Null Hypothesis is a blog about Cyber Security and Data Science, broadly considered, with an emphasis on Networking and Software. This includes algorithms, programming, crypto (in its proper sense), and open source, as well as their application to the detection of threats, vulnerabilities, and attacks.

About the Author

David McGrew is a Fellow at Cisco Systems, where he leads research and development to detect threats, vulnerabilities, and attacks using network data, and to protect data through applied cryptography. He pioneered the commercial use of encrypted traffic analysis to defend networked information systems, designed authenticated encryption and secure voice and video standards that are in widespread use, most notably GCM and Secure RTP.

David has created and contributed to open source projects, published research results, championed open, patent/royalty-free cryptography, and co-founded the IRTF Crypto Forum Research Group. Prior to joining Cisco, he was a cryptographic scientist at Trusted Information Systems. He holds a PhD in Physics from Michigan State University and lives in Maryland, the capitol of cybersecurity. Outside of work, he enjoys Linux, boating, sports cars, jazz records, and guitar.

This blog does not represent his employer or any other organization.

Open Source

Selected Research

See also Google Scholar (recent stats: citations: 8690, h-index: 39, i10-index: 89).

  • B. Anderson, D. McGrew, TLS beyond the browser: combining end host and network data to understand application behavior, ACM Internet Measurement Conference (IMC), 2019.
  • B. Anderson, A. Chi, S. Dunlop, D. McGrew, Limitless HTTP in an HTTPS World: Inferring the Semantics of the HTTPS Protocol without Decryption, ACM Conference on Data and Application Security and Privacy (CODASPY), 2019.
  • D. McGrew, B. Anderson, Enhanced telemetry for encrypted threat analytics, Procedings of the 24th International Conference on Network Protocols (ICNP), 2016.
  • B. Anderson, D. McGrew, Identifying Encrypted Malware Traffic with Contextual Flow Data, Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, 2016.
  • B. Anderson, S. Paul, D. McGrew, Deciphering Malware’s use of TLS (without Decryption),
    arXiv preprint, arXiv:1607.01639, 2016.
  • B. Anderson, D. McGrew, S. Paul, Discovering Human and Machine Readable Descriptions of Malware Families, Workshops at the Thirtieth AAAI Conference on Artificial Intelligence, 2015.
  • D. McGrew, Impossible plaintext cryptanalysis and probable-plaintext collision attacks on 64-bit
  • block cipher modes, accepted to FSE 2012, IACR eprint archive 2012.
  • D. McGrew, S. Fluhrer, The security of the extended codebook (XCB) mode of operation, International Workshop on Selected Areas in Cryptography, 2007.
  • D. McGrew, J. Viega, The security and performance of the Galois/Counter Mode (GCM) of operation, International Conference on Cryptology in India (INDOCRYPT), 2004.
  • S. Fluhrer, D. McGrew, Statistical analysis of the alleged RC4 keystream generator, International Workshop on Fast Software Encryption (FSE)}, 2000.
  • D. McGrew, S. Fluhrer, Attacks on additive encryption of redundant plaintext and implications on internet security, International Workshop on Selected Areas in Cryptography, 2000.


  • IETF RFCs: 8870, 8784, 8554, 8784, 7714, 7251, 7321, 6655, 6188, 6090, 6054, 5764, 5422, 5288, 5282, 5116, 4851, 4543, 4106, and 3711. See the IETF authorstats page (recent stats: IETF h-index: 9, 419 total citations).
  • NIST Contributions: SP800-38D, ACVP.
  • IEEE:1619, 802.1AE, 802.1AR.


97 issued with the U.S. Patent Office


I maintain a presence on LinkedIn.

Copyright © 2022 David McGrew.