Stop Using Encrypted Email With William Woodruff Security Cryptography Whatever podcast

المحتوى المقدم من Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Deirdre Connolly, Thomas Ptacek, David Adrian, Deirdre Connolly, Thomas Ptacek, and David Adrian أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.

Security Cryptography Whatever »
Stop Using Encrypted Email with William Woodruff

1M ago 1:11:07

MP3•منزل الحلقة

There was a bug in an OpenPGP library which finally gave us an excuse to tear encrypted email via PGP to shreds. Our special guest William Woodruff joined us to help explain the vuln and indulge our gnashing of teeth on why email was never meant to be encrypted and how other modern tools do the job much, much better.
Watch on YouTube: https://www.youtube.com/watch?v=IoL3LfIozJo
Transcript: https://securitycryptographywhatever.com/2025/08/22/stop-using-encrypted-email-with-william-woodruff
Links:
- William Woodruff: https://yossarian.net/
- https://www.latacora.com/blog/2020/02/19/stop-using-encrypted/
- https://www.rfc-editor.org/rfc/rfc4880
- https://codeanlabs.com/blog/research/cve-2025-47934-spoofing-openpgp-js-signatures/
- https://www.mailpile.is/blog/2014-10-07_Some_Thoughts_on_GnuPG.html
- https://www.rfc-editor.org/rfc/rfc9580.html
- https://www.tumblr.com/accidentallyquadratic
- https://www.w3.org/TR/xmldsig-core/
- https://support.yubico.com/hc/en-us/articles/360013790259-Using-Your-YubiKey-with-OpenPGP
- https://www.rfc-editor.org/rfc/rfc9580.html#name-signature-packet-type-id-2
- https://www.rfc-editor.org/rfc/rfc9580.html#name-key-derivation-function
- https://en.wikipedia.org/wiki/S/MIME
- https://delta.chat
- https://signal.org/blog/the-ecosystem-is-moving/
- https://phakeobj.netlify.app/posts/gigacage/
- https://x.com/dakami
-----BEGIN PGP MESSAGE-----
U2FsdGVkX1/OF+EynrukxZnSAXwgksTGSIkQ6s4X9Ns7JgQ2ZymeQAp8uD09MtkJ
ce5HOKcjhUkZOMbJl3I5iOcPgSxCGG8KccNXcY6msdAD3pdlmR5cWJpn6+qGwqvo
KCsj+DYwFW6tltLBXP/cdnh9z8ktRXqfwQW+uhB5Zcaw28pzmNz/rA0cb0cLGiaX
uxp9A0iWhwf2gFpUSiIJyXGLJAc8eeI1LXfISXi7IkowDMp4x+iDbOlrR0d6zCkp
IKpNGReokcWhUrlGVONiVUrApZS2fvxQoHgaIvwLl5FM1WdrbQIV41DB+rgtZJhE
NSgMkhQ0y1bBAOM25ykRjC/UUS/q0ddXz1ThGi6vRIp4/8vkqOsEXHv5M1oT9FQT
UGK3zyffq0FqGBFj6kwVZ0X0JQFmtydZKhSYEPE9s4mcfvxKNQsySK7wlxMerKrf
f9ZxOR7rHjE3IfqtoizX8EH+MYy2lRCoCKeLbZd0G1LcVhBhRpoXfqL2IboAWqT+
U8R2eyts7qiNuWQUtmCzKNmaJMS+1M+pVN5ZXAdSqK2OJVJZgO8Ie7q4HVZeAd3G
HzP7owf+VerCguOYN41cxGle1QpeFi0xcYHNna1bgbodFZ8eGDOq5yCuvmQa04Xy
J4vRv7xcp/v16CniL1rN6KhnzdW2gLky8depnYyhm8NvdMFETA6K6eIYm1roD+C2
wwOOKRxUpTI54ov+HYDDU+HUmpFykSesHQJ75o9m0w7V2kR/+E46olFMhHo8JWnL
NsGd5QlD/fyedMXHAjimXuFk/YFnwa1lh4XwSwYm+c8ZnIfrS6oEEdUSwXMCwwVT
7/tMw+ab0YRsx19hBLS41oxMz+DCah+/KDMEHv0I+VxaCH8ZfaKD4tRhduSvcWkn
Nat3Xp8/MAmO5xN1U8s1dFvrlnt+yqDz7Wn0kVDiax2dTJVgftetqOkoSVvGdMex
9K0ILUUMEpHYBISIaAc7NjoG4BieSeK7wuzBXdhHutVZVKp2ty+mAd8xPlrmemsX
lzBhV/kcmF4rcG4eqoWcKpZQY8ZUDufwhIcNqIZEA+wQoKbmBQCR/NradwUrCAIs
AQFMVhSYmr7ffA6Ty0twSWeVMDQmxdW+6gKA3EiTAJkFXPpdkhBUzuZHC7Eeph7D
F0Ks8Vu/wzOhNsd2s2wYYF6Dl3xctcOj7eMw8VS1HtExszulM57TnqTDaLGPcX6o
m8NORwMEtQrCbJd/fdmoNPN/cXzLPHQj3qVZ0F50iNec6zSnmBLIRX4SAYOqzN/2
icvr98Caa1oX3pUlm9W2Hcz30SXJDxOf+mqH6zL4QTAMs3/K9OkaO9nmyPelwoCw
VI1q/PsMpqQhGikdM5hrzg6IcEOg5zpLB6N+wqkcGyXFzI2gSQTWYOv4thrIxPY5
G9yNi4dhU+2+KJCa6aoPyAlyc41Yd3ARTeahHEjtdj6PcueRPQdVm+qWCRp09bp3
oic7ljzMVrPRgdbRrzFyEAIhN9Fi4QZ08/yCLEt/BPG+N8j0cZixoj54SKi07uSO
WRDrzGvgSegGCCIFKjAsq9ay0sBm61XLcZqdtj57NpNzd/y/yFYvjEQLyyn8VnFA
RwOaM3zjrufNC+kYVkHCYzfvu+JopScZjMiuBXI9v8OTOXlj+Ai97bnftwmpQ263
5vyearRHCNATFNa96Sxd1cLjV+ECUlD4hAZQPyel8groXsyjKaMxoOkaZjG/5MDQ
8KPtes32kjTmneyLSzrUaAD0F4l/iltBXzDNiT6BHD7HJmERbdkoab7+DC1hxxC1
VuOHOX+G/U5NUNjxAercuFOY6kgAH5HM+woGjLUsoc5LESqyPdddeg==
-----END PGP MESSAGE-----

"Security Cryptography Whatever" is hosted by Deirdre Connolly (@durumcrustulum), Thomas Ptacek (@tqbf), and David Adrian (@davidcadrian)

فصول

1. intro (00:00:00)

2. openpgp.js vuln (00:00:48)

3. pgp message formats (00:01:39)

4. pgp key servers (00:03:30)

5. parsing vulns (00:04:14)

6. pgp for encrypted email (00:13:30)

7. fcking metadata (00:28:22)

8. m-m-m-metadata (00:38:14)

9. SMTP m-m-m-metadata (00:38:40)

10. dkim, spam (00:39:22)

11. federation (00:41:53)

12. how big is ur email archive (00:44:30)

13. forward secrecy (00:52:06)

14. what you should actually use (01:01:12)

15. final opinions (01:10:17)

58 حلقات

#Tech #Deirdre Connolly, Thomas Ptacek, David Adrian #David Adrian #Deirdre Connolly #Thomas Ptacek #Security #Cryptography #Whatever #Science #Math #News #Tech News