Security Cryptography Whatever

Join Jonathan Rudenberg, a seasoned software engineer known for his work on Flynn and various authentication systems, as he dives deep into the world of tokens. He discusses the enduring relevance of JSON Web Tokens (JWT), critiques their security vulnerabilities, and compares them with other protocols like SAML and OIDC. Rudenberg also introduces alternatives like Peseto and macaroons, highlighting their unique advantages. Learn about the intricate challenges of certificate management in large organizations, and discover the future possibilities in token authentication!

Special guest Filippo Valsorda joins us to debate with Thomas on whether one should or should not "roll your own crypto", and how to produce better cryptography in general.After we recorded this, David went even deeper  on 'rolling your own crypto' in a blog post here: https://dadrian.io/blog/posts/roll-your-own-crypto/Transcript: https://securitycryptographywhatever.com/2021/07/31/the-great-roll-your-own-crypto-debate-with-filippo-valsorda/Links:https://peter.website/meow-hash-cryptanalysishttps://arxiv.org/pdf/2107.04940.pdfhttps://ristretto.grouphttps://filippo.io/heartbleedFind us at:https://twitter.com/durumcrustulumhttps://twitter.com/tqbf https://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@dadrian)

Deirdre, Thomas and David talk about NSO group, Pegasus,  whether iOS a burning trash fire, the zero-day market, and whether rewriting all of iOS in Swift is a viable strategy for reducing all these vulns.Transcript: https://securitycryptographywhatever.com/2021/07/26/nso-group-pegasus-zero-days-i-os-message-security/Find us at:https://twitter.com/durumcrustulumhttps://twitter.com/tqbf https://twitter.com/davidcadrian"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@dadrian)