Crypto 101 – Introductory course on cryptography

Logged in to post pretty much exactly this.

Since the author is reading this: thanks. Read the first few lines and am already hooked. I have been looking for a long time, but most texts on crypto are either way below my level of understanding or miles above. You're a godsend!

I'm not sure if it still applies, but there is a saying:

"There are maybe 5 people in the world that may call themselves cryptographers"

> I'm streets ahead of the average Joe

Has anyone seen "streets ahead" being used by anyone else besides Pierce Hawtorn and the OP? I mean, is it widely used now? (I'm not native speaker, obviously)

Same here, however I think it is better for us to talk about what we do know more, so that it increases the discussion and thus awareness and knowledge sharing (as well as getting corrected when wrong).

So we went out on a limb and made these 1 minute layman video explainers on cryptography: http://gun.js.org/explainers/data/security.html , I hope they are useful. Anything incorrect?

Hi! I'm the author. Also a big fan of Cryptopals; I was one of the reviewers for Set 8, and working with some of the authors. It's interesting to hear that point of view; because I thought C101 took the same approach as Cryptopals in the sense that it focused on teaching crypto by breaking it. When I say "learn by doing", I'm referring to stuff like walking through a bit-flipping attack just like cryptopals does. I recommend (and have organized/will be organizing) study groups where we work through cryptopals using Crypto 101; and I think that's a great idea. I was originally going to add exercises for C101, but honestly, Cryptopals was already that, and there wasn't much point in reinventing the wheel. I guess I should probably link to them?

I've always thought it would be neat to have something like the Netflix "Chaos Monkey", but rather than sitting around on your machines taking them down at random, it sits on your network (or as part of the offering of the PaaS you've deployed to) trying to break into your stack using Metasploit et al, and then will immediately shut down/isolate every piece of software it manages to gain access to.

If you deployed vulnerable code, you'd see your stack fall over ~10mins later, along with an accompanying notice from the Penetrator Monkey that you've got work to do.

There should be. In industry, we call those things CTFs, and there are both attacker and defender CTFs. My experience has been that they are extremely effective learning tools.

Not exactly what you describe but related: people build intentionally-vulnerable applications for the sake of teaching security by example.

In the sub-domain of web security, django.nV is such a "purposefully vulnerable Django application" that comes as companion to a websec tutorial: https://github.com/nVisium/django.nV

No disclaimer, I have no affiliation with the project, I just enjoy their work.

This is slightly tangential since you specified a conspirator on the inside, but how easy is it to break a homegrown encryption algorithm if you don't have the source code? I assume there are tools (what are they?) that will break a simple caesar cipher if you have more than a sentence or so of plain text to work with. But if you strung together 2-3 broken algorithms and your attacker doesn't know which ones, is it still trivial to decrypt?

There are penetration testing classes, but doubt that they are bundled together with classical CS, thought never know what some uni or courses may add. And there are project like those for practicing, few pointers:

- https://sourceforge.net/projects/metasploitable/

- https://github.com/ethicalhack3r/DVWA

- https://www.vulnhub.com/

If you go this direction you will find much more applications prepared for Capture The Flag competitions. Some people are even posting walk-throughs how to hack and fix them. It is very interesting & hard.

Aikido in particular seems to be very subtle, both in my experience and the opinion of an aikido black belt I've asked about it. If you restrict yourself to aikido techniques and your attacker has no such reservations, you have to be extremely good. I think it would be a mistake to give up on self-defense in general because of that. In any case, you have to go into it knowing it's not a guarantee, it just increases your odds.

The act of reversing a technique is called "kaeshiwaza". Kaeshiwaza is possible only if there there is an opening (weakness) in the waza.

That is all there is to it.

Some examples here https://www.youtube.com/watch?v=C_SB0TqvUb8

What would be the purpose of such a class? If the point is to show that rolling your own security is bad, it seems like having an inside man would just help leave people convinced that they could have succeeded if only it weren't for that other guy.

Hi! I'm the author of Crypto 101.

Firstly, I'm a real, honest-to-God cryptographer. I don't know if there are any particular people you had in mind whose recommendations you'd like to see, but there are a few HN bigwigs who'd probably be willing to generally endorse it :-) Also, it's been posted on HN a few times before, so it's had some scrutiny. That doesn't mean I don't make mistakes, but generally speaking, an active reader should be OK.

The other thing is in the way the book is structured. I teach you to break crypto; so when I say something is broken, I prove it by showing you how to break it.

Finally, the goal of this book is absolutely not to help you implement DHE. In an ideal world, the primitives we offer people are hard to misuse. Crypto 101 then only exists to satisfy programmer curiosity. It is not a replacement for a traditional academic education that will help you design new primitives; it also doesn't show you how to write secure implementations. However, Crypto 101 is still useful beyond merely satisfying curiosity now, because most cryptographic libraries _do not_ provide that easy-to-use API. Using regular hashes for password storage, various forms of broken AES-CBC (unauthenticated, key=IV, static IV...), et cetera are very real problems for real code, and Crypto 101 teaches you how to avoid that minefield.

I'm also working on the "better, more accessible" crypto part, but I only have so much free time :)

> I really have no way of verifying if I'm learning the correct DHE, and I know that it's easy to get wrong. Perhaps I can do some testing in code, but I may test it incorrectly too, and those small errors can be exploited.

Well this is step 0 in cryptography engineering: You don't implement primitives. Use reviewed components providing primitives and implement your protocol on top of that. Step -1 is to not design your protocol, but use a reviewed protocol and implement that. Finally, step -2 is to not implement a protocol, but rather use a reviewed implementation of a fitting protocol.

This isn't sarcasm and I don't mean to attack you.

Well, one benefit of wide exposure (like here on HN) is that if it was wrong, somebody would be bound to come along and point it out.

FWIW, I consider myself pretty well-versed on cryptography and although I haven't gone over this book with a fine-toothed comb (yet!), it looks very, very accurate to me.

There is some level of trust when you read books like this (or really any technical book); for that reason I'd probably pass on it for something by an authority in the field (or their recommendations).

You learn about DHE reading this. You implement DHE following specs and standards.

And as context, Professor Dan Boneh teaches the main introductory crypto class at Stanford (CS255) - it's a great intro for someone with some good CS fundamentals. The course syllabus is here:

http://crypto.stanford.edu/~dabo/cs255/syllabus.html

(Disclosure, I took the class a few years ago)

For normal application work, you should use NaCL (or it's repackaged version, libsodium) to the exclusion of all else.

You can also mail Sean Devlin to get Set 8 of the Crypto Challenges, which cover ECC. Finding the right place to mail I'll leave as an exercise for the reader.

Agreed. The one time I actually want to sign up to a mailing list, and there's no way of doing it.

Paragraph "Development" (page 14 in the current version) answers your question:

"The entire Crypto 101 project is publicly developed on GitHub under the crypto101 organization, including this book: https://github.com/crypto101/book "

[...]

"The copy of this book that you are reading right now is based on the git commit with hash 3f89ec3 , also known as 0.4.0-22-g3f89ec3"

Then, looking at the commits, yes the book changed a lot since 2014: https://github.com/crypto101/book/commits/master

Hi! I'm the author.

I should stop calling it a pre-release. There's no useful "done" marker. It includes most of the material I wanted to talk about, and has for a while. You should update the PDF though; as the other commenter mentioned, it does get updated :)