HN Academy

Try https://www.cryptopals.com/ or https://www.coursera.org/learn/crypto.

There's a lot to know, but you can build up to it!

One thing you'll learn about are oracle attacks, in which a bad protocol or implementation can leak secret data to the attacker bit-by-bit (sometimes literally bit-by-bit) in various ways. There are lots of those and they're sadly easy to create and a lot of progress in cryptographic engineering has been about finding ways to make sure oracle attacks can't occur in various real-world deployments.

I have loved https://www.coursera.org/learn/crypto? Some of the material has been very useful when I have done stripe CTF n°2.

It is recommended often because Learning How To Learn is a very fundamental part of your skill set which, sadly, many people either lack or do sub-optimal. Precisely because of that it can contain "obvious" device; because you are already (partly) familiar with it. I find it rather arrogant to say its useless for everyone. Its a fairly quick course, where you can spend more time on aspects if you desire.

This topic about the top Coursera courses or which ones you recommend comes up regularly here on HN.

On top of the mentioned Learning How To Learn I can recommend the following:

Terrorism and Counterterrorism: Comparing Theory and Practice by Edwin Bakker [1]

Securing Digital Democracy by J. Alex Halderman [2]

Cryptography I by Dan Boneh [3]. I didn't finish this one, but its very good...

[1] https://www.coursera.org/learn/terrorism

[2] https://www.coursera.org/learn/digital-democracy

[3] https://www.coursera.org/learn/crypto

⬐ Fnoord

s/device/advice

⬐ tra3

That first one is not something I’d expect to find in on an IT site. Thanks for posting I’d like to check it out.

I can think of many - I have taken several starting since 2013. The tricky thing is that Coursera classes seem to get merged, re-mashed or otherwise re-branded. And as such only one currently is listed in my "Completed" courses section of my profile.

Having said that and with the caveat that these probably changed since I taken them, I recommend the following:

- Cryptography - https://www.coursera.org/learn/crypto - great introduction to the fundamentals and math behind cryptography. A lot of theory but also some practical exercises. This is my top recommended.

- Machine Learning - https://www.coursera.org/learn/machine-learning - a good introduction to the basic of machine learning; focuses on octave/matlab and does not dive into frameworks like scikitlearn or tensorflow

- Introduction to Interactive Programming with Python - https://www.coursera.org/learn/interactive-python-1 - I took a course from Rice University on Python programming through making games that was fun. As far as I can tell, this is the modern incarnation in two parts.

- Software Security - https://www.coursera.org/learn/software-security - goes into stack / overflow exploits, tools for testing, and web-based attacks

- Functional Programming Principles in Scala - https://www.coursera.org/specializations/scala - this was a good introduction to scala and functional programming - it got me thinking in a different way

- C++ for C Programmers - https://www.coursera.org/learn/c-plus-plus-a - I think this was the first coursera class I took. This course dove into the C++ STL and a lot of modern features introduced in C++11.

⬐ mlinksva

> as such only one currently is listed in my "Completed" courses section of my profile.

That's surprising to me: wouldn't Coursera want learners to be reassured that whatever signalling benefit there is to completing a course will remain forever?

I took a few courses in 2013 just to see what MOOCs are really like and completed two (Programming Languages, as taken by many here, and Introduction to Mathematical Thinking, which IIRC was mostly about logic) which indeed are not listed under "completed" in my profile. I found them at https://www.coursera.org/accomplishments though.

⬐ veganjay

> I found them at https://www.coursera.org/accomplishments though.

Thanks for pointing that out! I have 11 courses in the accomplishments and just one in "completed" courses.

Cryptography 1, time well spent. ~3000 reviews at 4.8 stars

https://www.coursera.org/learn/crypto

⬐ verroq

Just don’t hold your breath for Cryptography 2

⬐ iou

That perennial reddit thread on this is priceless, it should be an official meme now!

Also pretend or real J.P Aumasson handle?

⬐ latenightcoding

I was hoping it would finally be available this year. Now I think it's never going to happen.

⬐ Thorentis

The course is apparently being released when the accompanying book is complete. The book is free, and you can see the current version here: https://cryptobook.us/

⬐ iou

It's super dense though, even with a math background I struggled to make headway.

⬐ adkadskhj

I invest a lot of time in data storage and synchronization tools (i'm a fan of immutable stores), but i know very little about crypto.

I'd like to know enough to be able to confidently use existing tools to encrypt data at rest, transit, pub/priv key, etc.

Would this course give me such a foundation to achieve this?

⬐ patrec

I'd say yes, provided you complement the better mental model this course will give you with a reputable cookbook list of how to do X in practice (maybe start at https://latacora.micro.blog/2018/04/03/cryptographic-right-a...), and everything you'd like to do falls into some well-established pattern.

But then you probably shouldn't trust my opinion, because I'm not a domain expert (although I have been involved in security design together with people who are domain experts), and whatever understanding I had is probably somewhat rusty by now .

⬐ GekkePrutser

+1 for this... Really good. Did it years ago and it was all very clear to me.

However as I don't use this in daily life I pretty much lost all the knowledge again :)

⬐ stockkid

Same. Having finished the course years ago, I remember most vividly the following: never implement your own crypto. Not many details survived the time but it was intellectually rewarding.

To anyone with a strong math background and not particularly interested in the history: maybe try Stanford’s Intro to Cryptography by Dan Boneh? I took it way back when I was an undergrad there studying math and physics, and IIRC it got into the math very quickly (not that I didn’t enjoy the historical context personally). It’s been available as a highly-rated MOOC for a while: https://www.coursera.org/learn/crypto

Dan Boneh's Cryptography I course: https://www.coursera.org/learn/crypto

I started learning about crypto from this one and found it well taught and detailed - he really goes into more rigorous proofs and attack models etc. When I did it (some 4-5 years ago) the assignments were also really challenging and fun, proper programming assignments.

⬐ chris_j

I second this. Probably the best online course I've ever done. Very challenging but very rewarding. I'm looking forward to hopefully doing Cryptography II... One day.

Check out Dan Boneh and Victor Shoup's work-in-progress textbook here: http://toc.cryptobook.us/

This one is pretty great - https://www.coursera.org/learn/crypto

Unfortunately, they never released the 2nd part on Coursera - so you'll still have to research for a lot of concepts after this course. But nonetheless, this 1st part provides a solid foundation.

⬐ trungdq88

Thank you, I'll definitely check this out.

I have no idea. I'm self taught, and I tend to limit myself to implementation techniques. My tutorials on the subjects are mostly implementation focused:

http://loup-vaillant.fr/tutorials/fast-scalarmult

http://loup-vaillant.fr/tutorials/cofactor

http://loup-vaillant.fr/tutorials/128-bits-of-security (This one is more about choosing your primitive than implementing it.)

If you want to get started in cryptography in general, I can recommend 2 sources: Dan Boneh's course, and crypto101 by lvh:

https://www.coursera.org/learn/crypto

https://www.crypto101.io/

Cryptography I by Dan Boneh: https://www.coursera.org/learn/crypto

It's a great introduction to fundamental concepts. After you finish, I'd recommend reading this book he co-authored, which goes into more detail and covers more advanced concepts: https://toc.cryptobook.us/book.pdf

Cryptography 1 by Stanford on Coursera is really good too : https://www.coursera.org/learn/crypto

Another great crypto resource (though it's really an intro course) that's out there is the Cryptography course on Coursera: https://www.coursera.org/learn/crypto. It's taught by Dan Boneh who, in addition to being a genius, also happens to be incredibly talented at explaining crypto concepts in a way that leads to deep understanding. It's a great treat watching him write out and explain different proofs from memory.

After taking these two crypto courses, I signed up for CS155 https://crypto.stanford.edu/cs155/, which is his undergrad class on security at Stanford (they were offering it through their professional center, I don't think they still offer it, which is a bummer)

Not a cryptocurrency course per se, but Dan Boneh's course on Cryptography[1] is an excellent introduction to most of the building blocks of cryptosystems, including the technology underlying most cryptocurrencies.

In terms of level, it is more than a little technical (programming exercises in both cryptography and cryptanalysis await you!), while still remaining far from rigorous (compared to, say, a graduate-level cryptography text).

[1]https://www.coursera.org/learn/crypto

Three Coursera MOOCs I particularly enjoyed:

* Discrete Optimization: almost entirely problem-driven, very challenging and entertaining prof; https://www.coursera.org/learn/discrete-optimization

* Crypto I: very deep, thorough and crystal clear explanations; https://www.coursera.org/learn/crypto

* Computer Networks: excellent overall course covering a wide variety of topics; https://www.coursera.org/instructor/~517478, https://www.youtube.com/playlist?list=PLfgkuLYEOvGMWvHRgFAcj...

⬐ excessi0n

Computer Networks is definitely the best MOOC I ever took. I hope they bring it back.

⬐ robertely

Computer Networks looks great it's a shame they pulled it down.

⬐ jamestimmins

Take a look at https://lagunita.stanford.edu/courses/Engineering/Networking.... Haven't taken either, but Stanford typically puts out pretty good MOOCs.

⬐ weber111

Lectures are great. Material is at a solid undergrad level (should be suitable for someone with 1-2yrs of CS background). No programming assignments, so I would go look at Phil Levis's website to find the "regular" course website and do the programming assignments from there.

⬐ davidgl

I LOVED discrete optimisation

⬐ eeZah7Ux

Prof. Dan Boneh's Cryptography I is really good.

Compared to many other MOOCs, it provides solid foundations while being easy to follow.

https://www.coursera.org/learn/crypto

The content is actually pretty terrible and not likely to help anyone understand much about TLS.

This however is a decent resource for learning the things you're asking about such as public key crypto, asymetric vs symetric, digital signatures, etc. Specifically weeks 5 and 6. The whole course is good though.

https://www.coursera.org/learn/crypto#syllabus

If you come from a computer science/math background, and want an intro to cryptography in general, I can strongly recommend the Coursera course from Stanford University by professor Dan Boneh - https://www.coursera.org/learn/crypto. To really understand the implementations of security libraries and tools, one should be at least familiar with the fundamentals and terminology of crypto. Otherwise you are blindly encrypting things without being aware of whether you are actually securing things.

The course is free and takes 6 weeks long, and is very interesting if you had never dwelled too deep into security or crypto. There's also a new cryptography class that will be available in September of 2017 - https://www.coursera.org/learn/crypto2.

⬐ qjighap

I loved the first crypto course.

I have been enrolled in the crypto2 class for several years now. I hope they finally offer the course, but I have low hopes.

⬐ kyrre

any day now :^)

⬐ hueving

TBH this doesn't really give you anything about best practices though. It's a bunch of base theory without anything about timing analysis, etc. It's nice to know information but I don't think it makes you a better 'secure' programmer.

⬐ rqebmm

This was a complaint I heard from several people I work with who took the course.

⬐ platz

To my knowledge there has never been a timing attack documented in the wild on a remote server. They are only practical in offline scenarios with host access

⬐ hueving

Depends on what you mean by timing attack.

The only vulnerability of Tor, which heavily depends on cryptography, is timing analysis.

One of the most important lessons of cryptography is that it doesn't exist in a vacuum. Timing between messages and message sizes can be enough to end you.

⬐ platz

I guess "timing analysis" means something else, more akin to correlation of meta-data. https://en.wikipedia.org/wiki/Timing_attack is pretty clear, so maybe I was referring to something else than the OP.

⬐ cvwright

Funny you should mention this in a thread about Dan Boneh's crypto class.

David Brumley and Dan Boneh, "Remote Timing Attacks Are Practical." In Proc. USENIX Security Symposium, 2003. https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

Abstract

Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.

Learning How To Learn by Barbara Oakly on Coursera https://www.coursera.org/learn/learning-how-to-learn It teaches you fundamentals of how the brain works, and how to improve your learning. It is free. Those three factors make it a great first course.

Cryptography I by Dan Boneh on Coursera https://www.coursera.org/learn/crypto I actually can't recommend it to everyone because I didn't complete it and I just wasn't intelligent enough on the material to complete it. This requires one to be good with advanced maths, and I got migraine issues from this (same as with advanced maths in my youth). However it is very well explained. The problem was me, not Dan Boneh's course.

Positive Psychology by Barbara Fredrickson https://www.coursera.org/learn/positive-psychology My significant other completed this course (I have not tried it yet), and highly recommends it. Its on my list.

Securing Democracy by J. Alex Halderman https://www.coursera.org/learn/digital-democracy I thought I was interested in this subject, and I was to some extend, but I was not enough interested to follow the course to the end. However the course as far as I took it was excellent.

Terrorism and Counterterrorism: Comparing Theory and Practice by Edwin Bakker https://www.coursera.org/learn/terrorism I didn't complete this course either but it was interesting and good nonetheless.

There are just a few of the courses I can recommend, and it doesn't contain the one I'm currently one because I haven't completed it yet (will likely include it once completed). There's also courses I cannot recommend (it also depends on the audience). I will resort to the positive angle though wink.

One thing I got from the courses is that it is OK to not complete a course. You can regard it as time waste which is fair enough. My goal is not to get a certificate though. That's merely a byproduct. My goal is to learn (which is a process), to satisfy my taste for knowledge. However Coursera changed its terms of usage last years and ever since I used the platform less.

If you are interested in more than an article, this course is very good.

https://www.coursera.org/learn/crypto

Sorry to spoil it, but the conclusion will basically be the same as the article, as in "just don't".

⬐ StavrosK

Yes, but arriving at the conclusion is very fun. Although, don't hold your breath for Cryptography II. I've been waiting for it for years.

The OP should take https://www.coursera.org/learn/crypto

⬐ boriselec

This question was in one of quizzes. Expected answer: compress first.

I'm currently working through Cryptography 1 on Coursera and struggling with some of the maths involved, so hopefully this will help.

https://www.coursera.org/learn/crypto

Dan Boneh's "Introduction to Cryptography".

(Part 1) https://www.coursera.org/course/crypto (Part 2) https://www.coursera.org/course/crypto2

⬐ Kurtz79

I did part 1 and liked it a lot.

I also liked Udacity crypto course, less formal but with great "hands on" exercises:

https://www.udacity.com/course/applied-cryptography--cs387

⬐ kbart

I came here to say the same. A really, really good course, a must to everyone who's interested in cryptography.

⬐ zzmxleo

Yeah, the course is really cool.

⬐ calvins

+1 for Dan's crypto1. I don't think crypto2 has been taught yet via coursera, as I've been waiting to take it and have seen it pushed back several times, and I've seen others say they'd been watching it get delayed for years. It does seem that Dan has been recording videos for part 2 in 2015 though (according to one of his students), so there's reason for hope that it might happen in 2016.

⬐ nindalf

I think we'll know in a couple of weeks if its going to start on Jan 11th or not. If its not ready yet, it'll be pushed back by a month or two by mid December. That's how the previous postponements were done.

⬐ uulbiy

I finished Cryptography I in March 2012 and wanted to take Cryptography II ever since. Every time the announced time is close it gets pushed back by 4 months.

I've completed a bunch of Coursera courses. Quality really varies. Even within the 9 course Data Science specialization [1] track some courses were rather poor while the rest were very good. I'm currently taking the #5 rated course [2]. It is excellent. But I'm only taking it because the Statisical Inference course in the Data Science specialization was so weak.

I would also recommend the Cryptography 1 course by Dan Boneh on Coursera [3]. Excellent if you are at all interested in the subject.

I always download the lecture videos, slides, quizzes, labs and exams because, as mentioned, many of the courses don't allow access once the class is completed.

You definitely have to have plenty of self discipline to complete MOOCs. And I don't have any delusions about a Coursera certificate being useful in landing a job; that's not what I'm after. I'm building the skills I want to apply to my own projects.

[1] https://www.coursera.org/specializations/jhudatascience [2] https://www.coursera.org/course/statistics [3] https://www.coursera.org/course/crypto

⬐ sawwit

https://www.coursetalk.com has quite good reviews, especially on the more popular courses.

That Coursera link should be https://www.coursera.org/course/crypto

The first course happens regularly, while "part 2" has been "2 months away" for at least a year now.

⬐ jessaustin

I signed up for that years ago, after enjoying crypto 1. Has 2 ever taken place?

⬐ sigjuice

No.

That's good advice, and I've given it myself, but that doesn't mean you shouldn't read and play around with cryptography if it interests you.

I implemented a simplified version of the referenced Vaudenay attack as part of Dan Boneh's Cryptography I course on courseara+. The course was very interesting, and also fun. I'm not ready to go out and implement my own cryptography, but knowing a bit about the subject makes me a more intelligent consumer of crypto libraries.

While warning people away from implementing their own cryptography we have to make sure we don't scare people off from the subject altogether. After all, absolute top experts have to start somewhere.

+ https://www.coursera.org/course/crypto

⬐ classicsnoot

Thank you for the link and the review. I start my CS degree in the Fall; i hope i can start and finish this before then.

⬐ pmalynin

For the love of all that is sacred, take advanced math and linear algebra.

⬐ rcthompson

I heartily agree with this sentiment. I have a friend who's a few years older than I am. He majored in CS, and told me in retrospect that he wished he had majored in mathematics instead. I took his advice, and, instead of doing CS major + a few math classes, I did math major + a few CS clases. I am now very glad that I did so. (For context, my friend and I are both data analysts now.)

⬐ pmalynin

My comment comes from experience of being in progress of doing an Honors CS - Honors Math double major. After having completed Honors Calculus I/ II, Honors Linear Algebra Imy /II circuits in my first year I felt about 2-3 years ahead in my knowledge of mathematics and associated rigor -- this was especially evident when I was taking combined CS/EE courses and seeing student struggle with concepts that I thought were basic (infinimums, supremums, etc.) but apparently are not covered over the course of 2 years in the regular streams.

⬐ classicsnoot

Thank you for the admonition. I am double majoring in CS and Philosophy for a specific reason; i want to manage devs and IT wizzards. I want to function as an informed go between for the sweat stainless white collars and the yellowed white collars that do the work. I love the theoretical space of design and networking, but i have very low expectations of my actual capabilities at the nuts and bolts. I am a [failed] writer and indy movie producer, but i want to be 'part of your world'. I have been trying to self educate, but it is not simple with no mentor. I see uni as a chance to be around people who are smarter than me as well as make time to write the novels and short stories that make me happy. So i am going to start in CS and Philosophy, audit engineering courses and IR courses, then switch majors to whatever seems appropriate. I am a bit older than your typical freshperson, and i am building a trajectory for post-grad, but really i am button mashing like it's StreetFighter. ANy advice is appreciated; i will look into the Maths Degrees.

Coursera/Stanford have a crypto course going on right now. It's already well under way but you can watch all the videos and (I believe) still do the quizzes and just pass on the certificate. https://www.coursera.org/course/crypto

Rule of crypto #1 - never implement your own crypto.

If you want to know what they are talking about, here are two free courses that go over all of that stuff and more. I particularly liked error oracle decryption exercise from coursera crypto class:

https://www.coursera.org/course/crypto

https://www.udacity.com/course/cs387

⬐ moron4hire

Someone, somewhere had to implement their own crypto, or there wouldn't be any crypto.

⬐ PhasmaFelis

Someone had to invent the wheel, too, but that doesn't make it a good idea to design and build your own car.

⬐ moron4hire

Elon Musk thought it was a good idea to design and build his own car. Should Albert Parcelle, the creator of the first wheel-hub motor, also have abstained from "reinventing the wheel" in 1890? How about J. Grabowiecki with the Omni Wheel in 1919? How about Bengt Ilon forgoing his Mecanum Wheel in 1973?

See, this is why I hate these sorts of statements. They assume it's impossible to be innovative in well-established fields. Or they assume the person they are saying it to is incapable.

It's a sort of arrogant condescension that I don't think should have any place among polite people

⬐ PhasmaFelis

When people say things like "Don't reinvent the wheel" and "Never implement your own crypto", it's generally understood that they mean "unless you have a really good reason for doing so and the budget and expertise to do it right." We don't actually say those things, because we don't want to turn casual conversations into legal documents; instead we trust in the readers' common sense.

⬐ moron4hire

But any time any of these sorts of projects come up, the posts are not "what need are you trying to fulfill?", they're just yelling, "don't reinvent the wheel!" That's what I'm talking about, this culture of "I, having spent 5 minutes skimming your README, know better than you."

⬐ tptacek

No, he didn't. Elon Musk paid a fortune to get experts to design a car for him. He did the opposite of what this thread is debating.

⬐ PhasmaFelis

Someone had to invent the wheel, too, but that doesn't make it a good idea to design and build your own car.

⬐ snowwrestler

Yes, but they did it wrong. But someone else caught the bug and fixed it. But the fix was wrong, but yet another person caught that bug and fixed it. But their fix was wrong, but it got fixed, but that was wrong... and the next, and the next... Repeat for as long as the library has been in active use and development.

That's the value of using established libraries. It's not necessarily that those library authors are so much smarter than the rest of us (although maybe a few are). It's that they already know a lot of the ways that their code was wrong.

If you write it yourself, who's going to catch your bugs? Then who's going to catch theirs?

This is not specific to crypto code, but crypto code is probably harder than most to get right, and more likely to be used on serious stuff.

⬐ moron4hire

What says any particular person will write said bugs? We have a word for automatically assuming that any particular individual holds any particular trait of the group of which they are a member without first confirming that person has that trait. It's called prejudice. And yes, you can be prejudiced towards your own in-group.

Good crypto code needs a good understanding of crypto and a good understanding of code. The person who has both is rare. Far too frequently, the situation you've described comes about because the only people writing crypto code are the people who understand crypto.

And I think the admonishment "don't write your own crypto code" is peer-pressuring people who have a good understanding of code from abstaining from gaining a good understanding of crypto.

⬐ snowwrestler

When it comes to putting bugs in software, I am prejudiced against the human race. :-)

Folks saying "don't write your own crypto" are really talking about production systems that will serve customers, employees, governments, etc. Crypto is not going to be a market differentiator; it just needs to work. So why not stand on the shoulders of many others and use a library that is already well tested and patched up?

But in terms of spending your own time to learn, I doubt many folks would say don't do that. Matasano even provides a bunch of freely available materials to do just that.

⬐ dllthomas

"those library authors are so much smarter than the rest of us"

Aside from your point (which is valid itself), it's not even necessarily "smarter". Comparably smart people more specialized at task X are likely to be better at task X.

⬐ nsfmc

you can also take matasano's own practical crypto course http://cryptopals.com. If you're taking a vacation, for example, it can be fun to do some of the exercises, write stuff on a notepad, go back to doing exercises and so forth. highly recommended and lighthearted.

⬐ StavrosK

The Coursera one is amazing. I've been waiting for the second part for years. It's a twist a minute ("so how can you break X?" "okay yeah there is NO WAY to break this at all, I'm positive" "pretty simply: do Y" "goddamnit").

⬐ d4rti

Is this the course you are looking for? https://www.coursera.org/course/crypto2

⬐ StavrosK

Yeah, it's been "starting in three months" for two years.

The next iteration of Stanford's Coursera Cryptography 1 course starts on Jan 5: https://www.coursera.org/course/crypto

Does anyone know how this compares to Coursera course [1] or [2] + [3]?

[1] https://www.coursera.org/course/cryptography

[2] https://www.coursera.org/course/crypto

[3] https://www.coursera.org/course/crypto2

⬐ transedward

https://www.udacity.com/course/cs387

Udacity also has a applied cryptography, I haven't tried. but it's good if someones has feedback.

⬐ JoachimSchipper

I have heard good things about [2] from colleagues. Also, Boneh is a capable cryptographer.

⬐ spand

[3] has never been available while this seems only temporarily unavailable.

⬐ eroo

[1] is starting next week and I was considering spending time on it. I'd really appreciate any feedback from those who have taken it!

⬐ lvh

(Author here.)

I've taken Dan's crypto class ([2]), so I think I can weigh in.

Obvious difference: not organized as a MOOC. Whether that is good or bad is up to you.

Focus difference: I think Crypto 101 is targetting applied crypto more, whereas the Coursera classes take a more classical introduction. There is nothing wrong with either approach, in my opinion. Just a difference in focus.

Try this "Crypto I" course

    https://www.coursera.org/course/crypto

⬐ simi_

Thanks, will do!

⬐ Elhana

Also Udacity has "Applied Cryptography"[1].

While coursera focuses on theory, it is a bit more practical. I'd say they complement each other nicely.

[1] https://www.udacity.com/course/cs387

"As a direct result of this "QWERTY" approach to explaining quantum mechanics - which you can see reflected in almost every popular book and article, down to the present -- the subject acquired an undeserved reputation for being hard."

The same goes for cryptography. Most cryptography courses spend at least the first hour talking about historical irrelevance like substitution ciphers etc. Crypto I [1] (Dan Boneh) follows the latter approach, i.e. starting from modern theoretical principles, defining security properties in terms of computational complexity and games.

I quite liked the Quantum Computing course [2] (Anuj Dawar) from the Cambridge CST, which also followed that approach, though it didn't present this stuff as a "generalisation of probability". No-cloning theorem in 3rd or 4th lecture, IIRC.

edit: After reading this article fully, I think it would have made for a good "lecture 0" in the above course, bridging the gap between more elementary maths and it.

[1] http://coursera.org/course/crypto [2] https://www.cl.cam.ac.uk/teaching/1415/QuantComp/

A good complement to this set of challenges is Dan Boneh's Crypto class on Coursera. The coursera class is more theory-driven, whereas these challenges are more practical... they mix well. https://www.coursera.org/course/crypto

⬐ bradleyjg

I just finished Cryto I and immediately signed up for Cryto II. Very well done online class.

So I don't know what textbook to suggest but are you aware of: https://www.coursera.org/course/crypto I've heard it's pretty good.

In general you should prefer crypto constructions which are a result of global competitions. For example AES and SHA3.

You should avoid at all costs anything that has been standardized by NIST without going through years of reviews by international cryptographers. Dual_EC_DRBG is a clear example of crypto construction which falls into this category.

This is my general rule of thumb.

However knowing which ciphers one should use is not enough! You absolutely need to know HOW to use them. A basic and superficial example is AES in ECB mode, which is semantically secure as long as you use a key to encrypt one and only one single block. Another one is, for example, after how many encrypted blocks a key should be rotated, based on the underlying cipher used.

Once you have learnt how to use the basic building blocks of crypto you are then NOT supposed to write your own implementation and instead use existing ones....there is a small problem with this....they are broken or they either not implement all the necessary crypto constructions you need. OpenSSL is an example of broken crypto implementation, and instead NaCl does not have TLS implemented.

So this is a short summary and my personal opinion of why crypto is hard. On top of all this there are not enough experts out there which have the time to review crypto implementations or new and old constructions, and we are living a historical period where we desperately need crypto to protect our privacy.

So my final suggestions is to take some of your spare time and go through Dan Boneh Crypto 1 at Coursera: https://www.coursera.org/course/crypto

It is worth every single minute.

Once you have done that, I would also suggest you to take the Matasano Crypto challenges: http://www.matasano.com/articles/crypto-challenges/

Finally I want to thank everybody who have taken their time to create and maintain both Crypto 1 course and the Matasano challenges.

⬐ netdog

> In general you should prefer crypto constructions which are a result of global competitions. For example AES and SHA3.

The judges who chose AES and SHA-3 as the "winners" of the global competitions are the NSA.

> You should avoid at all costs anything that has been standardized by NIST...

That would include AES and SHA-3.

⬐ silenteh

> The judges who chose AES and SHA-3 as the "winners" of the global competitions are the NSA.

Sure, however this process creates alternatives and if the crypto community thinks the winner is backdoored I am pretty sure we will know it and additionally we will have a valid alternative ready to be implemented. Additionally if the NSA/NIST modifies the specs for the crypto construction there is still the possibility to implement the original one. See SHA-3 for instance. It was about to be weakened, but the crypto community could still implement the original spec.

> That would include AES and SHA-3.

You cut the rest of the sentence and therefore changed completely the whole meaning. My original sentence included: "...without going through years of reviews by international cryptographers." Take a look at this video of D.J.B.: https://www.youtube.com/watch?v=G-TM9ubxKIg He makes a great example with the Dual_EC_DRBG, where many cryptographers told NIST that there could be a backdoor. NIST answer basically was: sorry too late, it has already been implemented !

So in other words, in case of Dual_EC_DRBG the standardization process was all in reverse. First NIST standardized it and then the crypto community started to review it and found problems.

I am in the same position. Stanford Online started a Coursera course on cryptography yesterday, might be interesting for you.

https://www.coursera.org/course/crypto

Both coursera and udacity have amazing courses on crypto.

Udacity: https://www.udacity.com/course/cs387

Coursera crypto I: https://www.coursera.org/course/crypto

Coursera crypto II: https://www.coursera.org/course/crypto2

I took coursera crypto I myself. It was a lot of work, but I learned a ton.

⬐ agwa

Good luck trying to take Coursera's Crypto II: I've been signed up since August 2012, and every 3-6 months it has been delayed another 3-6 months. At this point I'm no longer expecting it to be offered.

Crypto I is not vaporware and is excellent.

⬐ dethstar

Makes you wonder why aren't online classes kept, at least a year or something, in case the information is out of date (for technology)?

⬐ epsylon

That's because the staff needs a schedule similar to the academic schedule so they can answer questions, correct things, participate in the forum discussions...

Crypto I has been offered several times though (at least 4 or 5). If you ever signed up for one of the offerings, you can still access to the full course (videos, lectures, and I think even the automated grader) as well as the forums (but the forum activity usually fades down after the end of the course).

⬐ krick

It's not because of some practical reasons, just university policies.

⬐ agwa

I'm not sure what you're saying. As far as I know, Crypto II has never been offered, so the problem is probably that they haven't developed any course material for it.

⬐ TrainedMonkey

Udacity has a model in which every class is self paced and they have not deleted a single one since uploading them.

⬐ JosephBrown

This is my favorite feature that Udacity has and the others don't.

⬐ B-Con

I have hopes for Crypto II. Based on Crypto I, Boneh likes to do a good job with the course and being who he is, he's probably just incredibly busy (the original Crypto I itself had two minor delays in the middle of the class), so it keeps getting postponed. I wouldn't be surprised to see it materialize eventually.

Crypto I was very well put together, Crypto II has a high threshold to maintain [0]

References:

[0] https://www.coursera.org/course/crypto

This article coincides perfectly with the online Stanford Crypto class that just started up: https://www.coursera.org/course/crypto We just covered the principles of good encryption, and this is a great exercise to witness in that context.

If you're open to an online course, there's a Stanford intro one coming up on Coursera - https://www.coursera.org/course/crypto

⬐ runn1ng

I did the course about 1 year ago (or maybe 2? not sure now).

The only thing I really remember from top of my head is don't implement your own crypto.

I guess I remembered the most important lesson.

https://www.coursera.org/course/crypto

Dan Boneh's Cryptography I class on Coursera is about to start again in just a few days. I highly recommend it: https://www.coursera.org/course/crypto

⬐ oelmekki

Thanks mct, that's a perfect fit. Timing is perfect, and I've just signed up.

For those who may not be available in that time, maybe you have a more permanent resource in mind ?

⬐ kbart

Wow great! I have just enrolled. Thank you. I develop commercial products and would feel guilty too by not protecting costumers' data better.

⬐ Tomte

I passed the last course and cannot recommend it enough.

I'd love to know the answer to the last week's programming problems, though. I only got part of it.

Dan did such a great job on the Stanford Crypto course, it's worth learning the basics to learn the important bits.

https://www.coursera.org/course/crypto

Yes, I've heard about the Matasano's Crypto Challenge, but want to recommend Coursera's Crypto courses too: https://www.coursera.org/course/crypto

⬐ wglb

It is a good course.

However, you will learn a whole other approach of how to break all things crypto from the Matasano course.

⬐ mikevm

I've been thinking of taking it. Is it a rigorous crypto course at college level?

⬐ dobbsbob

Not really that rigorous, there are some MIT courses available on cryptography engineering you can find on the web.tv MIT internal video server I've taken that are really good, covers common mistakes, why you should never do in-browser nonsense Java crypto, side channels ect. They are all recent lectures.

There's also the implementation book on the Keccak NIST3 project website, same with their book on side channels and countermeasures.

There's also this: http://achs.cs.ucsb.edu/schedule.html which is a workshop in August on applied crypto and hardware which looks pretty amazing. University prof Patrick Schaumont always lists all upcoming applied crypto workshops https://twitter.com/pschaumont and he also has a lot of publications out: http://www.ece.vt.edu/schaum/pubs.html

I'd recommend the Coursera crypto course: https://www.coursera.org/course/crypto

You might like the Matasano Crypto Challenge [1], or maybe just a coursera course on crypto [2].

1: http://www.matasano.com/articles/crypto-challenges/ 2: https://www.coursera.org/course/crypto

For those interested, Dan Boneh's course on Cryptography starts another session as of today.

https://www.coursera.org/course/crypto

⬐ jessaustin

Anyone have any idea when they're going to quit putting off Cryptography II?

⬐ dinkumthinkum

I think it starts in July.

Dan Boneh's crypto course is starting in 5 days on Coursera. Syllabus is not same as the OP's course but is very good and useful nonetheless.

https://www.coursera.org/course/crypto

⬐ tptacek

If crypto is your thing, and you want to keep it practical, allow me to plug:

http://www.matasano.com/articles/crypto-challenges/

They're free, they involve writing actual code to break actual crypto constructions, and they seem to be pretty popular; our standings right now: level 0 (6687), level 1 (490), level 2 (156), level 3 (50), level 4 (36), level 5 (29), level 6 (37).

⬐ windexh8er

Curious why there's a delta of level 4 & 5 under 6?

⬐ tptacek

A FAQ. Those are the people currently at that level.

⬐ deshmane

level 7 is hiring? :)

⬐ tptacek

No, level 7 is coming out hopefully next week.

⬐ dsuth

Respond to my email! :p

⬐ krapp

Let's say my experience with cryptography and web security can be summed up with 'using bcrypt' and 'using ssl.' Would I be able to learn from this or would I need to seek out something more basic first?

⬐ StavrosK

You can learn from it, they explain how to go about solving them pretty well. I solved the first set in a few minutes and am trying to find time to do the second one, they are pretty fun.

⬐ reledi

From the page tptacek linked to:

> HOW MUCH CRYPTO DO I NEED TO KNOW?

> None. That's the point.

Try Dan Boneh's crypto course on coursera [1]. It covers quite a lot of ground, both practical and theoretical, and includes programming exercises similar to the matasano puzzles. Without a doubt it's one of the best courses of the dozen MOOCs I've taken. There's also a followup course [2] (I haven't taken it yet personally, but I believe the currently scheduled run will be the first).

Interestingly enough, there's also an upcoming security course (with no date planned yet) which will cover the application programming part of security and will be co-taught by him. [3]

[1] https://www.coursera.org/course/crypto [2] https://www.coursera.org/course/crypto2 [3] https://www.coursera.org/course/security

⬐ cryptbe

Glad that you like Dan Boneh's crypto class. I made the programming exercises :-).

⬐ StavrosK

They were very well done, and I loved the course overall, so congrats. I like how Dan knows how to preemptively answer every question I had.

There is the free "Cryptography 1" course on Coursera ( https://www.coursera.org/course/crypto ).

I'm taking it right now. There's a lot of maths and theory, and it's quite a difficult course, but it's been a great way to learn the foundations of cryptography.

⬐ sweis

Another session of Dan Boneh's online crypto course starts up tomorrow.

Cryptography I by Dan Boneh (Stanford University): https://www.coursera.org/course/crypto

The videos are probably available for download somewhere else, so you don't have to wait. Someone posted a site here on HN that saved all the coursera videos, but I can't remember the name.

Each video lasts ~20 min if I remember correctly, but they are very intensive. I never wanted to watch more than one or two per day, my mind would have blown.

⬐ blablabla123

Is there something shorter? I mean something consisting only of 5 pages or so? My current knowledge (for web dev purposes) is this: sha1(md5(pw + salt)) is pretty safe. And I heard that doing the sha1 recursively is better. On the other hand my boss is convinced that is no good.

Of course I did a bit of research (ok, only 30-60 minutes on Google ;)) and didn't find anything presenting a sweet and simple solution.

⬐ throwaway125

http://codahale.com/how-to-safely-store-a-password/ or PBKDF2 is also a good solution. the tl;dr version is: sha1(md5(pw + salt)) is too fast to be good, crackers can run millions of attempts per second if they have access to the hash.

⬐ stouset

TLDR 2; Stop inventing your own cryptography. This doesn't just mean "cryptographic cipher". If you're passing data into cryptographic functions and the parameter names don't conceptually match what you're putting in them, you're probably doing voodoo cryptography.

https://www.coursera.org/course/crypto is excellent

⬐ fox91

I did it, it's excellent as an introduction. It gives you some base points but no more

⬐ prezjordan

Thanks for this - signed up!

⬐ Nursie

I did this as well, awesome course. The drop-out rate was astounding from the feb-may run though, from 70K signups there were only 1-2K that completed IIRC.

⬐ marshray

Wow. I'm even happier to have completed it then!

Agreed, it was a great course. Looking forward to the sequel in early April. https://www.coursera.org/course/crypto2

⬐ Nursie

Thanks fr the reminder, must get involved in that, it's fascinating stuff.

If you find this kind of stuff interesting, take Dan Boneh's Cryptography class on Coursera. It covers issues like this very well...

https://www.coursera.org/course/crypto

⬐ andrewcooke

as i said, i think i understand CTR mode. or thought i did. i was more curious about how you could seek to a particular counter value. and then was even more confused by the idea that neither nonce nor counter can be repeated, as i thought it was the combination that had to be unique. so maybe i do need to take that course. hmmm.

⬐ tptacek

There are systems that use CTR mode as a way to do "random access" bulk encryption, because Schneier suggested that in both his major crypto books.

The specific exploitable condition is indeed the recurrence of a specific nonce/counter tuple; the point is, there are systems in which attackers can induce that condition, as opposed to simply having the system blunder into it (for instance, by using the same nonce every time).

⬐ andrewcooke

ah, ok, thanks. "random access" makes everything much clearer.

⬐ tptacek

You end up with similar problems when you try to use CTR with 64 bit block ciphers, like Blowfish and DES-EDE --- both of which are very common.

Zenst - it sounds like you have a lot of interest in cryptography, and your lack of familiarity with PBKDF2 and friends suggests that you have just entered this space.

I highly recommend https://www.coursera.org/course/crypto as a great introduction into some of the more interesting elements you are working through.

⬐ Zenst

Thank you and signed up. I have interests in too many things that cross over, but this is one area I do need to step back a bit and learn the lingo a bit more. Looking forward to this course now.

Don't mean to be a shill for Coursera, but if you enjoyed this article you might like Coursera's crypto class: https://www.coursera.org/course/crypto I found it really challenging in some places, but also quite fun.

Udacity also has a crypto course: http://www.udacity.com/overview/Course/cs387/CourseRev/apr20... I haven't tried it yet, but it looks a bit more in-depth in some places than the Coursera course.

⬐ coldarchon

The first exercise of Coursera's crypto class had the size and level of a final exam and I left.

For those interested... You can still get in on Coursera's Intro to Cryptography course from Stanford. It's been great so far, on week 3 of 6, but you can catch up!

https://www.coursera.org/course/crypto

⬐ zainny

Udacity also has a great course on Crypto: http://www.udacity.com/overview/Course/cs387/CourseRev/apr20...

Just finished the class today myself, and yep, that's the most repeated advice.

The class repeats starting Monday, if anyone is interested in learning the basics of how all this stuff works.

https://www.coursera.org/course/crypto

Take a look at: https://www.coursera.org/course/crypto and: https://www.coursera.org/course/algo

to fill those gaps. I've taken both classes at my university and have learned more in the first few lectures of these free online classes than I learned all semester at university.

⬐ doktrin

Enrollment for all the Stanford Coursera offerings is currently closed. Are they expected to repeat in the near future?

⬐ christiangenco

Huh, I wonder why they did that.

Here's what appears to be a third party uploading all the Algorithm videos: http://www.youtube.com/watch?v=u2TwK3fED8A&context=C4809...

If you'd like a copy of the assignments I can send them to you.

My guess is that they'll iterate over the material and open again next "semester." I'm at a loss as to why they're still operating under "semester" paradigms. Will likely be removed after a few iterations of the course.

⬐ doktrin

Thanks for the link, Christian!

I would very much appreciate a copy of the assignments. My email is in my profile (I'll happily use whichever transfer method is most convenient for you, of course - gist, etc.)

⬐ jmcgough

I did a minor in CS, and was blocked from taking algorithms coursework due to budget cuts. I read Cormen's Intro to Algorithms last year, but coursera's algorithms course has been amazing for filling in gaps in my knowledge. I absolutely recommend it :)