Forgot your password?
typodupeerror
This discussion has been archived. No new comments can be posted.

U. Washington Crypto Course Now Online for Free

Comments Filter:
  • by Radicode (898701) on Sunday June 04, 2006 @10:13AM (#15466253)
    I think most online software developpers should learn the basics of cryptography. Not only would it improve security but it would also lead to better design in general. No more "base 64 encoded password in a text file" stuff please!

    Radicode
    • by Anonymous Coward
      Bx, cbvag gnxra.
    • by Metabolife (961249) on Sunday June 04, 2006 @10:38AM (#15466361)
      No, just the password to root written on a post-it near their monitor.
      • No, just the password to root written on a post-it near their monitor.
        I'll grant that's a bad idea, but I think 95%+ of threats come over the network these days.
        • Exactly. Re vista's security model, people said "what's to stop the malware from confirming the 'install this?' prompt, but malware can't read a password postitted out of view of the webcam. If someone has physical access to the machine you're stuffed anyway.
        • I'll grant that's a bad idea, but I think 95%+ of threats come over the network these days.

          So what? All the same principles apply. Saying "study cryptography" is good, but it's really more useful to study information theory and security in general. A little broader thinking on the matter will let you apply the knowledge to cryptography as well as security of, well, anything. Just read all about Claude Shannon for a fun time.

    • by Lord Ender (156273) on Sunday June 04, 2006 @11:09AM (#15466491) Homepage
      Actually, any company that cared about its own reputation and customers would have a security specialist write ALL code that does authentication or cryptography. It is actually pretty tricky to get right, despite how easy some APIs make it look.

      If you are too small to afford a security specialist who can code, look outside the organization. Letting regular developers do security is an incredibly risky business decision.
      • A slashdotter who did not build his own computer is like a jedi who did not build his own lightsaber.

        Maybe that should read

        A security programmer who did not build his own crypto is like a jedi who did not build his own lightsaber.

        Doesn't make so much sense now (or does it?)

        More programmers could do well do learn crypto -- at least where to get the tools and algorithms, and how to apply them. I'm no math whiz so I'd be reticent to devise my own S-boxes from scratch. But it's still a worthy exercise to study
        • What I am trying to say is that integrating authentication and cryptography properly into a complex program is not easy. I'm not saying you need to write out the MD5 algorithm. Using the supplied one is fine. But you would be surprised how many people write programs that use the right algorithm, but can then be easily curcumvented by, for example, using predictable session cookies.

          • Sure, building a good, integrated system is hard, and I'll grant you that it takes an expert. But I'll go one step further than what you said a moment ago and say that you most emphatically should not be writing your own algorithms.
      • Actually, any company that cared about its own reputation and customers would have a security specialist write ALL code that does authentication or cryptography. It is actually pretty tricky to get right, despite how easy some APIs make it look.

        Huh? As opposed to using well-known implementations? How is this more secure?

        • I'm not opposed to using well-known implementations. Where did you get that idea?

          If you actually studied it, you would be surprised to realise how many programs have a secure sign-on mechanism, using well-known implementations, but have other flaws that allow it to be completely circumvented (such as guessing session cookies).

          And the people who use hashing to store passwords, but don't salt the hashes...

          And the people who use public key implementation, but completely mis-design the PKI...

          There is so much th
          • I'm not opposed to using well-known implementations. Where did you get that idea?

            Probably from your sig:

            A slashdotter who did not build his own computer is like a jedi who did not build his own lightsaber.

            Ok, so I totally misinterpreted what you were saying. I thought you were saying that a every company should hire people to build their own implementations, but I think what you're saying is that *when* they make their own implementations, only security experts should be allowed to do it (or, they

            • I thought you were saying that a every company should hire people to build their own implementations, but I think what you're saying is that *when* they make their own implementations, only security experts should be allowed to do it (or, they should at least be heavily involved). That makes much more sense.

              I think Lord Ender is saying something slightly stronger than that... The way I read it, his point is that even when a company is using the well-known implementations of the algorithms, they should hav

    • No more "base 64 encoded password in a text file" stuff please!

      So how should it be done, assuming the user wants passwords to be remembered? No matter how you store it, it's no more secure than base64 encoding since you'll have to be able to open it anyway. Unless you're talking about something completely different.

  • by Sheetrock (152993) on Sunday June 04, 2006 @10:20AM (#15466278) Homepage Journal
    The MIT OpenCourseWare [mit.edu] site has a sizeable amount of free learning materials. I had it bookmarked a while back when they weren't offering that much but they've since put a lot online.
  • by RobotRunAmok (595286) on Sunday June 04, 2006 @10:21AM (#15466284)
    I so, so TOTALLY love the fact the little sub-title/blurb for this story is in a backwards-writing code, and that there is a misspelling.

    Sometimes, it's all just so perfect.

    Thanks again.
  • And once you've cracked the encryption, the course is free!
  • by MarkByers (770551) on Sunday June 04, 2006 @10:26AM (#15466309) Homepage Journal
    The US Government has allowed us in Europe read it too! They finally realised that learning about cryptography doesn't mean you are a terrorist.

    Or perhaps they are using the website to collect IP addresses of potential terrorists?
    • No, all "approved" methods on the website are tainted with a reversable key known by the US gov. Now they can read your e-mail too :-P
    • I would be willing to bet that there is a "classified rule" in that educational system, "thou shalt not teach of crypto that we are as yet unable to break".

      Better to sell locks to which you already posess the key.
      • What, are you crazy??? Ofcourse they teach ciphers the US is unable to make! Hell, I never took crypto-courses at the university, and I can teach you a few that is practically unbreakable simply because I'm curious about this stuff.

        Hell I'll teach you the Vernam cipher right now! For each message create a totally random string of letters as long as the message to serve as a key. Convert the letters in the key and the message to binary numbers, XOR them together, and convert them back to letters. Make sure

        • btw, that's more commonly referred to as a "one time pad". I rather doubt most people have heard of it referred to as "Vernam cipher ".

          For unbreakability, if used properly, yes, a one time pad is effective. In reality though, this relies on the repeated exchange of a codebook, and in that case the frequent need for physical exchange between the parties produces more risk and opportunity for exploit/discovery than it's worth.

          Any attempt to generate the pads without physical exchange via a formula etc just
          • Well, technically, the Vernam cipher and the one time pad is slightly different, the Vernam cipher uses XOR where the one-time pad uses good ole' Vigenère style addition.

            The cipher was invented by Gilbert Vernam, and I like using the term because it describes the general cipher instead of the one-time pad, which really is a much more restricted application of it. Also, I beliece that's the term David Kahn used most often in The Codebreakers, and who am I to argue with David Kahn :P. As a plus, it sou

      • I would be willing to bet that there is a "classified rule" in that educational system, "thou shalt not teach of crypto that we are as yet unable to break".

        I doubt it. That requires too many people to know the secret. If you've broken Popularly Used Cipher X but not Popularly Used Cipher Y, you keep the fact deadly secret. You want people to keep using the broken code, rather than switch to the unbroken code.

        Now, if you try to ban people teaching Y because you can't break it, then you have to let every

  • Lots of universities have their course information online. I fail to see why this case is of any significance?
  • So? (Score:3, Insightful)

    by Anonymous Coward on Sunday June 04, 2006 @10:40AM (#15466366)
    How is this special? Princeton's entire CS curriculum [princeton.edu] has been there for all to see for the last 9 years, and I haven't seen any /. articles about it in that time.
  • by orthogonal (588627) on Sunday June 04, 2006 @10:44AM (#15466381) Journal
    Looks like good stuff, and even the textbook is freely available. I've also enjoyed podcasted courses from several sources. One thing I do miss, when auditing by podcast, is a chance to discuss the course material with others (and the tests that would allow me to know how much of the material I'm getting).

    Anyone want to join me in taking the course as a group? We could "meet" in IRC or via a listserv. and we'd probably get more out of the course by having others to bounce ideas off of, to challenge our assumptions, and to correct our errors.

    If you're interested in joining me in this, reply to this post, and I'll see about organizing things in my Slashdot Journal.
    • Strike me interested. Will be tuning in to your JE's now.
    • I know most of what I need to know about crypto -- just feed it through gpg or openssl, done. I'd want to take some other course -- right now, I'm wanting to learn C# on Mono (Windows, Mac, Linux, and I do have them all) and do some more advanced algorithms and data structures.

      I'd also be interested in hanging out around a class on crypto, or on introductory programming. I haven't finished college (and probably won't), but it's been a hit-and-miss whether I'm a better teacher than my professors.
    • That's an excellent idea, I'd be very into it.
    • That's a pretty cool idea, I wouldn't mind participating.
    • I, too, would be interested. It's been a while since I've done applied math, and it will be good to scrape off the rust.

      It would probably be better to keep in touch via a Listserv of sorts, since time zone differences may prevent the group from coming online at the same time. Yahoo! Groups comes to mind as one possible simple way to do it, with discussions archived for people who come late to the group. IRC/IM can be used to supplement discussions.

      I'll check your journal.

      Since the course is about cryptog
    • I'm interested. Let me know at quantum dot skyline at gmail dot com
    • Yes, that sounds good. I need to take a course like this to catch up on some crypto for work [uiuc.edu]!
  • What Crypto Course? (Score:3, Informative)

    by jackb_guppy (204733) on Sunday June 04, 2006 @10:47AM (#15466391)
    Did they reaad the material before posting this article??

    Some math questions involving a MOD and the final homework... How much bandwidth is VeiSign using.

    Where is the questions about breaking the code?
  • 4987520-23495863459802-349876927450-09827-10960349 56-875-19608917294857019. 2398798-897326-10691326! 234987340-189763865-19287638946?
  • I mean, this is Slashdot after all.
  • by bal (112317) on Sunday June 04, 2006 @11:09AM (#15466485)
    Winter '06 was actually our second crypto class for UW PMP; lectures and materials from when Josh Benaloh and I taught crypto in Winter '02 are also available on-line [washington.edu]. The material covered in the two courses is similar (we added material on cryptanalysis in '06 and updated the existing material). If you're working through the course at home you might find it helpful to work through the '02 assignments as well.
  • First there were the Walter Levin physics lecture videos (http://phischkneghtx.blogspot.com/2006/02/wikiped ia-doesnt-know-what-roof-is.html [blogspot.com]), consuming 7 GB space, now this. Stop posting highly interesing educational videos cramming my PowerBook hard drive! Make it stop!
    • Whoops! Then I guess I shouldn't post this link [mit.edu]...

      But yes, Walter Lewin's lectures were fantastic. It's a shame that he doesn't do freshman physics anymore, with the advent of the s/learning/technology/g [mit.edu] program (a.k.a. TEAL). I think the move to make his old 8.01 lectures available was in part to provide a good resource to those students who don't like TEAL and who don't learn well in that environment.
  • On a related note I've recently noticed this [plus.com] post about getting into the theory of cryptography. I don't know anything about the author nor the topic so I cannot verify is the advice is good, but it sounds reasonable.
    T
    • Looks good to me. I'd just like to emphasize one thing: don't try to get into crypto by inventing symmetric primitives. Try to get into it by breaking them. There's bound to be lots of cryptanalysis yet to be done on the eStream candidates, for example - I'm sure there's room for newcomers to crypto to make breakthroughs there.
  • by Gothmolly (148874) on Sunday June 04, 2006 @11:35AM (#15466608)
    Dear NSA,

    Our plan is working splendidly. Numerous people have given us their names, addresses, social security numbers, and personal information. This along with their expressed interest in encryption will keep the data miners happy. We will, as previously agreed, forward all correspondence from students of this class. Enclosed please find an Excel file of all information on the online course takers. I can't believe you were right, that potential enemies of the State would voluntarily sign up for something so obvious.

    Yours truly
    Tobias Fünke
    • You're not gonna believe this. The NSA uses Excel! Call up our friends at Microsoft and let us crush the infidels once and for all!

      -----BEGIN PGP SIGNATURE-----

      (In case you didn't get it, the point of this satire is that if the NSA truly believes in preventing people from studying encryption, then most of the crypto experts will be terrorists.)
  • by angio (33504) on Sunday June 04, 2006 @11:42AM (#15466640) Homepage
    Since people seem to be interested in this, you might also take a peek at
    the CMU computer networks course [cmu.edu], which I put online almost entirely (lecture nodes, video, homeworks, and the programming projects). Click on "Syllabus" to get to the contentful-bits. Feedback is welcome: Srini and I hope that leaving it online will be useful for students and instructors everywhere.
  • by matt me (850665) on Sunday June 04, 2006 @11:54AM (#15466708)
    No it's not.. it's password protected!

    Oh right, I get it.
  • munitions status (Score:3, Insightful)

    by babanada (977344) on Sunday June 04, 2006 @12:14PM (#15466812)

    In the past, as I'm sure most here know, encryption software was considered to be munitions. I actually purchased the Zimmerman book that was just PGP in source code format at the UW bookstore. The idea at the time was how can you control a book? Now, I know that laws have changed, and the US has relaxed its stance on this. Most distributions of GNU/Linux have SSH included.

    This is fresh in my mind because I recently created a specialized GNU/Linux distribution and debated about whether or not to include SSL and SSH. Although I knew the status of this software had changed, I could not find any definitive regulations regarding crypto software. Certainly the last four years don't make me any less paranoid about getting burned by making a mistake here. There is a good presentation that specifically talks about these issues here [washington.edu] in TFA. Yes, it does talk about how the munitions stance has relaxed, but I'm still not entirely sure that I don't have to notify some government agency that I'm including encryption if I distribute the root filesystem in binary form.

    • ...that Open Source encryption software is exempt from access controls, provided the US Government is notified of where the source is, and that there are no constraints on binary-only encrypted software. So, if you are using a standard Open Source library for encryption that has been properly registered by its authors, I wouldn't see that there was a problem. If you don't already do so, it might be a good idea to state what encryption software is used - it would make it harder for anyone to reasonably claim
  • I wonder if he'll open them [cr.yp.to] up to the general public now.

  • by meese (9260) on Sunday June 04, 2006 @03:00PM (#15467720)
    You're missing out on possibly the most amazing undergraduate [ucsd.edu] and graduate [ucsd.edu] crypto classes out there. His research and course notes (which are almost book-like) have become a standard in the community. (And other schools, such as Berkeley and Maryland, use his course notes for their crypto classes.)
  • Cryptography Class Rule #1

    Don't trust the professor unless the PDFs available were obviously typeset in LaTeX.

    Of course, I'm kidding. But here's some more crypto material [rutgers.edu] from one of my professors.

  • I find it ironic that the Stanford course requires the use of IE on Windows, the least secure possible combination, as well as one that will exclude quite a few potential students.

  • are publicly accessible.

    check out
    http://www.cs.washington.edu/education/course-webs .html [washington.edu]

    Most of them probably don't have a free text book though... but it's still cheaper than tuition. Generally lecture slides are there too. I don't know if they put these pages together with public consumption in mind though.

    btw, speaking as a student, the UW is an excellent school for computer science.

Nothing is more admirable than the fortitude with which millionaires tolerate the disadvantages of their wealth. -- Nero Wolfe

Working...