[HN Gopher] Online Cryptography Course (2017)
___________________________________________________________________
Online Cryptography Course (2017)
Author : Tomte
Score : 288 points
Date : 2024-05-02 16:00 UTC (7 hours ago)
(HTM) web link (crypto.stanford.edu)
(TXT) w3m dump (crypto.stanford.edu)
| johnwatson11218 wrote:
| I took an online cryptography course from this professor a few
| years back. It was very good.
|
| Even though I have a background in math that class made me
| realize I don't want to be a professional cryptographer, which in
| itself is pretty nice. But all joking aside I really enjoyed the
| way that crypto systems were analyzed using demons and games to
| try and discern the random bit stream from the encrypted bytes.
| foma-roje wrote:
| Same here. I also took the course from Coursera a few years ago
| and I really enjoyed it. The conclusion? It's hard to get it
| right so don't do crypto yourself! Quite cynical, but it kinda
| killed my interest in pursuing it further.
| kryptonomist wrote:
| Yes, the Coursera title was "Cryptography I", so I was
| expecting another part, but ten years after, I still do not
| see any. A great course anyway.
| Ar-Curunir wrote:
| There's a running joke among cryptographers that Dan will
| release Crypto II next semester =)
| ShaneCurran wrote:
| If anybody's interested in any of the algorithms and papers that
| underpin most modern cryptography, we created a dedicated page on
| our site[0] as an homage to the great cryptographers of the last
| century(!) (and their works).
|
| [0]: https://evervault.com/papers
| dvas wrote:
| Thanks for sharing Shane, and nice to see companies engaged
| with the community on a technical level!
| phantom--88 wrote:
| Could seeve me as i'am a noob on this field. Thanks for the share
| pdevr wrote:
| Excellent course. The only caveat I want to add is, the estimated
| hours to complete (23 hours) can vary extremely, depending on
| your 'pre-mastery' of the subject (or lack of it). Prepare and
| pace yourself considering that.
| failbuffer wrote:
| Looks good, but I wish there was a practicioner-oriented resource
| for how to use cryptographic libraries that didn't start by
| focusing on the math. I don't need to know the intricacies of
| RSA, I need to know how to securely compose it with other
| primitives to engineer a system with the desired properties.
| foma-roje wrote:
| Perhaps what you need is something like ,,Cryptography
| Engineering: Design Principles and Practical Applications"
|
| Book by Bruce Schneier, Niels Ferguson, and Tadayoshi Kohno.
| tptacek wrote:
| Pretty outdated. For awhile, it was the best book available,
| but in 2024 it's probably harmful.
|
| Today, I'd read Serious Cryptography or Real World
| Cryptography.
| splix wrote:
| Google "Cryptographic Right Answers". There are a couple of
| different posts, but they agree on the most of the things you
| would look for.
|
| Ex.: https://gist.github.com/tqbf/be58d2d39690c3b366ad or
| https://www.latacora.com/blog/2018/04/03/cryptographic-right...
| miketery wrote:
| This is great, finding NaCl (libsodium) has been a godsend,
| specifically the JS lib.
|
| 1 - https://nacl.cr.yp.to/
|
| 2 - https://github.com/dchest/tweetnacl-js
| Vegenoid wrote:
| I wanted to have a better understanding of crypto, simply to
| feel more confident in writing programs that use existing
| protocols, and started 'Real-World Cryptography' by David Wong.
| I'm about 3/4 through, and I've been happy with it. It is light
| on math, but does go into it a little bit - it seems designed
| for the kind of person who isn't comfortable using something
| until they understand how it works under-the-hood, but doesn't
| actually need to do any under-the-hood work.
|
| It has taught me enough that I think I could compose a protocol
| out of primitives that on the surface appears to do what I've
| intended it to do. It has also taught me that there are many
| subtleties that can completely break a protocol, combining
| primitives can lead to unexpected weaknesses, and many people
| who understand crypto far better than I ever will have created
| broken protocols out of secure primitives.
|
| I'm not sure it's the book you're looking for, but I think it's
| a good book if you want to understand crypto, but not design
| your own.
| Ar-Curunir wrote:
| "Secure composition" is definitely covered in the course. It
| doesn't talk only about the details of RSA (though there are
| some lectures about that), but also about what security
| properties different primitives satisfy, how to compose them
| safely, etc.
|
| A large part of modern cryptography is figuring out secure
| composition.
| tptacek wrote:
| I want to put a word in here for being cautious about the
| capabilities you can achieve in novel systems --- software
| developers are often working with multiple whole sieverts of
| novelty without realizing it --- without having a lot of the
| boring theory stuff nailed down.
|
| If you're using (say) libsodium to do _exactly_ the kind of
| thing 100 other developers have successfully used libsodium to
| do in the past, you 're fine. But it takes a deceptively small
| and subtle set of steps to end up synthesizing a new
| cryptosystem (see: attempts to build secure messaging systems
| out of libsodium primitives) without realizing that's what
| you're doing.
|
| Learn a bunch of the theory! It's important.
| schoen wrote:
| > sieverts of novelty
|
| Yikes!
|
| Is this clever metaphor original with you?
| tptacek wrote:
| I'm a little proud of it.
| begueradj wrote:
| It looks more suitable for those who are into mathematics.
| "Applied Cryptography", by Bruce Schneier, is also good for those
| who, like myself, do not need all the mathematical details behind
| cryptography.
| ilya_m wrote:
| (Writing as a professional cryptographer.) Schneier's "Applied
| Cryptography" is about as useful for learning about
| cryptography as "The Da Vinci Code" for learning about
| Renaissance. It is a lively book that name-checks relevant
| concepts, and may even lead someone to develop interest in the
| actual stuff. (That was my gateway to cryptography!)
|
| Mention Schneier at a gathering of cryptographers, and you'll
| elicit groans and eye-rolls. The main reason for that is that
| his book creates an illusion of understanding without
| instilling tthat it covers literally 1% of what one needs to
| seriously work in the field. It is also ~30 years old, and was
| dated even when it appeared.
|
| This is not to diminish the fact that Schneier is an excellent
| communicator and has done a great service to the security field
| by being a consistent and effective critic of the domestic
| security apparatus.
| egl2021 wrote:
| What is a better book? I don't want anyone eye-rolling when
| I'm LARPing.
| helpfulclippy wrote:
| "Serious Cryptography" is good. There's an updated edition
| dropping later this year.
|
| "Real World Cryptography" is also good.
| ilya_m wrote:
| A better book for what audience? The scientifically minded
| can do much worse than "A Graduate Course in Applied
| Cryptography" by Dan Boneh and Victor Shoup (on which the
| online cryptography course is based). For a more practical
| angle, I agree with other commenters on this thread:
| "Cryptography Engineering" (Ferguson, Schneier, Kohno),
| "Serious Cryptography" (Aumasson) and "Real-World
| Cryptography" (Wong) are pretty solid.
| seabass-labrax wrote:
| What LARP involves academic comparisons of cryptographic
| algorithms? Whatever it is, it sounds like my sort of thing
| ;)
| helpfulclippy wrote:
| When you say "Mention Schneier," do you mean Schneier himself
| or Applied Cryptography specifically? I was unaware of any
| particular generalized disdain for the man, though I'm
| certainly aware of plenty for the book, which you've
| summarized quite well.
|
| I remember in the intro to one of his later books
| (Cryptography Engineering, I think), Schneier actually
| apologized for making a book that was in many ways quite
| dangerous, and said his newer work was in an effort to make
| something a bit more focused on providing people with the
| firm foundations they'd need to do responsible work in
| cryptography.
|
| That said, Applied Cryptography is a very inspiring book in
| many ways (which is both the best thing and worst thing about
| it, because it's not obvious upon reading it just how
| unprepared the reader is to act on that inspiration). I
| really wish someone would go write a new Applied Cryptography
| that dreams and inspires as much, but balanced with
| perspective and caution, and based on more recent
| developments.
| tptacek wrote:
| The authors had some weird blind spots, even for the time,
| when Practical Cryptography (now called Cryptography
| Engineering) was published --- curves and authenticated
| encryption seem like the two obvious examples.
| MattSteelblade wrote:
| I'm surprised to hear that. I have never read Applied
| Cryptography, but I find that an incredibly damning simile
| (though maybe it wasn't intended to be?). Didn't Schneier
| develop Blowfish?
| ilya_m wrote:
| > an incredibly damning simile
|
| I stand by my comment, however harsh it may seem. Some of
| the disdain held by cryptographers, especially of a certain
| generation, is in no doubt a reaction to Schneier's
| prominence in the public eye as Mr. Crypto. The fact that
| he is highly quotable and media-savvy makes him a go-to
| person whenever a comment is needed on something
| (anything!) happening in security.
| mttpgn wrote:
| The cryptographer Dan J. Bernstein once told me a story that
| Bruce Schneier kept some cryptographic protocol secure for an
| additional 24 hours. The researcher demonstrating this
| protocol's weakness based their proof-of-concept on a proof
| in Schneier's book. However, Schneier's description contained
| a mathematical error. When the error in the proof-of-concept
| was pointed out to the researcher at the conference, this
| researcher went back to their hotel room, discovered the
| origin of the error in Schneier's text, and fixed the proof-
| of-concept for the conference-goers by the following day.
| Thus, Bruce Schneier kept a cryptographic protocol secure for
| an additional 24 hours.
| H8crilA wrote:
| It is impossible to study cryptography without "all the
| mathematical details". You can at best implement someone's
| scheme, but even that is not the best idea, as you're likely to
| make some mistake somewhere.
| zer0tonin wrote:
| Will they ever release Crypto II?
| withzombies wrote:
| I've been registered for Crypto II on Coursera for over a
| decade now!
| amingilani wrote:
| I wish there was a similar part 2 course. All the courses I've
| seen seem to end at roughly the same point.
|
| I want to learn about elliptic curve cryptography and post
| quantum crypto systems.
| alternativity wrote:
| In case it helps, I found this course useful as intro to
| elliptical curve crypto -
| https://youtube.com/@introductiontocryptography4223?si=O-5_a...
| lectures 16 and 17 in particular.
| dvas wrote:
| I would like to add the thought of looking at where these
| elliptic curves are deployed, things like embedded devices and
| implementations bitcoin-core libraries for say secp256k1 [0].
|
| Ref:
|
| [0] Optimized C library for EC operations on curve secp256k1
|
| https://github.com/bitcoin-core/secp256k1
| nailer wrote:
| > Public-key encryption
|
| And it's all RSA. Can crypto tutorials please add ECC already?
| galleywest200 wrote:
| If anyone would like to practice some of these lessons in a
| "capture the flag" format, I would recommend
| https://cryptohack.org/ -- great site!
| feross wrote:
| CS255 Intro to Cryptography was one of my favorite courses as a
| Stanford student. Dan is an incredible instructor. If you want
| more Stanford security course material, I also recommend CS253
| Web Security (https://web.stanford.edu/class/cs253/) (disclosure:
| I created this course) and CS356 Topics in Computer and Network
| Security (https://cs356.stanford.edu/).
|
| Videos for CS253 are online here:
| https://www.youtube.com/playlist?list=PL1y1iaEtjSYiiSGVlL1cH...
| Aaronstotle wrote:
| Thank you for listing these!
| amyamyamy2 wrote:
| Seconding this - I loved 155, 255, and 251 from Professor
| Boneh. He's very talented and was one of my favorite
| instructors for multiple years; great at explaining concepts.
| lazzlazzlazz wrote:
| An excellent course and one that has been critical in my
| professional development. Worth noting that Dan Boneh is also an
| advisor for a16z crypto's research team[1], and he produces a
| significant amount of blockchain-related content with them.[2]
|
| [1]: https://a16zcrypto.com/research/
|
| [2]: https://a16zcrypto.com/team/dan-boneh/
| lifeinthevoid wrote:
| I took it for the second time recently, this time with the goal
| to shift my career to cryptography. Still one of the best
| resources out there imo.
| paladin314159 wrote:
| Dan Boneh is amazing. I took his Cryptography course at Stanford
| and loved it so much that I ended up having him advise me on my
| senior thesis. Would highly recommend stuff that he puts out.
| shihanwan1 wrote:
| from site alone, you can tell it's legit
| lordgrenville wrote:
| A lot of people in this thread seem to be interested in a hands-
| on, no theory, practical way of learning crypto. If this is you
| check out (HN MVP tptacek's) cryptopals.com
| xhkkffbf wrote:
| A stellar course!
| davepeck wrote:
| I took this course ages ago, along with the follow up Crypto II.
| Dan is a great instructor, and his courses helped fill in a
| number of gaps in my knowledge. Highly recommended!
| the_svd_doctor wrote:
| I took both his in-person and coursera classes, and Dan is a
| great teacher. Highly recommend.
| AlexCoventry wrote:
| The book he co-authored, _A Graduate Course in Applied
| Cryptography_ , has been very helpful.
|
| https://toc.cryptobook.us/
| malviyamukul wrote:
| Thanks for sharing
| Bnjoroge wrote:
| Didn't take the class, but always felt like his book was too
| theoretical. I enjoyed "real world cryptography" and supplemented
| it with Dan's book.
| blacklion wrote:
| Who is still waiting for Cryptography II course on Coursera? :)))
| meling wrote:
| Count me in!
| brcmthrowaway wrote:
| Very outdated.
___________________________________________________________________
(page generated 2024-05-02 23:00 UTC)