Cryptography
Subject Area
Learning Resources
Learn more by checking out these great sites.
Crypto 101
learning-resource
Crypto 101 is an introductory course on cryptography, freely available for programmers of all ages and skill levels. Comes with everything you need to understand complete systems such as SSL/TLS: block ciphers, stream ciphers, hash functions, message authentication codes, public key encryption, key agreement protocols, and signature algorithms. Learn how to exploit common cryptographic flaws, armed with nothing but a little time and your favorite programming language. Forge administrator cookies, recover passwords, and even backdoor your own random number generator.
Visit WebsiteCrypto Challenge Set 1 (cryptopals)
learning-resource
This set of cryptopals challenges includes skills from converting hex to base67 through to detecting AES in ECB mode. From the authors: this is the qualifying set. We picked the exercises in it to ramp developers up gradually into coding cryptography, but also to verify that we were working with people who were ready to write code. This set is relatively easy. With one exception, most of these exercises should take only a couple minutes. But don't beat yourself up if it takes longer than that. It took Alex two weeks to get through the set!
Visit WebsiteCrypto Challenge Set 2 - Block crypto (cryptopals)
learning-resource
The second set of cryptopals challengs, focusing on block ciphers. This covers topics suchs as PKCS#7 padding, CBC mode and ECB mode. From the authors: this is the first of several sets on block cipher cryptography. This is bread-and-butter crypto, the kind you'll see implemented in most web software that does crypto. This set is relatively easy. People that clear set 1 tend to clear set 2 somewhat quickly. Three of the challenges in this set are extremely valuable in breaking real-world crypto; one allows you to decrypt messages encrypted in the default mode of AES, and the other two allow you to rewrite messages encrypted in the most popular modes of AES.
Visit WebsiteCrypto Challenge Set 3 - Block and stream crypto (cryptopals)
learning-resource
From the author: this is the next set of block cipher cryptography challenges (even the randomness stuff here plays into block cipher crypto). This set is moderately difficult. It includes a famous attack against CBC mode, and a "cloning" attack on a popular RNG that can be annoying to get right. We've also reached a point in the crypto challenges where all the challenges, with one possible exception, are valuable in breaking real-world crypto.
Visit WebsiteCrypto Challenge Set 4 - Stream crypto and randomness (cryptopals)
learning-resource
From the author: this is the last set of block cipher cryptography challenges, and also our coverage of message authentication. This set is much easier than the last set. We introduce some new concepts, but the attacks themselves involve less code than, say, the CBC padding oracle. Things get significantly trickier in the next two sets. A lot of people drop off after set 4.
Visit WebsiteCrypto Challenge Set 5 - Diffie-Hellman and friends (cryptopals)
learning-resource
From the authors: this is the first set of number-theoretic cryptography challenges, and also our coverage of message authentication. This set is significantly harder than the last set. The concepts are new, the attacks bear no resemblance to those of the previous sets, and... math. On the other hand, our favorite cryptanalytic attack ever is in this set (you'll see it soon). We're happy with this set. Don't wimp out here. You're almost done!
Visit WebsiteCrypto Challenge Set 6 - RSA and DSA (cryptopals)
learning-resource
From the authors: this is the last of our original crypto challenges. This set exclusively covers number-theoretic cryptography, and, in particular, RSA and DSA. This set is hard. The concepts are again new. The attacks involve some math, but nothing you didn't learn in 9th grade, and a significant amount of programming. But they're worth it. Two of these attacks in particular are among the most valuable in real-world cryptography.
Visit WebsiteCrypto Challenge Set 7 - Hashes (cryptopals)
learning-resource
From the author: this is the first of two sets we generated after the original 6. Unlike the last few sets, this set is a hodge-podge. It also includes some of the few challenges we have that probably aren't useful against real targets (they were fun enough to include anyways). On the other hand, we also include a challenge that models the CRIME attack on TLS. This set is hard. There's a significant amount of programming, and Wang's attack in particular is as difficult as anything we've done.
Visit WebsiteUnderstanding Cryptology: Core Concepts
learning-resource
This is an introduction to cryptology with a focus on applied cryptology. It was designed to be accessible to a wide audience, and therefore does not include a rigorous mathematical foundation (this will be covered in later classes). The class format is lecture and discussion.
Visit WebsiteUnderstanding Cryptology: Cryptanalysis
learning-resource
A class for those who want to stop learning about building cryptographic systems and want to attack them. This course is a mixture of lecture designed to introduce students to a variety of code-breaking techniques and python labs to solidify those concepts. Unlike its sister class, Core Concepts, math is necessary for this topic. Don't have a math degree? A basic understanding of algebra is sufficient - the mathematical principles that are necessary for understanding are included in the lecture. Knowledge of programming is also necessary, and knowledge of python is very helpful.
Visit WebsiteWargame: Krypton
learning-resource
The Krypton wargame from OverTheWire provides fun cryptography challenges accessible over SSH. The challenges start with simple character encoding and progresses to more complex crypto subjects.
Visit Website