
Ask HN: Interesting topics for an intro InfoSec / cryptography lecture? - filleokus
I&#x27;m going to hold a half hour presentation about information security and cryptography for a mostly non-programmer audience in a couple of weeks. They are however all master students in engineering, just not in CS. The purpose of the presentation is mostly to provide some insight in how stuff actually works, but still in a comprehensible and hopefully interesting and even fun fashion.<p>I remember when I first learnt about Diffie–Hellman key exchange and RSA, and how cool I thought it was. So I&#x27;m thinking about going trough an example using color mixing as the secure one way function (something like this video https:&#x2F;&#x2F;www.youtube.com&#x2F;watch?v=YEBfamv-_do).<p>Other topics I&#x27;m thinking of including is how the CA-system works, in contrast to a web of trust. Maybe also proof-of-work based blockchains or Samir&#x27;s Secret Sharing algorithm.<p>Do you know of something cool I could share?
======
diafygi
Yes, that video is one of my favorites.

I'd recommend thinking of teaching encryption like teaching knots.

You start out by listing the most basic knots[1] and what they are used for.

Then, you can dive into teaching how to tie a specific knot.

Then, you can dive into how and why a specific knot works and has the features
it does.

In a half hour, you will only be able to go through the list of encryption
fundamental tools (digests, symmetric encryption and signatures, asymmetric
encryption signatures, and shared secret key derivations). But learning just
the names and purposes of those basic tools will be damn interesting to
engineers.

Also, encryption is like knots in that you should never try to invent your
own. If you invent your own, it will probably fall apart at the most critical
moment. Use a standard knot. Use a standard, boring, established knot.

[1] - [https://gizmodo.com/how-to-tie-the-only-five-knots-youll-
eve...](https://gizmodo.com/how-to-tie-the-only-five-knots-youll-ever-
need-1696628878)

------
alltakendamned
While 30 minutes is not a lot by any means, I hope you will take the
opportunity to get across a few simple points to them:

1\. Patch your systems

2\. Use a non-trivial, _long_ password. 13+ characters at least. They cannot
be easily cracked. Use a password manager and do not reuse passwords.

3\. Look out for phishing emails. Just previewing a message without clicking
already gives us the password hash

4\. Chrome is more secure than IE, iOS is more secure than Android

5\. An overview of "smart" crypto choices, MD5 is simply not good enough to
save passwords with

6\. Assume breach and set up decent monitoring alerts

Following these is already going to give security people, and by extension
attackers, a harder time getting into networks and systems.

Yes, this is an extremely simplified view and without even the slightest
nuance. But better this in 2 minutes at the end of a 30 minute talk than
nothing.

------
wazanator
Bring a wifi pineapple and explain how insecure wifi really can be.

~~~
elyrly
fear mongering

------
chatmasta
Setup a MITM proxy for an iPhone and show them how much private data is going
over the wire.

