Quite seriously, this is exactly what the tech world needs - personally, I know that in terms of understanding of crypto I'm streets ahead of the average Joe, but orders of magnitude behind people who actually know the field. I'm certain I'm far from alone in that set, but the way the world's going means that we with the generalised technical know-how have a moral impetus to bring the rest of the world up to speed with the whys and wherefores.
Since the author is reading this: thanks. Read the first few lines and am already hooked. I have been looking for a long time, but most texts on crypto are either way below my level of understanding or miles above. You're a godsend!
"There are maybe 5 people in the world that may call themselves cryptographers"
Has anyone seen "streets ahead" being used by anyone else besides Pierce Hawtorn and the OP? I mean, is it widely used now? (I'm not native speaker, obviously)
So we went out on a limb and made these 1 minute layman video explainers on cryptography: http://gun.js.org/explainers/data/security.html , I hope they are useful. Anything incorrect?
Although this book claims a "Learn by doing" approach, I didn't find any specific assignments or data samples to facilitate that.
> The exercises accompanying this book focus on teaching cryptography by breaking inferior systems.I wonder if there shouldn't be a software engineering class where people try to set up a secure web app, with their own homegrown algorithms and protocols, which is then attacked by a tiger team which includes a conspirator on the inside? Perhaps there are such classes now.
If you deployed vulnerable code, you'd see your stack fall over ~10mins later, along with an accompanying notice from the Penetrator Monkey that you've got work to do.
Something similar happens with code coverage. It's pretty easy to write tests that provide 100% code coverage yet still miss basic bugs. 100% code coverage gives you little more guarantee than "this code doesn't crash for naive inputs" unless the tests providing the coverage were well written - code coverage gives you no introspection to how good the tests might actually be.
In short, I agree that this would be a cool + useful tool. But it should come with a disclaimer that it's not a substitute for more thorough testing + verification.
As far as they go, maybe; but I worry that people don't appreciate the limitations. Making sure that someone can't code up an exploit against your system in half an hour is absolutely essential, but it's not the only thing that matters -- a serious cryptographer is also going to be concerned about "two years of coding and ten million dollars of computing power" attacks, which can be safely disregarded in CTFs.
In the sub-domain of web security, django.nV is such a "purposefully vulnerable Django application" that comes as companion to a websec tutorial: https://github.com/nVisium/django.nV
No disclaimer, I have no affiliation with the project, I just enjoy their work.
To have really capable people work on breaking your crypto for free, you have to be an insider. You become an insider by breaking other people's crypto. You can publish a break in an insider's crypto even if you are unknown. After you publish a few such papers, you become an insider and can publish your own crypto other people will spend their time trying to break.
People can learn the state of the art and develop an alternative to the common (NIST) choices which are no worse, but also no better. Some of those are blessed as "national pride ciphers" (GOST, Camellia, SEED, etc.).
Making a secure encryption algorithm requires a lot of presence of mind, and a lot of industry knowledge. If your threat model is incomplete, you lose. If you forgot one tiny thing at one tiny point in the algorithm, you lose.
If you don't have people checking your work, how do you know? If someone is determined to break your encryption, they are capable of spending a lot more time analyzing it than you spent building it. And they only need to find one mistake.
It's definitely better to use the tools that experts have spent lots of time, lots of breadth of knowledge, and lots of depth of knowledge inspecting.
A better question to ask is, how easy is it to break the protocols and the software using the protocols? We have secure ciphers. Those aren't where the problems in computer and network security lie.
Is there a general way to attack naive ciphers?
I fall of at even a proper Vigenère cipher, although I guess I could hack together a terribly inefficient python script to test all options and then print them line by line and start visually scanning for patterns :-/
- https://sourceforge.net/projects/metasploitable/
- https://github.com/ethicalhack3r/DVWA
If you go this direction you will find much more applications prepared for Capture The Flag competitions. Some people are even posting walk-throughs how to hack and fix them. It is very interesting & hard.
Which aids in the analogy.
If you restrict yourself to aikido techniques and your attacker has no such reservations, you have to be extremely good.
Good for the analogy.
I think it would be a mistake to give up on self-defense in general because of that. In any case, you have to go into it knowing it's not a guarantee, it just increases your odds.
Good points for the analogy.
That is all there is to it.
Some examples here https://www.youtube.com/watch?v=C_SB0TqvUb8
E.g. even if RSA is (currenly) safe, as well as its primitives and common configuration... rolling your own implementation will probably be subject to timing attacks.
Firstly, I'm a real, honest-to-God cryptographer. I don't know if there are any particular people you had in mind whose recommendations you'd like to see, but there are a few HN bigwigs who'd probably be willing to generally endorse it :-) Also, it's been posted on HN a few times before, so it's had some scrutiny. That doesn't mean I don't make mistakes, but generally speaking, an active reader should be OK.
The other thing is in the way the book is structured. I teach you to break crypto; so when I say something is broken, I prove it by showing you how to break it.
Finally, the goal of this book is absolutely not to help you implement DHE. In an ideal world, the primitives we offer people are hard to misuse. Crypto 101 then only exists to satisfy programmer curiosity. It is not a replacement for a traditional academic education that will help you design new primitives; it also doesn't show you how to write secure implementations. However, Crypto 101 is still useful beyond merely satisfying curiosity now, because most cryptographic libraries _do not_ provide that easy-to-use API. Using regular hashes for password storage, various forms of broken AES-CBC (unauthenticated, key=IV, static IV...), et cetera are very real problems for real code, and Crypto 101 teaches you how to avoid that minefield.
I'm also working on the "better, more accessible" crypto part, but I only have so much free time :)
My g/f is getting interested in this sort of thing and she'll find this thrilling.
Well this is step 0 in cryptography engineering: You don't implement primitives. Use reviewed components providing primitives and implement your protocol on top of that. Step -1 is to not design your protocol, but use a reviewed protocol and implement that. Finally, step -2 is to not implement a protocol, but rather use a reviewed implementation of a fitting protocol.
This isn't sarcasm and I don't mean to attack you.
FWIW, I consider myself pretty well-versed on cryptography and although I haven't gone over this book with a fine-toothed comb (yet!), it looks very, very accurate to me.
I wouldn't expect that subtle implementation errors or even protocol flaws would get noticed on any news site, or even by contributors / co-developers or whatever.
http://crypto.stanford.edu/~dabo/cs255/syllabus.html
(Disclosure, I took the class a few years ago)
For those reading:
How do you convince people that it's worth using best practices?
Is there a good heuristic to measure the value of something, when deciding how much time and money to spend on securing it?
What are good library/SaaS solutions to help build secure applications with less chance of shooting yourself in the foot, better UX and lower cost? (Keybase, etc.)
Although the video is marked 2015, the overlay at the start shows it's from PyCon 2013.
If anyone is interested in ECC, ars has a pretty good introduction [0].
[0] : http://arstechnica.com/security/2013/10/a-relatively-easy-to...
I should really remove that pre-release stuff. There's no useful point for "done", and it already includes most of the stuff I wanted to talk about.
Thanks!
I'm fine either way, just curious if this has changed drastically from what I had looked at previously.
"The entire Crypto 101 project is publicly developed on GitHub under the crypto101 organization, including this book: https://github.com/crypto101/book "
[...]
"The copy of this book that you are reading right now is based on the git commit with hash 3f89ec3 , also known as 0.4.0-22-g3f89ec3"
Then, looking at the commits, yes the book changed a lot since 2014: https://github.com/crypto101/book/commits/master
I should stop calling it a pre-release. There's no useful "done" marker. It includes most of the material I wanted to talk about, and has for a while. You should update the PDF though; as the other commenter mentioned, it does get updated :)
Well, maybe when there are no more "TODOs" ;)
Its free to read online but its also very reasonably priced. Its written by an engineer over at Cloudflare.
It's really encouraging to see this increased democratization of crypto not necessarily in the engineering of it per se but rather the awareness and understanding of it.
In the explanation of prop #1, he makes it clear that he is talking about the "avalanche effect," so it might be better to say that explicitly in the definition.
Disclaimer: I'm not a crypto person, so it's better if the author comments on this as well.
I think the book is great, by the way, especially the writing style and the choice of what to focus on. Thanks, lvh, for doing this.
Thanks for this, seems pretty useful.
There seems to be more attention to listing all the beasts in the cryptographic zoo than to the few fundamental tools required to really understand the mechanics (e.g. birthday paradox, PRFs, some prime number theory).
Sure, I can't spot anything fundamentally wrong and it all reads pretty smoothly, but calling this a "course" is highly misleading. If the intention is to guide people in selecting good crypto primitives, then maybe "guide" is a more honest word?
For those interested, I would strongly recommend to bite the bullet and dedicate time to Boneh's course on Coursera.
[0] I don't have any either [1] Ditto
I could say "IND-CCA2" with a formal description, but in my experience that makes people's eyes glaze over. It's a lot easier to show them a bunch of reasonably-looking-yet-fatally-broken unauthenticated encryption to drive the point home. My target audience is curious programmers, not new academic cryptographers. If that's your criticism, that's absolutely valid. If you want to be the person to design SHA-4; this book isn't for you.
It's true that I take a different approach than Dan Boneh does. That's not a criticism: Boneh's course is great, it's just different. I think showing people how to break stuff is a useful educational tool. If your threat model is random web apps that have the letters "AES" or "MD5" in their code, I think it's a more effective one than a rigorous mathematical approach that will quickly dissuade the curious programmer.
I was under the impression he was formally educated in cryptography.
This ebook has been cited by many computer security university courses.
https://www.edx.org/course/quantum-cryptography-caltechx-del...
Quantum Cryptography by Thomas Vidick (Caltech) and Stephanie Wehner (Delft University)
* In order to do QC you need an authenticated channel first. QC proponents hardly mention that or try to obscure it, but it basically means you can't have QC unless you already have some other secure cryptography.
* QC has severe practical limits. It needs a point to point connection capable of sending physical particles. That means: No Wifi, no mobile Internet and no connections over large distances. Given that these people recently started talking about a "Quantum Internet" makes this simply ridiculous.