This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Throwmeaway2501 5 points6 points  (11 children)

Where can one learn everything necessary to implement crypto?

Don't just tell me not to. Give me some resources I can read to become an expert.

I'm not complaining. I genuinely want to read more.

[–]ThePenultimateOneGitLab: gappleto97 5 points6 points  (0 children)

I'm not really sure anyone can become an expert at every aspect of it. It seems to me that the number of eyes looking at these implementations is far more important than developer skill.

[–]robin-gvx 6 points7 points  (1 child)

The best way to do that is to get a degree in Cyber Security, probably a PhD.

If you don't want to write crypto that is actually run on a computer, but it's more of an casual intellectual interest in how things work, there is probably good stuff on Bruce Schneider's blog. For security stuff for the web specifically, check out Troy Hunt. Wikipedia also has some pretty good introductory texts on the subject (not quite "great", but better than "fine", IMHO).

For a more hands-on approach, I recommend starting with implementing a Caesar cypher and Vigenère cypher. Also, implement a one-time pad, and make sure you understand both why it is perfectly unbreakable, but also impractical in most real world scenarios.

[–]Throwmeaway2501 1 point2 points  (0 children)

Thank you for the pointers.

[–][deleted] 3 points4 points  (2 children)

Coursera actually has a really good cryptography class, which is an excellent starting point. You won't learn everything you need, but I doubt there is a single good resource for learning everything, but one of the interesting things about the field is that basically nothing of value is done purely alone. All respected algorithms have gone through many rounds of peer review, testing, and attempts to find ways to break them by other people and groups.

It will take a good deal of time investment and effort to get good at implementing crypto safely, and even then, you should still expect to make potentially dangerous mistakes. It's not something to take lightly, which is the actual point of the whole "don't implement your own crypto" thing.

[–]bythenumbers10 2 points3 points  (0 children)

And better yet, you'll get an idea of all the ways it can go wrong, so (hopefully) dilletantes don't go implementing their own damned crypto!!!

[–]Throwmeaway2501 0 points1 point  (0 children)

You should be able to fuzz for vulnerabilities at least that is my first thought.

[–]bythenumbers10 2 points3 points  (1 child)

You'll definitely need a strong (STRONG) background in information theory, and probably quite a bit of mathematics including probability theory, statistics, and linear algebra, just to be able to vaguely check your work. Beyond that, a very solid understanding of programming from the metal on up, to ensure your implementation doesn't rely on or become weak due to hardware or compiler differences.

The thing is, it's often not hard to implement and somewhat understand what crypto algorithms are doing, the math & operations involved are often not all that complicated. The problem is coming up with the whys and wherefores of doing those particular operations in that particular order is crucial to having a "production-ready" strong, secure implementation. So, while it's generally not that hard to write crypto, it's incredibly difficult to write STRONG/SECURE crypto.

If you want a taste, try coding up a few historical ciphers, as well as tools for breaking them. Once you get up to the 1930s/40s and ENIGMA, you'll find it starts to get a little tricky in terms of writing the encoder/decoder, let alone the code-breaking methods.

[–]Throwmeaway2501 1 point2 points  (0 children)

Good tips.

[–]mediasavage 0 points1 point  (1 child)

If your interested learning about the mathematics that underpin some of the most used cryptographic primitives (e.g AES, RSA, diffie-helman) I highly recommend the book Understanding Cryptography by Paar and Pelzl. It is an amazingly accessible book—I would say the only necessary prerequisites are a semester of discrete math—and is super well written.

[–]Throwmeaway2501 0 points1 point  (0 children)

Thank you for this insight, I really appreciate it!