hngopher.com

       [HN Gopher] Cryptography 101 with Alfred Menezes
       ___________________________________________________________________
        
       Cryptography 101 with Alfred Menezes
        
       Author : nmadden
       Score  : 103 points
       Date   : 2025-11-03 14:12 UTC (4 days ago)
        
 (HTM) web link (cryptography101.ca)
 (TXT) w3m dump (cryptography101.ca)
        
       | teleforce wrote:
       | Alfred Menezes has also written a Handbook of Applied
       | cryptography that can be accessed and download for free:
       | 
       | https://cacr.uwaterloo.ca/hac/
        
         | commandersaki wrote:
         | And co-authored the "another look" papers at
         | https://anotherlook.ca/
        
       | zavec wrote:
       | Oh hey I took his crypto class in fourth year! Fantastic prof, I
       | should check this out to refresh my memory.
        
       | danhau wrote:
       | What I would like, but haven't found yet, is a cheat sheet on
       | what up to date encryption method or algorithm one should use for
       | whatever need. A kind of requirement -> algorithm dictionary.
       | 
       | Like, I need to authenticate that a client is a known identity.
       | What algo? How to use it? What to avoid? I need to sign a message
       | or document. How? I need to verify said message. How? I need to
       | store passwords. How?
       | 
       | I know some crypto, but discovering and learning about them is a
       | bit of a pain. For how important crypto is, you'd think someone
       | would have bothered to teach developers how to choose and deploy
       | these algorithms properly.
        
         | pona-a wrote:
         | If your needs are this simple, you may be better served by an
         | opinionated crypto library like Monocypher [0] or libsodium
         | [1]. Just look at the latter's FAQ page and you'll see they're
         | taking your approach targeting developers, not cryptographers.
         | 
         | They'll provide you one blessed algorithm for every primitive
         | with secure alternatives if your use-case demands them.
         | XChaCha20-Poly1305 for encryption, EdDSA for signatures, X25519
         | for key exchange, BLAKE2b for a hash, Argon2i for a KDF.
         | 
         | [0] https://monocypher.org/
         | 
         | [1] https://doc.libsodium.org/doc/quickstart
        
         | chocolatkey wrote:
         | Google's Tink crypto library had a slightly technical page to
         | help with that: https://developers.google.com/tink/choose-
         | primitive
        
         | hiisukun wrote:
         | It's not new, and some people would disagree on some minor
         | elements -- but a good place to start was regularly this blog
         | from approximately Matasano/NCC Group members, called
         | Cryptographic Right Answers [1]. It's very clear, gives
         | straight forward answers in clear fashion -- and with multiple
         | opinions often aligning.
         | 
         | It was updated a few times, I wonder if the equivalent exists
         | for PQ?
         | 
         | Edit/Update: Found the PQ one @ [2], definitely check it out!
         | 
         | Maybe I'm mis-remembering, but perhaps the most controversial
         | element was the regular recommendation of AES-GCM. It certainly
         | has excellent security properties, but also a certain
         | brittleness re: nonces.
         | 
         | [1] https://www.latacora.com/blog/2018/04/03/cryptographic-
         | right... [2] https://www.latacora.com/blog/2024/07/29/crypto-
         | right-answer...
        
           | thadt wrote:
           | > Random IDs > Latacora, 2018: Use 256-bit random numbers.
           | 
           | > Latacora, 2024: You should get 100 lava lamps, point a
           | camera to them and use the frames as seed for a PRNG.
           | 
           | Man, is my boss gonna be surprised what's getting requisition
           | ordered this morning.
        
             | michaelscott wrote:
             | This is how Cloudflare does (did?) PRNG
        
           | michaelscott wrote:
           | I think this is a primary reason why there is no real
           | "cheatsheet" for this stuff. The application of a given algo
           | (and even what types of inputs you provide) are heavily
           | dependent on the detailed specifics of your use case and how
           | you apply them
        
         | some_furry wrote:
         | > Like, I need to authenticate that a client is a known
         | identity. What algo?
         | 
         | In this case, you're asking the wrong question.
         | 
         | When people say "what algo?" in such a context, the answers
         | will be flavored as "Ed25519 vs secp256k1 vs RSA-PKCS1v1.5"
         | when you should _first_ be asking  "what level of abstraction
         | am I dealing with?" and "what are the constraints?"
         | 
         | Like, maybe "algo" isn't even a relevant concern.
         | 
         | If I were designing a simple token-based auth scheme today, I'd
         | reach for PASETO. Unless I need interop with a third-party
         | provider, who almost universally use JWTs and prevent me from
         | having any say or choice in the matter.
         | 
         | With PASETO, you don't need to know, or even care, about "what
         | algo?" You only need to consider mode, which is more of a use-
         | case question.
         | 
         | But with JWTs, you not only have to care about "what algo?"
         | your system needs to be very delicate in how it processes them.
         | https://www.howmanydayssinceajwtalgnonevuln.com
         | 
         | I cannot imagine proactively writing a cheat sheet for every
         | possible use case. You might be tempted to use AI to solve this
         | problem on demand, but the cost of a hallucination here is
         | pretty high.
         | 
         | If you find yourself regularly asking this question, I'd
         | recommend just hiring a cryptography consultant.
        
       | baby wrote:
       | I like that it's called "cryptography 101" but only has post-
       | quantum schemes, this is cool :)
        
       | throw0101d wrote:
       | Something I've been curious about lately:
       | 
       | With symmetric algorithms, e.g. AES, and modes of operation, is
       | there a "best" one? Currently GCM seems to be quite popular. Is
       | there something (an AEAD?) better? Now that the patent of OCB(3?)
       | is expired, is it worth changing?
        
         | some_furry wrote:
         | I wrote a deep dive into this in 2020, but not much has changed
         | since then.
         | 
         | https://soatok.blog/2020/07/12/comparison-of-symmetric-encry...
         | 
         | EDIT: Actually, the parts about OPAQUE are no longer relevant
         | because they changed the protocol before the RFC was final to
         | not need encryption, but that was just an example of where
         | you'd make this sort of trade-off decision, so the rest of the
         | article is still relevant.
        
           | thadt wrote:
           | Oh hey, the AEGIS poll looks like it's due _today_ [1].
           | 
           | Committing, better performance, random nonces - let's go.
           | 
           | [1] https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-
           | aead
        
             | some_furry wrote:
             | Oh sweet.
        
       | Maksadbek wrote:
       | It always astonishes me how much useful information you can find
       | on internet being publicly available. You just need a willing to
       | learn.
        
       ___________________________________________________________________
       (page generated 2025-11-07 23:02 UTC)