Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

Crypto crypto everywhere, and not a drop to read

By japhar81 in Internet
Mon Jan 08, 2001 at 12:51:46 PM EST
Tags: Security (all tags)

So that other site has posted yet another round of 'this whizz-bang crypto has been broken', and once again, the article lacks any details. I've been banging my head up against the wall for a few months now, trying to find some shred of info to get me started in understanding the math behind crypto, how its created, how its broken, etc. etc. The only thing I've found online though, is script kiddie pages telling me how theyre the greatest, not exactly high-level calc...

K5 gave me great advice when I was looking for resources to read up on physics (thanks all! I'm still reading), so I'm hoping that you all can help me yet again. The only catch is, I don't really want to buy any books on the subject (yet), I don't really know how interested I'll be in it once I actually start in on the evil math, but I've got enough curiosity to try it. I'd appreciate some pointers to websites and whatnot. I'm specifically interested in learning enough background to understand the equations behind all of the various crypto methods out there, and how they were created/broken.


Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure


Related Links
o Also by japhar81

Display: Sort:
Crypto crypto everywhere, and not a drop to read | 29 comments (26 topical, 3 editorial, 0 hidden)
Start here: (4.00 / 5) (#1)
by i on Mon Jan 08, 2001 at 08:27:14 AM EST


Handbook of Applied Cryptography

and we have a contradicton according to our assumptions and the factor theorem

Not sci.crypt (2.00 / 1) (#4)
by squigly on Mon Jan 08, 2001 at 08:42:56 AM EST

Nothing really wrong with it, but most of the people there seem a little too knowledgable about the subject matter for a newbie lurker. At least for I find it asll a bit overwhelming.

People who sig other people have nothing intelligent to say for themselves - anonimouse
[ Parent ]
As with every NG... (4.00 / 1) (#7)
by i on Mon Jan 08, 2001 at 09:07:37 AM EST

start by reading FAQ and try to follow a few pointers from there. Then the group itself will seem a little bit less overwhelming.

and we have a contradicton according to our assumptions and the factor theorem

[ Parent ]
I found even the FAQ overwhelming (none / 0) (#9)
by squigly on Mon Jan 08, 2001 at 09:29:11 AM EST

A 10 part FAQ is kind of large, even if it is possible to skim over most of it. I'm sure the number of parts could be reduced, and the more specific sections given their own FAQs

People who sig other people have nothing intelligent to say for themselves - anonimouse
[ Parent ]
Would that it were true! (none / 0) (#23)
by Paul Crowley on Mon Jan 08, 2001 at 02:30:05 PM EST

I've found sci.crypt mostly to be full of seriously ignorant people blowing smoke.

Some of the really clueful people there are David Wagner (absolute top cryptologist, sci.crypt readers are very lucky to have his participation), Bob Silverman (RSA's expert on factoring and number theory, and great curmudgeon), David A Molnar, Scott Fluhrer, Brian Gladman, D J Bernstein, Paul Rubin, and of course me.

Just don't post totally unfounded speculation or homework problems, and you should be OK...
Paul Crowley aka ciphergoth. Crypto and sex politics. Diary.
[ Parent ]
Try the FAQ, perhaps (none / 0) (#8)
by Aquarius on Mon Jan 08, 2001 at 09:19:46 AM EST

As others have mentioned, sci.crypt itself might be a bit intensive for a newbie. However, the FAQ contains a wealth of useful information and references, and libraries will probably be able to order you books.


"The grand plan that is Aquarius proceeds apace" -- Ronin, Frank Miller
[ Parent ]
look up Bruce Schneier (none / 0) (#3)
by unstable on Mon Jan 08, 2001 at 08:36:48 AM EST

he has a book out Apllied Cryptography. I dont know if it goes into formulas and such but I hear its a good place to start.

Also check out his companies website
www.counterpane.com.... he has a newsletter and stuff there.

Hope this helps.

Reverend Unstable
all praise the almighty Bob
and be filled with slack

Or... (none / 0) (#11)
by 11223 on Mon Jan 08, 2001 at 10:06:06 AM EST

Koblitz's Algebraic Aspects of Cryptography is another good reference.

The dead hand of Asimov's mass psychology wins every time.
[ Parent ]

No books? (4.50 / 4) (#5)
by 0xdeadbeef on Mon Jan 08, 2001 at 08:53:43 AM EST

Why the book phobia? Unless you're a college student on a fixed budget, the convenience of a book more than makes up for what you lose in green. And then there's always the school library.

I recommend you start with The Code Book, which, without the use of equations, describes many basic techniques for simple cipher cracking. It's also an enjoyable read on the history of cryptography. It's in paperback and fairly cheap.

If you like that, then you should shell out the bucks for Applied Cryptography, as everyone else is going to recommend on this thread. There really isn't a better introduction to this field than this book. It explains things at a high level, but has plenty of math in it to get you started. If you don't "get it" at this level, the more advanced stuff is going to fly right by you.

Between those two. (4.00 / 1) (#24)
by _cbj on Mon Jan 08, 2001 at 05:06:46 PM EST

Between The Code Book's readable introduction (readable to the point of weakness on occasion. Good job it's paperback now) and Schneier's modern hard crypto HOWTO Applied Cryptography the very best possible book, certainly ahead of both those for the pragmatic newbie, is Freidrich L. Bauer's Decrypted Secrets - Methods and Maxims of Cryptology. It's in two halves, cryptography and cryptanalysis, and provides all the technical gaps Singh's paperback omits. Doesn't cover new techniques, but that's what Applied Cryptography is for, once you've understood Bauer.

David Kahn's seminal The Codebreakers is also supposed to be excellent here, especially if you want more history until 1950ish.

There is, to my humble knowledge, no compendium of modern crypanalytic methods. There's the old stuff covered in Bauer, still relevant as it forms the heart of subsequent advances, and there's a smattering of highly mathematical papers and the odd book whenever an interesting 'new' trick is found. The real goodies, however, are to be had at the expense of the NSA cunts, who got the idea that their jobs are worth more than all human intellectual wealth, but that's another rant...

[ Parent ]

Need to ensure your maths is up to it (4.25 / 4) (#6)
by Stuart Ward on Mon Jan 08, 2001 at 09:04:43 AM EST

I found Prof. Eli Biham's Lecture notes very useful. You will need a .ps viewer shuch as GSview. There is a lot of interesting papers on his site that he has published. David Wagner and Ross Anderson have some good papers on their sites as well.

Fo news I would suggest cryptome.org and Bruce Schneier's Cryptogram newsletter.

I'd have to agree about seeking out books (none / 0) (#10)
by RangerBob on Mon Jan 08, 2001 at 09:56:46 AM EST

Many of the techniques in use today have been around for a while, even predating the Internet. Books are still one of the best ways to find this type of information. Consider that books and professional journal articles sometimes have to go through a peer review before they're accepted. Anyone can throw up a website if they have some spare time. While some websites have this same policy, I don't think it's near the same percentage that it is for tech or scientific books.

I'm not saying that websites don't have valid information. But for a lot of things, I've found that books contain much more thorough information than all of the websites do. For example, I can find a lot better information from books on theories of distributed algorithms than I can find on the WWW.

it's pretty simple (none / 0) (#12)
by jbridge21 on Mon Jan 08, 2001 at 10:08:19 AM EST

Go look up "Diffie-Helman key exchange", it's pretty simple to understand and the math is easy. All you need to know is what the mod operator is. No biggie.

After that, go for RSA or something along those lines.

Umm... (none / 0) (#27)
by 11223 on Wed Jan 10, 2001 at 10:49:29 AM EST

Explain to me, simply, the mathematical principles upon which the Diffie-Hellman key exchange rests.

You can do any crypto coding as a trained monkey. Understanding the math is a wee bit harder.

The dead hand of Asimov's mass psychology wins every time.
[ Parent ]

principles of D-H (none / 0) (#29)
by jbridge21 on Thu Jan 11, 2001 at 05:09:16 PM EST

The main principle behind D-H is that it is very easy to find a mod of A / B and get C, but very difficult to find A given both B and C.... because there's an infinite number of possibilities for A, just add or subtract B and you get another one.

I don't remember quite how it works, but the other principle used is that
mod(mod(A , X) * B, X) = mod(mod(B, X) * A, X)

So basically, you can take the mod of either A or B, pass it to the other person, they can multiple by their B or A, take another mod, and you'll both get the same result.

That help?

[ Parent ]
Why I said no books (3.00 / 1) (#13)
by japhar81 on Mon Jan 08, 2001 at 10:09:08 AM EST

I'm certainly capable of shelling out some money for books on the subject. The problem is, I don't especially want to buy books that I'll lose interest in after chapter 1. This is why I'd like to start online, and move into the books if I find I'm not confused/bored after getting started (my attention span is somewhat short at times). As far as the library suggestion, that was my first attempt, but in this hick-town I live in, the library doesnt have much beyond Dr. Seuss, and inter-library loans take forever.. Just a little side-explanation for those interested.

<H6>Rome is always burning, and the younger generation never respects its elders. The time of your second coming, japhar81, is no exception. -- Aphasia</H6&gt
find example software (none / 0) (#14)
by rebelcool on Mon Jan 08, 2001 at 10:32:47 AM EST

back in my younger days i was interested in making simple crypto programs (using basic no less). While these don't approach the complexity or security of "real" systems they do give you an idea of some of the theory and methods behind crypto. And usually they're fairly simple.. examples include some XOR manipulations and what not..

COG. Build your own community. Free, easy, powerful. Demo site

Books (4.00 / 2) (#15)
by Eloquence on Mon Jan 08, 2001 at 10:58:18 AM EST

It's quite obvious from my sig that I'm not exactly a copyright lover. So, one word: bookwarez. You'll find everything you need to get started on the respective IRC channels.
Copyright law is bad: infoAnarchy Pleasure is good: Origins of Violence
spread the word!
Why I rated your post 5 (4.00 / 1) (#20)
by slaytanic killer on Mon Jan 08, 2001 at 12:11:45 PM EST

I love books, and have been known to buy multiple copies of even costly books, for trivial reasons. I think of it merely as shuffling money over to the author and publisher. If there was a copyright to hurt, books have historically acted too benignly to target. Yet I'm all for book piracy; sometimes people don't have access to them or can't afford them. There are many countries that fare badly relative to the US' currency, and pay more than double an American would pay for a computer book. I believe that people are generally good, and when they can afford to reward someone for doing them a good turn, they often will.

And also, it is deplorable if someone's knowledge is limited to her or his money. If one at least tries to pay for books, if he can, I think there should be no bounds to the information he can access.

[ Parent ]
PGP good enough? (4.33 / 3) (#17)
by ozone on Mon Jan 08, 2001 at 11:21:08 AM EST

If you don't want to buy any books, check out PGP. You can download source, they've got a section on the crypto side and tons of other docs.

Otherwise, take a look at distributed.net. They've got lots of crypto cracking projects on the go and provide some basic source code for some of them

I would also reccomend that you buy one of the books from the previous comments, though.

Try this link out (4.00 / 1) (#18)
by NoNeckJoe on Mon Jan 08, 2001 at 11:34:32 AM EST

Hey, try this link out. It is a home study, do it yourself, I wanna be a cryptanalyst paper. Bruce's main point on this whole thing is that you learn analysis by doing analysis. It is up to you to actually work through his exercises and learn something. Hard work, but if you really do care about this you should be able to handle it.


No Neck Joe!

K5 had a link... (none / 0) (#19)
by Speare on Mon Jan 08, 2001 at 12:07:57 PM EST

K5's MLP section had this story a couple days ago. It included a link to an MSNBC story, which was itself a reprint of a Newsweek article.

There's a small sidebar link about halfway down the first page of the MSNBC story, which jumps to Newsweek's "introduction" to cryptography.

If you read Cryptonomicon by Neal Stephenson, you'll also get a fair layman's introduction. Of course, if you don't like the story itself (I liked it but some don't), then 750 of the 900 pages will be hard to get through. :)

[ e d @ h a l l e y . c c ]
Four sources (none / 0) (#22)
by Paul Crowley on Mon Jan 08, 2001 at 01:51:50 PM EST

To get a "feel" from the subject from the authority who writes best about it, read Bruce Schneier's monthly Crypto-Gram Newsletter. All the back issues are there; Schneier writes clearly and lucidly on the crypto and security issues of the day. Some more Schneier essays are on the Counterpane Labs home page.

Certainly the best online guide to the math and algorithms will be the Handbook of Applied Cryptography (HAC), by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Note that this is a different book from Bruce Schneier's "Applied Cryptography".

The main source from which I learned everything I knew is the 4 inch thich folder I have of papers printed out from the Web. These days nearly all academic papers about crypto end up on a Web page somewhere, and you can find them with a combination of CiteSeer (aka ResearchIndex), Google (as if you didn't know), and Schneier's index of crypto papers online. For the few that you can't find, you can usually mail the authors and ask them for a copy, though I've only resorted to this once. HAC doesn't go terrifically deep, but it's enough that you can start on a paper you're interested in. If the paper references something you've never heard of, look it up! It's fun and you can get a feel pretty fast.

Eventually you will need to buy the occasional book. However, it isn't very many. Until very recently, the only actual book I owned about cryptography was Schneier's "Applied Cryptography" - this may well be the only book you need.

OK, I'm biased, but I think crypto is one of the most fun subjects it's possible to learn about. The math is hard, but I don't think there's a better way to learn about maths - avoid all those icky real numbers and stick to nice, discrete stuff!
Paul Crowley aka ciphergoth. Crypto and sex politics. Diary.

Some books (none / 0) (#25)
by westfirst on Mon Jan 08, 2001 at 05:33:47 PM EST

Handbook for Applied Cryptography> is a great reference. Schneier's book, Applied Cryptography is pretty good too. Disappearing Cryptography is a great survey of steganography, a perhaps even more valuable science of hiding information. Simson Garfinkle's PGP book is practical, albeit a bit dated.

My professor's book is good (none / 0) (#26)
by Luke Francl on Mon Jan 08, 2001 at 05:34:36 PM EST

If what you're interested is the solid mathematical foundations behind cryptography, I recommend Paul Garrett's Making, Breaking Codes. He uses it here at the University of Minnesota to teach a popular class on cryptography and number theory. You can check out his website as well.

It is expensive, but on the other hand, it's a textbook. When one of my friends pointed out to Professor Garrett that his book was more expensive than Applied Cryptography, he smoothly replied, "Yes, but my book has more facts."

A great book with historical perspective.. (none / 0) (#28)
by Zukov on Thu Jan 11, 2001 at 08:28:40 AM EST

I am reading "The Codebreakers", just now, and it is a great book. It goes into the history of codes and ciphers back to the middle ages, gives some details on the NSA, shows how to make codes by hand, etc.

The book is old, but has many photos of old code machines, with enough detail to make some of them, and the instructions on making and breaking codes by hand is written in a very clear way.

I borrowed it from my public library!

The Codebreakers
The story of secret writing
by David Kahn
c. 1967
Library of Congress Catalog Card #
Published by Macmillan company.

ȶ H (^

Yes, I have just bumbled upon Gnome Character Map. Please ! me.

Crypto crypto everywhere, and not a drop to read | 29 comments (26 topical, 3 editorial, 0 hidden)
Display: Sort:


All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!