The recent ‘Devil’s Ivy’ vulnerability has caused quite a rash in the security journalism community. Is it as bad as poison ivy or just a bunch of hyperbole? We discuss. Plus you’ve heard of public key encryption, but what lies beyond? We cover some possible alternatives and the problem of identity.

Then Dan’s got the latest on his Let’s encrypt setup including a brand new open source tool you too can use!

RSS Feeds:

HD Video Feed | MP3 Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:


Show Notes:

‘Devil’s Ivy’ Vulnerability

Beyond public key encryption

  • One of the saddest and most fascinating things about applied cryptography is how 6689264031_4c7516b3e1_zlittle cryptography we actually use. In fact, with a few minor exceptions, the vast majority of the cryptography we use was settled by the early-2000s.*

  • Identity Based Cryptography – In the mid-1980s, a cryptographer named Adi Shamir proposed a radical new idea. The idea, put simply, was to get rid of public keys.

  • Attribute Based Encryption – The beautiful thing about this idea is not fuzzy IBE. It’s that once you have a threshold gate and a concept of “attributes”, you can more interesting things. The main observation is that a threshold gate can be used to implement the boolean AND and OR gates

Dan’s Let’s Encrypt Tool

  • use case is centralized Let’s Encrypt with dns-01 challenges


Round Up:

Question? Comments? Contact us here!