HN Academy

There is also a cryptography course from Udacity: https://www.udacity.com/course/applied-cryptography--cs387

⬐ codetrotter

In the “secure computation” part, do you learn how to do such computation or is it just another explanation of what it is?

I know the “what” of this but not the “how”. If this teaches me what I need in order to go and actually implement it myself then I am interested.

⬐ harias

Cryptography 1 by Stanford on Coursera is really good too : https://www.coursera.org/learn/crypto

Is there a good way to find people who are qualified to do such a review? This paper was written by a Ph.D. student and professor of Computer Science at a respected university. The professor teaches a crypto course on Udacity (https://www.udacity.com/course/applied-cryptography--cs387). If they don't meet the criteria for being cryptographers, I wonder how many people in the world do?

⬐ dsacco

I'm going to push back on this a bit.

Thomas responded alongside this comment to talk about how academic cryptographers are not necessarily qualified to implement original crypto, and I largely agree with that; however, I don't actually think that's the issue here. Rather I would pin this on a lack of peer review.

I could be wrong, but I don't believe the author of this paper has had it published or at least accepted in any journal or conference proceedings. Being an eprint format with endorsement rather than peer review, you can expect mistakes like this to happen often, even if the authors are ostensibly qualified. When you submit original research for publication you generally go back and forth a bit with adjustments as needed, and as long as there is nothing egregious you don't need to redo it all.

In this specific case, I believe the author fully understands the issue (or would, were it presented to them) and is fully capable of fixing it. A qualified peer review would (hopefully :) have caught this and other latent issues if an HN commenter did.

We see this in the broader mathematics and computer science communities, and we especially see it in sub-disciplines like machine learning as well. It's absolutely true that academic cryptographers should not be assumed capable of rolling their own crypto a priori, but in my (educated) opinion I would certainly place far more weight on crypto developed by an academic cryptographer than a software engineer without any particular training.

My platonic ideal for someone who is capable of developing original crypto is something like an academic with a PhD in math or computer science (focusing on crypto), who can develop software very well and who joins an applied lab for crypto engineering and development (like NCC's) or a top cryptanalysis firm like Riscure. Failing that, I'd probably place the most weight on someone who had a lot of training in crypto engineering or practical cryptanalysis over an academic with no implementation experience.

(I apologize if any of this is patronizing, I don't know what your background or familiarity with the academic process is w/r/t peer review, etc).

⬐ forgotpwtomain

> A qualified peer review would (hopefully :) have caught this and other latent issues if an HN commenter did.

Would the qualified peer-review necessarily be reading the NodeJS code, or just checking the theoretical soundness of the paper? I'm not so certain about the former...

⬐ tptacek

You absolutely need both skills.

⬐ pbsd

Almost certainly not the former, no. At best the code would be "supplementary material", which reviewers are not required to go over.

⬐ tptacek

Not many. There's a Venn diagram to draw about academic cryptographers and practicing cryptographic engineers and people qualified to do cryptographic reviews and the overlap is less than you might think.

Applied Cryptography is also one of the free advanced courses on Udacity:

https://www.udacity.com/course/applied-cryptography--cs387

I did part 1 and liked it a lot.

I also liked Udacity crypto course, less formal but with great "hands on" exercises:

https://www.udacity.com/course/applied-cryptography--cs387

Rule of crypto #1 - never implement your own crypto.

If you want to know what they are talking about, here are two free courses that go over all of that stuff and more. I particularly liked error oracle decryption exercise from coursera crypto class:

https://www.coursera.org/course/crypto

https://www.udacity.com/course/cs387

⬐ moron4hire

Someone, somewhere had to implement their own crypto, or there wouldn't be any crypto.

⬐ PhasmaFelis

Someone had to invent the wheel, too, but that doesn't make it a good idea to design and build your own car.

⬐ moron4hire

Elon Musk thought it was a good idea to design and build his own car. Should Albert Parcelle, the creator of the first wheel-hub motor, also have abstained from "reinventing the wheel" in 1890? How about J. Grabowiecki with the Omni Wheel in 1919? How about Bengt Ilon forgoing his Mecanum Wheel in 1973?

See, this is why I hate these sorts of statements. They assume it's impossible to be innovative in well-established fields. Or they assume the person they are saying it to is incapable.

It's a sort of arrogant condescension that I don't think should have any place among polite people

⬐ PhasmaFelis

When people say things like "Don't reinvent the wheel" and "Never implement your own crypto", it's generally understood that they mean "unless you have a really good reason for doing so and the budget and expertise to do it right." We don't actually say those things, because we don't want to turn casual conversations into legal documents; instead we trust in the readers' common sense.

⬐ moron4hire

But any time any of these sorts of projects come up, the posts are not "what need are you trying to fulfill?", they're just yelling, "don't reinvent the wheel!" That's what I'm talking about, this culture of "I, having spent 5 minutes skimming your README, know better than you."

⬐ tptacek

No, he didn't. Elon Musk paid a fortune to get experts to design a car for him. He did the opposite of what this thread is debating.

⬐ PhasmaFelis

Someone had to invent the wheel, too, but that doesn't make it a good idea to design and build your own car.

⬐ snowwrestler

Yes, but they did it wrong. But someone else caught the bug and fixed it. But the fix was wrong, but yet another person caught that bug and fixed it. But their fix was wrong, but it got fixed, but that was wrong... and the next, and the next... Repeat for as long as the library has been in active use and development.

That's the value of using established libraries. It's not necessarily that those library authors are so much smarter than the rest of us (although maybe a few are). It's that they already know a lot of the ways that their code was wrong.

If you write it yourself, who's going to catch your bugs? Then who's going to catch theirs?

This is not specific to crypto code, but crypto code is probably harder than most to get right, and more likely to be used on serious stuff.

⬐ moron4hire

What says any particular person will write said bugs? We have a word for automatically assuming that any particular individual holds any particular trait of the group of which they are a member without first confirming that person has that trait. It's called prejudice. And yes, you can be prejudiced towards your own in-group.

Good crypto code needs a good understanding of crypto and a good understanding of code. The person who has both is rare. Far too frequently, the situation you've described comes about because the only people writing crypto code are the people who understand crypto.

And I think the admonishment "don't write your own crypto code" is peer-pressuring people who have a good understanding of code from abstaining from gaining a good understanding of crypto.

⬐ snowwrestler

When it comes to putting bugs in software, I am prejudiced against the human race. :-)

Folks saying "don't write your own crypto" are really talking about production systems that will serve customers, employees, governments, etc. Crypto is not going to be a market differentiator; it just needs to work. So why not stand on the shoulders of many others and use a library that is already well tested and patched up?

But in terms of spending your own time to learn, I doubt many folks would say don't do that. Matasano even provides a bunch of freely available materials to do just that.

⬐ dllthomas

"those library authors are so much smarter than the rest of us"

Aside from your point (which is valid itself), it's not even necessarily "smarter". Comparably smart people more specialized at task X are likely to be better at task X.

⬐ nsfmc

you can also take matasano's own practical crypto course http://cryptopals.com. If you're taking a vacation, for example, it can be fun to do some of the exercises, write stuff on a notepad, go back to doing exercises and so forth. highly recommended and lighthearted.

⬐ StavrosK

The Coursera one is amazing. I've been waiting for the second part for years. It's a twist a minute ("so how can you break X?" "okay yeah there is NO WAY to break this at all, I'm positive" "pretty simply: do Y" "goddamnit").

⬐ d4rti

Is this the course you are looking for? https://www.coursera.org/course/crypto2

⬐ StavrosK

Yeah, it's been "starting in three months" for two years.

https://www.udacity.com/course/cs387

Udacity also has a applied cryptography, I haven't tried. but it's good if someones has feedback.

Also Udacity has "Applied Cryptography"[1].

While coursera focuses on theory, it is a bit more practical. I'd say they complement each other nicely.

[1] https://www.udacity.com/course/cs387

Both coursera and udacity have amazing courses on crypto.

Udacity: https://www.udacity.com/course/cs387

Coursera crypto I: https://www.coursera.org/course/crypto

Coursera crypto II: https://www.coursera.org/course/crypto2

I took coursera crypto I myself. It was a lot of work, but I learned a ton.

⬐ agwa

Good luck trying to take Coursera's Crypto II: I've been signed up since August 2012, and every 3-6 months it has been delayed another 3-6 months. At this point I'm no longer expecting it to be offered.

Crypto I is not vaporware and is excellent.

⬐ dethstar

Makes you wonder why aren't online classes kept, at least a year or something, in case the information is out of date (for technology)?

⬐ epsylon

That's because the staff needs a schedule similar to the academic schedule so they can answer questions, correct things, participate in the forum discussions...

Crypto I has been offered several times though (at least 4 or 5). If you ever signed up for one of the offerings, you can still access to the full course (videos, lectures, and I think even the automated grader) as well as the forums (but the forum activity usually fades down after the end of the course).

⬐ krick

It's not because of some practical reasons, just university policies.

⬐ agwa

I'm not sure what you're saying. As far as I know, Crypto II has never been offered, so the problem is probably that they haven't developed any course material for it.

⬐ TrainedMonkey

Udacity has a model in which every class is self paced and they have not deleted a single one since uploading them.

⬐ JosephBrown

This is my favorite feature that Udacity has and the others don't.

⬐ B-Con

I have hopes for Crypto II. Based on Crypto I, Boneh likes to do a good job with the course and being who he is, he's probably just incredibly busy (the original Crypto I itself had two minor delays in the middle of the class), so it keeps getting postponed. I wouldn't be surprised to see it materialize eventually.

Here is a free Udacity course on cryptography: https://www.udacity.com/course/cs387