
An Intensive Introduction to Cryptography - angry_octet
https://www.intensecrypto.org/public/
======
pkcsecurity
Another great crypto resource (though it's really an intro course) that's out
there is the Cryptography course on Coursera:
[https://www.coursera.org/learn/crypto](https://www.coursera.org/learn/crypto).
It's taught by Dan Boneh who, in addition to being a genius, also happens to
be incredibly talented at explaining crypto concepts in a way that leads to
deep understanding. It's a great treat watching him write out and explain
different proofs from memory.

After taking these two crypto courses, I signed up for CS155
[https://crypto.stanford.edu/cs155/](https://crypto.stanford.edu/cs155/),
which is his undergrad class on security at Stanford (they were offering it
through their professional center, I don't think they still offer it, which is
a bummer)

------
faitswulff
On the other side of the spectrum, The Manga Guide to Cryptography came out
recently, if that's more your style:
[https://nostarch.com/mangacrypto](https://nostarch.com/mangacrypto)

~~~
opencl
The Manga Guide series has been surprisingly good in general. Not the most in
depth stuff but generally quality intro texts.

Unfortunately from the preview the typesetting of the English translation in
the new crypto book looks awful. Hopefully the actual content is still of good
quality.

~~~
krackers
Unfortunately there are missing exponents on some of the calculations.

------
Ar-Curunir
This is a class for folks trying to understand the theory behind modern
cryptography rigorously; it focuses on the theoretical foundations of crypto
like one way functions and PRGs and builds up from them.

This course will not teach you how to implement crypto, but the material here
is incredibly important to understanding the abstractions and reasoning behind
modern cryptographic constructions, and is a prerequisite to becoming good at
implementation aspects of crypto.

------
distrorepoman
a word of warning. off the page textbook crypto _examples_ are not a good
crypto scheme you have to think like a bank robber to start securing your
bank. if you think like a banker then you will try to cut costs and corners to
make revenue.

addendum > _Anyone, from the most clueless amateur to the best cryptographer,
can create an algorithm that he himself can 't break. It's not even hard. What
is hard is creating an algorithm that no one else can break, even after years
of analysis. And the only way to prove that is to subject the algorithm to
years of analysis by the best cryptographers around._

good crypto cant be broken by knowing the algo thats why closed proprietary
crypto is POS

addendum 2 )

this makes the case for open source so there are multiple perspectives rather
than _ECHO CHAMBERS_ bcz when it comes down to it you can talk yourself into
thinking anything is great when it is your own pet theory.

BTW im working around the posting too fast BS so thats why the addendums to
parent post.

================================= ALSO off topic but, concerning:

Detecting Screen Content via Remote Acoustic Side Channels

{[https://www.cs.tau.ac.il/~tromer/synesthesia/](https://www.cs.tau.ac.il/~tromer/synesthesia/)}

every time a pixel changes it makes a UHF+ EMF _chirp_ every time a bus
channel makes a bit state transition it makes a UHF+ _chirp_ if you evesdrop
the EMF radiation preserve it and analyse your data then you can reconstruct
_EVERYTHING_ that the hardware is doing not just the display screen.

~~~
ChrisSD
Although be wary of how far even that can take you. As Bruce Schneier has
said[0]:

> Anyone, from the most clueless amateur to the best cryptographer, can create
> an algorithm that he himself can't break. It's not even hard. What is hard
> is creating an algorithm that no one else can break, even after years of
> analysis. And the only way to prove that is to subject the algorithm to
> years of analysis by the best cryptographers around.

> If I have any contribution to this, it's to generalize it to security
> systems and not just to cryptographic algorithms. Because anyone can design
> a security system that he cannot break, evaluating the security credentials
> of the designer is an essential aspect of evaluating the system's security.

[0]
[https://www.schneier.com/blog/archives/2011/04/schneiers_law...](https://www.schneier.com/blog/archives/2011/04/schneiers_law.html)

------
j7ake
What is a typical path for those who want to follow this as a career? Is it
mostly PhDs in academia? Or governments? Or industries? How do they fall as a
distribution?

~~~
eismcc
I worked on the Windows crypto team for a few years. Learned a ton about this
area. Most of the work, however, is plumbing. Only a tiny fraction of crypto
work is actually on algorithms and that’s mostly performance related.

~~~
tom-c
The interesting thing about Crypto performance tuning is that you really have
to ensure that no logical path does a different amount/kind of work than
another(i.e. no short circuiting). I used to not think much of it until I saw
an RSA private key recovered via acoustic analysis of capacitor whine due to a
short circuit condition in a function to multiply two large numbers.(this was
using a recent release of openssl) To my knowledge no other area of
programming really has this pitfall

~~~
exikyut
If this "I saw" has any further public details, I'd absolutely love to learn
more, and I'm pretty sure others would as well.

In particular, I'm especially interested in electrical or real-world attacks -
such as capacitor whine! - that can be applied a weakened security situations
like asymmetric logic/branching. I vaguely recall CPU voltage fuzzing is a
thing, I want to go learn more about that at some point.

I'm only familiar with eg ultrasonic accoustic airgap attacks (like MOSQUITO,
eg
[https://securityaffairs.co/wordpress/70192/hacking/mosquito-...](https://securityaffairs.co/wordpress/70192/hacking/mosquito-
attack-airgapped-networks.html)).

~~~
JoachimSchipper
For the specific case of acoustic signals, see
[https://www.tau.ac.il/~tromer/acoustic/](https://www.tau.ac.il/~tromer/acoustic/).
For "CPU voltage fuzzing", Google "glitch attack" (e.g.
[https://wiki.newae.com/Tutorial_A2_Introduction_to_Glitch_At...](https://wiki.newae.com/Tutorial_A2_Introduction_to_Glitch_Attacks_\(including_Glitch_Explorer\))
) or, more generally, "fault attacks".

The relevant academic community can be found around
[https://ches.iacr.org/2018/program.shtml](https://ches.iacr.org/2018/program.shtml).

(I work for a company building high-assurance crypto appliances for the Dutch
government, so I have a professional interest.)

------
skipthemeat
For those looking to get working knowledge of modern cryptography, I recommend
[https://www.amazon.com/Serious-Cryptography-Practical-
Introd...](https://www.amazon.com/Serious-Cryptography-Practical-Introduction-
Encryption/dp/1593278268)

I've been working my way through it and it's the most lucid intro text I've
read on the subject.

------
max_
Was this created with Idyll ?

[https://idyll-lang.org](https://idyll-lang.org)

~~~
101101001010
My guess would be that it was created in Bookdown with the Tufte handout
style[0]

[0] [https://bookdown.org/yihui/rmarkdown/tufte-
handouts.html](https://bookdown.org/yihui/rmarkdown/tufte-handouts.html)

~~~
dfc
It looks like the author used pandoc with Tufte handout

* css: [https://github.com/edwardtufte/et-book/](https://github.com/edwardtufte/et-book/)

* latex: tufte-handout style from CTAN

