HN Academy

https://www.coursera.org/learn/crypto2 Is this it?

⬐ Tomte

Yes, it's been in that waiting state forever and even links to the submitted online book as a substitute to look at.

If you come from a computer science/math background, and want an intro to cryptography in general, I can strongly recommend the Coursera course from Stanford University by professor Dan Boneh - https://www.coursera.org/learn/crypto. To really understand the implementations of security libraries and tools, one should be at least familiar with the fundamentals and terminology of crypto. Otherwise you are blindly encrypting things without being aware of whether you are actually securing things.

The course is free and takes 6 weeks long, and is very interesting if you had never dwelled too deep into security or crypto. There's also a new cryptography class that will be available in September of 2017 - https://www.coursera.org/learn/crypto2.

⬐ qjighap

I loved the first crypto course.

I have been enrolled in the crypto2 class for several years now. I hope they finally offer the course, but I have low hopes.

⬐ kyrre

any day now :^)

⬐ hueving

TBH this doesn't really give you anything about best practices though. It's a bunch of base theory without anything about timing analysis, etc. It's nice to know information but I don't think it makes you a better 'secure' programmer.

⬐ rqebmm

This was a complaint I heard from several people I work with who took the course.

⬐ platz

To my knowledge there has never been a timing attack documented in the wild on a remote server. They are only practical in offline scenarios with host access

⬐ hueving

Depends on what you mean by timing attack.

The only vulnerability of Tor, which heavily depends on cryptography, is timing analysis.

One of the most important lessons of cryptography is that it doesn't exist in a vacuum. Timing between messages and message sizes can be enough to end you.

⬐ platz

I guess "timing analysis" means something else, more akin to correlation of meta-data. https://en.wikipedia.org/wiki/Timing_attack is pretty clear, so maybe I was referring to something else than the OP.

⬐ cvwright

Funny you should mention this in a thread about Dan Boneh's crypto class.

David Brumley and Dan Boneh, "Remote Timing Attacks Are Practical." In Proc. USENIX Security Symposium, 2003. https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

Abstract

Timing attacks are usually used to attack weak computing devices such as smartcards. We show that timing attacks apply to general software systems. Specifically, we devise a timing attack against OpenSSL. Our experiments show that we can extract private keys from an OpenSSL-based web server running on a machine in the local network. Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.

That's not a valid argument. Nothing is secure from all known threats.

The question is how (in)secure is the system. In this case, the voting protocol doesn't provide a means of verification.

Secure voting protocols have been around for quite a few years. jjuhl left this comment above https://news.ycombinator.com/item?id=13032602

Dan Boneh's Crypto 2 coursera course (https://www.coursera.org/learn/crypto2#) covers the concept.

There are voting protocols that use the same foundations as public-key crypto to allow for vote verifiability - you can validate that your vote has been taken into account in the tally without sacrificing the privacy of your vote. There are solutions for voter fraud too.

⬐ vehementi

Check out the many threads about this on HN about why electronic voting is not going to be secure enough

⬐ pdkl95

> Nothing is secure from all known threats.

Of course. That's why it's important to reduce the attack surface. Adding electronics (or worse, software) adds a huge amount of attack surface. The attack could be at any point from the CPU-internals to the software.

> the voting protocol doesn't provide a means of verification

Yes. That's a feature. Any new system cannot re-enable voter coercion.

> Homomorphic encryption

I already mentioned[1] that video yesterday. It's an interesting idea, but even Prof. Rivest in the video isn't claiming it's ready for use.

More importantly, the reply by marten-de-vries[2] brings up a very good counter argument to any voting system based on fancy math: the general population won't accept it. The voting process doesn't work unless the population considers it legitimate, and it will be hard to convince them if they first have to learn enough math to understand homomorphic (or public-key) encryption.

This is still interesting research that may evolve into a new type of voting protocol in the future.

[1] https://news.ycombinator.com/item?id=13020917

[2] https://news.ycombinator.com/item?id=13021517

⬐ habeanf

> Adding electronics (or worse, software) adds a huge amount of attack surface. The attack could be at any point from the CPU-internals to the software.

You're missing the point. The voting protocol is built in such a way that you can verify that your vote was cast as intended, and that your vote was counted in the tally. Once everyone agrees on the voting protocol you don't need to trust someone else's electronics, you can do it on your own device, and use open source software.

> the voting protocol doesn't provide a means of verification Yes. That's a feature. Any new system cannot re-enable voter coercion.

You can have vote verification without enabling coercion. If you have a vote receipt it does not imply you can prove or disprove how you voted, but it does allow you to verify that your vote was included in the tally.

> More importantly, the reply by marten-de-vries[2] brings up a very good counter argument to any voting system based on fancy math: the general population won't accept it. The voting process doesn't work unless the population considers it legitimate, and it will be hard to convince them if they first have to learn enough math to understand homomorphic (or public-key) encryption.

I disagree. The general population doesn't know how RSA or AES work but we have HTTPS and the green-lock-thingy. You don't need to know how or why something works in order to reap its benefits.

⬐ pdkl95

> You're missing the point. The voting protocol is built in such a way that you can verify that your vote was cast as intended

No, you're missing the point. You don't know that the crypto was calculated properly, because you are not going to be calculating the crypto by hand. Prove - in the voting booth - that someone hasn't changed the software to give you the wrong crypto token.

> If you have a vote receipt it does not imply you can prove or disprove how you voted, but it does allow you to verify that your vote was included in the tally.

Do you not see that this is is a contradiction? Someone coercing you simply demands that verification.

"Bring your verification receipt if you want to keep your job."

> HTTPS and the green-lock-thingy

TLS doesn't rely on the public understanding it for legitimacy. The public doesn't care about how it works; they care about if it's a reliable security feature. Legitimacy is lost if there are too many public failures.

Voting requires an understanding how the winner was decided. Your proposal will never be accepted if it is, in the eyes of the general public, a black box you submit your vote into that is only interpreted by a priesthood that they have to trust to interpret the votes. Adding up votes is understandable, but homomorphic encryption might as well be black magic.

This understanding is more important than ever, because we are currently experiencing a revolt against technocracy. Brexit and Trump are aspects of this revolt. If you think you can get the population to accept a voting protocol they don't understand, then you haven't been paying attention to the current political climate.

⬐ Tomte

Has been announced and cancelled many times, but I'm hopeful this time, because I could actually enroll, and there was a pre-course survey a few weeks ago.

Looks to me like it's seriously starting in four months now.

⬐ calvins

I know there are quite a few readers of HN that have been waiting for Crypto II for a while, so consider this a public service announcement.

⬐ calvins

Pushed back for another six months yet again. So much for the idea somebody here put forth that it always gets cancelled in the middle of the previous month if it's going to get cancelled. This time it's four days before it would have started.

Dan Boneh's "Introduction to Cryptography".

(Part 1) https://www.coursera.org/course/crypto (Part 2) https://www.coursera.org/course/crypto2

⬐ Kurtz79

I did part 1 and liked it a lot.

I also liked Udacity crypto course, less formal but with great "hands on" exercises:

https://www.udacity.com/course/applied-cryptography--cs387

⬐ kbart

I came here to say the same. A really, really good course, a must to everyone who's interested in cryptography.

⬐ zzmxleo

Yeah, the course is really cool.

⬐ calvins

+1 for Dan's crypto1. I don't think crypto2 has been taught yet via coursera, as I've been waiting to take it and have seen it pushed back several times, and I've seen others say they'd been watching it get delayed for years. It does seem that Dan has been recording videos for part 2 in 2015 though (according to one of his students), so there's reason for hope that it might happen in 2016.

⬐ nindalf

I think we'll know in a couple of weeks if its going to start on Jan 11th or not. If its not ready yet, it'll be pushed back by a month or two by mid December. That's how the previous postponements were done.

⬐ uulbiy

I finished Cryptography I in March 2012 and wanted to take Cryptography II ever since. Every time the announced time is close it gets pushed back by 4 months.

Dan Boney is awesome. I really like that he is sharing his classes and materials online (I would highly recommend his classes in Stanford[0] and his coursera class[2] as well). I think this is still a work in progress / draft so don't expect to have an ebook available yet.

[1] CS*55 series [2] https://www.coursera.org/course/crypto2

⬐ tga_d

That Coursera link should be https://www.coursera.org/course/crypto

The first course happens regularly, while "part 2" has been "2 months away" for at least a year now.

⬐ jessaustin

I signed up for that years ago, after enjoying crypto 1. Has 2 ever taken place?

⬐ sigjuice

No.

⬐ lisper

That's "Boneh", not "Boney." (It means "builder" in Hebrew.)

⬐ nicolasehrhardt

That was actually a typo, but thanks for the translation. And apologies...

Is this the course you are looking for? https://www.coursera.org/course/crypto2

⬐ StavrosK

Yeah, it's been "starting in three months" for two years.

Does anyone know how this compares to Coursera course [1] or [2] + [3]?

[1] https://www.coursera.org/course/cryptography

[2] https://www.coursera.org/course/crypto

[3] https://www.coursera.org/course/crypto2

⬐ transedward

https://www.udacity.com/course/cs387

Udacity also has a applied cryptography, I haven't tried. but it's good if someones has feedback.

⬐ JoachimSchipper

I have heard good things about [2] from colleagues. Also, Boneh is a capable cryptographer.

⬐ spand

[3] has never been available while this seems only temporarily unavailable.

⬐ eroo

[1] is starting next week and I was considering spending time on it. I'd really appreciate any feedback from those who have taken it!

⬐ lvh

(Author here.)

I've taken Dan's crypto class ([2]), so I think I can weigh in.

Obvious difference: not organized as a MOOC. Whether that is good or bad is up to you.

Focus difference: I think Crypto 101 is targetting applied crypto more, whereas the Coursera classes take a more classical introduction. There is nothing wrong with either approach, in my opinion. Just a difference in focus.

Both coursera and udacity have amazing courses on crypto.

Udacity: https://www.udacity.com/course/cs387

Coursera crypto I: https://www.coursera.org/course/crypto

Coursera crypto II: https://www.coursera.org/course/crypto2

I took coursera crypto I myself. It was a lot of work, but I learned a ton.

⬐ agwa

Good luck trying to take Coursera's Crypto II: I've been signed up since August 2012, and every 3-6 months it has been delayed another 3-6 months. At this point I'm no longer expecting it to be offered.

Crypto I is not vaporware and is excellent.

⬐ dethstar

Makes you wonder why aren't online classes kept, at least a year or something, in case the information is out of date (for technology)?

⬐ epsylon

That's because the staff needs a schedule similar to the academic schedule so they can answer questions, correct things, participate in the forum discussions...

Crypto I has been offered several times though (at least 4 or 5). If you ever signed up for one of the offerings, you can still access to the full course (videos, lectures, and I think even the automated grader) as well as the forums (but the forum activity usually fades down after the end of the course).

⬐ krick

It's not because of some practical reasons, just university policies.

⬐ agwa

I'm not sure what you're saying. As far as I know, Crypto II has never been offered, so the problem is probably that they haven't developed any course material for it.

⬐ TrainedMonkey

Udacity has a model in which every class is self paced and they have not deleted a single one since uploading them.

⬐ JosephBrown

This is my favorite feature that Udacity has and the others don't.

⬐ B-Con

I have hopes for Crypto II. Based on Crypto I, Boneh likes to do a good job with the course and being who he is, he's probably just incredibly busy (the original Crypto I itself had two minor delays in the middle of the class), so it keeps getting postponed. I wouldn't be surprised to see it materialize eventually.

⬐ ropman76

Crypto I is great course and I recommend to anyone one who wants to know more about how crypto works.

⬐ midas007

Crypto I was very well put together, Crypto II has a high threshold to maintain [0]

References:

[0] https://www.coursera.org/course/crypto

I'm taking Stephen Boyd's Convex Optimization: https://class.stanford.edu/courses/Engineering/CVX101/Winter...

This class was one of the early courses with online videos and materials. I think this will be great if you are interested in learning about convex optimization in some detail. This class will be on Stanford's OpenEdx platform with new materials.

Dan Boneh is teaching a two part sequence on cryptography: https://www.coursera.org/course/crypto1 https://www.coursera.org/course/crypto2

The practical exercises in part I worked through defects in the implementations of cryptographic protocols. If you want to really understand how some of the popular crypto algorithms work, these two courses will help you.

Try Dan Boneh's crypto course on coursera [1]. It covers quite a lot of ground, both practical and theoretical, and includes programming exercises similar to the matasano puzzles. Without a doubt it's one of the best courses of the dozen MOOCs I've taken. There's also a followup course [2] (I haven't taken it yet personally, but I believe the currently scheduled run will be the first).

Interestingly enough, there's also an upcoming security course (with no date planned yet) which will cover the application programming part of security and will be co-taught by him. [3]

[1] https://www.coursera.org/course/crypto [2] https://www.coursera.org/course/crypto2 [3] https://www.coursera.org/course/security

⬐ cryptbe

Glad that you like Dan Boneh's crypto class. I made the programming exercises :-).

⬐ StavrosK

They were very well done, and I loved the course overall, so congrats. I like how Dan knows how to preemptively answer every question I had.

Wow. I'm even happier to have completed it then!

Agreed, it was a great course. Looking forward to the sequel in early April. https://www.coursera.org/course/crypto2

⬐ Nursie

Thanks fr the reminder, must get involved in that, it's fascinating stuff.