After reading a lot of cryptography, I realized that it would be best if Alice and Bob just talk in person

A story about how a busy programmer became responsible for training interns.

So I was put in charge of a team of interns and had to teach them to work with Linux, coding (Bash, Python and JS) and networking overall.
None of the interns had any technical experience, skills, knowledge or talent.
Furthermore the task came to me as a surprise and I didn't have any training plan nor the time.

Case 0:
Intern is asked to connect to a VM, see which interfaces there are and bring up the one that's down (eth1). He shuts eth0 down and is immediately disconnected from the machine, being unable to connect remotely.

Case 1:
Intern researches Bash scripting via a weird android app and after a hour or so creates and runs this function: test(){test|test&}
He fork-bombed the VM all other interns used.

Case 2:
All interns used the same VM despite the fact that I created one for each.
They saved the same ssh address in Putty while giving it different names.

Case 3:
After explicitly explaining and demonstrating to the interns how to connect to their own VMs they all connect to the same machine and attempt to create file systems, map them and etc. One intern keeps running "shutdown -r" in order to test the delay flag, which he never even included.

Case 4:
All of the interns still somehow connect to the same VM despite me manually configuring their Putty "favorites". Apparently they copy-paste a dns that one of them sent to the entire team via mail. He also learned about the wall command and keeps scaring his team members with fake warnings. A female intern actually asked me "how does the screen knows what I look like?!". This after she got a wall message telling her to eat less because she gained weight.

Case 5:
The most motivated intern ran "rm -rf" from his /etc directory.
P.S. All other interns got disconnected because they still keep using his VM.

Case 6:
While giving them a presentation about cryptography and explaining how SSH (that they've been using for the past two weeks) works an intern asked "So is this like Gmail?".
I gave him the benefit of the doubt and asked if he meant the authorization process. He replied with a stupid smile "No! I mean that it can send things!".

FML. I have a huge project to finish and have to babysit these art majors who decided to earn "ezy cash many" in hightech.

Adventures will be continued.

"We should just store the passwords in plain text"

On the first class of cryptography professor says, "Hackers are people who dropped out of school, didn't obey their parents and turned to drugs and alcohol and steal money from people by hacking their facebook."

Then goes on to say, "People tend to keep their birthdate as their debit card's PIN so hacker checks their facebook account, finds their birthdate and goes to ATM machine and hacks their bank account."

I was speechless.

Pro tip: if you encrypt your message with ROT13 twice, the security is also doubled

*signs up for Skillshare*
> Sorry, your password is longer than our database's glory hole can handle.
> Please shorten your password cumload to only 64 characters at most, otherwise our database will be unhappy.

Motherf-...

Well, I've got a separate email address from my domain and a unique password for them. So shortening it and risking getting that account stolen by plaintext shit won't really matter, especially since I'm not adding payment details or anything.

*continues through the sign-up process for premium courses, with "no attachments, cancel anytime"*
> You need to provide a credit card to continue with our "free" premium trial.

Yeah fuck you too. I don't even have a credit card. It's quite uncommon in Europe, you know? We don't have magstripe shit that can go below 0 on ya.. well the former we still do but only for compatibility reasons. We mainly use chip technology (which leverages asymmetric cryptography, awesome!) that usually can't go much below 0 here nowadays. Debit cards, not credit cards.

Well, guess it's time to delete that account as well. So much for acquiring fucking knowledge from "experts". Guess I'll have to stick to reading wikis and doing my ducking-fu to select reliable sources, test them and acquire skills of my own. That's how I've done it for years, and that's how it's been working pretty fucking well for me. Unlike this deceptive security clusterfuck!

Senior C++ developer:
"Writing a custom encryption algorithm from scratch for our communications platform? Every developer knows that is an absolute no go, cryptography should be left to cryptography veterans!"

Same guy, year later:
"Blockchains? Hold my espresso, I can totally write a whitepaper on cryptography, write some shitty code with nice branding, and get millions from an ICO"

Me: Browsing the security of a website.

Tell the website developer that they are using the SHA-1 hashing algorithm for encrypting the credentials of it's registered users.

Them: Yeah, so what?

Me: You shouldn't be using an algorithm which was exploited years ago in the age of 2016.

Them: Don't worry, nothing will happen.

Me: *facepalm*

One of my favourite, encryption puzzles is this:

ITuyVT93oUZtLKWyVT5iqPO3nTS0VUEbMKxtp2IyoD==

Answer is plain text string in english. Good luck, post solution in the comments!

Was Studying for my Exams and found this hilarious comment by the Author of the Book.

So this exists.

God damn it.. Yet another night lost to the exciting world of cryptography and Internet security. Why is this shit so damn interesting?

Fuck this, fuck that, fuck the buffer, fuck AES, fuck crypto, fuck node-forge, fuck IV and browsers, once I am done with this fucking cryptographic wrapper on both client and server, the first person to say decrypt and Javascript in the same sentence in front of me will get their own dick in their ass. The guy that said mixing computer and crypto was a bad idea was fucking right

fuck code.org.

here are a few things that my teacher said last class.

"public keys are used because they are computationally hard to crack"

"when you connect to a website, your credit card number is encrypted with the public key"

"digital certificates contain all the keys"

"imagine you have a clock with x numbers on it. now, wrap a rope with the length of y around the clock until you run out of rope. where the rope runs out is x mod y"

bonus:

"crack the code" is a legitimate vocabulary words

we had to learn modulus in an extremely weird way before she told the class that is was just the remainder, but more importantly, we werent even told why we were learning mod. the only explanation is that "its used in cryptography"

i honestly doubt she knows what aes is.

to sum it up:

she thinks everything we send to a server is encrypted via the public key.

she thinks *every* public key is inherently hard to crack.

she doesnt know https uses symmetric encryption.

i think that she doesnt know that the authenticity of certificates must be checked.

Created an account on Juststickers.
This is the email I get

I'm in 3rd year of my CS degree....
Fucking Indian Education System

I'm having a subject css(cryptography & system security)... The bitch who teaches us doesn't know shit.... She just picks random words from the ppt & blabber random bullshit...

Last week we had our unit tests...and the question was explain Working of deffie-helman. Just because I didn't use the names Alice & Bob in the example she didn't gave me marks....I mean wtf..that was just an example mentioned in the slides.....

I bet it wasn't required at all...
I knew most of the things they teach here..
These mofo professors have just a CS degree and they are here to teach the same course....

bro just learn C bro I promise it's all smooth sailing bro haha lol just take up HTML with CSS bro its a piece of cake bro what bro lol just start coding up differential equations with numpy library haha its so simple bro just start with Ruby bro it will take only couple days bro what lol bro take this aeronautical course on how to code an airplane simulation bro its so simple bro just start algorithms on cryptography bro its so easy i cant bro just start writing drivers for printers bro haha lol just start writing a bootloader for a new Linux distro bro lol haha easy bro just make a billion dollar company bro haha its so simple.
keep going bro haha invent your own JS framework over a billion existing ones haha bro typescript is so easy bro lol what u say take up redis bro go from the first command bro learn mongodb and mysql together bro its so simple.

but bro don't try to master JS bro .. u will regret it forever bro.

Nobody solved this super complicated cryptography puzzle last time. I guess I have created an unsolvable mystery of epic proportions. Anyway, if you wanna give it a try, go ahead:

b417021dc01b409ad0c21b430a508624

Answer is a sentence in plain english. Space is used, but no punctuation. Post answer to comments. Good luck :D

I feel like I've ranted this before. many times. but here we go again because Australia.

why do people think you can just ban math? like really?! that's what crypto laws do. they require companies to use shitty math. and what prevents me from using the good math? nothing! oh I mean... I won't use it? scouts honor.

you can't ban math.
literally billions of internet users don't fall in your jurisdiction.
no single jurisdiction can cover more than a subset of the internet.
I will use whatever maths I damn well please.
fuck off. please stop making us less safe.
/discussion

So someone decides that the employees need to do these stupid Web-based training's that not even high school kids should be looking into.
What is about ?
Security and Cryptography, and now event the real stuff.

What it covers?
Alice and Bob, Bob and Alice.
Alice wants Bob some pics/messages that she suspects someone else will see. DDDDDDAAAAAAAFFFFFFFAAAAAAAAAKKKKKK

A total of 7 useless time wasting interactive and annoying training's, 20+ min each.

But someone forgot that please do not send this shit to engineers of your company, specially Software/Network engineers. Oh another subset, specially not to those who work deeper into the domain.

I'm getting paid to do this time wasting activity, and still.

I also may come back and remove this BUT FOR NOW I NEED TO RANT.

These are the things that finally finally helped me stick to learning programming.

Hello world! This is my first story on devrant and I would like to share how I finally overcame the barriers that had always prevent me from learning programming in a more serious and structured way.

I know my way around linux, had some experience with BASIC many years ago and have more than basic notions of cryptography... however I never got myself to learn programming in such a way that I could write an app or interact with an API. Until now.

I have advanced more than ever before and I believe it might be thanks to these aspects:

1. C#
I have always had struggles with languages that were too compact or used many exotic or cryptic expressions. However I have found C# to be much more readable and easier to understand.

2. Visual Studio
My previous attempts at learning programming were without an IDE. Little did I know what I was missing!

For example when I tried learning python on Debian, I almost went crazy executing programs and trying to find the compile errors in a standard text editor.

Intellisense has been live changing as it allows me to detect errors almost immediately and also to experiment. I'm not afraid to try things out as I know the IDE will point out any errors.

3. .NET library and huge amounts of documentation
It was really really nice to find out how many well documented classes I had available to make my learning process much easier, not having to worry about the little details and instead being able to focus on my program's logic.

4. Strong typing
Call me weird, but I believe that restricting implicit conversions has helped learn more about objects, their types and how they relate to each other.

I guess I should be called a C# fanboy at this point, but I owe it to that language to be where I'm now, writing my first apps.

I also know very very little about other languages and would love to hear if you know about languages that provide a similar experience.

Also, what has helped you when you first started out?

Thanks!!

Galois Fields 😍

Am i obsessed with security?
No Way!
Does my laptop need five seconds to calculate the aes-key for the program I'm working on, because I've set the hash-parameters unreasonable high ?
Maybe.

Learning cryptography, Dont fucking know why , guess my boss said so

Does that mean that that it's not safe and secure?

AI isnt going to crack your SHA dumb fuck

god i hate this planet

I love how odd very intelligent things can (seem to) be. Cryptography is incredibly complex, and the reason the computer was created in the first place. But that doesn't stop them from being all

"Heyyyy, y'all got any of them P R I M E N U M B E R S? We like em BIG, we'll paaaaay"

When I try to implement cryptography based on tutorials. 👾

When I think "the fundamental problem", the closest thing that comes to my mind is "unsolvable problem". P =/!= NP is a fundamental problem, the theory of everything is a fundamental problem.

But we actually solved at least one such problem – the fundamental problem of cryptography.

The problem was "how to establish a secure connection over a non-secure channel?" Like you can't exchange the key, it'll be exposed by definition.

We solved it with a simple yet brilliant solution of asymmetrical cypher, that thing with public and private keys.

It's fascinating to think that people died in WW2 over this, there were special operations to deliver fresh deciphering keys securely and now SSH and HTTPS are no-brainers that literally everyone use.

Cryptography and Network Security
<william Stallings>

Got the book ^ ^
Feel free to comment any cool book about security :)

Front-end programmers work on all the snazzy Javascript that you may not be aware you rely on so much when killing time on StumbleUpon.

!rant

Do you also sometimes have these nights in which you don't want to sleep but instead want to learn new stuff?

Right now I have one of these nights again and I have spent the last 1:20h watching a lecture by a German professor about cryptography. Man I can't wait to leave fucking highschool behind and go to university to learn stuff I am interested in.

Ten ways to fail at public key cryptography, Today:

When encrypting a file for your coworker, encrypt for your own key instead of his/hers

so uhh, i asked a question on the crypto stack exchange, and it got -1 score, but 1 favorite.

🤔

Rant rant rant!

Le me subscribe to website to buy something.

Le register, email arrives immediately.
*please not my password as clear text, please not my password as clear text *

Dear customer your password is: ***

You dense motherfucker, you special bread of idiotic asshole its frigging 2017 and you send your customer password in an email!???

They frigging even have a nice banner in their website stating that they protect their customer with 128bit cryptography (sigh)

Protect me from your brain the size of a dried pea.

Le me calm down, search for a way to delete his profile. Nope no way.
Search for another shop that sells the good, nope.
Try to change my info: nope you can only change your gender...

Get mad, modify the html and send a tampered form: it submits... And fail because of a calculation on my fiscal code.

I wanna die, raise as a zombie find the developers of that website kill them and then discard their heads because not even an hungry zombie would use that brains for something.

Diffi-Hellman is actual magic. You can exchange keys over an unencrypted channel and end up with guarenteed unique keys, on which you can start a secure channel

Like how??

People seem to like cryptographic puzzles. Well, try this one for size:

b417021dc01b409ad0c21b430a508624

Answer is a sentence in plain english. Space is used, but no punctuation. Post answer to comments. Good luck :D

...It relies on the BouncyCastle cryptography library instead of OpenSSL, yet replicates OpenSSL bugs to guarantee compatibility.

- finish mEMeOs
- learn about cryptography and finish dogecrypt
- finish translation iteration and get it to 2500 unique visitors on awstats
- make a good, solid android app
- tell people i know python (i dont😉)

I guess that’s it ¯\_(ツ)_/¯

I kinda wish there were more…

When I see warning like this, I feel strong urge to try it just for sake of what could possibly happen.
Python Cryptography library in Primitives section if anybody wondering.

I've been away a while, mostly working 60-70 hour weeks.

Found a managers job and the illusion of low-level stability.

Also been exploring elliptic curve cryptography and other fun stuff, like this fun equation...

i = log(n, 2**0.5)
base = (((int((n/(n*(1-(n/((((abs(int(n+(n/(1/((n/(n-i))+(i+1)))))+i)-(i*2))/1))/1/i)))))*i)-i)+i))

...as it relates to A143975 a(n) = floor(n*(n+3)/3)

Most semiprimes n=pq, where p<q, appear to have values k in the sequence, where k is such that n+m mod k equals either p||q or a multiple thereof.

Tested successfully up to 49 bits and counting. Mostly haven't gone further because of work.

Theres a little more math involved, and I've (probably incorrectly) explained the last bit but the gist is the factorization doesn't turn up anything, *however* trial lookups on the sequence and then finding a related mod yields k instead, which can be used to trivially find p and q.

It has some relations to calculating on an elliptic curve but thats mostly over my head, and would probably bore people to sleep.

I'm going through a KhanAcademy course learning about cryptography. I learn better by doing, so I wrote a script. It shifts bytes up depending on a random int produced by a high entropy pseudo random number generator using a sha256 hash as the seed. I'm trying to find information on the flaws with this method, that lead us to create DES, and then AES.

When you realize your professor who programs since the 486 era names all variables as such ad "vd_gr" (Validation date grant renewal), doesn't know what encapsulation is and writes his own cryptography algs, which basically replace one letter by another

**Facepalm

**then I still I have to tolerate all the critics for why I dropped college

Hey everyone! This is a long one so get comfy~

TLDR; I'm glad to be back in the presence of all you awesome people. 2019 was a dream and I have a lot of you to thank for that.

If you've noticed, I've been away for a while. I took a sabbatical from a lot of my socials (including github - or at least public github :( this summer. Let me explain:

In late April/early May, I applied and got an internship at RBC (a big bank company in Canada) found out I'm getting flown out to San Fran for a talk I gave at a summit, and got accepted to this 2 week physics [Quantum Cryptography] camp @ UWaterloo. So I had quiet the summer. In order to throw myself into work and friends and all that, I decided that I was going to take a break. Although I took a break from Github I was still active on Github Enterprise for my job but outside of that I didn't do much.

Don't worry though, now that it's fall/winter season, I'll be in my room for way too long so it's back to the usual grind. Currently, I'm in the process of planning a hackathon, prepping for picoCTF 2019, filling out University applications, all while dealing with school :) I've got a lot of projects/things coming up so ya'll will hear more from me :D

I don't have many regrets in life but one would be that I didn't learn something harder at uni. I should have picked something like CS or cryptography or something like that. Even flat out math or physics would have been super useful.

On the other hand, the finance stuff I now see as common sense doesn't seem so common after all so there's that, and it helped me too.

I learned economics with specialization in finance btw

Having gone to a bank to reset a password again today (Yes, I forgot it for like... 3rd time, don't judge me, its my backup bank account I need to access like... once a year), I was once again made to think - I come in, give them my state ID by which they authorize that I can even make a password reset request.

Then they give me a tablet to... sign a contract addendum?

Its not the contract part that always makes me stop and think though - its the "sign" part.

I'd wager that I am not the only one who only ever uses a computer to write text these days. So... My handwriting got a lot jerkier, less dependable. Soooo... My signature can be wildly different each time.......

And if my signature varies a lot... then... what is the point of having it on a piece of paper?

I know its just a legal measure of some sort... And that, if it came down to someone impersonating me and I'd go to court with the bank, there would be specialists who can tell if a signature was forged or not... But...

Come on, the computer world has so much more reliable, uncrackable, unforgable solutions already... Why... Don't all folks of the modern world already have some sort of... state-assigned private/public keypairs that could be used to sign official documents instead?

It costs money, takes time to develop etc... But... Then, there would not only be no need to sign papers anymore... And it would be incredibly hard to forge.

The key could even be encrypted, so the person wishing to sign something would have to know a PIN code or a password or something...

tl;dr: I hate physical signatures as a method of authentication / authorization. I wish the modern world would use PKI cryptography instead...

What do you think about cryptocurrencies and Blockchain technology?

In the Global Blockchain Congress currently taking place in Kolkata, India, 'IT' officials from PWC India and IBM India start their speaks right after a popular cryptography professor from Belgium and a Blockchain entrepreneur from Brazil.

Every word these 'IT officials' uttered showed how shallow and business minded the IT managers and marketers are.

as I've said in the previous rant, I know nothing about cryptography but I wanna make a tattoo and you guys have to validate how easy it is from samples.

Round 1:

EAPAToAqQMAoAoaAMEaihsIOAkrN

Hey DevRant!

Not really a rant but a question:
I just got accepted into a coding bootcamp. Have any of you been involved in one? How was it? What would you do to make it a better experience throughout? Any advice or suggestions?

It's full time, six months long and I start in October and I want to make sure I make the most of the experience and absorb as much as possible.

I'm super happy that the course appears to be less just learning JavaScript and more involved in the Computer Science side of things, even including bits about C/C++, distributed systems, algorithms and data structures, software design/testing, cryptography, database management, and computer architecture. It also, of course, covers tons of resume work, interview practice, and networking.

Thanks!

In university, I got really into cryptography. I wrote software that was testing the entropy of lots and lots of HTTPS encrypted packets, for sites that also supported HTTP. Meant that I had a pretty good idea what the plaintext was, and the quality of the encryption algorithms used. In the end, I got into lots of trouble with my university because apparently what I was doing could be deemed 'dangerous'! Never felt more like a hacker in my life.

Actually I have two stories

The first one, that one project I talked about with a big company when I was at school. It wasn't that much coding since it was mostly researching, but it was a big project that seems really interesting, with Image Analysis and Machine Learning.
The projects at school this year got drawn randomly for each group, so when I've been announced that I've been chosen for the biggest project, thinking about every side of the project, I was hyped. And even a year after we finished it, I'm still happy and excited about it.

The second is something a little more funny :
So we got some projects to do during December for school including cryptography. Again, those were randomly drawn (but some can really fuck you up) and I got to do a Password Manager, like KeyPass. We were 4, and we thought we had the time to do it.
But we misread the date. At the end of Christmas break, I got a call of a friend saying that the project is due in two days.
Thing is, one of my three co-workers weren't contactable. And we got nothing.
So I kinda took the lead : I said to one to do the UI, another to do the cryptograph helper, and I'll do the linking and all the behaviour of it.

In two days, I literally spent all the time available on it.
Then first meeting with the teacher for saying what is wrong, where bugs are if they exist, ect. so we can fix the issues and deliver a clean code. They were like only 4 big problems. More is, I fixed them all in like two hours while thinking fixing only one. And we got something like the 2nd or the 3rd best mark of the prom. And everyone congratulated me for that. I got so excited I was able to do that in few time.

But never that again lmao

Anyone here who has some experience in Cryptography? From where should I start this? I'm asking this from research point of view

I don't like any jokes and pranks. As I don't understand any of them (obviously, they mostly aren't space or cryptography related) I don't ever do any pranks...

Anyone who knows or works on cryptography? Need a little help

Avoided IoT(IoS - InternetOfShit) for a long time now, due to the security concerns with retail products.
Now I looked into 433 Transceiver + Arduino solutions.. to build something myself, just for the lolz.

Theory:
Smallest Arduino I found has 32 KByte of programmable memory, a tiny tiny crypto library could take around 4 KBytes...

Set a symetric crypto key for each homebrewn device / sensor / etc, send the info and commands (with time of day as salt for example) encrypted between Server <-> IoT gadget, ciphertext would have checksum appended, magic and ciphertext length prepended.

Result:
Be safe from possible drive-by attacks, still have a somewhat reliable communication?!
Ofc passionate hackers would be still able to crack it, no doubt.

Question: Am I thinking too simple? Am I describing just the standard here?

She: Hello, I am ABC from XYZ. We saw your profile and interested to discuss an intern opportunity with you.

Me: Yes please.

She: So can you tell me about your current projects or work.

Me: Deep learning and blah blah. I am interested to work in cryptography or deep learning based work this summer.

[15-18 Mins Discussion on project]

She: Sorry but we are looking for Web Developer for our website to work on jQuery.

Me: oh! It's okay. [ fuck 😐]

Hi guys. jeez i have to say i mastered java and python those languages are easy if i keep this up i might be able to make my own api or get into java cryptography maybe show android app developers how to keep their source code safe from reverse engineers to be honest on android i started from python, to java to AIDE (android app), to android studio i even made my first lib file these aren't games im still learning i have like one project is like a clicker game lol

!Rant
I have to do a research project for my computer science class and for some reason I chose cryptography anybody got an interesting place to start

Okay so im gonna get some confused and many disagreeing ranters on this.

I like SoloLearn. I said it.

I think its a good platform to learn the syntax for a language. and get basic understanding on the language. granted It does a horrible job at teaching you what or how to do things. and its webapp isnt nearly as great as the mobile app.

the mobile app has a lot more "lessons" ranging from ES6, Angular, React, Algorithms, Cryptography. they obviously arent the best. and SoloLearn has SO many flaws and I understand that, trust me I understand more than anyone

I just dont think its the worst.

I have last few months left out of graduation and i don't know what should i learn. There's so much things (web dev , ai/ml, blockchain, android , cloud, ,hybrid apps, gaming, ar/vr, data analysis, security,etc) and as a cs student, i feel i should be knowing them all.

In last 6 years ,

Techs that i liked or got success in :
java, Android,python, data analysis, hybrid apps(flutter)

Techs that i didn't liked or failed in : ai/ml, cloud computing , webdev(css/js) ,hybrid apps(react/angular/ionic/...)

Techs that i didn't tried : security, cryptography, blockchain, open cv , ar/vr, gaming

I am not bound by my likeness or success.

My failures was mainly because i didn't liked those techs and continued further in them. And my success comprises of just launching a few apps, passing in some certification or grabbing an internship opp because of those skills.

But if you think a particular skill is necessary to have as a cs professional then let me know. I just want to earn a lot of money and get out of this mess asap

An old meme.

Who gives out an assignment with a weightage of 6 Marks in total that too for demonstrating GRAPHIC USER INTERFACE? My Cryptography Proff. that’s who.
Why are faculties such bullies considering themselves the kingpins?
😭

Noob question

Is it better to implement a cryptpgraphic algo in a function or in a class? Also how?

More info:
I have a cryptography class and I really enjoy implementing the different techniques that we study in class. At first I was just implementing the techniques in a simple function with 3 parameters; key, message and a bool for encryption or decryption. But as they are getting more complex, it is becoming harder to continue implementing them in a single function block. So I thought of using a class but ran into the problem of how do I even do that? Do I make different methods for key generation, encrypting and decrypting?

P.S. It's really just for learning how the crypto technique works and not for anything serious.

Sometimes wondered how the avalanche effect works on hashing a message,tried making mine but was shit, I guess I need a PhD in maths lol

It may have to disappoint you, but ...
there is no cryptography in cryptocurrencies.

This shithead continuously wasted 2 lectures of CNS(Cryptography and Network Security) on debating: in a link to link encrytion if encryption and decryption takes place on every node, what if attacker attacks the node while the data is decrypted.

Though I couldn't care less about the lecture but this guy brings the same issue in every lecture

Do anyone have any idea about the link to link encryption?

I know already it encrypts the whole packet with header and on each hop the data is decrypted and the destination ip address is fetched and encrypted again, but i don't know if it's possible to perform an attack on the decrypted data.

Hey ranters!

Okay so uh, do you know about LFSRs (Linear Feedback Shift Registers)?

You may wish to tell me else burn me to a toast xD

Someone knows how to find key length of vigenere ciphertext effectively? I wrote a code for coincidence method to find key length. Sometimes it works, sometimes it doesn't.
Or i fucked up while implementing it?

Hey all. So I'm a bit of an aspiring developer/engineer. I am in highschool right now and am getting to the point where I should start looking at colleges. Ive wanted to do something computer related and for a while now ive had my heart set on some sort of security engineer/tech/researcher what have you. But it has been pointed out to me that computer sciences often require several high level math courses namely Calc. Problem being I'm pretty bad at Calc and haven't been able to do too well.

I'm not too sure what I should do. I'm struggling with my highschool calc classes and and fear that college level course will just go over my head. Ive never had issues with math before until I got to Calc. Ive got some of the basics of cryptography such as hashes and cryptographic alorithms but thats about it. Do computer science degrees really rely that heavily on Calc?

The creators of IPsec just wanted to flex how good they are at cryptography. That shit complicated af!

Q.14 - Suppose that R sends a msg 'm' which is digitally signed to M and the pair of private and public keys for M and R be denoted as K(x)- and K(x)+ for x=R,M respectively. Let K(x)(m) represent the encryption of 'm' with a key K(x) and H(m) is the message digest. Which of the following is the way of sending the msg 'm' along with the digital signature to M?
A. [m, K(R)+(H(m))]
B. [m, K(R)-(H(m))]
C. [m, K(M)-(H(m))]
D. [m, K(A)+(m)]
E. WOW, REALLY ?

During the cryptography & security lecture at the university I received an email from the university IT department with credentials to access the university cloud services. Of course, password was in a plain text.

When I try to install package 'cryptography' for Python,,, C++ and RUST compilers are launched by the pip package installer. The compilation fails. Is there any chance to avoid this error? 🐍🐞

Is there an encryption/decryption algorithm that's guaranteed to have an output of less than 100 chars? Say to encrypt messages less than 50 chars in length

Am I the only not grasping this idea of Web3 ?
I understand crypto and cryptography.
But I just don't get what this Web3 thing mean.

I don’t know if I just want to harm myself or what… like it’s as if I really enjoyed being burned out so I’m trying to recreate that feeling.

So, the thing is I’m employed as a de facto principal security engineer, basically doing the work of 5-6 people and more, since I haven’t been able to completely shed all my responsibilities from my previous roles as cloud engineer and software developer. On top of that I’m studying my CS Master’s as if I was a full-time student. That’s a lot on my plate. No free time to speak of, and even that’s filled with side projects and, if I can spare the time once in a while, other hobbies.

Now I saw that the security research group in my university is recruiting research assistants to a quantum-resistant cryptography research project - and I am soooo tempted to apply. The topic and what the research project practically aims for, and the potential learning outcomes that I can see from the job description, excite me beyond comprehension!

Am I going to drive myself to burn-out and my marriage to an irreparable state if I take that side job on top of this all? Will I be reasonable and think about that ahead of time, before applying, or will I dive in and just find out?

2nd round,

For those of you who don't know .... I'm making a tattoo... I know nothing about cryptography, you guys have to validate how strong my messages are(this one should be weak as well).

hidden message:

'\\O=_HATGwUfEdhZX]uPO=?HATGwUfEdhZX]uLRL=O=rvOUmGHAq]ubLTGwUfEdhZXsVub=PO=rvOUmGHA`]ubTGwUfEdhZXsVu@O=rvOUmGHAq]PO=rvOUmGHA`]ubTGwUfEdhZXsqRTGwUfEdhZXsqbTGwUfEdhZXsq@TGwUfEdhZXu\\'

When you are dealing with Public Key Infrastructure (PKI) services, which of the following you would use to verify an email with a digital signature ?
A. The sender's public key
B. The sender's private key
C. Your public key
D. Your private key
E. What are you talking about ?
F. None of the above

So my professor wants me to develop a code to implement an LFSR in Python.

Ranters, tell me something that LFSR can possibly motivate me about it all

When you have a coding issue you can't fix after numerous searching and debugging you give up and talk to somebody about it to see if they'd know what the cause is.

*40 mins later* the conversation is about security habits, cryptography coding and the ballmer peak.

Sit back down after the detailed conversation and realise I forgot to get assistance on the code issue.

Whelp! Maybe I'll look at refactoring now and perhaps start from scratch if I cant fix it. FML

my ECC project is taking a while so sorry if anyone is still interested and waiting!
but I am trying to work out the bugs and maybe layout the frame work for anyone else who likes cryptography for fun and is just starting

need a random number

AI says just use system time and modulus it. I'm wondering if I can get performance down lower cuz I'm doing this maybe like thousands of times a second (im too lazy to do the math rn)

found a crate called fastrand. they're all like this isn't secure for cryptography and yada yada. peak inside curious how they do it. not too sure, seems like they have a predetermined hash and they do some bitwise or something. kind of a lot to read so I don't wanna. either case seems like they're not using system time

make a test to benchmark, 10k rounds how fast is it?

430 nano seconds for system time
460 nano second for fastrand

lol
all that typing and you end up slower than system time. I'm assuming system time can be guessed as well but what's the point of fastrand if it's slower 🤔

I mean maybe on some OS systems looking up the system time might be slower? no clue

Halp meh, plz... I have run across a problem and I have absolutely no idea how to go about solving it...

So basically I need to decrypt a TDES encrypted Azure service bus message. Can be done in a straightforward manner in .NET Framework solution with just your regular old System.Security.Cryptography namespace methods. As per MSDN docs you'd expect it to work in a .NET Core solution as well... No, no it doesn't. Getting an exception "Padding is invalid and cannot be removed". Narrowed the cause down to just something weird and undocumented happening due to Framework <> Core....

And before someone says 'just use .NET Framework then', let me clarify that it's not a possibility. While in production it could be viable, I'm not developing on a Windows machine...

How do I go about solving this issue? Any tips and pointers?

Any recommendations on resources that teach how to build a secure email/password authentication system? I'm looking for something language/framework agnostic, I want to understand the process, why stuff is done the way it's done, and implement it in Rust.

I've been searching but all I can find are some rather shallow posts from companies trying to sell their authentication services. I have zero knowledge on how cryptography and hashing works, I'm pretty lost on what to use and how to use it.

For a project we have a choice between:

Storing documents, images, videos and textual data in a database. Provide relations for searching and a GUI for uploads. Web and mobile (I only have experience with RDBMS)

Solution for digitally signing documents with asymmetric cryptography. Provide web and mobile GUI. Also something about ad hoc signing (possibly insert usb stick to sign?)(know a good bit of cryptography already)

Which one should we pick? (5 man group)

Trying to make a nodejs backend is pure hell. It doesn't contain much builtin functionality in the first place and so you are forced to get a sea of smaller packages to make something that should be already baked in to happen. Momentjs and dayjs has thought nodejs devs nothing about the fact node runtime must not be as restrained as a browser js runtime. Now we are getting temporal api in browser js runtime and hopefully we can finally handle timezone hell without going insane. But this highlights the issue with node. Why wait for it to be included in js standard to finally be a thing. develop it beforehand. why are you beholden to Ecma standard. They write standards for web browser not node backend for god sake.

Also, authentication shouldn't be that complicated. I shouldn't be forced to create my own auth. In laravel scaffolding is already there and is asking you to get it going. In nodejs you have to get jwt working. I understand that you can get such scaffolding online with git clone but why? why express doesn't provide buildtin functions for authentication? Why for gods sake, you "npm install bcrypt"? I have to hash my own password before hand. I mean, realistically speaking nodejs is builtin with cryptography libraries. Hashmap literally uses hashing. Why can't it be builtin. I supposed any API needed auth. Instead I have to sign and verfiy my token and create middlewares for the job of making sure routes are protected.

I like the concept of bidirectional communication of node and the ugly thing, it's not impressive. any goddamn programming language used for web dev should realistically sustain two-way communication. It just a question of scaling, but if you have a backend that leverages usockets you can never go wrong. Because it's written in c. Just keep server running and sending data packets and responding to them, and don't finalize request and clean up after you serve it just keep waiting for new event.

Anyway, I hope out of this confused mess we call nodejs backend comes clean solutions just like Laravel came to clean the mess that was PHP backend back then.

Express is overrated by the way, and mongodb feels like a really ludicrous idea. we now need graphql in goddamn backend because of mongodb and it's cousins of nosql databases.

EY and ConsenSys announced the formation of the Baseline Protocol with Microsoft which is an open source initiative that combines cryptography, messaging and blockchain to deliver secure and private business processes at low cost via the public Ethereum Mainnet. The protocol will enable confidential and complex collaboration between enterprises without leaving any sensitive data on-chain. The work will be governed by the Ethereum-Oasis Project.

Past approaches to blockchain technology have had difficulty meeting the highest standards of privacy, security and performance required by corporate IT departments. Overcoming these issues is the goal of the Baseline Protocol.

John Wolpert, ConsenSys’ Group Executive for Enterprise Mainnet added, “A lot of people think of blockchains as the place to record transactions. But what if we thought of the Mainnet as middleware? This approach takes advantage of what the Mainnet is good at while avoiding what it’s not good at.”

Source : ConsenSys