Hacker News Stories and CommentsAll the comments and stories posted to Hacker News that reference this course.
Cryptography 1 by Stanford on Coursera is really good too : https://www.coursera.org/learn/crypto
Another great crypto resource (though it's really an intro course) that's out there is the Cryptography course on Coursera: https://www.coursera.org/learn/crypto. It's taught by Dan Boneh who, in addition to being a genius, also happens to be incredibly talented at explaining crypto concepts in a way that leads to deep understanding. It's a great treat watching him write out and explain different proofs from memory.
After taking these two crypto courses, I signed up for CS155 https://crypto.stanford.edu/cs155/, which is his undergrad class on security at Stanford (they were offering it through their professional center, I don't think they still offer it, which is a bummer)
Prof. Dan Boneh's Cryptography I is really good.
Compared to many other MOOCs, it provides solid foundations while being easy to follow.
Not a cryptocurrency course per se, but Dan Boneh's course on Cryptography is an excellent introduction to most of the building blocks of cryptosystems, including the technology underlying most cryptocurrencies.
In terms of level, it is more than a little technical (programming exercises in both cryptography and cryptanalysis await you!), while still remaining far from rigorous (compared to, say, a graduate-level cryptography text).
Three Coursera MOOCs I particularly enjoyed:
* Discrete Optimization: almost entirely problem-driven, very challenging and entertaining prof; https://www.coursera.org/learn/discrete-optimization
* Crypto I: very deep, thorough and crystal clear explanations; https://www.coursera.org/learn/crypto
* Computer Networks: excellent overall course covering a wide variety of topics; https://www.coursera.org/instructor/~517478, https://www.youtube.com/playlist?list=PLfgkuLYEOvGMWvHRgFAcj...
⬐ robertelyComputer Networks looks great it's a shame they pulled it down.⬐ jamestimmins⬐ davidglTake a look at https://lagunita.stanford.edu/courses/Engineering/Networking.... Haven't taken either, but Stanford typically puts out pretty good MOOCs.⬐ weber111Lectures are great. Material is at a solid undergrad level (should be suitable for someone with 1-2yrs of CS background). No programming assignments, so I would go look at Phil Levis's website to find the "regular" course website and do the programming assignments from there.I LOVED discrete optimisation⬐ eeZah7UxProf. Dan Boneh's Cryptography I is really good.
Compared to many other MOOCs, it provides solid foundations while being easy to follow.⬐ excessi0nComputer Networks is definitely the best MOOC I ever took. I hope they bring it back.
The content is actually pretty terrible and not likely to help anyone understand much about TLS.
This however is a decent resource for learning the things you're asking about such as public key crypto, asymetric vs symetric, digital signatures, etc. Specifically weeks 5 and 6. The whole course is good though.
If you come from a computer science/math background, and want an intro to cryptography in general, I can strongly recommend the Coursera course from Stanford University by professor Dan Boneh - https://www.coursera.org/learn/crypto. To really understand the implementations of security libraries and tools, one should be at least familiar with the fundamentals and terminology of crypto. Otherwise you are blindly encrypting things without being aware of whether you are actually securing things.
The course is free and takes 6 weeks long, and is very interesting if you had never dwelled too deep into security or crypto. There's also a new cryptography class that will be available in September of 2017 - https://www.coursera.org/learn/crypto2.
⬐ qjighapI loved the first crypto course.
I have been enrolled in the crypto2 class for several years now. I hope they finally offer the course, but I have low hopes.⬐ kyrre⬐ huevingany day now :^)TBH this doesn't really give you anything about best practices though. It's a bunch of base theory without anything about timing analysis, etc. It's nice to know information but I don't think it makes you a better 'secure' programmer.⬐ rqebmmThis was a complaint I heard from several people I work with who took the course.⬐ platzTo my knowledge there has never been a timing attack documented in the wild on a remote server. They are only practical in offline scenarios with host access⬐ cvwrightFunny you should mention this in a thread about Dan Boneh's crypto class.
David Brumley and Dan Boneh, "Remote Timing Attacks Are Practical." In Proc. USENIX Security Symposium, 2003. https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf
Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.⬐ huevingDepends on what you mean by timing attack.
The only vulnerability of Tor, which heavily depends on cryptography, is timing analysis.
One of the most important lessons of cryptography is that it doesn't exist in a vacuum. Timing between messages and message sizes can be enough to end you.⬐ platzI guess "timing analysis" means something else, more akin to correlation of meta-data. https://en.wikipedia.org/wiki/Timing_attack is pretty clear, so maybe I was referring to something else than the OP.
Learning How To Learn by Barbara Oakly on Coursera https://www.coursera.org/learn/learning-how-to-learn It teaches you fundamentals of how the brain works, and how to improve your learning. It is free. Those three factors make it a great first course.
Cryptography I by Dan Boneh on Coursera https://www.coursera.org/learn/crypto I actually can't recommend it to everyone because I didn't complete it and I just wasn't intelligent enough on the material to complete it. This requires one to be good with advanced maths, and I got migraine issues from this (same as with advanced maths in my youth). However it is very well explained. The problem was me, not Dan Boneh's course.
Positive Psychology by Barbara Fredrickson https://www.coursera.org/learn/positive-psychology My significant other completed this course (I have not tried it yet), and highly recommends it. Its on my list.
Securing Democracy by J. Alex Halderman https://www.coursera.org/learn/digital-democracy I thought I was interested in this subject, and I was to some extend, but I was not enough interested to follow the course to the end. However the course as far as I took it was excellent.
Terrorism and Counterterrorism: Comparing Theory and Practice by Edwin Bakker https://www.coursera.org/learn/terrorism I didn't complete this course either but it was interesting and good nonetheless.
There are just a few of the courses I can recommend, and it doesn't contain the one I'm currently one because I haven't completed it yet (will likely include it once completed). There's also courses I cannot recommend (it also depends on the audience). I will resort to the positive angle though wink.
One thing I got from the courses is that it is OK to not complete a course. You can regard it as time waste which is fair enough. My goal is not to get a certificate though. That's merely a byproduct. My goal is to learn (which is a process), to satisfy my taste for knowledge. However Coursera changed its terms of usage last years and ever since I used the platform less.
If you are interested in more than an article, this course is very good.
Sorry to spoil it, but the conclusion will basically be the same as the article, as in "just don't".
⬐ StavrosKYes, but arriving at the conclusion is very fun. Although, don't hold your breath for Cryptography II. I've been waiting for it for years.
The OP should take https://www.coursera.org/learn/crypto
⬐ boriselecThis question was in one of quizzes. Expected answer: compress first.
I'm currently working through Cryptography 1 on Coursera and struggling with some of the maths involved, so hopefully this will help.
Dan Boneh's "Introduction to Cryptography".
⬐ Kurtz79I did part 1 and liked it a lot.
I also liked Udacity crypto course, less formal but with great "hands on" exercises:⬐ calvins+1 for Dan's crypto1. I don't think crypto2 has been taught yet via coursera, as I've been waiting to take it and have seen it pushed back several times, and I've seen others say they'd been watching it get delayed for years. It does seem that Dan has been recording videos for part 2 in 2015 though (according to one of his students), so there's reason for hope that it might happen in 2016.⬐ nindalf⬐ zzmxleoI think we'll know in a couple of weeks if its going to start on Jan 11th or not. If its not ready yet, it'll be pushed back by a month or two by mid December. That's how the previous postponements were done.⬐ uulbiyI finished Cryptography I in March 2012 and wanted to take Cryptography II ever since. Every time the announced time is close it gets pushed back by 4 months.Yeah, the course is really cool.⬐ kbartI came here to say the same. A really, really good course, a must to everyone who's interested in cryptography.
I've completed a bunch of Coursera courses. Quality really varies. Even within the 9 course Data Science specialization  track some courses were rather poor while the rest were very good. I'm currently taking the #5 rated course . It is excellent. But I'm only taking it because the Statisical Inference course in the Data Science specialization was so weak.
I would also recommend the Cryptography 1 course by Dan Boneh on Coursera . Excellent if you are at all interested in the subject.
I always download the lecture videos, slides, quizzes, labs and exams because, as mentioned, many of the courses don't allow access once the class is completed.
You definitely have to have plenty of self discipline to complete MOOCs. And I don't have any delusions about a Coursera certificate being useful in landing a job; that's not what I'm after. I'm building the skills I want to apply to my own projects.
⬐ sawwithttps://www.coursetalk.com has quite good reviews, especially on the more popular courses.
That Coursera link should be https://www.coursera.org/course/crypto
The first course happens regularly, while "part 2" has been "2 months away" for at least a year now.
⬐ jessaustinI signed up for that years ago, after enjoying crypto 1. Has 2 ever taken place?⬐ sigjuiceNo.
That's good advice, and I've given it myself, but that doesn't mean you shouldn't read and play around with cryptography if it interests you.
I implemented a simplified version of the referenced Vaudenay attack as part of Dan Boneh's Cryptography I course on courseara+. The course was very interesting, and also fun. I'm not ready to go out and implement my own cryptography, but knowing a bit about the subject makes me a more intelligent consumer of crypto libraries.
While warning people away from implementing their own cryptography we have to make sure we don't scare people off from the subject altogether. After all, absolute top experts have to start somewhere.
⬐ classicsnootThank you for the link and the review. I start my CS degree in the Fall; i hope i can start and finish this before then.⬐ pmalyninFor the love of all that is sacred, take advanced math and linear algebra.⬐ classicsnootThank you for the admonition. I am double majoring in CS and Philosophy for a specific reason; i want to manage devs and IT wizzards. I want to function as an informed go between for the sweat stainless white collars and the yellowed white collars that do the work. I love the theoretical space of design and networking, but i have very low expectations of my actual capabilities at the nuts and bolts. I am a [failed] writer and indy movie producer, but i want to be 'part of your world'. I have been trying to self educate, but it is not simple with no mentor. I see uni as a chance to be around people who are smarter than me as well as make time to write the novels and short stories that make me happy. So i am going to start in CS and Philosophy, audit engineering courses and IR courses, then switch majors to whatever seems appropriate. I am a bit older than your typical freshperson, and i am building a trajectory for post-grad, but really i am button mashing like it's StreetFighter. ANy advice is appreciated; i will look into the Maths Degrees.⬐ rcthompsonI heartily agree with this sentiment. I have a friend who's a few years older than I am. He majored in CS, and told me in retrospect that he wished he had majored in mathematics instead. I took his advice, and, instead of doing CS major + a few math classes, I did math major + a few CS clases. I am now very glad that I did so. (For context, my friend and I are both data analysts now.)⬐ pmalyninMy comment comes from experience of being in progress of doing an Honors CS - Honors Math double major. After having completed Honors Calculus I/ II, Honors Linear Algebra Imy /II circuits in my first year I felt about 2-3 years ahead in my knowledge of mathematics and associated rigor -- this was especially evident when I was taking combined CS/EE courses and seeing student struggle with concepts that I thought were basic (infinimums, supremums, etc.) but apparently are not covered over the course of 2 years in the regular streams.
Coursera/Stanford have a crypto course going on right now. It's already well under way but you can watch all the videos and (I believe) still do the quizzes and just pass on the certificate. https://www.coursera.org/course/crypto
Rule of crypto #1 - never implement your own crypto.
If you want to know what they are talking about, here are two free courses that go over all of that stuff and more. I particularly liked error oracle decryption exercise from coursera crypto class:
⬐ moron4hireSomeone, somewhere had to implement their own crypto, or there wouldn't be any crypto.⬐ snowwrestler⬐ nsfmcYes, but they did it wrong. But someone else caught the bug and fixed it. But the fix was wrong, but yet another person caught that bug and fixed it. But their fix was wrong, but it got fixed, but that was wrong... and the next, and the next... Repeat for as long as the library has been in active use and development.
That's the value of using established libraries. It's not necessarily that those library authors are so much smarter than the rest of us (although maybe a few are). It's that they already know a lot of the ways that their code was wrong.
If you write it yourself, who's going to catch your bugs? Then who's going to catch theirs?
This is not specific to crypto code, but crypto code is probably harder than most to get right, and more likely to be used on serious stuff.⬐ moron4hire⬐ PhasmaFelisWhat says any particular person will write said bugs? We have a word for automatically assuming that any particular individual holds any particular trait of the group of which they are a member without first confirming that person has that trait. It's called prejudice. And yes, you can be prejudiced towards your own in-group.
Good crypto code needs a good understanding of crypto and a good understanding of code. The person who has both is rare. Far too frequently, the situation you've described comes about because the only people writing crypto code are the people who understand crypto.
And I think the admonishment "don't write your own crypto code" is peer-pressuring people who have a good understanding of code from abstaining from gaining a good understanding of crypto.⬐ snowwrestler⬐ dllthomasWhen it comes to putting bugs in software, I am prejudiced against the human race. :-)
Folks saying "don't write your own crypto" are really talking about production systems that will serve customers, employees, governments, etc. Crypto is not going to be a market differentiator; it just needs to work. So why not stand on the shoulders of many others and use a library that is already well tested and patched up?
But in terms of spending your own time to learn, I doubt many folks would say don't do that. Matasano even provides a bunch of freely available materials to do just that."those library authors are so much smarter than the rest of us"
Aside from your point (which is valid itself), it's not even necessarily "smarter". Comparably smart people more specialized at task X are likely to be better at task X.Someone had to invent the wheel, too, but that doesn't make it a good idea to design and build your own car.⬐ PhasmaFelisSomeone had to invent the wheel, too, but that doesn't make it a good idea to design and build your own car.⬐ moron4hireElon Musk thought it was a good idea to design and build his own car. Should Albert Parcelle, the creator of the first wheel-hub motor, also have abstained from "reinventing the wheel" in 1890? How about J. Grabowiecki with the Omni Wheel in 1919? How about Bengt Ilon forgoing his Mecanum Wheel in 1973?
See, this is why I hate these sorts of statements. They assume it's impossible to be innovative in well-established fields. Or they assume the person they are saying it to is incapable.
It's a sort of arrogant condescension that I don't think should have any place among polite people⬐ tptacekNo, he didn't. Elon Musk paid a fortune to get experts to design a car for him. He did the opposite of what this thread is debating.⬐ PhasmaFelisWhen people say things like "Don't reinvent the wheel" and "Never implement your own crypto", it's generally understood that they mean "unless you have a really good reason for doing so and the budget and expertise to do it right." We don't actually say those things, because we don't want to turn casual conversations into legal documents; instead we trust in the readers' common sense.⬐ moron4hireBut any time any of these sorts of projects come up, the posts are not "what need are you trying to fulfill?", they're just yelling, "don't reinvent the wheel!" That's what I'm talking about, this culture of "I, having spent 5 minutes skimming your README, know better than you."you can also take matasano's own practical crypto course http://cryptopals.com. If you're taking a vacation, for example, it can be fun to do some of the exercises, write stuff on a notepad, go back to doing exercises and so forth. highly recommended and lighthearted.⬐ StavrosKThe Coursera one is amazing. I've been waiting for the second part for years. It's a twist a minute ("so how can you break X?" "okay yeah there is NO WAY to break this at all, I'm positive" "pretty simply: do Y" "goddamnit").⬐ d4rtiIs this the course you are looking for? https://www.coursera.org/course/crypto2⬐ StavrosKYeah, it's been "starting in three months" for two years.
The next iteration of Stanford's Coursera Cryptography 1 course starts on Jan 5: https://www.coursera.org/course/crypto
Does anyone know how this compares to Coursera course  or  + ?
⬐ spand has never been available while this seems only temporarily unavailable.⬐ transedwardhttps://www.udacity.com/course/cs387
Udacity also has a applied cryptography, I haven't tried. but it's good if someones has feedback.⬐ lvh(Author here.)
I've taken Dan's crypto class (), so I think I can weigh in.
Obvious difference: not organized as a MOOC. Whether that is good or bad is up to you.
Focus difference: I think Crypto 101 is targetting applied crypto more, whereas the Coursera classes take a more classical introduction. There is nothing wrong with either approach, in my opinion. Just a difference in focus.⬐ eroo is starting next week and I was considering spending time on it. I'd really appreciate any feedback from those who have taken it!⬐ JoachimSchipperI have heard good things about  from colleagues. Also, Boneh is a capable cryptographer.
Try this "Crypto I" course
⬐ simi_Thanks, will do!⬐ ElhanaAlso Udacity has "Applied Cryptography".
While coursera focuses on theory, it is a bit more practical. I'd say they complement each other nicely.
"As a direct result of this "QWERTY" approach to explaining quantum mechanics - which you can see reflected in almost every popular book and article, down to the present -- the subject acquired an undeserved reputation for being hard."
The same goes for cryptography. Most cryptography courses spend at least the first hour talking about historical irrelevance like substitution ciphers etc. Crypto I  (Dan Boneh) follows the latter approach, i.e. starting from modern theoretical principles, defining security properties in terms of computational complexity and games.
I quite liked the Quantum Computing course  (Anuj Dawar) from the Cambridge CST, which also followed that approach, though it didn't present this stuff as a "generalisation of probability". No-cloning theorem in 3rd or 4th lecture, IIRC.
edit: After reading this article fully, I think it would have made for a good "lecture 0" in the above course, bridging the gap between more elementary maths and it.
A good complement to this set of challenges is Dan Boneh's Crypto class on Coursera. The coursera class is more theory-driven, whereas these challenges are more practical... they mix well. https://www.coursera.org/course/crypto
⬐ bradleyjgI just finished Cryto I and immediately signed up for Cryto II. Very well done online class.
So I don't know what textbook to suggest but are you aware of: https://www.coursera.org/course/crypto I've heard it's pretty good.
In general you should prefer crypto constructions which are a result of global competitions. For example AES and SHA3.
You should avoid at all costs anything that has been standardized by NIST without going through years of reviews by international cryptographers. Dual_EC_DRBG is a clear example of crypto construction which falls into this category.
This is my general rule of thumb.
However knowing which ciphers one should use is not enough! You absolutely need to know HOW to use them. A basic and superficial example is AES in ECB mode, which is semantically secure as long as you use a key to encrypt one and only one single block. Another one is, for example, after how many encrypted blocks a key should be rotated, based on the underlying cipher used.
Once you have learnt how to use the basic building blocks of crypto you are then NOT supposed to write your own implementation and instead use existing ones....there is a small problem with this....they are broken or they either not implement all the necessary crypto constructions you need. OpenSSL is an example of broken crypto implementation, and instead NaCl does not have TLS implemented.
So this is a short summary and my personal opinion of why crypto is hard. On top of all this there are not enough experts out there which have the time to review crypto implementations or new and old constructions, and we are living a historical period where we desperately need crypto to protect our privacy.
So my final suggestions is to take some of your spare time and go through Dan Boneh Crypto 1 at Coursera: https://www.coursera.org/course/crypto
It is worth every single minute.
Once you have done that, I would also suggest you to take the Matasano Crypto challenges: http://www.matasano.com/articles/crypto-challenges/
Finally I want to thank everybody who have taken their time to create and maintain both Crypto 1 course and the Matasano challenges.
⬐ netdog> In general you should prefer crypto constructions which are a result of global competitions. For example AES and SHA3.
The judges who chose AES and SHA-3 as the "winners" of the global competitions are the NSA.
> You should avoid at all costs anything that has been standardized by NIST...
That would include AES and SHA-3.⬐ silenteh> The judges who chose AES and SHA-3 as the "winners" of the global competitions are the NSA.
Sure, however this process creates alternatives and if the crypto community thinks the winner is backdoored I am pretty sure we will know it and additionally we will have a valid alternative ready to be implemented. Additionally if the NSA/NIST modifies the specs for the crypto construction there is still the possibility to implement the original one. See SHA-3 for instance. It was about to be weakened, but the crypto community could still implement the original spec.
> That would include AES and SHA-3.
You cut the rest of the sentence and therefore changed completely the whole meaning. My original sentence included: "...without going through years of reviews by international cryptographers." Take a look at this video of D.J.B.: https://www.youtube.com/watch?v=G-TM9ubxKIg He makes a great example with the Dual_EC_DRBG, where many cryptographers told NIST that there could be a backdoor. NIST answer basically was: sorry too late, it has already been implemented !
So in other words, in case of Dual_EC_DRBG the standardization process was all in reverse. First NIST standardized it and then the crypto community started to review it and found problems.
I am in the same position. Stanford Online started a Coursera course on cryptography yesterday, might be interesting for you.
Both coursera and udacity have amazing courses on crypto.
Coursera crypto I: https://www.coursera.org/course/crypto
Coursera crypto II: https://www.coursera.org/course/crypto2
I took coursera crypto I myself. It was a lot of work, but I learned a ton.
⬐ agwaGood luck trying to take Coursera's Crypto II: I've been signed up since August 2012, and every 3-6 months it has been delayed another 3-6 months. At this point I'm no longer expecting it to be offered.
Crypto I is not vaporware and is excellent.⬐ dethstarMakes you wonder why aren't online classes kept, at least a year or something, in case the information is out of date (for technology)?⬐ krick⬐ B-ConIt's not because of some practical reasons, just university policies.⬐ agwaI'm not sure what you're saying. As far as I know, Crypto II has never been offered, so the problem is probably that they haven't developed any course material for it.⬐ TrainedMonkeyUdacity has a model in which every class is self paced and they have not deleted a single one since uploading them.⬐ JosephBrown⬐ epsylonThis is my favorite feature that Udacity has and the others don't.That's because the staff needs a schedule similar to the academic schedule so they can answer questions, correct things, participate in the forum discussions...
Crypto I has been offered several times though (at least 4 or 5). If you ever signed up for one of the offerings, you can still access to the full course (videos, lectures, and I think even the automated grader) as well as the forums (but the forum activity usually fades down after the end of the course).I have hopes for Crypto II. Based on Crypto I, Boneh likes to do a good job with the course and being who he is, he's probably just incredibly busy (the original Crypto I itself had two minor delays in the middle of the class), so it keeps getting postponed. I wouldn't be surprised to see it materialize eventually.
Crypto I was very well put together, Crypto II has a high threshold to maintain 
This article coincides perfectly with the online Stanford Crypto class that just started up: https://www.coursera.org/course/crypto We just covered the principles of good encryption, and this is a great exercise to witness in that context.
If you're open to an online course, there's a Stanford intro one coming up on Coursera - https://www.coursera.org/course/crypto
⬐ runn1ngI did the course about 1 year ago (or maybe 2? not sure now).
The only thing I really remember from top of my head is don't implement your own crypto.
I guess I remembered the most important lesson.
Dan Boneh's Cryptography I class on Coursera is about to start again in just a few days. I highly recommend it: https://www.coursera.org/course/crypto
⬐ kbartWow great! I have just enrolled. Thank you. I develop commercial products and would feel guilty too by not protecting costumers' data better.⬐ oelmekkiThanks mct, that's a perfect fit. Timing is perfect, and I've just signed up.
For those who may not be available in that time, maybe you have a more permanent resource in mind ?⬐ TomteI passed the last course and cannot recommend it enough.
I'd love to know the answer to the last week's programming problems, though. I only got part of it.
Dan did such a great job on the Stanford Crypto course, it's worth learning the basics to learn the important bits.
Yes, I've heard about the Matasano's Crypto Challenge, but want to recommend Coursera's Crypto courses too: https://www.coursera.org/course/crypto
⬐ wglbIt is a good course.
However, you will learn a whole other approach of how to break all things crypto from the Matasano course.⬐ mikevmI've been thinking of taking it. Is it a rigorous crypto course at college level?⬐ dobbsbobNot really that rigorous, there are some MIT courses available on cryptography engineering you can find on the web.tv MIT internal video server I've taken that are really good, covers common mistakes, why you should never do in-browser nonsense Java crypto, side channels ect. They are all recent lectures.
There's also the implementation book on the Keccak NIST3 project website, same with their book on side channels and countermeasures.
There's also this: http://achs.cs.ucsb.edu/schedule.html which is a workshop in August on applied crypto and hardware which looks pretty amazing. University prof Patrick Schaumont always lists all upcoming applied crypto workshops https://twitter.com/pschaumont and he also has a lot of publications out: http://www.ece.vt.edu/schaum/pubs.html
I'd recommend the Coursera crypto course: https://www.coursera.org/course/crypto
You might like the Matasano Crypto Challenge , or maybe just a coursera course on crypto .
For those interested, Dan Boneh's course on Cryptography starts another session as of today.
⬐ jessaustinAnyone have any idea when they're going to quit putting off Cryptography II?⬐ dinkumthinkumI think it starts in July.
Dan Boneh's crypto course is starting in 5 days on Coursera. Syllabus is not same as the OP's course but is very good and useful nonetheless.
⬐ tptacekIf crypto is your thing, and you want to keep it practical, allow me to plug:
They're free, they involve writing actual code to break actual crypto constructions, and they seem to be pretty popular; our standings right now: level 0 (6687), level 1 (490), level 2 (156), level 3 (50), level 4 (36), level 5 (29), level 6 (37).⬐ dsuthRespond to my email! :p⬐ krappLet's say my experience with cryptography and web security can be summed up with 'using bcrypt' and 'using ssl.' Would I be able to learn from this or would I need to seek out something more basic first?⬐ StavrosK⬐ windexh8erYou can learn from it, they explain how to go about solving them pretty well. I solved the first set in a few minutes and am trying to find time to do the second one, they are pretty fun.⬐ relediFrom the page tptacek linked to:
> HOW MUCH CRYPTO DO I NEED TO KNOW?
> None. That's the point.Curious why there's a delta of level 4 & 5 under 6?
Try Dan Boneh's crypto course on coursera . It covers quite a lot of ground, both practical and theoretical, and includes programming exercises similar to the matasano puzzles. Without a doubt it's one of the best courses of the dozen MOOCs I've taken. There's also a followup course  (I haven't taken it yet personally, but I believe the currently scheduled run will be the first).
Interestingly enough, there's also an upcoming security course (with no date planned yet) which will cover the application programming part of security and will be co-taught by him. 
⬐ cryptbeGlad that you like Dan Boneh's crypto class. I made the programming exercises :-).⬐ StavrosKThey were very well done, and I loved the course overall, so congrats. I like how Dan knows how to preemptively answer every question I had.
There is the free "Cryptography 1" course on Coursera ( https://www.coursera.org/course/crypto ).
I'm taking it right now. There's a lot of maths and theory, and it's quite a difficult course, but it's been a great way to learn the foundations of cryptography.
⬐ sweisAnother session of Dan Boneh's online crypto course starts up tomorrow.
Cryptography I by Dan Boneh (Stanford University): https://www.coursera.org/course/crypto
The videos are probably available for download somewhere else, so you don't have to wait. Someone posted a site here on HN that saved all the coursera videos, but I can't remember the name.
Each video lasts ~20 min if I remember correctly, but they are very intensive. I never wanted to watch more than one or two per day, my mind would have blown.
⬐ blablabla123Is there something shorter? I mean something consisting only of 5 pages or so? My current knowledge (for web dev purposes) is this: sha1(md5(pw + salt)) is pretty safe. And I heard that doing the sha1 recursively is better. On the other hand my boss is convinced that is no good.
Of course I did a bit of research (ok, only 30-60 minutes on Google ;)) and didn't find anything presenting a sweet and simple solution.⬐ throwaway125http://codahale.com/how-to-safely-store-a-password/ or PBKDF2 is also a good solution. the tl;dr version is: sha1(md5(pw + salt)) is too fast to be good, crackers can run millions of attempts per second if they have access to the hash.⬐ stousetTLDR 2; Stop inventing your own cryptography. This doesn't just mean "cryptographic cipher". If you're passing data into cryptographic functions and the parameter names don't conceptually match what you're putting in them, you're probably doing voodoo cryptography.
https://www.coursera.org/course/crypto is excellent
⬐ fox91I did it, it's excellent as an introduction. It gives you some base points but no more⬐ NursieI did this as well, awesome course. The drop-out rate was astounding from the feb-may run though, from 70K signups there were only 1-2K that completed IIRC.⬐ marshray⬐ prezjordanWow. I'm even happier to have completed it then!
Agreed, it was a great course. Looking forward to the sequel in early April. https://www.coursera.org/course/crypto2⬐ NursieThanks fr the reminder, must get involved in that, it's fascinating stuff.Thanks for this - signed up!
If you find this kind of stuff interesting, take Dan Boneh's Cryptography class on Coursera. It covers issues like this very well...
⬐ andrewcookeas i said, i think i understand CTR mode. or thought i did. i was more curious about how you could seek to a particular counter value. and then was even more confused by the idea that neither nonce nor counter can be repeated, as i thought it was the combination that had to be unique. so maybe i do need to take that course. hmmm.⬐ tptacekThere are systems that use CTR mode as a way to do "random access" bulk encryption, because Schneier suggested that in both his major crypto books.
The specific exploitable condition is indeed the recurrence of a specific nonce/counter tuple; the point is, there are systems in which attackers can induce that condition, as opposed to simply having the system blunder into it (for instance, by using the same nonce every time).⬐ andrewcookeah, ok, thanks. "random access" makes everything much clearer.⬐ tptacekYou end up with similar problems when you try to use CTR with 64 bit block ciphers, like Blowfish and DES-EDE --- both of which are very common.
Zenst - it sounds like you have a lot of interest in cryptography, and your lack of familiarity with PBKDF2 and friends suggests that you have just entered this space.
I highly recommend https://www.coursera.org/course/crypto as a great introduction into some of the more interesting elements you are working through.
⬐ ZenstThank you and signed up. I have interests in too many things that cross over, but this is one area I do need to step back a bit and learn the lingo a bit more. Looking forward to this course now.
Don't mean to be a shill for Coursera, but if you enjoyed this article you might like Coursera's crypto class: https://www.coursera.org/course/crypto I found it really challenging in some places, but also quite fun.
Udacity also has a crypto course: http://www.udacity.com/overview/Course/cs387/CourseRev/apr20... I haven't tried it yet, but it looks a bit more in-depth in some places than the Coursera course.
⬐ coldarchonThe first exercise of Coursera's crypto class had the size and level of a final exam and I left.
For those interested... You can still get in on Coursera's Intro to Cryptography course from Stanford. It's been great so far, on week 3 of 6, but you can catch up!
⬐ zainnyUdacity also has a great course on Crypto: http://www.udacity.com/overview/Course/cs387/CourseRev/apr20...
Just finished the class today myself, and yep, that's the most repeated advice.
The class repeats starting Monday, if anyone is interested in learning the basics of how all this stuff works.