
Everything you need to know about cryptography in 1 hour, by Colin Percival - ibejoeb
http://www.mefeedia.com/watch/31231135
======
tptacek
From very early on in the talk:

"Reality: Most applications only need a small set of well-understood standard
idioms which are easy to get right."

Turns out that sentence was within a "n't" of being totally true! :)

~~~
mayank
Just curious -- is there anything in particular that stood out? Other than the
inherent troubles with implementing crypto, was there anything theoretically
questionable with any of the talk's content?

~~~
tptacek
You mean, besides recommending CTR but not telling his audience about nonce
collisions and counter wraps?

I can find things to disagree with on many of these slides (avoiding NSA suite
B crypto in favor of RSA-2048, using RSA-2048 directly, avoiding AE cipher
modes in favor of hand-hacking your own encrypt-then-HMAC scheme). But Colin
is the professional cryptographer here; all I have to go on is the crypto
flaws we find in other people's real-world systems, and the simple steps I see
people could have taken to avoid having them even without knowing about them.

~~~
cperciva
_You mean, besides recommending CTR but not telling his audience about nonce
collisions and counter wraps?_

Didn't I say "and make sure your nonces are unique"? I remember taking it out
of a slide because it wouldn't fit but I was pretty sure that I still _said_
it.

As for counter wraps, that really is a non-issue. Nobody here is ever going to
send over 2^68 bytes of data in a single session.

~~~
krainboltgreene

        Nobody here is ever going to send over 2^68 bytes of data
        in a single session.
    

I think that's a flawed assumption. I don't think you shouldn assume that
there will ever be a certain limit on the amount of data sent in a single
session. People are paid (mountains worth) just to work toward breaking that
assumption in the fastest time possible.

Anytime someone is paid money to break barriers I avoid betting against them.

~~~
cperciva
If you send 2^68 bytes over a next-next-next-generation ethernet at 1 Tbps,
you'll still run into the Y2038 bug before you finish.

Also, if you're sending more than 2^68 bytes of data, CBC is insecure too.

~~~
ZoFreX
> Also, if you're sending more than 2^68 bytes of data, CBC is insecure too.

Can you explain why?

~~~
cperciva
Birthday collisions.

------
samstokes
I get that there's a point to be made here to other people considering
implementing their own crypto. But how is posting this anything other than
kicking a man when he's down?

~~~
alnayyir
Hackerne.ws has a real panache for comedic timing.

~~~
whatusername
The canonical URL is actually news.ycombinator.com

// Just thought you might like to know.

~~~
alnayyir
I know what the canonical name is, but that's not a name, it's a url.

This community is a 'thing' in and of itself and merits a name independent of
a rather sterile subdomain.

~~~
whatusername
Sure. But the canonical name is Hacker News, HN for short. (Or Innocuous News
when PG is feeling cheeky). And the canonical URL is news.ycombinator.com

I pointed it out because some people don't realise that is the URL.

But you piqued my curiosity. - <http://hackerne.ws> is regered to Yiannis
Volos, (who seems to own about 100,000 domains ---
<http://whois.domaintools.com/hackerne.ws> ) <http://ycombinator.com> is
registered to Paul Graham (who seems to own about 46 domains
<http://whois.domaintools.com/ycombinator.com> )

~~~
chrisbolt
whois.domaintools.com isn't following the WHOIS delegation for .ws, so it is
the GoDaddy email address (dns@jomax.net) that appears to own 100,000 domains.

~~~
whatusername
aha. That makes a bit more sense. I was thinking 100K URL's was high even for
a domainer.

------
nc17
Thanks for posting this. Here are the slides for those interested:

[http://www.bsdcan.org/2010/schedule/attachments/135_crypto1h...](http://www.bsdcan.org/2010/schedule/attachments/135_crypto1hr.pdf)

------
16s
I think I saw the slides to this once. I don't have time to watch the video
right now, but if it's the same presentation, he had a point about hashing a
file and then uploading the file and the hash to the same web server for
download.

I forget the exact words, but the point read something like, "Don't think
you've accomplished anything worthwhile if you place the hash and the file on
the same web server." I agree with that, but am guilty of doing it all the
time (as are others).

Does anyone have a link to the raw slides (PDF)? I downloaded them once, but
lost them.

------
cpach
Here's the original video page at blip.tv, with download link available:
<http://blip.tv/file/3627639>

------
vibragiel
This quote is my favourite part of the conference:

"The purpose of cryptography is to force the US government to torture you."

~~~
cperciva
That's my favourite line too -- I'm glad I'm not the only person who liked it.
:-)

------
drblast
This is a good presentation. Unfortunately I'm not able to listen to it but
the slides are informative.

Colin, at about 26 minutes in your "DO" code is comparing the computed MAC
with itself. I don't think that's what you want.

------
calloc
The video is not playing here. Was it removed?

Nevermind, noticed that it is going to Blip.tv, here it is on Blip.tv if the
linked site doesn't work:

<http://blip.tv/file/3627639/>

------
pollockmania
Thanks for this, Colin. I've never heard him speak, and I respect the guy, but
does anyone think comic book guy?

~~~
rewind
You "respect the guy", then throw out "comic book guy"? You think you're being
funny. I'm guessing you're in the minority.

