Hacker News new | past | comments | ask | show | jobs | submit login
Applied Cryptography Engineering (sockpuppet.org)
118 points by sdevlin on July 27, 2013 | hide | past | favorite | 30 comments

Normally tptacek would be right here to shill for himself, but I don't see him around, so I'll say it for him:

If you're interested in learning about the ideas in this piece via practical attacks you perform yourself, you should definitely check out his company Matasano's Crypto Challenge:


I've gone through the whole thing, and I can report that it's incredibly fun and incredibly enlightening. And you won't have to read a book to figure out that what Thomas is talking about here is legit.

Persistence is key to participation -- they've got almost 10,000 participants, and e-mails seem to fall through the cracks sometimes. (I've been trying to turn in my set 4 answers for two weeks. Hopefully some filter isn't eating my e-mails because they contain the phrase "#YOLOSWAG"...)

Apologies on this, and thanks for your patience. This is something we work on in our spare time, and we've got a bit of a backlog at the moment. I'm going to try to find time to power through most of this over the weekend.

As you say: persistence is key. We get a lot of emails. If you feel like you've slipped through the cracks, don't hesitate to ping us again!

Ah, OK, I don't feel so bad now. I didn't realize so many people had joined this. Kudos to the organizers for taking on such a huge task, and sticking with it.

Current standings, in case you're intested: level 0 (8490), level 1 (675), level 2 (193), level 3 (67), level 4 (64), level 5 (42), level 6 (62)

(Each is people currently at that level).

We're still donating for every person who actually finishes.

Level 7 should be out ~nextweekish.

If I've turned in a problem set but haven't gotten a response, at which level am I counted? b^)

Sorry, I can't resist being a dick. Ignore me until I'm up to two weeks like the guy above...

You're not being a dick! Mail me directly if you've submitted responses and it's been a few days; totally possible we lost you somewhere.

Yes, I've heard about the Matasano's Crypto Challenge, but want to recommend Coursera's Crypto courses too: https://www.coursera.org/course/crypto

I've been thinking of taking it. Is it a rigorous crypto course at college level?

Not really that rigorous, there are some MIT courses available on cryptography engineering you can find on the web.tv MIT internal video server I've taken that are really good, covers common mistakes, why you should never do in-browser nonsense Java crypto, side channels ect. They are all recent lectures.

There's also the implementation book on the Keccak NIST3 project website, same with their book on side channels and countermeasures.

There's also this: http://achs.cs.ucsb.edu/schedule.html which is a workshop in August on applied crypto and hardware which looks pretty amazing. University prof Patrick Schaumont always lists all upcoming applied crypto workshops https://twitter.com/pschaumont and he also has a lot of publications out: http://www.ece.vt.edu/schaum/pubs.html

It is a good course.

However, you will learn a whole other approach of how to break all things crypto from the Matasano course.

While I agree that elliptic curve cryptography is the near-future (not necessarily because of new attacks, but mostly cost-effectiveness), I have trouble seeing how you'd explain the possible pitfalls and attacks to laypeople, without taking an unreasonable amount of pages.

It's one thing to explain the Weierstrass equation, the chord and tangent rule, and how group structure comes from that. But the details get really hairy really quick: anomalous curves, MOV/FR attacks, Weil descent, etc. I'm not saying it's impossible, but it's certainly very very hard to reasonably pull this off.

Another note about elliptic curves is that the safest choices are often not doable by developers because of external pressures. For example, ideally you'd want to use a curve (like Curve25519) that has complete addition formulas, so that you could avoid checks for explicit doubling or points-at-infinity, like you do with Weierstrass curves. Montgomery and Edwards curves allow this, but you can't use them if you need to support standard NIST curves, since they are not reasonably convertible to Edwards form (you can do it, actually, but the arithmetic is now in F_{p^3} instead of F_p).

So, what do I have to do to get your help with an 8th set of crypto challenges with an ECC focus? :)

(We have some basic problems, but you seem to know this stuff better than I do.)

Nothing, I'm always happy to yap about things. Do I email you or something?

That'd work great! My email is in my profile. Thanks!

Applied Cryptography taught me several new modes of thinking about software design (which is not directly related to crypto at all) and provided a good overview of things that someone probably solved or failed to solve with cryptography. Plus, it has a decent historic overview of some algorithms failing. What else could you ask for?

I mean, yeah, it's an optimistic book. It talks about possibilities. How can someone to treat is as a developer reference is beyond me.

>> If you’re reading this, you’re probably a red-blooded American programmer ....

Err right. I'm black, Nigerian and have an interest + background in crypto...what's up with that man! :)

Anyway great coverage.

Eh, you have to let that stuff slide imo: the Internet presumes you are American. It used to annoy me, but since a large amount of the English-speaking internet is American I've learnt to ignore it. It's only really frustrating when you go down the rabbit hole of some product pitch only to find it doesn't apply to the particular chunk of dirt-above-water you happen to sleep on.

I don't think tptacek actually presumes everyone is American, he is simply using a figure of speech which is local to America.

As an American, my impression is that the phrase "good red-blooded American" derives from the Cold War, or possibly earlier. For example, during the anti-communist movement of the 1950's, the term would be used judgmentally to distinguish from those who might be "pinko commies". C.f. "better dead than red".

Since the communist threat has obviously subsided, today I would interpret Ptacek's use of the term "like any red-blooded American" as both calling to mind a shared experience which many of us have had (growing up in America, reading Schneier's Applied Cryptography), as well as reminding us of the risk of failing to think beyond it.

Your blood is still red, though, right?

last time i checked...anyway my gentle way of suggesting to the author to reword that line...aside that looks great.

I'm trying to write a book version of my talk, Crypto 101. The "tour guide versus handbook" problem is one I definitely have a hard time staying on the good side of :)

Like the talk, the book will keep the structure of taking primitive X_i, showing why we don't just use a system based entirely on X_i, and instead also need X_{i+1}, and how eventually \sum X_i (perhaps excluding a couple) leads to complete cryptosystems, for some value of \sum (obviously, you can't just throw stuff together and expect it to work).

This blog post was great motivation for me. I will keep the aforementioned structure, but now I'm extra motivated to also add actual exercises instead of just showing it's broken :)

Thank you.

PS: I understand you're really busy, but there are few people I'd rather have as a reviewer.

> If you’re reading this, you’re probably a red-blooded American programmer with a simmering interest in cryptography. And my guess is your interest came from Bruce Schneier’s Applied Cryptography.

Yep. I read it at... age 16? It was old by the time I got to it, since I'm relatively young, but I still loved it. It didn't give me a spark for crypto, I had the spark when I ordered the book, but it did a very good job of nurturing and kindling it.

> The biggest problem with Applied Cryptography isn’t the technical content, but the tone. It can’t decide whether to be a tour guide or a handbook.

That's a good summary. Personally, I've always thought of it as a hands-on encyclopedia.

> If you’re reading this, you’re probably a red-blooded American programmer with a simmering interest in cryptography.

Well yes my blood is red, I'm a programmer and I have an interest in cryptography. What makes you think everyone's American?

He did not say that the thought everyone was american. He said that if you're reading it, you're probably an American. This assertion is well-supported by the server logs of many similar websites.

And what book should be the replacement?

If you're not actually going to read anything, you can probably use any book to equal effect. I recommend Vollman's You Bright And Risen Angels.

I've recently started reading Applied Cryptography. Should I give it up in favour of some other alternative? For example "You Bright And Risen Angels" does not look like the one.

I think tptacek's point is that the answer to your question is spelled out very clearly on the page. ;-)

From the page:

> You should own Ferguson and Schneier’s follow-up, Cryptography Engineering (C.E.). Written partly in penance, the new book deftly handles material the older book stumbles over. C.E. wants to teach you the right way to work with cryptography without wasting time on GOST and El Gamal.

Plus a whole section at the end which starts with "If this stuff is interesting to you, here’s some additional reading:"

Thank you, I've missed this part and additional reading is all over my head

Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact