comment by rthomas6

a thoughtful web.

Good ideas and conversation. No ads, no tracking. Login or Take a Tour!

comment by rthomas6

rthomas6 · 3050 days ago · link · · parent · post: Help me learn new things! – Cryptography

Aw man, I wish I would have seen this last month. Maybe this stuff will be interesting for anyone else that wants to learn more about cryptography, or you if you have some extra time. :)

So one thing I've learned about cryptography is to never roll your own crypto libraries. Cryptography's security is rather binary: it's either perfectly implemented and secure, or imperfectly implemented and insecure. One crack in the armor will take down the whole thing. And apparently cryptography implementation is non-trivial. Many complex considerations must be taken into account-- things that people like you and me don't know enough to not do. Things like how intermediate computations are stored in memory, and even things like information gleaned from how much time it takes for the algorithm to execute. So use widely-used crypto libraries that have been audited by security expert peers. On a related note, be very suspicious of any company that creates their own cryptographic algorithm instead of using an existing one. Like Telegram.

A really good resource is the Matasano Crypto Challenges, which will teach you a ridiculous amount about cryptography through breaking faulty implementations of it.

Another cool thing is this comic which teaches how AES works, and is surprisingly detailed and accurate.

markup tips · 0

wasoxygen · 3050 days ago · link ·

never

From Bruce Schneier's blog I have learned that the weak point is almost always implementation; when vetted cryptography tools are employed no one bothers to attack them and rarely needs to.

this comic which teaches how AES works

It is ridiculous how much easier it is to absorb an explanation when a stick figure presents it to you. You think you are reading a comic, before you know it you are reading Korean.