":"Thomas","startTime":2202.992,"endTime":2205.582,"body":"possible valid things."},{"speaker":"Thomas","startTime":2205.582,"endTime":2208.312,"body":"It's like somewhere else"},{"speaker":"Thomas","startTime":2205.582,"endTime":2208.312,"body":"it says, don't use the"},{"speaker":"Thomas","startTime":2208.312,"endTime":2209.752,"body":"same key pair with both."},{"speaker":"Thomas","startTime":2210.142,"endTime":2212.602,"body":"Don't accept both signed"},{"speaker":"Thomas","startTime":2210.142,"endTime":2212.602,"body":"and encrypted tokens."},{"speaker":"Thomas","startTime":2212.902,"endTime":2213.532,"body":"Pick one."},{"speaker":"Thomas","startTime":2213.532,"endTime":2215.032,"body":"I'm sure that says"},{"speaker":"Thomas","startTime":2213.532,"endTime":2215.032,"body":"that somewhere."},{"speaker":"Thomas","startTime":2215.302,"endTime":2218.292,"body":"So Tom Vert., The author"},{"speaker":"Thomas","startTime":2215.302,"endTime":2218.292,"body":"of three new Attacks"},{"speaker":"Thomas","startTime":2218.292,"endTime":2219.372,"body":"against JSON Web tokens."},{"speaker":"Thomas","startTime":2219.372,"endTime":2220.122,"body":"It's online."},{"speaker":"Thomas","startTime":2220.122,"endTime":2222.042,"body":"You can read his web"},{"speaker":"Thomas","startTime":2220.122,"endTime":2222.042,"body":"paper, uh, his white paper"},{"speaker":"Thomas","startTime":2222.042,"endTime":2222.942,"body":"on the Black Hat site."},{"speaker":"Thomas","startTime":2222.972,"endTime":2224.412,"body":"Um, I like this talk."},{"speaker":"Thomas","startTime":2224.622,"endTime":2226.332,"body":"I'm happy this"},{"speaker":"Thomas","startTime":2224.622,"endTime":2226.332,"body":"talk got accepted."},{"speaker":"Thomas","startTime":2226.362,"endTime":2227.412,"body":"This is good stuff."},{"speaker":"Thomas","startTime":2227.472,"endTime":2230.202,"body":"Um, thank you for giving"},{"speaker":"Thomas","startTime":2227.472,"endTime":2230.202,"body":"us a solid 10 minutes"},{"speaker":"Thomas","startTime":2230.202,"endTime":2231.042,"body":"of funny stuff to talk"},{"speaker":"Thomas","startTime":2231.047,"endTime":2232.062,"body":"about on this podcast."},{"speaker":"David","startTime":2232.297,"endTime":2232.417,"body":"Mm-hmm."},{"speaker":"David","startTime":2233.227,"endTime":2236.287,"body":"There was one other crypto"},{"speaker":"David","startTime":2233.227,"endTime":2236.287,"body":"talk that I don't actually"},{"speaker":"David","startTime":2236.287,"endTime":2237.877,"body":"know if it was on the"},{"speaker":"David","startTime":2236.287,"endTime":2237.877,"body":"cryptography track or not."},{"speaker":"Deirdre","startTime":2238.402,"endTime":2238.942,"body":"Oh God."},{"speaker":"Deirdre","startTime":2239.062,"endTime":2239.482,"body":"Oh God."},{"speaker":"Deirdre","startTime":2239.512,"endTime":2242.482,"body":"Okay, so this in his talk,"},{"speaker":"Deirdre","startTime":2239.512,"endTime":2242.482,"body":"a section from the spec,"},{"speaker":"Deirdre","startTime":2242.482,"endTime":2244.522,"body":"P two C, blah, blah, blah."},{"speaker":"Deirdre","startTime":2244.762,"endTime":2248.002,"body":"It just a minimum iteration"},{"speaker":"Deirdre","startTime":2244.762,"endTime":2248.002,"body":"count of 1000 is recommended,"},{"speaker":"Deirdre","startTime":2248.002,"endTime":2251.542,"body":"but it does not seem to specify"},{"speaker":"Deirdre","startTime":2248.002,"endTime":2251.542,"body":"like a constrained range."},{"speaker":"Deirdre","startTime":2251.722,"endTime":2253.042,"body":"It's just sort of like it is an"},{"speaker":"Thomas","startTime":2253.102,"endTime":2255.352,"body":"Yeah, there's"},{"speaker":"Thomas","startTime":2253.102,"endTime":2255.352,"body":"your, there's your zero."},{"speaker":"Thomas","startTime":2255.382,"endTime":2256.372,"body":"No one's gonna do zero."},{"speaker":"Deirdre","startTime":2258.022,"endTime":2258.652,"body":"Oh God."},{"speaker":"David","startTime":2258.667,"endTime":2260.557,"body":"This goes back to a"},{"speaker":"David","startTime":2258.667,"endTime":2260.557,"body":"broader point of if you're"},{"speaker":"David","startTime":2260.557,"endTime":2263.767,"body":"using JWTs, anything that"},{"speaker":"David","startTime":2260.557,"endTime":2263.767,"body":"is a parameter in the JW"},{"speaker":"David","startTime":2263.767,"endTime":2266.167,"body":"T, pick one and hard code"},{"speaker":"David","startTime":2263.767,"endTime":2266.167,"body":"it into your code and do"},{"speaker":"David","startTime":2266.167,"endTime":2267.817,"body":"not read it from the input."},{"speaker":"David","startTime":2267.817,"endTime":2270.607,"body":"Like just ensure that it"},{"speaker":"David","startTime":2267.817,"endTime":2270.607,"body":"matches your hardcoded thing"},{"speaker":"David","startTime":2270.607,"endTime":2271.957,"body":"and then do the hardcoded thing."},{"speaker":"Deirdre","startTime":2272.657,"endTime":2272.947,"body":"Yeah."},{"speaker":"Thomas","startTime":2273.517,"endTime":2275.017,"body":"So, uh, what"},{"speaker":"Thomas","startTime":2273.517,"endTime":2275.017,"body":"else happened on y'alls"},{"speaker":"Thomas","startTime":2275.017,"endTime":2275.767,"body":"summer vacations?"},{"speaker":"Thomas","startTime":2275.797,"endTime":2278.407,"body":"I got the greatest monitor"},{"speaker":"Thomas","startTime":2275.797,"endTime":2278.407,"body":"upgrade of my life, which is"},{"speaker":"Thomas","startTime":2278.407,"endTime":2279.697,"body":"that I now wear reading glasses."},{"speaker":"Deirdre","startTime":2282.547,"endTime":2284.317,"body":"And that's probably"},{"speaker":"Deirdre","startTime":2282.547,"endTime":2284.317,"body":"the cheapest too, out of"},{"speaker":"Deirdre","startTime":2284.317,"endTime":2285.757,"body":"all your possible options."},{"speaker":"Thomas","startTime":2286.327,"endTime":2286.807,"body":"It's pretty"},{"speaker":"David","startTime":2286.807,"endTime":2288.697,"body":"Um, I was gonna"},{"speaker":"David","startTime":2286.807,"endTime":2288.697,"body":"say, don't you normally"},{"speaker":"David","startTime":2288.697,"endTime":2289.777,"body":"work on a couch?"},{"speaker":"David","startTime":2289.777,"endTime":2291.157,"body":"Like do you even use a monitor?"},{"speaker":"Thomas","startTime":2292.162,"endTime":2293.542,"body":"Well, no,"},{"speaker":"Thomas","startTime":2292.162,"endTime":2293.542,"body":"with my laptop, right?"},{"speaker":"Thomas","startTime":2293.542,"endTime":2293.872,"body":"But like,"},{"speaker":"Thomas","startTime":2293.872,"endTime":2297.142,"body":"yes, it's still like this"},{"speaker":"Thomas","startTime":2293.872,"endTime":2297.142,"body":"is far greater than any mo"},{"speaker":"Thomas","startTime":2297.172,"endTime":2298.192,"body":"monitor I've ever owned."},{"speaker":"Thomas","startTime":2298.192,"endTime":2300.502,"body":"Is this way, way better"},{"speaker":"Thomas","startTime":2298.192,"endTime":2300.502,"body":"than the retina upgrade?"},{"speaker":"Thomas","startTime":2300.712,"endTime":2303.322,"body":"It's like I put the glasses on"},{"speaker":"Thomas","startTime":2300.712,"endTime":2303.322,"body":"and I'm like, this looks stupid."},{"speaker":"Thomas","startTime":2303.322,"endTime":2304.102,"body":"I look stupid."},{"speaker":"Thomas","startTime":2304.282,"endTime":2305.482,"body":"And I took the glasses off like."},{"speaker":"Thomas","startTime":2305.742,"endTime":2307.032,"body":"Holy shit, I'm a fucking idiot."},{"speaker":"Thomas","startTime":2307.482,"endTime":2308.862,"body":"I can't believe"},{"speaker":"Thomas","startTime":2307.482,"endTime":2308.862,"body":"I'm, I don't know."},{"speaker":"Thomas","startTime":2308.892,"endTime":2311.052,"body":"I don't know what I was doing"},{"speaker":"Thomas","startTime":2308.892,"endTime":2311.052,"body":"in the months leading up to it."},{"speaker":"Thomas","startTime":2311.052,"endTime":2312.192,"body":"Clearly not looking at anything."},{"speaker":"Thomas","startTime":2312.192,"endTime":2315.012,"body":"I feel like my brain was just"},{"speaker":"Thomas","startTime":2312.192,"endTime":2315.012,"body":"like putting the words together"},{"speaker":"Thomas","startTime":2315.012,"endTime":2316.362,"body":"from the context cues and stuff."},{"speaker":"Thomas","startTime":2316.362,"endTime":2318.672,"body":"Like your brain can"},{"speaker":"Thomas","startTime":2316.362,"endTime":2318.672,"body":"sort of sort out things."},{"speaker":"Thomas","startTime":2318.882,"endTime":2320.532,"body":"Um, you know, if you"},{"speaker":"Thomas","startTime":2318.882,"endTime":2320.532,"body":"scramble up the letters,"},{"speaker":"Thomas","startTime":2320.532,"endTime":2321.492,"body":"I can still read things."},{"speaker":"Thomas","startTime":2321.672,"endTime":2322.932,"body":"I think that's what"},{"speaker":"Thomas","startTime":2321.672,"endTime":2322.932,"body":"my brain was doing."},{"speaker":"Thomas","startTime":2322.932,"endTime":2325.482,"body":"'cause now I'm, I'm,"},{"speaker":"Thomas","startTime":2322.932,"endTime":2325.482,"body":"I'm completely dependent"},{"speaker":"Thomas","startTime":2325.482,"endTime":2326.292,"body":"on the reading glasses."},{"speaker":"Thomas","startTime":2326.442,"endTime":2327.012,"body":"It's great."},{"speaker":"Thomas","startTime":2327.042,"endTime":2328.092,"body":"I'm very happy about this."},{"speaker":"Thomas","startTime":2328.092,"endTime":2329.052,"body":"I have a much better monitor."},{"speaker":"Thomas","startTime":2329.052,"endTime":2330.102,"body":"What else happened"},{"speaker":"Thomas","startTime":2329.052,"endTime":2330.102,"body":"in your summer?"},{"speaker":"Deirdre","startTime":2330.277,"endTime":2331.087,"body":"What else happened?"},{"speaker":"Deirdre","startTime":2331.147,"endTime":2335.557,"body":"Um, a cool thing that came out"},{"speaker":"Deirdre","startTime":2331.147,"endTime":2335.557,"body":"a couple of days, weeks ago, I"},{"speaker":"Deirdre","startTime":2335.562,"endTime":2339.487,"body":"don't know, time times a flat"},{"speaker":"Deirdre","startTime":2335.562,"endTime":2339.487,"body":"circle, Google, and I think"},{"speaker":"Deirdre","startTime":2339.487,"endTime":2344.497,"body":"Yubico, um, and some researchers"},{"speaker":"Deirdre","startTime":2339.487,"endTime":2344.497,"body":"at ETH Zurich implemented and"},{"speaker":"Deirdre","startTime":2344.497,"endTime":2350.257,"body":"designed a post quantum secure"},{"speaker":"Deirdre","startTime":2344.497,"endTime":2350.257,"body":"variant of FIDO2, like a, you"},{"speaker":"Deirdre","startTime":2350.257,"endTime":2353.602,"body":"know, a post quantum resilient"},{"speaker":"Deirdre","startTime":2350.257,"endTime":2353.602,"body":"like YubiKey basically."},{"speaker":"Deirdre","startTime":2353.692,"endTime":2355.222,"body":"And this is, this is just cool."},{"speaker":"Deirdre","startTime":2355.222,"endTime":2357.952,"body":"Like, there's a couple of"},{"speaker":"Deirdre","startTime":2355.222,"endTime":2357.952,"body":"interesting things about this."},{"speaker":"Deirdre","startTime":2357.952,"endTime":2360.982,"body":"There's one, the design, which"},{"speaker":"Deirdre","startTime":2357.952,"endTime":2360.982,"body":"is, I'm gonna go on a little"},{"speaker":"Deirdre","startTime":2360.982,"endTime":2362.062,"body":"rant about this in a second."},{"speaker":"Deirdre","startTime":2362.422,"endTime":2362.932,"body":"Uh,"},{"speaker":"Thomas","startTime":2362.977,"endTime":2364.717,"body":"uses a"},{"speaker":"Thomas","startTime":2362.977,"endTime":2364.717,"body":"quantum processor."},{"speaker":"Deirdre","startTime":2364.912,"endTime":2365.132,"body":"uh,"},{"speaker":"Thomas","startTime":2366.637,"endTime":2368.887,"body":"I'm looking at a picture"},{"speaker":"Thomas","startTime":2366.637,"endTime":2368.887,"body":"labeled quantum processor."},{"speaker":"Deirdre","startTime":2369.697,"endTime":2371.887,"body":"I, I have a feeling"},{"speaker":"Deirdre","startTime":2369.697,"endTime":2371.887,"body":"that's just a brand name."},{"speaker":"Deirdre","startTime":2373.087,"endTime":2376.087,"body":"I just love to call,"},{"speaker":"Deirdre","startTime":2373.087,"endTime":2376.087,"body":"whatever, names, don't"},{"speaker":"Deirdre","startTime":2376.087,"endTime":2377.137,"body":"mean anything anymore."},{"speaker":"Deirdre","startTime":2377.707,"endTime":2380.587,"body":"One nice they used Dilithium,"},{"speaker":"Deirdre","startTime":2377.707,"endTime":2380.587,"body":"they used the Dilithium"},{"speaker":"Deirdre","startTime":2380.677,"endTime":2383.707,"body":"signing algorithm, which"},{"speaker":"Deirdre","startTime":2380.677,"endTime":2383.707,"body":"is related to kyber."},{"speaker":"Deirdre","startTime":2383.737,"endTime":2387.397,"body":"It's like one of the three"},{"speaker":"Deirdre","startTime":2383.737,"endTime":2387.397,"body":"things that came out of the"},{"speaker":"Deirdre","startTime":2387.397,"endTime":2390.907,"body":"NIST post quantum competition"},{"speaker":"Deirdre","startTime":2387.397,"endTime":2390.907,"body":"that finished like a year"},{"speaker":"Deirdre","startTime":2390.907,"endTime":2392.557,"body":"ago or less than a year ago."},{"speaker":"Deirdre","startTime":2393.427,"endTime":2394.237,"body":"It might not have"},{"speaker":"Deirdre","startTime":2393.427,"endTime":2394.237,"body":"been a year ago."},{"speaker":"Deirdre","startTime":2394.237,"endTime":2395.407,"body":"It might have only"},{"speaker":"Deirdre","startTime":2394.237,"endTime":2395.407,"body":"been six months ago."},{"speaker":"David","startTime":2395.782,"endTime":2397.792,"body":"Also, it depends on"},{"speaker":"David","startTime":2395.782,"endTime":2397.792,"body":"what you mean by finished."},{"speaker":"David","startTime":2397.822,"endTime":2399.892,"body":"'cause they're like, we"},{"speaker":"David","startTime":2397.822,"endTime":2399.892,"body":"picked the things now we're"},{"speaker":"David","startTime":2399.922,"endTime":2402.352,"body":"still gonna dink around"},{"speaker":"David","startTime":2399.922,"endTime":2402.352,"body":"for, uh, for another year to"},{"speaker":"David","startTime":2402.352,"endTime":2403.252,"body":"actually standardize them."},{"speaker":"David","startTime":2403.252,"endTime":2405.502,"body":"Not because they're going slow,"},{"speaker":"David","startTime":2403.252,"endTime":2405.502,"body":"but because after you picked"},{"speaker":"David","startTime":2405.502,"endTime":2407.452,"body":"the algorithms, there's actually"},{"speaker":"David","startTime":2405.502,"endTime":2407.452,"body":"still a lot of work to do."},{"speaker":"Deirdre","startTime":2407.617,"endTime":2408.487,"body":"Yes, exactly."},{"speaker":"Deirdre","startTime":2408.547,"endTime":2411.757,"body":"Uh, I think they came out with"},{"speaker":"Deirdre","startTime":2408.547,"endTime":2411.757,"body":"some draft specs for these three"},{"speaker":"Deirdre","startTime":2411.757,"endTime":2413.857,"body":"things literally a week ago."},{"speaker":"Deirdre","startTime":2413.857,"endTime":2416.587,"body":"So there's stuff happening,"},{"speaker":"Deirdre","startTime":2413.857,"endTime":2416.587,"body":"but there's also more stuff"},{"speaker":"Deirdre","startTime":2416.587,"endTime":2418.867,"body":"happening with signatures and"},{"speaker":"Deirdre","startTime":2416.587,"endTime":2418.867,"body":"we'll talk about that later."},{"speaker":"Deirdre","startTime":2419.369,"endTime":2422.245,"body":"Basically they nest"},{"speaker":"Deirdre","startTime":2419.369,"endTime":2422.245,"body":"these signatures."},{"speaker":"Deirdre","startTime":2422.245,"endTime":2424.495,"body":"So they, hey, you have your"},{"speaker":"Deirdre","startTime":2422.245,"endTime":2424.495,"body":"message, you're trying to sign,"},{"speaker":"Deirdre","startTime":2424.495,"endTime":2427.855,"body":"whatever that is, a challenge"},{"speaker":"Deirdre","startTime":2424.495,"endTime":2427.855,"body":"from, you know, your, you know,"},{"speaker":"Deirdre","startTime":2427.855,"endTime":2431.605,"body":"web service that's doing a"},{"speaker":"Deirdre","startTime":2427.855,"endTime":2431.605,"body":"you a FIDO2 challenge to you."},{"speaker":"Deirdre","startTime":2431.995,"endTime":2436.375,"body":"Um, and you need to sign it"},{"speaker":"Deirdre","startTime":2431.995,"endTime":2436.375,"body":"with, by the signing secret"},{"speaker":"Deirdre","startTime":2436.38,"endTime":2440.185,"body":"key, uh, that corresponds to"},{"speaker":"Deirdre","startTime":2436.38,"endTime":2440.185,"body":"the verifying, uh, public key"},{"speaker":"Deirdre","startTime":2440.185,"endTime":2443.315,"body":"that you registered with the"},{"speaker":"Deirdre","startTime":2440.185,"endTime":2443.315,"body":"service when you did your FIDO2,"},{"speaker":"Deirdre","startTime":2443.335,"endTime":2445.045,"body":"uh, registration thingy dance."},{"speaker":"Deirdre","startTime":2445.435,"endTime":2448.835,"body":"So the way they updated it is"},{"speaker":"Deirdre","startTime":2445.435,"endTime":2448.835,"body":"that, you have your message,"},{"speaker":"Deirdre","startTime":2448.955,"endTime":2451.925,"body":"you sign it with the classical"},{"speaker":"Deirdre","startTime":2448.955,"endTime":2451.925,"body":"signature scheme, which is"},{"speaker":"Deirdre","startTime":2451.925,"endTime":2457.715,"body":"ECDSA, and then you sign the"},{"speaker":"Deirdre","startTime":2451.925,"endTime":2457.715,"body":"message and the signature,"},{"speaker":"Deirdre","startTime":2457.775,"endTime":2462.005,"body":"the classical ECDSA signature,"},{"speaker":"Deirdre","startTime":2457.775,"endTime":2462.005,"body":"with your Dilithium signature."},{"speaker":"Deirdre","startTime":2462.335,"endTime":2465.215,"body":"Um, and they call this"},{"speaker":"Deirdre","startTime":2462.335,"endTime":2465.215,"body":"hybrid, and I guess it's"},{"speaker":"Deirdre","startTime":2465.22,"endTime":2468.635,"body":"technically hybrid because"},{"speaker":"Deirdre","startTime":2465.22,"endTime":2468.635,"body":"it's classical and post"},{"speaker":"Deirdre","startTime":2468.635,"endTime":2470.885,"body":"quantum, but it's nested."},{"speaker":"Deirdre","startTime":2470.885,"endTime":2475.625,"body":"So if the post"},{"speaker":"Deirdre","startTime":2470.885,"endTime":2475.625,"body":"quantum scheme breaks."},{"speaker":"Deirdre","startTime":2476.165,"endTime":2480.245,"body":"Which seems to be, you know,"},{"speaker":"Deirdre","startTime":2476.165,"endTime":2480.245,"body":"we've had breakage of post"},{"speaker":"Deirdre","startTime":2480.245,"endTime":2484.095,"body":"quantum schemes in the recent"},{"speaker":"Deirdre","startTime":2480.245,"endTime":2484.095,"body":"past, you still have an ECDSA"},{"speaker":"Deirdre","startTime":2484.115,"endTime":2487.175,"body":"signature over a message that"},{"speaker":"Deirdre","startTime":2484.115,"endTime":2487.175,"body":"you have to verify as well,"},{"speaker":"Deirdre","startTime":2487.235,"endTime":2491.765,"body":"but you can verify the post"},{"speaker":"Deirdre","startTime":2487.235,"endTime":2491.765,"body":"quantum one as a sort of a no"},{"speaker":"Deirdre","startTime":2491.765,"endTime":2493.415,"body":"op if you don't turn that off."},{"speaker":"Deirdre","startTime":2493.835,"endTime":2497.705,"body":"If your ECDSA breaks because"},{"speaker":"Deirdre","startTime":2493.835,"endTime":2497.705,"body":"of the quantum computer"},{"speaker":"Deirdre","startTime":2497.705,"endTime":2500.555,"body":"comes online, um, you'll"},{"speaker":"Deirdre","startTime":2497.705,"endTime":2500.555,"body":"verify the post quantum one."},{"speaker":"Deirdre","startTime":2500.915,"endTime":2504.215,"body":"And the ECDSA part becomes"},{"speaker":"Deirdre","startTime":2500.915,"endTime":2504.215,"body":"a no op or you just skip"},{"speaker":"Deirdre","startTime":2504.215,"endTime":2506.795,"body":"it, but it's just a blob"},{"speaker":"Deirdre","startTime":2504.215,"endTime":2506.795,"body":"that you're signing over."},{"speaker":"Deirdre","startTime":2506.795,"endTime":2507.725,"body":"So there's that."},{"speaker":"Deirdre","startTime":2507.905,"endTime":2508.595,"body":"This is cool."},{"speaker":"Deirdre","startTime":2508.625,"endTime":2511.235,"body":"Uh, they implemented it,"},{"speaker":"Deirdre","startTime":2508.625,"endTime":2511.235,"body":"they implemented it in Rust."},{"speaker":"Deirdre","startTime":2511.235,"endTime":2515.105,"body":"They were able to, uh, get it"},{"speaker":"Deirdre","startTime":2511.235,"endTime":2515.105,"body":"small enough for, uh, such a"},{"speaker":"Deirdre","startTime":2515.105,"endTime":2517.205,"body":"constrained hardware target."},{"speaker":"Deirdre","startTime":2517.295,"endTime":2519.305,"body":"They only require 20"},{"speaker":"Deirdre","startTime":2517.295,"endTime":2519.305,"body":"kilobytes of memory."},{"speaker":"Deirdre","startTime":2519.545,"endTime":2522.155,"body":"That's a nice achievement"},{"speaker":"Deirdre","startTime":2519.545,"endTime":2522.155,"body":"because you know, some of"},{"speaker":"Deirdre","startTime":2522.155,"endTime":2525.245,"body":"these you know, lattice based"},{"speaker":"Deirdre","startTime":2522.155,"endTime":2525.245,"body":"post quantum schemes are"},{"speaker":"Deirdre","startTime":2525.335,"endTime":2527.915,"body":"a little bit big and, you"},{"speaker":"Deirdre","startTime":2525.335,"endTime":2527.915,"body":"know, we don't have as much"},{"speaker":"Deirdre","startTime":2528.395,"endTime":2531.425,"body":"experience on implementing"},{"speaker":"Deirdre","startTime":2528.395,"endTime":2531.425,"body":"them and deploying them for,"},{"speaker":"Deirdre","startTime":2531.455,"endTime":2534.425,"body":"uh, constrained devices,"},{"speaker":"Deirdre","startTime":2531.455,"endTime":2534.425,"body":"uh, let alone with Rust."},{"speaker":"Deirdre","startTime":2534.425,"endTime":2535.385,"body":"So that's very exciting."},{"speaker":"Deirdre","startTime":2535.955,"endTime":2540.905,"body":"I'm mildly annoyed, because"},{"speaker":"Deirdre","startTime":2535.955,"endTime":2540.905,"body":"we've been talking about hybrid"},{"speaker":"Deirdre","startTime":2541.46,"endTime":2545.72,"body":"protocols using classical and"},{"speaker":"Deirdre","startTime":2541.46,"endTime":2545.72,"body":"post quantum primitives in"},{"speaker":"Deirdre","startTime":2545.725,"endTime":2550.55,"body":"the context of things like"},{"speaker":"Deirdre","startTime":2545.725,"endTime":2550.55,"body":"TLS or say signal anywhere,"},{"speaker":"Deirdre","startTime":2550.55,"endTime":2553.88,"body":"you might use Diffie-Hellman,"},{"speaker":"Deirdre","startTime":2550.55,"endTime":2553.88,"body":"and the way you use them in"},{"speaker":"Deirdre","startTime":2553.885,"endTime":2557.96,"body":"a, in a hybrid setting for"},{"speaker":"Deirdre","startTime":2553.885,"endTime":2557.96,"body":"that is you do your classical"},{"speaker":"Deirdre","startTime":2558.05,"endTime":2559.28,"body":"elliptic curve Diffie Hellman."},{"speaker":"Deirdre","startTime":2559.52,"endTime":2563.48,"body":"You do your post quantum"},{"speaker":"Deirdre","startTime":2559.52,"endTime":2563.48,"body":"whoosie-whatsit Kyber,"},{"speaker":"Thomas","startTime":2563.72,"endTime":2565.19,"body":"then you just"},{"speaker":"Thomas","startTime":2563.72,"endTime":2565.19,"body":"H K D F from together."},{"speaker":"Deirdre","startTime":2565.4,"endTime":2568.19,"body":"Yeah, you can cap them"},{"speaker":"Deirdre","startTime":2565.4,"endTime":2568.19,"body":"together and then you just take"},{"speaker":"Deirdre","startTime":2568.19,"endTime":2572.54,"body":"that blob and you H K D F them"},{"speaker":"Deirdre","startTime":2568.19,"endTime":2572.54,"body":"or do whatever your K D F is."},{"speaker":"Deirdre","startTime":2572.93,"endTime":2575.3,"body":"They're very side"},{"speaker":"Deirdre","startTime":2572.93,"endTime":2575.3,"body":"by side, right?"},{"speaker":"Deirdre","startTime":2575.42,"endTime":2578.66,"body":"In this setting, they are"},{"speaker":"Deirdre","startTime":2575.42,"endTime":2578.66,"body":"nested, and I'm annoyed."},{"speaker":"Deirdre","startTime":2579.56,"endTime":2583.01,"body":"I'm not annoyed because it's"},{"speaker":"Deirdre","startTime":2579.56,"endTime":2583.01,"body":"a bad design, because it makes"},{"speaker":"Deirdre","startTime":2583.01,"endTime":2587.125,"body":"sense in the kind of, Signing"},{"speaker":"Deirdre","startTime":2583.01,"endTime":2587.125,"body":"cascade of what you're trying"},{"speaker":"Deirdre","startTime":2587.125,"endTime":2591.205,"body":"to assert and, you know, commit"},{"speaker":"Deirdre","startTime":2587.125,"endTime":2591.205,"body":"to with these signatures."},{"speaker":"Deirdre","startTime":2591.205,"endTime":2593.545,"body":"So the, the post quantum"},{"speaker":"Deirdre","startTime":2591.205,"endTime":2593.545,"body":"signature is committing"},{"speaker":"Deirdre","startTime":2593.545,"endTime":2597.985,"body":"to both the message and"},{"speaker":"Deirdre","startTime":2593.545,"endTime":2597.985,"body":"the classical signature."},{"speaker":"Deirdre","startTime":2598.225,"endTime":2600.295,"body":"The classical signature's not"},{"speaker":"Deirdre","startTime":2598.225,"endTime":2600.295,"body":"going the other way around,"},{"speaker":"Deirdre","startTime":2600.295,"endTime":2603.415,"body":"but in theory, if the, the"},{"speaker":"Deirdre","startTime":2600.295,"endTime":2603.415,"body":"quantum computers come online"},{"speaker":"Deirdre","startTime":2603.415,"endTime":2605.575,"body":"and the post quantum signatures"},{"speaker":"Deirdre","startTime":2603.415,"endTime":2605.575,"body":"are the thing that are long"},{"speaker":"Deirdre","startTime":2605.575,"endTime":2607.685,"body":"lived, we're okay with that."},{"speaker":"Deirdre","startTime":2608.045,"endTime":2609.995,"body":"I'm just annoyed that"},{"speaker":"Deirdre","startTime":2608.045,"endTime":2609.995,"body":"they're both called hybrid,"},{"speaker":"Deirdre","startTime":2610.535,"endTime":2613.325,"body":"because one of them is nested"},{"speaker":"Deirdre","startTime":2610.535,"endTime":2613.325,"body":"and the other one is not."},{"speaker":"Deirdre","startTime":2613.955,"endTime":2616.145,"body":"One of concatted and"},{"speaker":"Deirdre","startTime":2613.955,"endTime":2616.145,"body":"one of them is nested."},{"speaker":"Deirdre","startTime":2616.175,"endTime":2616.745,"body":"I'm annoyed."},{"speaker":"Deirdre","startTime":2617.105,"endTime":2617.315,"body":"Just"},{"speaker":"David","startTime":2617.315,"endTime":2619.325,"body":"I make your day"},{"speaker":"David","startTime":2617.315,"endTime":2619.325,"body":"even worse and tell you"},{"speaker":"David","startTime":2619.325,"endTime":2620.435,"body":"about another hybrid?"},{"speaker":"Deirdre","startTime":2620.585,"endTime":2622.115,"body":"No, is it a car?"},{"speaker":"David","startTime":2622.895,"endTime":2623.375,"body":"No."},{"speaker":"David","startTime":2623.435,"endTime":2626.675,"body":"Um, in crypto for, for post"},{"speaker":"David","startTime":2623.435,"endTime":2626.675,"body":"quantum stuff, there's like a"},{"speaker":"David","startTime":2626.675,"endTime":2629.315,"body":"proposal at IETF, I think I T f."},{"speaker":"David","startTime":2629.375,"endTime":2633.545,"body":"That was for like starting"},{"speaker":"David","startTime":2629.375,"endTime":2633.545,"body":"to talk about shoving post"},{"speaker":"David","startTime":2633.545,"endTime":2636.015,"body":"quantum signatures into X.509."},{"speaker":"David","startTime":2636.035,"endTime":2639.545,"body":"Which like, but probably"},{"speaker":"David","startTime":2636.035,"endTime":2639.545,"body":"gonna happen at some point."},{"speaker":"David","startTime":2639.935,"endTime":2642.755,"body":"But, um, they were like, you"},{"speaker":"David","startTime":2639.935,"endTime":2642.755,"body":"know, to do hybrid there, the"},{"speaker":"David","startTime":2642.755,"endTime":2647.135,"body":"proposal was to mesh with the"},{"speaker":"David","startTime":2642.755,"endTime":2647.135,"body":"internals of ECDSA and Dilithium"},{"speaker":"David","startTime":2647.255,"endTime":2650.285,"body":"to try and create a single"},{"speaker":"David","startTime":2647.255,"endTime":2650.285,"body":"signature that was somehow both"},{"speaker":"Thomas","startTime":2650.99,"endTime":2652.58,"body":"yes, yes."},{"speaker":"Deirdre","startTime":2652.775,"endTime":2654.635,"body":"no, no."},{"speaker":"Deirdre","startTime":2655.295,"endTime":2660.155,"body":"Do not, do not pass go, violates"},{"speaker":"Deirdre","startTime":2655.295,"endTime":2660.155,"body":"all the fucking proofs we have."},{"speaker":"Deirdre","startTime":2660.275,"endTime":2663.335,"body":"If they fucking try, I'm just"},{"speaker":"Deirdre","startTime":2660.275,"endTime":2663.335,"body":"gonna like, just show up at"},{"speaker":"Deirdre","startTime":2663.335,"endTime":2666.485,"body":"their house and just be like,"},{"speaker":"Deirdre","startTime":2663.335,"endTime":2666.485,"body":"hold up like a stack of papers"},{"speaker":"Deirdre","startTime":2666.49,"endTime":2669.935,"body":"that be like, where in here"},{"speaker":"Deirdre","startTime":2666.49,"endTime":2669.935,"body":"do you see this Frankenstein"},{"speaker":"Deirdre","startTime":2669.935,"endTime":2671.075,"body":"of a signature scheme?"},{"speaker":"Deirdre","startTime":2671.075,"endTime":2672.755,"body":"And the answer is nowhere."},{"speaker":"An edit","startTime":2674.44,"endTime":2676.38,"body":"I looked into this."},{"speaker":"An edit","startTime":2677.07,"endTime":2681.33,"body":"The draft is basically nothing"},{"speaker":"An edit","startTime":2677.07,"endTime":2681.33,"body":"so far, and we may be able to"},{"speaker":"An edit","startTime":2681.33,"endTime":2682.68,"body":"steer it in a better direction."},{"speaker":"David","startTime":2683.862,"endTime":2687.102,"body":"Um, for, um, I, I"},{"speaker":"David","startTime":2683.862,"endTime":2687.102,"body":"agree that's a bad idea."},{"speaker":"David","startTime":2687.102,"endTime":2690.972,"body":"However, um, before Thomas"},{"speaker":"David","startTime":2687.102,"endTime":2690.972,"body":"makes his, uh, uh, Uh,"},{"speaker":"David","startTime":2690.972,"endTime":2694.362,"body":"inevitable comment about I,"},{"speaker":"David","startTime":2690.972,"endTime":2694.362,"body":"the IETF in general, um, I"},{"speaker":"David","startTime":2694.362,"endTime":2697.122,"body":"will, I will say that I do"},{"speaker":"David","startTime":2694.362,"endTime":2697.122,"body":"not think this is reflective"},{"speaker":"David","startTime":2697.155,"endTime":2701.265,"body":"of that specific problem with"},{"speaker":"David","startTime":2697.155,"endTime":2701.265,"body":"the, IETF for, for unrelated"},{"speaker":"David","startTime":2701.27,"endTime":2703.515,"body":"reasons that I'm not going to"},{"speaker":"David","startTime":2701.27,"endTime":2703.515,"body":"talk about on this podcast."},{"speaker":"Deirdre","startTime":2705.96,"endTime":2709.23,"body":"Um, related"},{"speaker":"Deirdre","startTime":2705.96,"endTime":2709.23,"body":"to internet and post"},{"speaker":"Deirdre","startTime":2709.235,"endTime":2711.3,"body":"quantum kyber in browsers."},{"speaker":"Deirdre","startTime":2713.01,"endTime":2714.09,"body":"There's something on here."},{"speaker":"David","startTime":2714.255,"endTime":2715.395,"body":"Um, I"},{"speaker":"Thomas","startTime":2715.485,"endTime":2717.075,"body":"Kyber is the"},{"speaker":"Thomas","startTime":2715.485,"endTime":2717.075,"body":"chem version of De"},{"speaker":"Thomas","startTime":2717.075,"endTime":2717.405,"body":"Lithium."},{"speaker":"Thomas","startTime":2717.405,"endTime":2717.705,"body":"Right."},{"speaker":"David","startTime":2718.445,"endTime":2720.975,"body":"Uh, well, no,"},{"speaker":"David","startTime":2718.445,"endTime":2720.975,"body":"Kyber is a, it is the key"},{"speaker":"David","startTime":2720.975,"endTime":2724.275,"body":"encapsulation mechanism"},{"speaker":"David","startTime":2720.975,"endTime":2724.275,"body":"that, um, NIST standardized."},{"speaker":"David","startTime":2724.575,"endTime":2725.695,"body":"Both Dilithium"},{"speaker":"Thomas","startTime":2725.715,"endTime":2725.955,"body":"like the."},{"speaker":"David","startTime":2726.08,"endTime":2728.415,"body":"are lattice based, but I"},{"speaker":"David","startTime":2726.08,"endTime":2728.415,"body":"don't know specifically how much"},{"speaker":"David","startTime":2728.415,"endTime":2730.365,"body":"actual overlap there is in the"},{"speaker":"Thomas","startTime":2730.365,"endTime":2731.145,"body":"like the same group of"},{"speaker":"David","startTime":2731.265,"endTime":2732.165,"body":"bother to learn the math."},{"speaker":"Thomas","startTime":2733.065,"endTime":2734.775,"body":"it's like the same"},{"speaker":"Thomas","startTime":2733.065,"endTime":2734.775,"body":"group of people and like"},{"speaker":"Thomas","startTime":2734.775,"endTime":2736.605,"body":"they, they came up with"},{"speaker":"Thomas","startTime":2734.775,"endTime":2736.605,"body":"both a signing scheme and"},{"speaker":"Thomas","startTime":2736.605,"endTime":2737.355,"body":"a key exchange scheme."},{"speaker":"David","startTime":2737.885,"endTime":2738.375,"body":"correct."},{"speaker":"David","startTime":2738.38,"endTime":2738.705,"body":"Correct."},{"speaker":"Thomas","startTime":2739.075,"endTime":2739.365,"body":"Yeah."},{"speaker":"Thomas","startTime":2739.395,"endTime":2739.685,"body":"Okay."},{"speaker":"David","startTime":2739.98,"endTime":2741.03,"body":"Um, yes."},{"speaker":"David","startTime":2741.03,"endTime":2743.58,"body":"'cause it's the kyber crystals"},{"speaker":"David","startTime":2741.03,"endTime":2743.58,"body":"and the Dilithium crystals."},{"speaker":"David","startTime":2743.585,"endTime":2745.14,"body":"So we have Star Wars and star"},{"speaker":"Deirdre","startTime":2745.215,"endTime":2747.615,"body":"all a bunch of"},{"speaker":"Deirdre","startTime":2745.215,"endTime":2747.615,"body":"fucking nerds and all"},{"speaker":"Thomas","startTime":2747.615,"endTime":2749.055,"body":"those both,"},{"speaker":"Thomas","startTime":2747.615,"endTime":2749.055,"body":"are those Star Wars and"},{"speaker":"Thomas","startTime":2749.055,"endTime":2749.525,"body":"Star Trek references?"},{"speaker":"Deirdre","startTime":2749.595,"endTime":2750.225,"body":"Yes."},{"speaker":"David","startTime":2750.58,"endTime":2751.11,"body":"Yes."},{"speaker":"David","startTime":2751.25,"endTime":2753.6,"body":"Kyber is Star Wars and"},{"speaker":"David","startTime":2751.25,"endTime":2753.6,"body":"Dilithium is Star Trek."},{"speaker":"Deirdre","startTime":2753.825,"endTime":2757.725,"body":"And we had a whole"},{"speaker":"Deirdre","startTime":2753.825,"endTime":2757.725,"body":"series of, uh, ring l w e"},{"speaker":"Deirdre","startTime":2757.755,"endTime":2763.425,"body":"lattice based things that"},{"speaker":"Deirdre","startTime":2757.755,"endTime":2763.425,"body":"were all Frodo and other Lord"},{"speaker":"Deirdre","startTime":2763.425,"endTime":2765.705,"body":"of the Rings related names."},{"speaker":"Deirdre","startTime":2765.705,"endTime":2768.405,"body":"So we're all a bunch"},{"speaker":"Deirdre","startTime":2765.705,"endTime":2768.405,"body":"of fucking nerds."},{"speaker":"David","startTime":2770.035,"endTime":2772.83,"body":"One thing that does get"},{"speaker":"David","startTime":2770.035,"endTime":2772.83,"body":"complicated with the, aside"},{"speaker":"David","startTime":2772.83,"endTime":2775.83,"body":"from the fact that like these"},{"speaker":"David","startTime":2772.83,"endTime":2775.83,"body":"KEMs are just like big, right?"},{"speaker":"David","startTime":2776.34,"endTime":2780.1,"body":"Kyber 768 is, you"},{"speaker":"David","startTime":2776.34,"endTime":2780.1,"body":"know, 768 bytes."},{"speaker":"David","startTime":2780.12,"endTime":2782.94,"body":"And then plus, you know,"},{"speaker":"David","startTime":2780.12,"endTime":2782.94,"body":"some crap for formatting it."},{"speaker":"David","startTime":2783.27,"endTime":2786.424,"body":"Uh, and then, you know,"},{"speaker":"David","startTime":2783.27,"endTime":2786.424,"body":"Kyber 1024 is 1024."},{"speaker":"David","startTime":2787.02,"endTime":2791.41,"body":"Because they're so big, like"},{"speaker":"David","startTime":2787.02,"endTime":2791.41,"body":"you can in like 1.3, TLS 1.3,"},{"speaker":"David","startTime":2791.43,"endTime":2796.9,"body":"if you're like, oh, I can do"},{"speaker":"David","startTime":2791.43,"endTime":2796.9,"body":"ECDSA and I can do like X25519,"},{"speaker":"David","startTime":2796.92,"endTime":2800.28,"body":"even though those are different"},{"speaker":"David","startTime":2796.92,"endTime":2800.28,"body":"purposes and or I could do y you"},{"speaker":"David","startTime":2800.285,"endTime":2802.5,"body":"know, like you can just kind of"},{"speaker":"David","startTime":2800.285,"endTime":2802.5,"body":"shove all these key agreements"},{"speaker":"David","startTime":2802.5,"endTime":2805.29,"body":"in the one handshake and it's"},{"speaker":"David","startTime":2802.5,"endTime":2805.29,"body":"like, eh, it's 32 or 64 bytes."},{"speaker":"David","startTime":2805.29,"endTime":2806.6,"body":"Who caress you?"},{"speaker":"David","startTime":2806.605,"endTime":2809.5,"body":"You can't really send Kyber 768."},{"speaker":"David","startTime":2809.715,"endTime":2813.675,"body":"And Kyber 1024 in like a"},{"speaker":"David","startTime":2809.715,"endTime":2813.675,"body":"single key share, right?"},{"speaker":"David","startTime":2813.675,"endTime":2816.525,"body":"Because well, I mean you could,"},{"speaker":"David","startTime":2813.675,"endTime":2816.525,"body":"but it'd be stupid, right?"},{"speaker":"David","startTime":2816.525,"endTime":2818.685,"body":"So you, so you kind of have"},{"speaker":"David","startTime":2816.525,"endTime":2818.685,"body":"to pick, the internet needs"},{"speaker":"David","startTime":2818.685,"endTime":2821.085,"body":"to pick one, um, in general."},{"speaker":"David","startTime":2821.265,"endTime":2824.145,"body":"And there's disagreement among"},{"speaker":"David","startTime":2821.265,"endTime":2824.145,"body":"people of, uh, whether we"},{"speaker":"David","startTime":2824.145,"endTime":2826.225,"body":"should be using 768 or 1024."},{"speaker":"David","startTime":2826.605,"endTime":2828.985,"body":"Um, but we should probably"},{"speaker":"David","startTime":2826.605,"endTime":2828.985,"body":"just be using 768."},{"speaker":"David","startTime":2829.01,"endTime":2830.895,"body":"That's what, uh, Chrome"},{"speaker":"David","startTime":2829.01,"endTime":2830.895,"body":"is doing at the moment."},{"speaker":"David","startTime":2830.955,"endTime":2834.215,"body":"But certain stakeholders"},{"speaker":"David","startTime":2830.955,"endTime":2834.215,"body":"prefer 1024."},{"speaker":"Deirdre","startTime":2834.57,"endTime":2835.23,"body":"Interesting."},{"speaker":"Deirdre","startTime":2835.53,"endTime":2836.88,"body":"I need to go implement"},{"speaker":"Deirdre","startTime":2835.53,"endTime":2836.88,"body":"Kyber myself."},{"speaker":"Deirdre","startTime":2837.615,"endTime":2843.825,"body":"But do you want a signature"},{"speaker":"Deirdre","startTime":2837.615,"endTime":2843.825,"body":"scheme that'll give you 170"},{"speaker":"Deirdre","startTime":2843.825,"endTime":2845.385,"body":"bytes for your signature?"},{"speaker":"David","startTime":2845.61,"endTime":2849.0,"body":"What I, I would love"},{"speaker":"David","startTime":2845.61,"endTime":2849.0,"body":"a signature scheme— so, um,"},{"speaker":"David","startTime":2849.03,"endTime":2851.28,"body":"before I like get myself into"},{"speaker":"David","startTime":2849.03,"endTime":2851.28,"body":"trouble, I'll just say I would"},{"speaker":"David","startTime":2851.28,"endTime":2855.03,"body":"love a signature scheme that is"},{"speaker":"David","startTime":2851.28,"endTime":2855.03,"body":"post quantum secure and under"},{"speaker":"David","startTime":2855.03,"endTime":2857.52,"body":"200 bytes, ideally 64 bytes."},{"speaker":"David","startTime":2857.52,"endTime":2858.21,"body":"But like, you"},{"speaker":"David","startTime":2858.21,"endTime":2858.63,"body":"know, I."},{"speaker":"David","startTime":2859.38,"endTime":2863.76,"body":"I, I, uh, I still need to, we'll"},{"speaker":"David","startTime":2859.38,"endTime":2863.76,"body":"say roughly 200 bytes for now."},{"speaker":"David","startTime":2863.76,"endTime":2865.77,"body":"I still need to like, sit"},{"speaker":"David","startTime":2863.76,"endTime":2865.77,"body":"down and come up with an"},{"speaker":"David","startTime":2865.77,"endTime":2868.41,"body":"actual rationalization for"},{"speaker":"David","startTime":2865.77,"endTime":2868.41,"body":"that number instead of simply"},{"speaker":"David","startTime":2868.41,"endTime":2869.28,"body":"pulling it out of thin air."},{"speaker":"Deirdre","startTime":2869.655,"endTime":2874.095,"body":"Uh, we have a lovely"},{"speaker":"Deirdre","startTime":2869.655,"endTime":2874.095,"body":"isogeny based signature scheme"},{"speaker":"Deirdre","startTime":2874.305,"endTime":2876.105,"body":"that's not complicated at all."},{"speaker":"Deirdre","startTime":2877.335,"endTime":2883.095,"body":"That's less than 200 bytes on"},{"speaker":"Deirdre","startTime":2877.335,"endTime":2883.095,"body":"the wire and it, you can sign"},{"speaker":"Deirdre","startTime":2883.185,"endTime":2887.205,"body":"in about 420 milliseconds and"},{"speaker":"Deirdre","startTime":2883.185,"endTime":2887.205,"body":"verify in seven milliseconds."},{"speaker":"Deirdre","startTime":2887.685,"endTime":2887.985,"body":"Just"},{"speaker":"Thomas","startTime":2888.15,"endTime":2889.5,"body":"how many, how"},{"speaker":"Thomas","startTime":2888.15,"endTime":2889.5,"body":"many cycles does it take"},{"speaker":"Thomas","startTime":2889.5,"endTime":2890.37,"body":"to forge a signature?"},{"speaker":"Deirdre","startTime":2890.595,"endTime":2891.585,"body":"Don't think about it."},{"speaker":"Deirdre","startTime":2891.645,"endTime":2892.395,"body":"Don't think about it."},{"speaker":"Deirdre","startTime":2893.085,"endTime":2893.535,"body":"No."},{"speaker":"Deirdre","startTime":2893.745,"endTime":2897.375,"body":"This one, this one is, uh, not"},{"speaker":"Deirdre","startTime":2893.745,"endTime":2897.375,"body":"broken to hell yet, but it is,"},{"speaker":"Deirdre","startTime":2897.375,"endTime":2898.815,"body":"uh, it's a bit complicated."},{"speaker":"Deirdre","startTime":2899.385,"endTime":2903.113,"body":"But if you're looking at Falcon"},{"speaker":"Deirdre","startTime":2899.385,"endTime":2903.113,"body":"and you're can deal with that"},{"speaker":"Deirdre","startTime":2903.113,"endTime":2906.595,"body":"implementation complexity, like"},{"speaker":"Deirdre","startTime":2903.113,"endTime":2906.595,"body":"you should consider SQIsign."},{"speaker":"David","startTime":2906.9,"endTime":2909.21,"body":"So I, I guess the"},{"speaker":"David","startTime":2906.9,"endTime":2909.21,"body":"thing to add here is NIST did"},{"speaker":"David","startTime":2909.21,"endTime":2911.16,"body":"start another competition."},{"speaker":"David","startTime":2911.4,"endTime":2915.09,"body":"Um, well, they actually"},{"speaker":"David","startTime":2911.4,"endTime":2915.09,"body":"started a while ago, a while"},{"speaker":"David","startTime":2915.095,"endTime":2917.58,"body":"ago, but the, like, first"},{"speaker":"David","startTime":2915.095,"endTime":2917.58,"body":"round of it, the submissions"},{"speaker":"David","startTime":2917.58,"endTime":2920.82,"body":"were due like a month ago,"},{"speaker":"David","startTime":2917.58,"endTime":2920.82,"body":"specifically for making short"},{"speaker":"David","startTime":2920.82,"endTime":2923.43,"body":"signatures because one of the"},{"speaker":"David","startTime":2920.82,"endTime":2923.43,"body":"problems is that for the last"},{"speaker":"David","startTime":2923.43,"endTime":2927.09,"body":"15 years or so, we've solved"},{"speaker":"David","startTime":2923.43,"endTime":2927.09,"body":"all problems at TLS by slapping"},{"speaker":"David","startTime":2927.09,"endTime":2928.32,"body":"another signature onto it."},{"speaker":"David","startTime":2928.56,"endTime":2931.38,"body":"So when you do a TLS handshake,"},{"speaker":"David","startTime":2928.56,"endTime":2931.38,"body":"there's anywhere between like"},{"speaker":"David","startTime":2931.89,"endTime":2935.52,"body":"five to seven signatures in the"},{"speaker":"David","startTime":2931.89,"endTime":2935.52,"body":"regular course of things because"},{"speaker":"David","startTime":2935.525,"endTime":2939.33,"body":"of SCTs plus  certificate"},{"speaker":"David","startTime":2935.525,"endTime":2939.33,"body":"chain, plus just signing"},{"speaker":"David","startTime":2939.33,"endTime":2940.68,"body":"the key agreement message."},{"speaker":"David","startTime":2941.16,"endTime":2945.39,"body":"And if all of those were like"},{"speaker":"David","startTime":2941.16,"endTime":2945.39,"body":"a kilobyte plus, you'd be"},{"speaker":"David","startTime":2945.39,"endTime":2948.18,"body":"sending, you know, a non-trivial"},{"speaker":"David","startTime":2945.39,"endTime":2948.18,"body":"fraction of a floppy disc"},{"speaker":"David","startTime":2948.18,"endTime":2950.88,"body":"on the handshake of every"},{"speaker":"David","startTime":2948.18,"endTime":2950.88,"body":"connection, which is just"},{"speaker":"David","startTime":2950.88,"endTime":2952.44,"body":"like clearly not feasible."},{"speaker":"David","startTime":2952.56,"endTime":2955.86,"body":"Like even Kyber itself is"},{"speaker":"David","startTime":2952.56,"endTime":2955.86,"body":"kind of not feasible in the"},{"speaker":"David","startTime":2955.86,"endTime":2958.8,"body":"sense that it pushes the"},{"speaker":"David","startTime":2955.86,"endTime":2958.8,"body":"ClientHello into like two"},{"speaker":"David","startTime":2958.8,"endTime":2963.54,"body":"packets over the 1500 byte"},{"speaker":"David","startTime":2958.8,"endTime":2963.54,"body":"threshold for a single packet."},{"speaker":"David","startTime":2963.75,"endTime":2966.24,"body":"And you can't even, like"},{"speaker":"David","startTime":2963.75,"endTime":2966.24,"body":"we tried bit fiddling and"},{"speaker":"David","startTime":2966.27,"endTime":2968.58,"body":"cutting stuff out of the"},{"speaker":"David","startTime":2966.27,"endTime":2968.58,"body":"hello to make it smaller."},{"speaker":"David","startTime":2968.58,"endTime":2969.21,"body":"It doesn't work."},{"speaker":"David","startTime":2969.735,"endTime":2974.445,"body":"Um, and to say nothing of that"},{"speaker":"David","startTime":2969.735,"endTime":2974.445,"body":"like, uh, uh, would happen if we"},{"speaker":"David","startTime":2974.445,"endTime":2976.005,"body":"just swapped all the signatures."},{"speaker":"David","startTime":2976.095,"endTime":2979.455,"body":"Uh, so that'll be a"},{"speaker":"David","startTime":2976.095,"endTime":2979.455,"body":"tough problem to solve."},{"speaker":"Deirdre","startTime":2979.695,"endTime":2980.085,"body":"Yeah."},{"speaker":"Thomas","startTime":2980.53,"endTime":2981.06,"body":"We use"},{"speaker":"David","startTime":2981.315,"endTime":2983.265,"body":"NIST is doing"},{"speaker":"David","startTime":2981.315,"endTime":2983.265,"body":"a competition for, uh,"},{"speaker":"David","startTime":2983.295,"endTime":2984.225,"body":"shorter signatures."},{"speaker":"David","startTime":2984.585,"endTime":2987.615,"body":"But like I, there's an open"},{"speaker":"David","startTime":2984.585,"endTime":2987.615,"body":"question as to like, I'm sure"},{"speaker":"David","startTime":2987.735,"endTime":2989.155,"body":"no, no offense to Dilithium."},{"speaker":"David","startTime":2989.175,"endTime":2991.545,"body":"I'm sure if we do another"},{"speaker":"David","startTime":2989.175,"endTime":2991.545,"body":"competition we could come up"},{"speaker":"David","startTime":2991.545,"endTime":2994.545,"body":"so with something that's like"},{"speaker":"David","startTime":2991.545,"endTime":2994.545,"body":"better than Dilithium size wise,"},{"speaker":"David","startTime":2994.545,"endTime":2997.725,"body":"because we had another three"},{"speaker":"David","startTime":2994.545,"endTime":2997.725,"body":"years in the competition for it."},{"speaker":"David","startTime":2998.205,"endTime":3000.995,"body":"But like, does that mean"},{"speaker":"David","startTime":2998.205,"endTime":3000.995,"body":"we're gonna get a 64"},{"speaker":"David","startTime":3001.0,"endTime":3002.045,"body":"byte signature out of it?"},{"speaker":"David","startTime":3002.075,"endTime":3004.235,"body":"Um, probably not."},{"speaker":"David","startTime":3004.415,"endTime":3005.045,"body":"From what I can"},{"speaker":"Deirdre","startTime":3005.045,"endTime":3005.945,"body":"not."},{"speaker":"Deirdre","startTime":3006.125,"endTime":3006.875,"body":"Um,"},{"speaker":"David","startTime":3006.875,"endTime":3008.54,"body":"byte maybe?"},{"speaker":"David","startTime":3008.54,"endTime":3009.14,"body":"I don't know."},{"speaker":"David","startTime":3009.14,"endTime":3013.16,"body":"I still think probably not from"},{"speaker":"David","startTime":3009.14,"endTime":3013.16,"body":"I've, this has been, if I see"},{"speaker":"David","startTime":3013.16,"endTime":3015.59,"body":"a cryptographer roaming around,"},{"speaker":"David","startTime":3013.16,"endTime":3015.59,"body":"I ask them this question and"},{"speaker":"David","startTime":3015.595,"endTime":3016.33,"body":"then I get different answers."},{"speaker":"Deirdre","startTime":3016.685,"endTime":3018.335,"body":"Yeah, I think"},{"speaker":"Deirdre","startTime":3016.685,"endTime":3018.335,"body":"it's quite early."},{"speaker":"Deirdre","startTime":3018.395,"endTime":3022.745,"body":"Um, the P Q C signatures,"},{"speaker":"Deirdre","startTime":3018.395,"endTime":3022.745,"body":"they say the, whatever they're"},{"speaker":"Deirdre","startTime":3022.75,"endTime":3025.505,"body":"calling it, additional, the"},{"speaker":"Deirdre","startTime":3022.75,"endTime":3025.505,"body":"standardization of additional,"},{"speaker":"Deirdre","startTime":3025.535,"endTime":3026.705,"body":"digital signature schemes."},{"speaker":"Deirdre","startTime":3026.945,"endTime":3030.365,"body":"I don't know if they ex, I have"},{"speaker":"Deirdre","startTime":3026.945,"endTime":3030.365,"body":"to go reread the, the call, but"},{"speaker":"Deirdre","startTime":3030.515,"endTime":3033.275,"body":"I don't know if they explicitly"},{"speaker":"Deirdre","startTime":3030.515,"endTime":3033.275,"body":"say we want shorter ones."},{"speaker":"Deirdre","startTime":3033.755,"endTime":3034.475,"body":"I got the"},{"speaker":"David","startTime":3034.655,"endTime":3037.145,"body":"They do actually, like"},{"speaker":"David","startTime":3034.655,"endTime":3037.145,"body":"one of the things they list and"},{"speaker":"David","startTime":3037.145,"endTime":3040.565,"body":"the motivation for it is that"},{"speaker":"David","startTime":3037.145,"endTime":3040.565,"body":"like certificate transparency"},{"speaker":"David","startTime":3040.715,"endTime":3042.005,"body":"wants short signatures."},{"speaker":"David","startTime":3042.425,"endTime":3044.345,"body":"So one, one kind of fun"},{"speaker":"David","startTime":3042.425,"endTime":3044.345,"body":"thing about certificate"},{"speaker":"David","startTime":3044.345,"endTime":3046.415,"body":"transparency though, so like"},{"speaker":"David","startTime":3044.345,"endTime":3046.415,"body":"if you have two or three"},{"speaker":"David","startTime":3046.415,"endTime":3048.005,"body":"SCTs per, per cert, right?"},{"speaker":"David","startTime":3048.005,"endTime":3049.865,"body":"You know, that's, let's"},{"speaker":"David","startTime":3048.005,"endTime":3049.865,"body":"say three signatures."},{"speaker":"David","startTime":3050.22,"endTime":3053.79,"body":"Um, but the keys are, were"},{"speaker":"David","startTime":3050.22,"endTime":3053.79,"body":"basically predistribute, so you"},{"speaker":"David","startTime":3053.79,"endTime":3057.93,"body":"can kind of suck up a larger"},{"speaker":"David","startTime":3053.79,"endTime":3057.93,"body":"key size in the case of ct right"},{"speaker":"David","startTime":3057.93,"endTime":3061.41,"body":"now, we always use, we use ECDSA"},{"speaker":"David","startTime":3057.93,"endTime":3061.41,"body":"keys, but, uh, the reason is you"},{"speaker":"David","startTime":3061.41,"endTime":3062.67,"body":"get the, the small signatures."},{"speaker":"David","startTime":3062.675,"endTime":3065.91,"body":"But like if you had a five"},{"speaker":"David","startTime":3062.675,"endTime":3065.91,"body":"K, uh, again, I'm making"},{"speaker":"David","startTime":3065.915,"endTime":3066.72,"body":"all of these numbers up."},{"speaker":"David","startTime":3066.75,"endTime":3069.27,"body":"Um, but like you could"},{"speaker":"David","startTime":3066.75,"endTime":3069.27,"body":"probably suck that up with"},{"speaker":"David","startTime":3069.27,"endTime":3070.89,"body":"the predistributed case,"},{"speaker":"David","startTime":3069.27,"endTime":3070.89,"body":"even though that would be"},{"speaker":"David","startTime":3070.89,"endTime":3074.02,"body":"totally unsustainable and"},{"speaker":"David","startTime":3070.89,"endTime":3074.02,"body":"like a larger than X.509"},{"speaker":"David","startTime":3074.04,"endTime":3075.03,"body":"certificate right now."},{"speaker":"David","startTime":3075.42,"endTime":3076.89,"body":"Um, public, he says,"},{"speaker":"Deirdre","startTime":3076.97,"endTime":3080.51,"body":"I think if SQIsign"},{"speaker":"Deirdre","startTime":3076.97,"endTime":3080.51,"body":"stays alive, it would definitely"},{"speaker":"Deirdre","startTime":3080.515,"endTime":3082.31,"body":"be very attractive for this."},{"speaker":"Deirdre","startTime":3082.55,"endTime":3085.31,"body":"The public keys are small,"},{"speaker":"Deirdre","startTime":3082.55,"endTime":3085.31,"body":"like comparatively small."},{"speaker":"Deirdre","startTime":3085.31,"endTime":3086.81,"body":"They're just kind"},{"speaker":"Deirdre","startTime":3085.31,"endTime":3086.81,"body":"of also just small."},{"speaker":"Deirdre","startTime":3087.05,"endTime":3091.64,"body":"The signatures are small, the"},{"speaker":"Deirdre","startTime":3087.05,"endTime":3091.64,"body":"compute cost is coming down."},{"speaker":"Deirdre","startTime":3091.64,"endTime":3094.19,"body":"It's just a question of"},{"speaker":"Deirdre","startTime":3091.64,"endTime":3094.19,"body":"like, we have never tried"},{"speaker":"Deirdre","startTime":3094.19,"endTime":3096.662,"body":"to implement these sort of"},{"speaker":"Deirdre","startTime":3094.19,"endTime":3096.662,"body":"algorithms in constant time"},{"speaker":"Deirdre","startTime":3096.662,"endTime":3099.962,"body":"before and like efficiently"},{"speaker":"Deirdre","startTime":3096.662,"endTime":3099.962,"body":"before, like we still have"},{"speaker":"Deirdre","startTime":3100.022,"endTime":3102.992,"body":"like there's been some nice"},{"speaker":"Deirdre","startTime":3100.022,"endTime":3102.992,"body":"work published in the past"},{"speaker":"Deirdre","startTime":3102.992,"endTime":3108.482,"body":"six months to encourage that,"},{"speaker":"Deirdre","startTime":3102.992,"endTime":3108.482,"body":"but also we all remember what"},{"speaker":"Deirdre","startTime":3108.482,"endTime":3110.163,"body":"happened to SIDH and SIKE, so"},{"speaker":"David","startTime":3111.107,"endTime":3113.237,"body":"was gonna say, have"},{"speaker":"David","startTime":3111.107,"endTime":3113.237,"body":"we, uh, have we checked to"},{"speaker":"David","startTime":3113.237,"endTime":3115.307,"body":"make sure there aren't any"},{"speaker":"David","startTime":3113.237,"endTime":3115.307,"body":"papers from the nineties in"},{"speaker":"David","startTime":3115.307,"endTime":3118.037,"body":"the math department that just"},{"speaker":"David","startTime":3115.307,"endTime":3118.037,"body":"fundamentally break our scheme?"},{"speaker":"Deirdre","startTime":3118.127,"endTime":3119.897,"body":"No, no, we haven't."},{"speaker":"Deirdre","startTime":3119.987,"endTime":3121.367,"body":"Not to my knowledge."},{"speaker":"David","startTime":3121.847,"endTime":3122.147,"body":"Where?"},{"speaker":"David","startTime":3122.152,"endTime":3124.217,"body":"Where in lit review"},{"speaker":"David","startTime":3122.152,"endTime":3124.217,"body":"do we do that step?"},{"speaker":"Deirdre","startTime":3124.757,"endTime":3126.317,"body":"I don't know."},{"speaker":"Deirdre","startTime":3126.527,"endTime":3129.407,"body":"There's also some like, uh,"},{"speaker":"Deirdre","startTime":3126.527,"endTime":3129.407,"body":"alternatives of using like"},{"speaker":"Deirdre","startTime":3129.467,"endTime":3133.277,"body":"higher dimensional abelian"},{"speaker":"Deirdre","startTime":3129.467,"endTime":3133.277,"body":"varieties, the shit that was"},{"speaker":"Deirdre","startTime":3133.277,"endTime":3139.037,"body":"used to break, uh, SIKE and"},{"speaker":"Deirdre","startTime":3133.277,"endTime":3139.037,"body":"SIDH to construct a variant,"},{"speaker":"Deirdre","startTime":3139.037,"endTime":3141.497,"body":"a SQIsign, blahdi, blahdi,"},{"speaker":"Deirdre","startTime":3139.037,"endTime":3141.497,"body":"blah, but that's not the one"},{"speaker":"Deirdre","startTime":3141.497,"endTime":3145.037,"body":"that's been submitted to NIST,"},{"speaker":"Deirdre","startTime":3141.497,"endTime":3145.037,"body":"but yeah, it's, uh, extremely"},{"speaker":"Deirdre","startTime":3145.037,"endTime":3148.337,"body":"attractive, but quite early"},{"speaker":"Deirdre","startTime":3145.037,"endTime":3148.337,"body":"days, like SQIsign's only been"},{"speaker":"Deirdre","startTime":3148.337,"endTime":3149.897,"body":"around for three years, so."},{"speaker":"Thomas","startTime":3150.247,"endTime":3151.897,"body":"I look forward to"},{"speaker":"Thomas","startTime":3150.247,"endTime":3151.897,"body":"the episode of the show"},{"speaker":"Thomas","startTime":3151.897,"endTime":3154.057,"body":"where we have the person"},{"speaker":"Thomas","startTime":3151.897,"endTime":3154.057,"body":"on who breaks SQIsign and"},{"speaker":"Thomas","startTime":3154.057,"endTime":3156.157,"body":"explains the math that"},{"speaker":"Thomas","startTime":3154.057,"endTime":3156.157,"body":"we'll never understand"},{"speaker":"David","startTime":3156.772,"endTime":3157.582,"body":"There,"},{"speaker":"Thomas","startTime":3157.882,"endTime":3159.127,"body":"Richelot identities."},{"speaker":"Thomas","startTime":3159.127,"endTime":3160.477,"body":"That's what I, that's"},{"speaker":"Thomas","startTime":3159.127,"endTime":3160.477,"body":"what I remember about"},{"speaker":"Thomas","startTime":3160.477,"endTime":3161.468,"body":"this is Richelot ident."},{"speaker":"Thomas","startTime":3161.468,"endTime":3162.548,"body":"isogenies"},{"speaker":"Deirdre","startTime":3162.887,"endTime":3163.567,"body":"yeah, they're in there"},{"speaker":"Thomas","startTime":3163.627,"endTime":3165.187,"body":"I still don't"},{"speaker":"Thomas","startTime":3163.627,"endTime":3165.187,"body":"know what they are."},{"speaker":"Thomas","startTime":3165.727,"endTime":3167.377,"body":"I was told I would"},{"speaker":"Thomas","startTime":3165.727,"endTime":3167.377,"body":"never understand them."},{"speaker":"Deirdre","startTime":3167.752,"endTime":3168.052,"body":"Just"},{"speaker":"David","startTime":3168.052,"endTime":3171.172,"body":"there's a reason"},{"speaker":"David","startTime":3168.052,"endTime":3171.172,"body":"I did not, uh, uh, take"},{"speaker":"David","startTime":3171.172,"endTime":3172.352,"body":"part in that episode."},{"speaker":"Deirdre","startTime":3173.212,"endTime":3176.422,"body":"Just think about"},{"speaker":"Deirdre","startTime":3173.212,"endTime":3176.422,"body":"Smushing donuts together and"},{"speaker":"Deirdre","startTime":3176.422,"endTime":3180.532,"body":"whether they stay two donuts"},{"speaker":"Deirdre","startTime":3176.422,"endTime":3180.532,"body":"or they become one mega donut,"},{"speaker":"Deirdre","startTime":3180.862,"endTime":3182.152,"body":"and then that's your oracle."},{"speaker":"Deirdre","startTime":3182.152,"endTime":3182.992,"body":"That's all you need to"},{"speaker":"Thomas","startTime":3183.082,"endTime":3183.622,"body":"Now I"},{"speaker":"Thomas","startTime":3183.622,"endTime":3183.862,"body":"have"},{"speaker":"David","startTime":3183.892,"endTime":3186.652,"body":"if I, what if I prefer"},{"speaker":"David","startTime":3183.892,"endTime":3186.652,"body":"my metaphors to be coffee cups?"},{"speaker":"David","startTime":3186.652,"endTime":3187.802,"body":"Is that still isomorphic?"},{"speaker":"Deirdre","startTime":3188.422,"endTime":3191.182,"body":"Yes, actu— Well,"},{"speaker":"Deirdre","startTime":3188.422,"endTime":3191.182,"body":"that's, you know, you have"},{"speaker":"Deirdre","startTime":3191.182,"endTime":3193.162,"body":"to actually, let's like"},{"speaker":"Deirdre","startTime":3191.182,"endTime":3193.162,"body":"punch a hole in the bottom"},{"speaker":"Deirdre","startTime":3193.162,"endTime":3194.782,"body":"of the coffee cup, but sure."},{"speaker":"Deirdre","startTime":3195.622,"endTime":3196.342,"body":"We'll make it work."},{"speaker":"Deirdre","startTime":3196.372,"endTime":3196.822,"body":"It's fine."},{"speaker":"Deirdre","startTime":3197.662,"endTime":3199.582,"body":"This is, this is your"},{"speaker":"Deirdre","startTime":3197.662,"endTime":3199.582,"body":"introduction to higher"},{"speaker":"Deirdre","startTime":3199.587,"endTime":3201.952,"body":"genus, abelian varieties."},{"speaker":"David","startTime":3204.412,"endTime":3206.422,"body":"While we're sort of"},{"speaker":"David","startTime":3204.412,"endTime":3206.422,"body":"talking about X.509, I do"},{"speaker":"David","startTime":3206.422,"endTime":3208.762,"body":"want to go back to Black Hat"},{"speaker":"David","startTime":3206.422,"endTime":3208.762,"body":"briefly 'cause there was one"},{"speaker":"David","startTime":3208.762,"endTime":3211.942,"body":"X.509 talk that there, that"},{"speaker":"David","startTime":3208.762,"endTime":3211.942,"body":"was, that took place there"},{"speaker":"David","startTime":3211.947,"endTime":3213.952,"body":"called a SSL Slippery Slope."},{"speaker":"David","startTime":3214.582,"endTime":3217.912,"body":"Um, for whatever reason, I"},{"speaker":"David","startTime":3214.582,"endTime":3217.912,"body":"have found myself explaining"},{"speaker":"David","startTime":3217.912,"endTime":3220.312,"body":"to people recently why"},{"speaker":"David","startTime":3217.912,"endTime":3220.312,"body":"Authenticode was a mess."},{"speaker":"David","startTime":3220.732,"endTime":3223.702,"body":"Um, and this is another reason"},{"speaker":"David","startTime":3220.732,"endTime":3223.702,"body":"that Authenticode was a mess."},{"speaker":"David","startTime":3223.742,"endTime":3228.382,"body":"So Authenticode is like the"},{"speaker":"David","startTime":3223.742,"endTime":3228.382,"body":"thing that Microsoft created"},{"speaker":"David","startTime":3228.382,"endTime":3231.502,"body":"to sign drivers basically"},{"speaker":"David","startTime":3228.382,"endTime":3231.502,"body":"and other software right."},{"speaker":"David","startTime":3231.502,"endTime":3233.362,"body":"So if you've ever clicked"},{"speaker":"David","startTime":3231.502,"endTime":3233.362,"body":"through one of those errors"},{"speaker":"David","startTime":3233.362,"endTime":3235.792,"body":"that you ignore, that's like"},{"speaker":"David","startTime":3233.362,"endTime":3235.792,"body":"this thing wasn't signed"},{"speaker":"David","startTime":3235.912,"endTime":3238.902,"body":"to install some software,"},{"speaker":"David","startTime":3235.912,"endTime":3238.902,"body":"um, that's Authenticode."},{"speaker":"David","startTime":3239.032,"endTime":3242.122,"body":"You may also know it from"},{"speaker":"David","startTime":3239.032,"endTime":3242.122,"body":"uh Stuxnet had a valid"},{"speaker":"David","startTime":3242.122,"endTime":3243.142,"body":"Authenticode signature."},{"speaker":"David","startTime":3243.592,"endTime":3246.982,"body":"Um, anyway, when you're checking"},{"speaker":"David","startTime":3243.592,"endTime":3246.982,"body":"for that, right, you don't have"},{"speaker":"David","startTime":3246.987,"endTime":3249.742,"body":"like a domain name to compare"},{"speaker":"David","startTime":3246.987,"endTime":3249.742,"body":"in the common name, right?"},{"speaker":"David","startTime":3249.742,"endTime":3252.142,"body":"So you kind of, just like"},{"speaker":"David","startTime":3249.742,"endTime":3252.142,"body":"any signature basically"},{"speaker":"David","startTime":3252.142,"endTime":3255.117,"body":"works as well as the change"},{"speaker":"David","startTime":3252.142,"endTime":3255.117,"body":"to a root, for Authenticode."},{"speaker":"David","startTime":3255.277,"endTime":3258.027,"body":"Problem is how did you find"},{"speaker":"David","startTime":3255.277,"endTime":3258.027,"body":"a root for Authenticode?"},{"speaker":"David","startTime":3258.307,"endTime":3261.577,"body":"In the olden days, we kind"},{"speaker":"David","startTime":3258.307,"endTime":3261.577,"body":"of just used one root store"},{"speaker":"David","startTime":3261.577,"endTime":3264.787,"body":"for everything, and then"},{"speaker":"David","startTime":3261.577,"endTime":3264.787,"body":"we just applied key usage"},{"speaker":"David","startTime":3264.787,"endTime":3267.877,"body":"bits to various, um, certs"},{"speaker":"David","startTime":3264.787,"endTime":3267.877,"body":"or signing operations."},{"speaker":"David","startTime":3267.882,"endTime":3270.167,"body":"And then like, so if you're"},{"speaker":"David","startTime":3267.882,"endTime":3270.167,"body":"checking an Authenticode"},{"speaker":"David","startTime":3270.187,"endTime":3273.802,"body":"signature, um, like Windows does"},{"speaker":"David","startTime":3270.187,"endTime":3273.802,"body":"this correctly, for example,"},{"speaker":"David","startTime":3273.802,"endTime":3277.162,"body":"but like, you are probably using"},{"speaker":"David","startTime":3273.802,"endTime":3277.162,"body":"the Windows like root store"},{"speaker":"David","startTime":3277.162,"endTime":3279.472,"body":"and then you have to enforce"},{"speaker":"David","startTime":3277.162,"endTime":3279.472,"body":"that, like the code signing"},{"speaker":"David","startTime":3279.472,"endTime":3281.812,"body":"bit was set on all of the"},{"speaker":"David","startTime":3279.472,"endTime":3281.812,"body":"certificates that go through it."},{"speaker":"David","startTime":3282.382,"endTime":3285.682,"body":"Otherwise you could just,"},{"speaker":"David","startTime":3282.382,"endTime":3285.682,"body":"you know, get a certificate"},{"speaker":"David","startTime":3285.682,"endTime":3288.807,"body":"signed by, Let's Encrypt for"},{"speaker":"David","startTime":3285.682,"endTime":3288.807,"body":"a random website, then use"},{"speaker":"David","startTime":3288.807,"endTime":3291.237,"body":"the key in that certificate"},{"speaker":"David","startTime":3288.807,"endTime":3291.237,"body":"to sign your binary."},{"speaker":"David","startTime":3291.537,"endTime":3294.417,"body":"And because the root store"},{"speaker":"David","startTime":3291.537,"endTime":3294.417,"body":"is shared, if you don't check"},{"speaker":"David","startTime":3294.422,"endTime":3297.237,"body":"the key usage bit to notice"},{"speaker":"David","startTime":3294.422,"endTime":3297.237,"body":"that, well, that Let's Encrypt"},{"speaker":"David","startTime":3297.237,"endTime":3299.727,"body":"certificates actually for"},{"speaker":"David","startTime":3297.237,"endTime":3299.727,"body":"the internet and not code"},{"speaker":"David","startTime":3299.727,"endTime":3303.547,"body":"signing, then you can get"},{"speaker":"David","startTime":3299.727,"endTime":3303.547,"body":"your uh, uh, Authenticode"},{"speaker":"David","startTime":3303.567,"endTime":3304.647,"body":"signatures to verify."},{"speaker":"David","startTime":3305.067,"endTime":3307.377,"body":"Um, now to be fair, Microsoft"},{"speaker":"David","startTime":3305.067,"endTime":3307.377,"body":"itself didn't have this problem,"},{"speaker":"David","startTime":3307.377,"endTime":3308.307,"body":"but some other libraries did."},{"speaker":"David","startTime":3308.367,"endTime":3309.657,"body":"And so that's what"},{"speaker":"David","startTime":3308.367,"endTime":3309.657,"body":"the talk was about."},{"speaker":"David","startTime":3309.687,"endTime":3311.637,"body":"It's like you should probably"},{"speaker":"David","startTime":3309.687,"endTime":3311.637,"body":"check key usage bits."},{"speaker":"David","startTime":3312.237,"endTime":3315.547,"body":"The alternate fix for this,"},{"speaker":"David","startTime":3312.237,"endTime":3315.547,"body":"um, is to like, To have"},{"speaker":"David","startTime":3315.577,"endTime":3319.117,"body":"dedicated PKI hierarchies"},{"speaker":"David","startTime":3315.577,"endTime":3319.117,"body":"for separate things, right."},{"speaker":"David","startTime":3319.117,"endTime":3320.587,"body":"And then have separate"},{"speaker":"David","startTime":3319.117,"endTime":3320.587,"body":"stores for them."},{"speaker":"David","startTime":3321.007,"endTime":3323.017,"body":"Uh, but for legacy reasons,"},{"speaker":"Deirdre","startTime":3323.032,"endTime":3323.062,"body":"uh,"},{"speaker":"David","startTime":3323.887,"endTime":3326.407,"body":"like a bunch of stuff"},{"speaker":"David","startTime":3323.887,"endTime":3326.407,"body":"will chain back to like"},{"speaker":"David","startTime":3326.407,"endTime":3329.137,"body":"some old root certificate"},{"speaker":"David","startTime":3326.407,"endTime":3329.137,"body":"created years ago that's"},{"speaker":"David","startTime":3329.142,"endTime":3330.467,"body":"used for everything I."},{"speaker":"Deirdre","startTime":3331.162,"endTime":3334.192,"body":"and like is that 20"},{"speaker":"Deirdre","startTime":3331.162,"endTime":3334.192,"body":"years old or 10 years old or,"},{"speaker":"David","startTime":3334.552,"endTime":3337.612,"body":"Um, I'm not even"},{"speaker":"David","startTime":3334.552,"endTime":3337.612,"body":"sure but uh, the speaker"},{"speaker":"David","startTime":3337.612,"endTime":3339.292,"body":"here, their name was Bill."},{"speaker":"David","startTime":3339.292,"endTime":3341.302,"body":"I don't remember their"},{"speaker":"David","startTime":3339.292,"endTime":3341.302,"body":"last name, but they're very"},{"speaker":"David","startTime":3341.307,"endTime":3343.702,"body":"impressive 'cause they both"},{"speaker":"David","startTime":3341.307,"endTime":3343.702,"body":"worked full-time at Microsoft"},{"speaker":"David","startTime":3343.702,"endTime":3344.992,"body":"and were still an undergrad."},{"speaker":"David","startTime":3345.412,"endTime":3348.232,"body":"Um, as opposed to us who"},{"speaker":"David","startTime":3345.412,"endTime":3348.232,"body":"were just podcasters."},{"speaker":"David","startTime":3348.712,"endTime":3352.042,"body":"And Tom, as you just learned"},{"speaker":"David","startTime":3348.712,"endTime":3352.042,"body":"about glasses, so like some"},{"speaker":"David","startTime":3352.042,"endTime":3353.182,"body":"people are going places."},{"speaker":"Thomas","startTime":3355.732,"endTime":3357.382,"body":"I feel like this"},{"speaker":"Thomas","startTime":3355.732,"endTime":3357.382,"body":"was a pretty good catch up."},{"speaker":"Thomas","startTime":3358.132,"endTime":3359.062,"body":"feel like we're caught up."},{"speaker":"Deirdre","startTime":3360.262,"endTime":3362.062,"body":"Wait, do we"},{"speaker":"Deirdre","startTime":3360.262,"endTime":3362.062,"body":"wanna do threat model"},{"speaker":"Deirdre","startTime":3362.062,"endTime":3363.862,"body":"e t e for on the web?"},{"speaker":"David","startTime":3364.192,"endTime":3364.702,"body":"No."},{"speaker":"Deirdre","startTime":3364.942,"endTime":3366.922,"body":"No, I wanna do it."},{"speaker":"Deirdre","startTime":3367.132,"endTime":3367.432,"body":"Do wanna"},{"speaker":"David","startTime":3367.492,"endTime":3368.752,"body":"I can do that next time."},{"speaker":"David","startTime":3368.932,"endTime":3371.152,"body":"Yeah, I, I think I'm"},{"speaker":"David","startTime":3368.932,"endTime":3371.152,"body":"gonna probably end up"},{"speaker":"David","startTime":3371.152,"endTime":3372.052,"body":"writing a blog post."},{"speaker":"Deirdre","startTime":3372.262,"endTime":3372.772,"body":"Cool."},{"speaker":"Deirdre","startTime":3373.012,"endTime":3373.072,"body":"All"},{"speaker":"Thomas","startTime":3373.342,"endTime":3374.752,"body":"all my things"},{"speaker":"Thomas","startTime":3373.342,"endTime":3374.752,"body":"I can do next time."},{"speaker":"Thomas","startTime":3374.782,"endTime":3375.442,"body":"It's totally fine."},{"speaker":"Deirdre","startTime":3375.682,"endTime":3376.612,"body":"Yes, very good."},{"speaker":"Deirdre","startTime":3376.612,"endTime":3377.272,"body":"Catch up."},{"speaker":"Deirdre","startTime":3377.632,"endTime":3378.262,"body":"Good summer."},{"speaker":"Deirdre","startTime":3378.292,"endTime":3379.012,"body":"Busy summer."},{"speaker":"Deirdre","startTime":3379.102,"endTime":3379.672,"body":"Good summer."},{"speaker":"Thomas","startTime":3380.482,"endTime":3381.322,"body":"so we're back into it"},{"speaker":"Thomas","startTime":3381.322,"endTime":3381.592,"body":"now."},{"speaker":"Thomas","startTime":3381.592,"endTime":3381.682,"body":"We're"},{"speaker":"David","startTime":3381.697,"endTime":3383.497,"body":"might even say"},{"speaker":"David","startTime":3381.697,"endTime":3383.497,"body":"it was a cruel summer."},{"speaker":"Deirdre","startTime":3383.497,"endTime":3384.532,"body":"Cruel Summer."},{"speaker":"Deirdre","startTime":3385.582,"endTime":3385.792,"body":"Yeah."},{"speaker":"Deirdre","startTime":3385.792,"endTime":3386.722,"body":"I think we're back into it."},{"speaker":"Deirdre","startTime":3386.782,"endTime":3388.342,"body":"See you soon."},{"speaker":"Deirdre","startTime":3388.552,"endTime":3391.132,"body":"Hey, we haven't asked this"},{"speaker":"Deirdre","startTime":3388.552,"endTime":3391.132,"body":"before 'cause we don't like"},{"speaker":"Deirdre","startTime":3391.132,"endTime":3392.992,"body":"asking our audience for"},{"speaker":"Deirdre","startTime":3391.132,"endTime":3392.992,"body":"things, but if you would like"},{"speaker":"Deirdre","startTime":3392.992,"endTime":3398.377,"body":"to review us on the Apple"},{"speaker":"Deirdre","startTime":3392.992,"endTime":3398.377,"body":"Podcast, Store or wherever"},{"speaker":"Deirdre","startTime":3398.407,"endTime":3401.917,"body":"you listen to podcasts and"},{"speaker":"Deirdre","startTime":3398.407,"endTime":3401.917,"body":"they let you review stuff."},{"speaker":"Deirdre","startTime":3402.067,"endTime":3403.777,"body":"How about you give"},{"speaker":"Deirdre","startTime":3402.067,"endTime":3403.777,"body":"us a cool review?"},{"speaker":"Deirdre","startTime":3403.807,"endTime":3406.117,"body":"It's really nice and it"},{"speaker":"Deirdre","startTime":3403.807,"endTime":3406.117,"body":"helps people find us."},{"speaker":"Thomas","startTime":3406.372,"endTime":3407.692,"body":"Will we give"},{"speaker":"Thomas","startTime":3406.372,"endTime":3407.692,"body":"them a coupon for"},{"speaker":"Thomas","startTime":3407.692,"endTime":3409.192,"body":"stamps.com if we do that?"},{"speaker":"Deirdre","startTime":3409.267,"endTime":3411.987,"body":"No, we'll"},{"speaker":"Deirdre","startTime":3409.267,"endTime":3411.987,"body":"give you thank yous"},{"speaker":"Thomas","startTime":3414.367,"endTime":3415.507,"body":"Why do we want reviews?"},{"speaker":"Deirdre","startTime":3416.077,"endTime":3419.887,"body":"because it, it helps"},{"speaker":"Deirdre","startTime":3416.077,"endTime":3419.887,"body":"show us up higher in like"},{"speaker":"Deirdre","startTime":3420.007,"endTime":3423.067,"body":"Apple and all the other,"},{"speaker":"Deirdre","startTime":3420.007,"endTime":3423.067,"body":"you know, podcast thingies"},{"speaker":"Deirdre","startTime":3423.067,"endTime":3427.132,"body":"that scrape from Apple"},{"speaker":"Deirdre","startTime":3423.067,"endTime":3427.132,"body":"and show us as like, Good."},{"speaker":"Thomas","startTime":3427.297,"endTime":3429.427,"body":"I thought we were like"},{"speaker":"Thomas","startTime":3427.297,"endTime":3429.427,"body":"the cool bar in Swingers that"},{"speaker":"Thomas","startTime":3429.432,"endTime":3430.627,"body":"doesn't have the sign above it."},{"speaker":"Thomas","startTime":3430.627,"endTime":3431.587,"body":"You just have to know about us."},{"speaker":"Thomas","startTime":3431.617,"endTime":3432.217,"body":"It's fine."},{"speaker":"Thomas","startTime":3432.337,"endTime":3434.917,"body":"Review us if you wanna"},{"speaker":"Thomas","startTime":3432.337,"endTime":3434.917,"body":"like reveal us to the"},{"speaker":"Thomas","startTime":3434.917,"endTime":3435.847,"body":"the non cool kids."},{"speaker":"Thomas","startTime":3435.847,"endTime":3436.597,"body":"That's totally fine."},{"speaker":"David","startTime":3437.272,"endTime":3440.062,"body":"Or join in in the YouTube"},{"speaker":"David","startTime":3437.272,"endTime":3440.062,"body":"comments when, 'cause we do"},{"speaker":"David","startTime":3440.062,"endTime":3442.582,"body":"release episodes to YouTube"},{"speaker":"David","startTime":3440.062,"endTime":3442.582,"body":"and we get great comments like,"},{"speaker":"David","startTime":3442.582,"endTime":3445.012,"body":"\"the art of how to talk about"},{"speaker":"David","startTime":3442.582,"endTime":3445.012,"body":"nothing\", or, \"these people"},{"speaker":"David","startTime":3445.012,"endTime":3447.412,"body":"are, don't know anything about"},{"speaker":"David","startTime":3445.012,"endTime":3447.412,"body":"what they're talking about\","},{"speaker":"Deirdre","startTime":3447.442,"endTime":3448.192,"body":"Yes."},{"speaker":"David","startTime":3448.282,"endTime":3448.672,"body":"which I"},{"speaker":"Thomas","startTime":3448.702,"endTime":3449.572,"body":"In fairness."},{"speaker":"David","startTime":3449.632,"endTime":3451.522,"body":"upfront about"},{"speaker":"David","startTime":3449.632,"endTime":3451.522,"body":"the fact that we don't"},{"speaker":"Thomas","startTime":3451.672,"endTime":3451.792,"body":"I was"},{"speaker":"David","startTime":3451.822,"endTime":3453.082,"body":"what we're talking about."},{"speaker":"David","startTime":3453.502,"endTime":3453.592,"body":"I"},{"speaker":"Thomas","startTime":3453.712,"endTime":3454.152,"body":"say, I feel seen."},{"speaker":"David","startTime":3454.252,"endTime":3455.692,"body":"open every episode."},{"speaker":"David","startTime":3455.692,"endTime":3455.752,"body":"I."},{"speaker":"Thomas","startTime":3457.252,"endTime":3459.442,"body":"Well, it is good"},{"speaker":"Thomas","startTime":3457.252,"endTime":3459.442,"body":"to talk to you guys again."},{"speaker":"Thomas","startTime":3459.502,"endTime":3461.032,"body":"I look forward to"},{"speaker":"Thomas","startTime":3459.502,"endTime":3461.032,"body":"our next episode."},{"speaker":"Thomas","startTime":3461.032,"endTime":3462.382,"body":"Whatever it is that we don't"},{"speaker":"Thomas","startTime":3461.032,"endTime":3462.382,"body":"know what we're talking"},{"speaker":"Thomas","startTime":3462.382,"endTime":3463.372,"body":"about, talking about again,"},{"speaker":"Thomas","startTime":3463.372,"endTime":3464.902,"body":"so awesome."},{"speaker":"Deirdre","startTime":3465.322,"endTime":3467.212,"body":"We'll, figure it"},{"speaker":"Deirdre","startTime":3465.322,"endTime":3467.212,"body":"out when we figure it out."},{"speaker":"Deirdre","startTime":3467.242,"endTime":3467.452,"body":"Okay."},{"speaker":"Deirdre","startTime":3467.452,"endTime":3467.512,"body":"Bye."},{"speaker":"David","startTime":3477.332,"endTime":3480.032,"body":"Security, cryptography,"},{"speaker":"David","startTime":3477.332,"endTime":3480.032,"body":"whatever is a side project"},{"speaker":"David","startTime":3480.032,"endTime":3482.822,"body":"from Deirdre Connolly, Thomas"},{"speaker":"David","startTime":3480.032,"endTime":3482.822,"body":"Ptacek and David Adrian."},{"speaker":"David","startTime":3483.182,"endTime":3484.502,"body":"Our editor is Netty Smith."},{"speaker":"David","startTime":3484.862,"endTime":3488.942,"body":"You can find the podcast on"},{"speaker":"David","startTime":3484.862,"endTime":3488.942,"body":"Twitter @scwpod and the hosts"},{"speaker":"David","startTime":3488.942,"endTime":3493.212,"body":"on Twitter at @durumcrustulum,"},{"speaker":"David","startTime":3488.942,"endTime":3493.212,"body":"@tqbf, and @davidcadrian."},{"speaker":"David","startTime":3493.772,"endTime":3497.542,"body":"You can buy merchandise at merch"},{"speaker":"David","startTime":3493.772,"endTime":3497.542,"body":"dot securitycryptographywhatever"},{"speaker":"David","startTime":3497.542,"endTime":3498.252,"body":"dot com."},{"speaker":"David","startTime":3498.662,"endTime":3499.532,"body":"Thank you for listening."}]}