- theswissroadtocryp
Meet the cryptographer that Linux, Google and Ethereum trust, JP AumassonMay 5 • 37:06
JPAumasson
===
[00:00:00] JP: And this technology that I developed during my PhD, now ended up being used by many systems by, Linux, Google, Apple systems for these very reasons, because it was superior in terms of security and speed.
[00:00:21] JP: And also so many let's say cryptographers and security experts, vouch for it to say, we think it's good. It's not been broken after 10 years. So. it's Probably safe to use.
[00:00:34] Didier: Today. I am pleased to have Jean-Philippe Aumasson. He is a cryptographer and the co-founder of a company called Taurus in Switzerland, which offers digital custody trading, and many other solutions for institutional clients. He is also an author. He wrote a book in English just to challenge himself, to write a book in a foreign language.
[00:00:59] Didier: He is considered an authority in cryptography. Many projects and custody solutions used in banks rely on his work. He will tell us about his background and try to have us believe that he is not a natural in math. Then we will have a wide ranging conversation on cryptography Blake, 3 and many other subjects.
[00:01:18] Didier: Good afternoon, Jean Philppe
[00:01:20] JP: hello. Thank you Didier for having me.
[00:01:23] Didier: Can you tell us a little bit about your background? I think you grew up in France and initially weren't interested in mathematics and then somehow stumbled into cryptography.
[00:01:32] JP: Yeah, that is, right. I so I was initially studying in France. I, after the Bac, when I was 18, I didn't know what I wanted to do, but I liked playing video games. So I used to do computer science. But then I realize I've come up with the science at university was mostly about theory and initially I hated it. I was quite a mediocre student until I doubled one class.
[00:01:55] JP: And then I really got interested in computer science and also philosophy and many of the topics. And then I really became passionate about security, also AI. And that's how I really got interested into cryptography and also all the related aspects of technology. Uh, and then, um, because of personal reasons, I ended up moving to Switzerland where I did my PhD, uh, in applied cryptography.
[00:02:21] JP: So you may know EPFL one of the main engineering schools in Switzerland. . So I did my PhD affiliated to EPFL, but my actual supervisor was in a Fachschule an engineering. That was closer to the wreck, which is quite an unusual setting. Uh, and I was quite lucky at this point to have the chance to focus on my research as opposed to having a teaching assignment and a lot of classes to follow like students have today.
[00:02:51] JP: So I was feeling the ideal environment to do my research at the time.
[00:02:55] Didier: Was there a specific problem or a specific person that's got you hooked into cryptography or if it was adjusted in general about security that little by little, you fell into.
[00:03:04] JP: Not really. I, you know, it was in the early two thousands. I liked fiddling with my computer. Uh, it was, you know, the relative beginning over the internet. And you had a bunch of hacking tools that you could use without knowing much about computers, about hacking, but I started reading a lot of online magazines, uh, about hacking.
[00:03:25] JP: And I, I find it pretty exciting. Uh, but I had to choose at some point between specializing in AI or crypto. And I ended up choosing crypto because there was a good crypto lab at EPFL and the girl I was dating in Lausanne and I was in Paris.. And for me, it was all the planets were aligned and I chose to focus in crypto.
[00:03:45] Didier: Okay. So then you worked at a company in Switzerland. That's known that's well known in Switzerland, but maybe not outside. That's called Kudelski. And I think you had a fun job there. Can you just quickly say what Kudelski does and then what your job was there?
[00:04:01] JP: Yeah. Kudelski is relatively little known outside of the other country, even though it's one of the main, if not the single main provider of pay-TV security systems, uh, and few people know how advanced this technology is. Because there's so much money at stake that you need very advanced security technology to protect pay-TV systems.
[00:04:26] JP: It's not only in terms of software, but also in terms of hardware, smart cards. And I think this is where you'd find the most advanced security maybe after military technology. So my job when I started there?
[00:04:39] JP: was to prevent, uh, pirates criminals, including organized crime. To hack pay-TV channels. And this was a kind of cat and mouse game, uh, whereby we add a new feature.
[00:04:54] JP: People try to bypass it, and then we try to stop them from doing so it was really fun. And also we had the great team of people, uh high-skilled people. So I really learned that. Uh, in crypto for one, but also in all the other related fields, such as for example, software security, hardware design, and even consulting, or just with clients,
[00:05:20] Didier: Okay. All right. And how many years did you work there?
[00:05:23] JP: we're starting in 2010, in 2012, we started a cybersecurity. You need to call Which is now a big provider of cyber security services. And I left, uh, officially in 2019.
[00:05:41] Didier: Okay.
[00:05:42] JP: Yeah. So yeah, then S yeah.
[00:05:46] Didier: Okay, so let's move on a little bit to cryptography. Would you say cryptography is fundamentally different than other fields in math or every field in math is in its own, right. Different than other fields. And if so, why?
[00:05:58] JP: Well, I don't have to sit at cryptography is not really math itself because it, it uses math mathematics, but it's, uh, let's say more than of an engineering field, uh, because it's connected to reality. So even though we develop some new types of mathematics, new types of, you know, theoroms and constructions. Ultimately, it's something you have to put in practice.
[00:06:23] JP: So you have to deal with the real world constraints and really world attackers. So it's not as pure as beautifulest math. So for example, we have the concept of security proof, uh, in cryptographic papers. But if you take a pure. Uh, hardcore mathematician and you showed them our proofs, they would laugh at us.
[00:06:44] JP: They would say, oh, it's dirty. It's not good math because sometimes when you deal with reality, you have to take some shortcuts, like physicists sometimes have to do.
[00:06:56] Didier: . And if you had to compare cryptography to a sport, which one would you say it resembles.
[00:07:01] JP: Uh, that's a funny question. And there are so many NS works, but maybe the obvious one as far as I'm concerned is to refer to mountaineering. If you look at the cover of my books, we see a guy, climbing with sticks and harness, uh, climbing a safe, and the analogy is that. It's very subtle. It takes very specific skills.
[00:07:23] JP: And if you make one tiny little mistake, then you're dead. Um, and it's kind of the same in cryptography. You can have very, almost perfect system. If you just get one tiny piece wrong, then all the security breaks down. Uh,
[00:07:39] Didier: I I've heard this. Tell me if you agree with it, or if you think the analogy is not correct. I've heard people compare cryptography to like a hacker. The hacker is the type of guy who wants to know how every piece of the machine works, everything the machine can do. And then little by little, he might discover that you can use a property of the machine or property of a component to do something unexpected.
[00:08:04] Didier: And I have the impression that cryptographers, in fact, a mathematical sort of theorem, they like to understand each sort of a component of a theorem and then maybe see a weakness or see how they can use it in another way. Would you agree? Um,
[00:08:18] JP: Yeah, I think the study, correct. And you can see cryptography as one part of a security system. Uh, what did he's done? A secretary system you'll have enough moving parts. You have software security, you have access control, your physical security, and you have mathematics. You have crypto. And most of the time the crypto is the hardest part of the chain.
[00:08:42] JP: And software is a weaker one. And often times the human aspect is even a weaker one. It doesn't mean that crypto should be neglected. It's super important. Um, but you know, most of the time security will be based on a lot of things and crypto will not be broken. Uh, crypto will be bypassed instead, let's say you have a security key.
[00:09:04] JP: You have a strong encryption algorythm, but it will not do advanced mathematics to find the key. You will just hack the software find the key, and the compromise the system.
[00:09:15] Didier: Okay. So let's talk a little bit about cryptography. You've said that often most weaknesses in a protocol are found by a programerwho has to program the protocol, and not by the person who wrote the paper or an auditor. Why is that? Is that, is that simply because when the program or programs, the code, he sort of sees it from many different angles and he dives deeper or why would you say that?
[00:09:37] JP: Well, yeah, the context of these observation is that I always try to challenge the established way of thinking, and also to bring some nuance in the, let's say what people tend to believe, and you can see, you know, see a situation has followed you have people, developing. And debate people to audit their code, find bugs, and these people would find bugs.
[00:10:02] JP: But ultimately what I observed having done many security assessments is that certain types of bugs are hard to find for outsiders because the, it depends a lot of let's say the intricate system or the interaction between all the components and certain things that only people who know the system the best will find.
[00:10:25] JP: So that's why I'm trying to walk hand-in-hand with a developer when I'm trying to break a system, because, uh, sometimes you only have so much time to understand how a system works and you don't have time let's say to, to have an understanding sufficiently to deep. To find certain types of bugs. Um, and what happens if you look at very complex crypto system, such as the one based on the multiparty competition or proofs?
[00:10:58] JP: Uh, most of the most interesting bugs have been found by people already part of the ecosystem, people who write and read , this kind of code every day.
[00:11:11] Didier: you often do, as you call them crystal graphic assessments. I've heard you say that you didn't like the word cryptographic audit. So , my question to you is what, what concept in the word audit do you not like? And when you do a cryptographic assessment, in fact, what is it that you think you're doing?
[00:11:29] JP: Yeah. That's so, because one side of me is very picky regarding terminology. And, uh, how you suddenly was when you talk with, you know, people from, um, different background people working on a, in finance, in regulatory frameworks for their perspective and audit is an evaluation against a specific regulatory framework and sometimes it's marking to checklist or an, audit in the sense of, you know, accounting audit.
[00:11:59] JP: Uh, whereas when people talk of audit in the context of security evaluations, uh, it's more about looking for bugs and reporting the bugs they find. It's not a checklist, uh, or it's not on your checklist. It is more, you know, like an exploration of the system you're trying to break. Uh, it's also arguably more subjective, but it's also in a highly valuable, because many risks are not covered by whatever compliance or regulatory framework you're working with, but will need to be discovered or invented by people knowledgeable in security and who can come up with new ideas, a new way to break the system.
[00:12:41] JP: So that's why, it's not enough to have all these compliance certifications. Uh, this would be essentially useless if the people in your company are not, let's say well-trained in security.
[00:12:54] Didier: Okay. So it's an exploratory process and an ongoing process. Okay. Well, we got an MPC multi-party multi-party computation that is now becoming more and more, let's say prevalent in solutions by like Fireblocks and other people. Can you give a definition for a layman? What the MPC of multiple party computation is?
[00:13:19] JP: Yes. Very happy to do so. Because there is a lot of misunderstanding about what is his, what is, is not, uh, it's a type of cryptographic protocol. It's not a type of product is not a solution. It just a type of cryptographic protocol. So it's a tool and you take different tools for different things. You take a hammer for one thing, you take a corkscrew for something else.
[00:13:41] JP: And every tool has their own purpose and pros and cons. So multiparty computation is kind of cryptographic magic. Uh, when you explain to people who don't know crypto, like no, that cannot exist. The idea is that you want to compute a result, a function based on different inputs. So the simplest point is in addition, you have A and B two numbers and you want to compute A plus B.
[00:14:07] JP: Uh, that's very simple, but maybe you want to compute in such a way that the people who does the competition knows the result, knows the output, but not input. They want to know there is?
[00:14:21] JP: A+B, but they should not. No A no B. So how to do this, um, and modularly it's about computing, the output, a function in such a way that none of the parties
[00:14:35] JP: knows all the input values. And specifically, if you're some input that are secret or sensitive, you don't necessarily want to give the secret value to one single person or one single company on one single computer. You want to split them in different shares so to speak. Um, so if we go back to the use-case of cryptography, these systems are typically used when you only have software components and software by definition, you know, it has limited security as opposed to systems where hardware based security. And when you went to sign a transaction for a blockchain system, it's equivalent to signing a check, um, to send money to someone else.
[00:15:21] JP: Uh, you have to use a cryptographic key, a secret key. And by using MPC, what you can do is you can split this key in multiple pieces. So let's say maybe five and these five people, they can work together, they can do something. What we call a protocol. And at the end of this protocol, they will often the result developed in the signature,
[00:15:44] Didier: if I, people don't need to know each other.
[00:15:47] JP: Um, they need to kind of know each other.
[00:15:49] JP: need to know the address, need to know, you know, the identity, uh, maybe some cryptographic certificate, but throughout the protocol they never see the secret key. So they never had the keys to the kingdom.
[00:16:03] Didier: Do you think, do you think it can solve the problem? Most people don't want to manage their own private. Uh, and private keys could be very useful for many things for just remaining anonymous on the internet,
[00:16:13] JP: Yeah.
[00:16:14] Didier: but most it's difficult to get people to manage their own private keys. Do you think MPC can, can, can obtain the same type of level of security of having your own private key without ever managing it?
[00:16:26] JP: Um, you know, there's, uh, uh, saying that the hardest problem in cryptography it's key management is managing your keys and managing keys is everything from key, generation to key erasure, uh, transferring keys and backups. So if you look at MPC, one thing that is very annoying is that you have more keys, you have more stuff to worry about, so to speak because you split the keys in different shares and each of these shares are secret.
[00:16:57] JP: So the processes of backup key generation and key rotation, they are way more complicated. So in other words, there is a price to pay. If you want to use this kind of MPC magic. And more complexity means more things that could go wrong and more risks. So it's always a trade off. There's no, there's no free lunch here.
[00:17:15] Didier:
[00:17:15] Didier: NFT's, uh, would you want to give a definition of what they are and why they're weak in their construction?
[00:17:23] JP: Um, Well NFT's. So it, it stands for non fungible token. So you can see this as a type of cryptocurrency, such as Bitcoin, but in Bitcoin, any Bitcoin is identical. And you a Bitcoin has the same value. So that's what we call fungibility. Uh, any Bitcoin is the same in a Swiss. Franc is the same as you know, the Swiss Frank, uh, the NFTs they are token where one token is different from another token
[00:17:51] JP: so they have different values and they correspond to different objects. So you can see an NFT as a digital token is a type of digital asset that is tied to something. And if something, it can be. Uh, piece of text, it can be, uh, an internet address. It can be an internet address that links to an image that links to a video, um, and, uh, whole market developed around this and a whole ecosystem of more or less fraudulant
[00:18:22] JP: uh, operations have been, uh, created a lot of, uh, scam artists in that space. So that's the beginning is free, you know, the wild west, because there are very little regulation. And people are excited about it. That is hype. So people have this fear of missing out. They put their money to buy stuff, they get their stuff stolen.
[00:18:41] JP: They're like, oh, damn. And then they buy another. Uh, but anyway, it doesn't mean that you should not throw this to the trash altogether because technology is probably interesting and valuable. And I see some potentially interesting use cases being developed. So I would just advise people to be careful not to invest other money in NFTs, even if it looks pretty good.
[00:19:08] JP: And even if they heard about friends who made a lot of money with it, but maybe don't discount the technology just because the applications are sometimes, uh, you know, not
[00:19:17] Didier: I know people who think that the technology by construction the way an NFT is constructed is not secure. , would you agree with that?
[00:19:25] JP: Well, from what I've seen, there are a lot security limitations, intrinsic to the NFT constructions. For example, what you buy is an electronic asset the, uh, an internet address that points to an image. But this image is not necessarily stored on the blockchain. It can be stored on some internal server that can crash and can be modified and it can change the image.
[00:19:46] JP: So what's you buy not image itself. It's to internet link think that points to an image. So that's one limitation and another class of issues is the marketplaces that send NFTs, which can have their own, uh, security issues. I think last week or two weeks ago, one of the main platform selling NFTs was hacked.
[00:20:07] JP: Um, and every other week or every other day, there's a new hack of NFT exchange platform. So our NFT technology.
[00:20:17] Didier: moving on. You did your PhD and you invented something called Blake. And now we've up to the version. I think Blake 3. So can you describe what it is and why it's useful?
[00:20:28] JP: Yeah, I think most people never heard about this. Uh, when they hear Blake, maybe they talk of, you know, the poet, William Blake, or some sort of pop stars, but. Technically, it's a type of cryptographic algorithm, which people see as a Swiss army knife of crypto because it's used pretty much everywhere. You need hash functions in cryptographic protocols.
[00:20:54] JP: You need them, even in some encryption systems, uh, and you have them in about any device. So in your computer, in your mobile phone, you have all these hash functions and they need to do at least two things. Secure, of course, and I need to be fast so fast that you don't have to wait as a user. And also fast in the sense
[00:21:18] JP: don't consume a lot of energy because of battery life and other reasons. And this technology that I developed during my PhD, now ended up being used by many systems by, Linux, Google, Apple systems for these very reasons, because it was superior in terms of security and speed.
[00:21:38] Didier: so you think it's youthfulness and security and speed.
[00:21:42] JP: Mainly, and also ease of use. Because, uh, you're not going to buy something or to use something that you don't understand, or that looks too complicated to you, or that proves so complicated that. It makes you feel nervous. So when I designed this also paid a lot of attention to make it, let's say easy to understand and easy to implement for engineers because some cryptographers who are very good at math.
[00:22:11] JP: They may do very complex and very much mathematical constructions, but I'm not smart enough to do this. So I did something much simpler and I believe one of the reasons why it ended up being adopted by a wide range of engineers. It's because of its simplicity. Uh, it fits in relatively few lines of code and it's easy to grasp why it works the way it works.
[00:22:34] Didier: I think it's used in also in mining algorithms. Like there's a project in Switzerland called Alephium that uses it, uh, and it's, uh, mining algorithm. And so can you tell us why you think they chose it, or what are the interesting properties of Blake 3 three that relate to mining?
[00:22:50] JP: Yeah, well, I was the first surprise and very proud to see well, the hash function that I designed that use to so many systems. So you said Alephium, but there are many other blockchain platforms that just Blake two of Blake's three, which is the latest version that is even faster. Uh, even Ethereum uh, is using it's just Blake 2
[00:23:12] JP: and I believe that they use it for several reasons. The first one is the security of garantee and also they ended up using it because all the compatibility. And interoperability reasons. Uh, now you have many implementations of this algorithm in multiple languages and multiple computing technologies. So it's relatively easy for developers to use some existing library as opposed to implementing it from scratch themselves.
[00:23:42] JP: And also so many let's say cryptographers and security experts, vouch for it to say, we think it's good. It's not been broken after 10 years. So. it's Probably safe to use.
[00:23:54] Didier: . And do you think an optimization of a Blake three, four for Asics, for example, are going to allow new, new industrial use case?
[00:24:03] JP: Oh, yeah, that's a great point. Um, I heard about people interested in doing dedicated Silicon chips that would directly implement the Blake logic to make it more energy efficient. Um, so I don't think it would be all, you know, the desktop and server chips, uh, tomorrow, at least, but I expect to see dedicated hardware to implement Blake
[00:24:31] JP: more efficiently, specifically for blockchain platforms that use in their proof of work systems, because that's where you really need to optimize the, the efficiency and the cost efficiency ratio, because you have to keep competing hushes, uh, all the time, millions of instances, per second and, uh, and you want to minimize your electricity, electricity bill.
[00:24:55] Didier: Okay. Do you think it could be used for streaming?
[00:24:59] JP: Uh, I've seen used in a applications that need to really high-speed high throughput performance, for example, gigabytes per second. And one use case where it shines is when you can parallelize the work among multiple computing unit, for example, on the multi-core systems, because it's been designed to take advantage of parallel systems.
[00:25:21] JP: So instead of taking, I don't know, five seconds to hash a few gigabytes it might take just less than one, one second.
[00:25:30] Didier: What is the question relating to cryptography that nobody ever asked you, but you think is important.
[00:25:35] JP: Oh, um, yeah, that does. That's a good question. Uh, people tend to always ask me the same questions. One that they never asked, uh, is maybe more high level question is like, Why am I doing this? Uh, or what do I need to do? People worry about the, how, how to create, how to harsh, how to sign up, because it's like, I'm going to put locks on my door to feel more secure, but people don't always ask themselves, what did you do and why?
[00:26:11] JP: Uh, Which piece of data should be encrypted and which piece should not be encrypted, uh, because you have to reason about, you know, the spread about the risk. And it's not always the best choice to encrypt everything and to have many more keys because you add complexity. So sometimes it also happened to me to advise people in doing less cryptography, but maybe smarter cryptography.
[00:26:36] JP: Because you want to reduce the amount of, uh, computation, the amount of keys to manage. Um, but it's, you already need to know what you're doing if you reduce the amount of crypto in a system, but it really pays off in the long run. Now.
[00:26:54] Didier: In fact, the most important question you seem to be saying is to decide what is really important to protect cryptographically and what isn't, and then to sort of eliminate everything that doesn't actually need protection by cryptography and make the rest of it. The rest of the engineering around it.
[00:27:09] Didier: Very simple. That's what I should understand.
[00:27:12] JP: Yeah. Yeah. That's a good, a good summary of it. Then I can give you one last example. I've seen people who had to encrypt some pieces of data. And they were using not one, but three encryption algorithms would encrypt to the first layer, a second and a third for no apparent reason. And they told me, yeah, we do it because if one is broken, then you have multiple other, other levels.
[00:27:34] JP: I was like, guys, uh, the likelihood that this be broken is orders of magnitude lower than any other components of your system being compromised. So maybe this makes you feel better, but it doesn't make your system more secure.
[00:27:50] Didier: . And I heard one, the expression with the smartest people do on their weekends is what everybody else will be doing in 10 years. So I'm going to ask you, what do you do on your free time? What do you study on the weekends when you have free time?
[00:28:01] JP: Uh, you know, I have not really a technology geek. Uh, I'm not spending my weekends anymore. You know, learning a new programming languages. I have only one or two computers. So in my free time?
[00:28:14] JP: I do non-tech stuff. Uh, I love reading. It's richer. Uh, I play classical guitar and to exercise, I do climbing bouldering.
[00:28:25] JP: So things very different from, from crypto.
[00:28:28] Didier: Okay. In fact, I think you wrote a book in English just to challenge yourself, to write a book in a language that, that wasn't yours, . What, what was the subject of the book?
[00:28:38] JP: That's the first book serious cryptography was, uh, you know, but I'm also interested in writing other types of.
[00:28:47] JP: books. Uh, maybe not a language because now I would find it more challenging to write in my own native language, French than to write in English. I write in English every day. If you're asking me to write a text in French, I'm like, oh, you know, it reminds me school.
[00:29:04] JP: I was really a terrible student in school in French.
[00:29:08] Didier: Okay, fine. Let's wrap it up with a few rapid fire questions. If you could meet somebody in history that you admire, and if you could meet him or her and spend an hour with them, what, what questions would you ask them and who is it?
[00:29:21] JP: Um, Maybe I'm reading a biography of him this day is the first Shogun of Japan, Tokogawa Leyasu who unify in Japan in the early I3th century. And he was pretty amazing at handling desperate situations while keeping a cool head. And I often have to manage, you know, crisis situations that's part of my job. I'm quite good at it?
[00:29:45] JP: But I would like to have his advice about managing, you know, terrible crisis
[00:29:49] JP: where tons of people die is complete nightmare. And you see those rise seen without getting into my emotional,
[00:29:56] Didier: A great piece of advice that somebody gave you and who gave it to you.
[00:30:00] JP: Um, I would say maybe from my co founder, Lahmine Brahimi, um, what w we had discussions with clients and partners, and, uh, I was wondering about something, um, and he asked it to the client and was like, I was so surprised that he asked this and to my surprise, the client said, yes. And then he told me you know JP if you.
[00:30:21] JP: don't ask the question, you're not going to get the answer. I was thinking of it because. If you don't ask, you know, , if you ask me, but you get the answer, you don't lie, but that's fine. At least, you know, so try things and the worst case it fails, but at least , you know,
[00:30:37] Didier: Okay, very good. Uh, favorite books are most of them, or I wouldn't even say most important book.
[00:30:42] JP: Um, then not to have three favorite books, but maybe favorite authors.. Um, so maybe I can cite a French auto from the early 20th century that.
[00:30:53] JP: had a lot of impact on me. Its Leon Blois it was a French, polemist Catholic writer. Uh, very intense, very beautiful prose from the, you know, this time in France. And also one of my favorite writer completely different, uh, is Phillip K. Dick sort of science fiction author
[00:31:12] JP: I re read it again one of his main books so I think yesterday and it's also had a big impact on me when I was a teenager in my early twenties.
[00:31:23] Didier: Okay. And finally, a favorite movies.
[00:31:27] JP: So, again, more than a movie, a director and a big fan of the movies of a Akira Kurosawa, especially Seven Samurai and a Ohana did a fantastic movie of three hours.
[00:31:40] Didier: Okay. Great. So thank you very much. If ever people want to get in contact with you or Taurus where can they contact you or follow you or.
[00:31:49] JP: What they can find me on Twitter, how my websites, Aumasson.jp, uh, where they will find my email, Twitter, uh, all the possible contacts in there. Yeah. I was still happy to talk answer, everybody's questions about crypto.
[00:32:05] Didier: Okay. Great. All right, lovely. Thank you very much.
[00:32:09] JP: Thank you Didier
[00:32:11] Didier: And a word again from the sponsors who helped make this show possible. If you are interested in any of these products, click on the link in the show notes, and you will be supporting this podcast first up the script. Are you interested in having your own podcast, but don't know how to get started. The idea of editing your own audio files intimidate you.
[00:32:30] Didier: I use the descript software to edit this podcast and I highly recommend. It's easy to use much easier than any other editing software. I know you can record directly on your PC or Mac or on another device, and then import the files. It also produces a transcript of your audio files. Best of all, they have an overdub function.
[00:32:50] Didier: That means that you can type in text and your voice generated by the program will read the text. So when you need to add in a word or a sentence to an audio file that you forgot to say during the report, You can use the overdose function to insert it afterwards. I highly recommend the pro version, which is what I use.
[00:33:09] Didier: And if you pay annually, it costs $288 a year. I really think it's worth it. Use the link in the show notes to connect to the spirit and help support this podcast. Next up block. Fi do you want to get interest on your crypto, whether in Bitcoins, stable coins, ether, or many other crypto assets, but you hear of all the hacks on the platforms and lack of trust in the protocols.
[00:33:33] Didier: You're afraid that the protocols are not sufficiently battle tested or that some nefarious actor will get the keys at the protocol CFI or centralized finances, an alternative. With the block fire and majority of the assets are held in cold storage with Gemini. They lend your assets to market makers and brokers and use by and large, the same risk management techniques as banks do to manage credit risk of their counterparties.
[00:33:57] Didier: Furthermore rates are guaranteed for 30 days, so they don't fluctuate every day. Like in. The main difference here in block five visa via bank is you do not get a guarantee by a regulator like the FDAC in the USA or the fin month with. So if you do have a situation like a run on the banks block PI will not have an explicit guarantee by the government, but with the proportion of your crypto assets, that could be.
[00:34:21] Didier: And of course, let me remind you. There are no explicit guarantees from an outside source and define either. And defy is fraught with all sorts of risks that most people don't appreciate. And also if you own crypto and want to use crypto as collateral to get a loan in Fiat, you can do that on block fires.
[00:34:38] Didier: Next up shift crypto, are you looking for a hardware wallet to store your Bitcoin or other crypto assets? Consider a bit box made by shift crypto they're based in Switzerland and have been very well audited to CEO Douglas backroom was on this podcast and you can find that episode in the same place you found this episode.
[00:34:57] Didier: The other co-founder Yohanas Shelly was a Bitcoin core developer and submitted his first line of code to Bitcoin core in 2000. 13 also, if you like cool design, this product has the coolest design of all hardware wallets. I know use the link in the show notes to get started and to help support this podcast.
[00:35:15] Didier: And finally brain trust. Are you a software engineer, UI designer, content manager, content marketing. And would like to work independently, the freelancer and you think privately held platforms like Fiverr or Upwork take much too much of a commission brain trust has replaced the middleman by code and the amount of take home pay you get on the brain trust platform is a hundred percent of what you build.
[00:35:38] Didier: Other fields of work are being added continuously to the brain trust platform as well. So check them out to see if they have a job. Yeah, on top of that on brain trust, you can make money by referring other people to the platform as well. Look at the two episodes I did with Adam Jackson and your favorite podcast player, Adam Jackson is a co-founder and CEO, and find out more about how brain trust works, click on the show notes to get started and help support this podcast.
[00:36:05] Didier: If you enjoy the episode and want to help the podcast, you can do this in several ways. You can share the link to the episode on social media, whichever social media you are most active on. Also, you can subscribe on your favorite podcast player or watch it on YouTube and click the subscribe button there.
[00:36:24] Didier: You can also contribute directly to the podcast by visiting the website, this with road to crypto.com and clicking on the link on the homepage and donating either in thoughts or on PayPal. Finally, if you want to become an early adopter of the lightning network, you can listen to this podcast , on a lightning enabled podcast player.
[00:36:44] Didier: Currently I aware of three such podcast players, the breathe app, which is also a lightning wallet, Sphinx and fountain. You will need to have some sites in lightening wallet. Thanks. And don't hesitate to give me your feedback either by email, that you'll find on the website, this with road to crypto.com or on social media, I read all the messages.