
Applied Cryptography Engineering - sdevlin
http://sockpuppet.org/blog/2013/07/22/applied-practical-cryptography/
======
aston
Normally tptacek would be right here to shill for himself, but I don't see him
around, so I'll say it for him:

If you're interested in learning about the ideas in this piece via practical
attacks you perform yourself, you should definitely check out his company
Matasano's Crypto Challenge:

[http://www.matasano.com/articles/crypto-
challenges/](http://www.matasano.com/articles/crypto-challenges/)

I've gone through the whole thing, and I can report that it's incredibly fun
and incredibly enlightening. And you won't have to read a book to figure out
that what Thomas is talking about here is legit.

~~~
rwg
Persistence is key to participation -- they've got almost 10,000 participants,
and e-mails seem to fall through the cracks sometimes. (I've been trying to
turn in my set 4 answers for two weeks. Hopefully some filter isn't eating my
e-mails because they contain the phrase "#YOLOSWAG"...)

~~~
jessaustin
Ah, OK, I don't feel so bad now. I didn't realize so many people had joined
this. Kudos to the organizers for taking on such a huge task, and sticking
with it.

~~~
tptacek
Current standings, in case you're intested: level 0 (8490), level 1 (675),
level 2 (193), level 3 (67), level 4 (64), level 5 (42), level 6 (62)

(Each is people _currently at that level_ ).

We're still donating for every person who actually finishes.

Level 7 should be out ~nextweekish.

~~~
jessaustin
If I've turned in a problem set but haven't gotten a response, at which level
am I counted? b^)

Sorry, I can't resist being a dick. Ignore me until I'm up to two weeks like
the guy above...

~~~
tptacek
You're not being a dick! Mail me directly if you've submitted responses and
it's been a few days; totally possible we lost you somewhere.

------
pbsd
While I agree that elliptic curve cryptography is the near-future (not
necessarily because of new attacks, but mostly cost-effectiveness), I have
trouble seeing how you'd explain the possible pitfalls and attacks to
laypeople, without taking an unreasonable amount of pages.

It's one thing to explain the Weierstrass equation, the chord and tangent
rule, and how group structure comes from that. But the details get really
hairy really quick: anomalous curves, MOV/FR attacks, Weil descent, etc. I'm
not saying it's impossible, but it's certainly very very hard to reasonably
pull this off.

Another note about elliptic curves is that the safest choices are often not
doable by developers because of external pressures. For example, ideally you'd
want to use a curve (like Curve25519) that has complete addition formulas, so
that you could avoid checks for explicit doubling or points-at-infinity, like
you do with Weierstrass curves. Montgomery and Edwards curves allow this, but
you can't use them if you need to support standard NIST curves, since they are
not reasonably convertible to Edwards form (you can do it, actually, but the
arithmetic is now in F_{p^3} instead of F_p).

~~~
tptacek
So, what do I have to do to get your help with an 8th set of crypto challenges
with an ECC focus? :)

(We have some basic problems, but you seem to know this stuff better than I
do.)

~~~
pbsd
Nothing, I'm always happy to yap about things. Do I email you or something?

~~~
tptacek
That'd work great! My email is in my profile. Thanks!

------
gambler
Applied Cryptography taught me several new modes of thinking about software
design (which is not directly related to crypto at all) and provided a good
overview of things that someone probably solved or failed to solve with
cryptography. Plus, it has a decent historic overview of some algorithms
failing. What else could you ask for?

I mean, yeah, it's an optimistic book. It talks about possibilities. How can
someone to treat is as a developer reference is beyond me.

------
RasJones
>> If you’re reading this, you’re probably a red-blooded American programmer
....

Err right. I'm black, Nigerian and have an interest + background in
crypto...what's up with that man! :)

Anyway great coverage.

~~~
SCdF
Eh, you have to let that stuff slide imo: the Internet presumes you are
American. It used to annoy me, but since a large amount of the English-
speaking internet _is_ American I've learnt to ignore it. It's only really
frustrating when you go down the rabbit hole of some product pitch only to
find it doesn't apply to the particular chunk of dirt-above-water you happen
to sleep on.

~~~
marshray
I don't think tptacek actually presumes everyone is American, he is simply
using a figure of speech which is local to America.

As an American, my impression is that the phrase "good red-blooded American"
derives from the Cold War, or possibly earlier. For example, during the anti-
communist movement of the 1950's, the term would be used judgmentally to
distinguish from those who might be "pinko commies". C.f. "better dead than
red".

Since the communist threat has obviously subsided, today I would interpret
Ptacek's use of the term "like any red-blooded American" as both calling to
mind a shared experience which many of us have had (growing up in America,
reading Schneier's Applied Cryptography), as well as reminding us of the risk
of failing to think _beyond_ it.

------
lvh
I'm trying to write a book version of my talk, Crypto 101. The "tour guide
versus handbook" problem is one I definitely have a hard time staying on the
good side of :)

Like the talk, the book will keep the structure of taking primitive X_i,
showing why we don't just use a system based entirely on X_i, and instead also
need X_{i+1}, and how eventually \sum X_i (perhaps excluding a couple) leads
to complete cryptosystems, for some value of \sum (obviously, you can't just
throw stuff together and expect it to work).

This blog post was great motivation for me. I will keep the aforementioned
structure, but now I'm extra motivated to also add actual exercises instead of
just showing it's broken :)

Thank you.

PS: I understand you're really busy, but there are few people I'd rather have
as a reviewer.

------
B-Con
> If you’re reading this, you’re probably a red-blooded American programmer
> with a simmering interest in cryptography. And my guess is your interest
> came from Bruce Schneier’s Applied Cryptography.

Yep. I read it at... age 16? It was old by the time I got to it, since I'm
relatively young, but I still loved it. It didn't give me a spark for crypto,
I had the spark when I ordered the book, but it did a very good job of
nurturing and kindling it.

> The biggest problem with Applied Cryptography isn’t the technical content,
> but the tone. It can’t decide whether to be a tour guide or a handbook.

That's a good summary. Personally, I've always thought of it as a hands-on
encyclopedia.

------
lucb1e
> If you’re reading this, you’re probably a red-blooded American programmer
> with a simmering interest in cryptography.

Well yes my blood is red, I'm a programmer and I have an interest in
cryptography. What makes you think everyone's American?

~~~
chad_oliver
He did not say that the thought everyone was american. He said that _if_
you're reading it, you're _probably_ an American. This assertion is well-
supported by the server logs of many similar websites.

------
gtt
And what book should be the replacement?

~~~
tptacek
If you're not actually going to read anything, you can probably use any book
to equal effect. I recommend Vollman's _You Bright And Risen Angels_.

~~~
gtt
I've recently started reading Applied Cryptography. Should I give it up in
favour of some other alternative? For example "You Bright And Risen Angels"
does not look like the one.

~~~
nbpoole
I think tptacek's point is that the answer to your question is spelled out
very clearly on the page. ;-)

From the page:

> _You should own Ferguson and Schneier’s follow-up, Cryptography Engineering
> (C.E.). Written partly in penance, the new book deftly handles material the
> older book stumbles over. C.E. wants to teach you the right way to work with
> cryptography without wasting time on GOST and El Gamal._

Plus a whole section at the end which starts with "If this stuff is
interesting to you, here’s some additional reading:"

~~~
gtt
Thank you, I've missed this part and additional reading is all over my head

