
Crypto 101 - tptacek
https://www.crypto101.io/
======
lvh
This is a preview release of Crypto 101, an introductory course on
cryptography. It's a follow-up to a talk I gave last year at PyCon.

To paraphrase David Reid, abstinence-only crypto education isn't working. We
need easily accessible crypto education for developers. This book, and, once
they're done, the included exercises, hopes to help.

I will happily answer all your questions here, by e-mail (see profile) or on
twitter (@lvh).

In case the website breaks down, here's the direct download URL:
[https://9d0df72831e4b345bb93-4b37fd03e6af34f2323bb971f72f0c0...](https://9d0df72831e4b345bb93-4b37fd03e6af34f2323bb971f72f0c0d.ssl.cf5.rackcdn.com/Crypto101March2014.pdf)

here's a magnet link:
magnet:?xt=urn:btih:e4af18f490672c6f7982a03f427e099014013774&dn=Crypto
101March2014.pdf&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A8
0%2Fannounce&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3
A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Ftracker.istole.it%3A 80

~~~
wiredfool
Do you want patches/prs for copy editing? I've noticed 2 or 3 of them.

~~~
lvh
Absolutely! All the stuff is on Github, website and book (and source code for
the exercises which I'm still hacking on):
[https://www.github.com/crypto101](https://www.github.com/crypto101)

Thanks in advance for your contributions!

------
TrainedMonkey
Both coursera and udacity have amazing courses on crypto.

Udacity:
[https://www.udacity.com/course/cs387](https://www.udacity.com/course/cs387)

Coursera crypto I:
[https://www.coursera.org/course/crypto](https://www.coursera.org/course/crypto)

Coursera crypto II:
[https://www.coursera.org/course/crypto2](https://www.coursera.org/course/crypto2)

I took coursera crypto I myself. It was a lot of work, but I learned a ton.

~~~
agwa
Good luck trying to take Coursera's Crypto II: I've been signed up since
August 2012, and every 3-6 months it has been delayed another 3-6 months. At
this point I'm no longer expecting it to be offered.

Crypto I is not vaporware and is excellent.

~~~
dethstar
Makes you wonder why aren't online classes kept, at least a year or something,
in case the information is out of date (for technology)?

~~~
TrainedMonkey
Udacity has a model in which every class is self paced and they have not
deleted a single one since uploading them.

~~~
JosephBrown
This is my favorite feature that Udacity has and the others don't.

------
nullc
Here. I'll start you on better class on cryptography than any video, pdf, or
slide deck you're going to find.

Go to this repository, grab the code, and figure out how you can attack it:
[https://github.com/jackjack-jj/jeeq](https://github.com/jackjack-jj/jeeq) (of
course, along the way go learn whatever you need to). There are several
interesting weaknesses in this code, and yet it's not just a toy: it was
briefly deployed in a widely used application.

(If you google for it, you might find some of my analysis on it, which would
potentially spoil the learning experience, so I suggest you don't. Though if
you finish with this one I can dig up some other weak cryptosystems.)

------
skrowl
Anyone else only get:

<html><head><title>Processing Failed</title></head><body><b>Processing
Failed</b></body></html>

~~~
Mithrandir
Website: [https://archive.is/fG4Fb](https://archive.is/fG4Fb)

Book:
[https://9d0df72831e4b345bb93-4b37fd03e6af34f2323bb971f72f0c0...](https://9d0df72831e4b345bb93-4b37fd03e6af34f2323bb971f72f0c0d.ssl.cf5.rackcdn.com/Crypto101March2014.pdf)

------
ctlaltdefeat
Who is the author? I can't find anything about him except for his real name
and a self-description of "hacker". I'm confused why he thinks it's reasonable
to create something so authoritative sounding as "crypto 101" without
bothering to explain his credentials to do so.

------
devindotcom
This looks helpful for people who are already very code-literate. But it seems
like "101" should start with the absolute basics, stuff like classical
cyphers, the history of cryptography, and definitions of basic terms. I
realize that's not what the HN crowd really needs, but it would be a good
place for hundreds of millions who are interested in learning what it really
means for something to be secure, encrypted, hashed, etc. Anyone have a
favorite resource to this end?

~~~
tptacek
I'm interested in what you think the value of studying classic ciphers is.

~~~
sillysaurus3
FWIW, I got way more value out of the Matasano challenges than studying
classic ciphers.

Do you think it'd be a not-terrible idea for newcomers to focus entirely on
studying this? [http://www.daemonology.net/blog/2009-06-11-cryptographic-
rig...](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-
answers.html)

~~~
sdevlin
That is a pretty good list of recommendations, but I have a couple criticisms.

The recommendations are mostly low-level. None of them are wrong, but they put
undue burden on developers to get details right. For example, the AES-CTR
recommendation doesn't talk about nonce management, but this is critical to
the security of the construction. Application developers should always use the
highest-level cryptographic constructions they can get away with. As such,
many of these bullet points could be replaced with a recommendation to use PGP
or NaCl.

Also, the list skimps on random number recommendations. It talks a bit about
how big numbers should be, but it doesn't discuss sources. This is really
important as RNG is a weak point in many systems. Short answer: use
/dev/urandom.

------
richm44
Just looking at the table of contents is a bit worrying. :-(

Why are block cipher modes like CBC and CTR, and issues like padding listed in
the stream cipher section? Those aren't relevant to stream ciphers (though you
can regard counter mode as turning a block cipher into a stream cipher).

Putting pbkdf2, scrypt bcrypt under key derivation functions but omitting them
from the password storage section while technically accurate isn't really
helping anyone.

Reading the text in enough detail to see if this is any good would take longer
than I've spent, but the organisation of the material at least definitely
needs some work.

~~~
lvh
Hi! Thanks for your comments. I feel that a more detailed reading would most
likely address your concerns.

The book explicitly addresses why modes of operation (and their related bits,
like padding) are in the stream cipher section. I've flip-flopped between
putting them in one or the other a few times now, but I'm increasingly
convinced that doing it this way (and having the book explicitly say that I'm
doing it this way) makes the storyline, similar to the one I tried to keep in
the talk, work better.

The password storage section talks about a lot of broken password stores, as a
subsection of the chapter on hash functions. It explicitly refers to the key
derivation function section at the end. This pattern comes back through the
entire book: "we want to do X, and it may look like we can do X already with
the tools P and Q we have already, but you actually still need R and S; here's
why".

~~~
richm44
Fair enough. I'll read it properly and then comment. :-)

------
tbirdz
It's really refreshing to have a site just give you the material without
making you make an account, or sign up via email first.

------
nyddle
One can also learn crypto by doing with Matasano Crypto Challenges:

[http://www.matasano.com/articles/crypto-
challenges/](http://www.matasano.com/articles/crypto-challenges/)

~~~
tehbrut
Twice sent an email and did not receive any response

------
lvh
I'm very sorry for the availability issues. All of my usual tricks for
increasing the fd limit didn't work; then I realized this is because of two
things:

1\. I'm running inside a docker container 2\. I'm using ubuntu instead of
debian, and upstart conveniently ignores all the usual fd limits places like
/etc/security/limits.conf.

TL;DR, be careful when experimenting with new fancy technology you don't
understand.

I hope it's resolved now ;-)

~~~
albertoleal
Host it on something like GitHub?

------
aaxx1503
This seems like a great base. I'd love if there was a step-by-step guide to
creating a cryptocurrency though. I'm trying to learn about it (without
intending to release another onto the crap filled market) and there's not many
guides. It seems like a well kept secret for now. Simply cloning one is giving
me enough trouble, I can't generate the merkel root and move on from there. No
documentation.

------
capisce
In Chrome pressing the "Get the pre-release now" button immediately opens the
pdf in the same tab, which means it's not possible to subscribe for updates. I
had to use Firefox instead for it to work as intended.

------
mschuster91
The "call to action" button "get the prerelease now" redirs me to
[https://www.crypto101.io/testfile](https://www.crypto101.io/testfile) ...
obviously b0rken.

~~~
lvh
I have no idea why; the Docker container just started randomly serving a
really old version (several hours ago) for no apparent reason, and then
started serving the right thing. I seriously have no clue what happened.

I am very sorry. Have a direct PDF link:
[https://9d0df72831e4b345bb93-4b37fd03e6af34f2323bb971f72f0c0...](https://9d0df72831e4b345bb93-4b37fd03e6af34f2323bb971f72f0c0d.ssl.cf5.rackcdn.com/Crypto101March2014.pdf)

~~~
mschuster91
...this is why one uses servers setup by hand on real, dedicated machines
instead of five-level-virtualized piles of dung heap. Not unless the dung heap
has refined over the course of a couple years.</rant>

Thanks for the link, it'll be a night lecture for me for some weeks, I can
tell :)

------
Mindless2112
> While there are also modes of operation (like OFB and CFB) that can produce
> self-synchronizing stream ciphers, these are far less common, and not
> discussed here.

Aw. :( Aren't there any noteworthy attacks against these modes?

~~~
pbsd
While CFB can be considered a self-synchronizing stream cipher, OFB is a
typical synchronous stream cipher. Being stream ciphers, these modes suffer
from the usual bit-flipping attacks and nonce-reuse problems, same as CTR.

One problem specific to these feedback modes (and also to sponge functions) is
the possibility of falling into a short cycle. A random permutation is
expected to have log n cycles, with one big cycle taking around half of the
values and a few shorter ones. Falling into a short cycle would imply quickly
repeating the stream, which is catastrophic. The good news is that for a good
block cipher the probability of this happening is overwhelmingly small, i.e.,
1/2^(n-1) for block size n.

------
ams6110
First time I hit the page, I got a https connection error,
ssl_error_no_cypher_overlap

Tried it again and it's fine.

~~~
timv
Likewise (running Firefox)

------
mnx
So, is the kindle edition in the making, or not available anymore, or what is
going on with it?

------
phazmatis
Any crypto guide that doesn't include practical attacks against DES is a
waste.

~~~
zxexz
Then contribute to the guide.

------
EGreg
I already took Crypto 101. Where are the next ones? :)

------
swah
tptacek, are you involved with this?

------
angelbar
STOP !

~~~
angelbar
hahaha.... bad link sorry

------
grifpete
Webpage not available - nice touch!

~~~
lvh
I am very sorry. Have a direct PDF link:
[https://9d0df72831e4b345bb93-4b37fd03e6af34f2323bb971f72f0c0...](https://9d0df72831e4b345bb93-4b37fd03e6af34f2323bb971f72f0c0d.ssl.cf5.rackcdn.com/Crypto101March2014.pdf)

------
lhgaghl
> .io

not sure if legit

