Security Cryptography Whatever

Python Cryptography Breaks Up with OpenSSL with Paul Kehrer and Alex GaynorThe Python cryptography module, pyca/cryptography, has mostly been a sane wrapper around a pile of C, so that users get performant cryptography on the many, many platforms Python targets. Therefore its maintainers, Alex Gaynor and Paul Kehrer, have become intimately familiar with OpenSSL. Recently, they declared that after many years of trying to make it work, they announced pyca/cryptography would be moving away from OpenSSL when supporting new functionality and exploring adding other backends instead. We invited them on to tell us about what has happened to OpenSSL, even after the investments and improvements following Heartbleed. No guests on this pod represent anyone besides themselves. Watch on YouTube: https://www.youtube.com/watch?v=dEKBHI3rodY Transcript: https://securitycryptographywhatever.com/2026/02/01/python-cryptography-breaks-up-with-openssl Links: - https://cryptography.io/en/latest/statements/state-of-openssl/ - Py Cryptography: https://cryptography.io - https://archive.openssl-conference.org/2025/presentations/Alex_Gaynor_Paul_Kehrer_The_Python_Cryptographic_Authoritys_OpenSSL_Experience.pdf - https://securitycryptographywhatever.com/2025/08/16/alex-gaynor/ - https://packages.gentoo.org/packages/media-libs/libsdl - https://www.youtube.com/watch?v=RUIguklWwx0 - https://datatracker.ietf.org/doc/rfc9180/ - https://docs.openssl.org/3.3/man3/OSSL_PARAM/ - https://openssl.foundation/ - https://github.com/openssl/openssl/issues/17064 - https://www.feistyduck.com/newsletter/issue_132_openssl_performance_still_under_scrutiny - https://github.com/topazproject/topaz - https://github.com/actions/runner/issues/1069 - https://crystalhotsauce.com/ - https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467 - https://en.wikipedia.org/wiki/Ship_of_Theseus - https://boringssl.googlesource.com/boringssl/+/aa202db1d7091b88b80f0a58c630c5c1aefc817d - https://www.ibm.com/products/open-sdk-for-rust-aix - https://dadrian.io/blog/posts/corporate-support-xz/ - https://peps.python.org/ - https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ed448/ - https://go.dev/blog/fips140 - https://dadrian.io/blog/posts/roll-your-own-crypto/ "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

61|1T 12M

Stop Using Encrypted Email with William WoodruffThere was a bug in an OpenPGP library which finally gave us an excuse to tear encrypted email via PGP to shreds. Our special guest William Woodruff joined us to help explain the vuln and indulge our gnashing of teeth on why email was never meant to be encrypted and how other modern tools do the job much, much better. Watch on YouTube: https://www.youtube.com/watch?v=IoL3LfIozJo Transcript: https://securitycryptographywhatever.com/2025/08/22/stop-using-encrypted-email-with-william-woodruff Links: - William Woodruff: https://yossarian.net/ - https://www.latacora.com/blog/2020/02/19/stop-using-encrypted/ - https://www.rfc-editor.org/rfc/rfc4880 - https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/ - https://www.mailpile.is/blog/2014-10-07_Some_Thoughts_on_GnuPG.html - https://www.rfc-editor.org/rfc/rfc9580.html - https://www.tumblr.com/accidentallyquadratic - https://www.w3.org/TR/xmldsig-core/ - https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP - https://www.rfc-editor.org/rfc/rfc9580.html#name-signature-packet-type-id-2 - https://www.rfc-editor.org/rfc/rfc9580.html#name-key-derivation-function - https://en.wikipedia.org/wiki/S/MIME - https://delta.chat - https://signal.org/blog/the-ecosystem-is-moving/ - https://phakeobj.netlify.app/posts/gigacage/ - https://x.com/dakami -----BEGIN PGP MESSAGE----- U2FsdGVkX1/OF+EynrukxZnSAXwgksTGSIkQ6s4X9Ns7JgQ2ZymeQAp8uD09MtkJ ce5HOKcjhUkZOMbJl3I5iOcPgSxCGG8KccNXcY6msdAD3pdlmR5cWJpn6+qGwqvo KCsj+DYwFW6tltLBXP/cdnh9z8ktRXqfwQW+uhB5Zcaw28pzmNz/rA0cb0cLGiaX uxp9A0iWhwf2gFpUSiIJyXGLJAc8eeI1LXfISXi7IkowDMp4x+iDbOlrR0d6zCkp IKpNGReokcWhUrlGVONiVUrApZS2fvxQoHgaIvwLl5FM1WdrbQIV41DB+rgtZJhE NSgMkhQ0y1bBAOM25ykRjC/UUS/q0ddXz1ThGi6vRIp4/8vkqOsEXHv5M1oT9FQT UGK3zyffq0FqGBFj6kwVZ0X0JQFmtydZKhSYEPE9s4mcfvxKNQsySK7wlxMerKrf f9ZxOR7rHjE3IfqtoizX8EH+MYy2lRCoCKeLbZd0G1LcVhBhRpoXfqL2IboAWqT+ U8R2eyts7qiNuWQUtmCzKNmaJMS+1M+pVN5ZXAdSqK2OJVJZgO8Ie7q4HVZeAd3G HzP7owf+VerCguOYN41cxGle1QpeFi0xcYHNna1bgbodFZ8eGDOq5yCuvmQa04Xy J4vRv7xcp/v16CniL1rN6KhnzdW2gLky8depnYyhm8NvdMFETA6K6eIYm1roD+C2 wwOOKRxUpTI54ov+HYDDU+HUmpFykSesHQJ75o9m0w7V2kR/+E46olFMhHo8JWnL NsGd5QlD/fyedMXHAjimXuFk/YFnwa1lh4XwSwYm+c8ZnIfrS6oEEdUSwXMCwwVT 7/tMw+ab0YRsx19hBLS41oxMz+DCah+/KDMEHv0I+VxaCH8ZfaKD4tRhduSvcWkn Nat3Xp8/MAmO5xN1U8s1dFvrlnt+yqDz7Wn0kVDiax2dTJVgftetqOkoSVvGdMex 9K0ILUUMEpHYBISIaAc7NjoG4BieSeK7wuzBXdhHutVZVKp2ty+mAd8xPlrmemsX lzBhV/kcmF4rcG4eqoWcKpZQY8ZUDufwhIcNqIZEA+wQoKbmBQCR/NradwUrCAIs AQFMVhSYmr7ffA6Ty0twSWeVMDQmxdW+6gKA3EiTAJkFXPpdkhBUzuZHC7Eeph7D F0Ks8Vu/wzOhNsd2s2wYYF6Dl3xctcOj7eMw8VS1HtExszulM57TnqTDaLGPcX6o m8NORwMEtQrCbJd/fdmoNPN/cXzLPHQj3qVZ0F50iNec6zSnmBLIRX4SAYOqzN/2 icvr98Caa1oX3pUlm9W2Hcz30SXJDxOf+mqH6zL4QTAMs3/K9OkaO9nmyPelwoCw VI1q/PsMpqQhGikdM5hrzg6IcEOg5zpLB6N+wqkcGyXFzI2gSQTWYOv4thrIxPY5 G9yNi4dhU+2+KJCa6aoPyAlyc41Yd3ARTeahHEjtdj6PcueRPQdVm+qWCRp09bp3 oic7ljzMVrPRgdbRrzFyEAIhN9Fi4QZ08/yCLEt/BPG+N8j0cZixoj54SKi07uSO WRDrzGvgSegGCCIFKjAsq9ay0sBm61XLcZqdtj57NpNzd/y/yFYvjEQLyyn8VnFA RwOaM3zjrufNC+kYVkHCYzfvu+JopScZjMiuBXI9v8OTOXlj+Ai97bnftwmpQ263 5vyearRHCNATFNa96Sxd1cLjV+ECUlD4hAZQPyel8groXsyjKaMxoOkaZjG/5MDQ 8KPtes32kjTmneyLSzrUaAD0F4l/iltBXzDNiT6BHD7HJmERbdkoab7+DC1hxxC1 VuOHOX+G/U5NUNjxAercuFOY6kgAH5HM+woGjLUsoc5LESqyPdddeg== -----END PGP MESSAGE----- "Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

58|1T 11M

Episodes

Lyt når som helst, hvor som helst

Andre har også lyttet til ...