English | MP4 | AVC 1280×720 | AAC 44KHz 2ch | 89 Lessons (13h 54m) | 1.74 GB
An all-practical guide to the cryptography behind common tools and protocols that will help you make excellent security choices for your systems and applications.
In Real-World Cryptography you will find:
- Best practices for using cryptography
- Diagrams and explanations of cryptographic algorithms
- Implementing digital signatures and zero-knowledge proofs
- Specialized hardware for attacks and highly adversarial environments
- Identifying and fixing bad practices
- Choosing the right cryptographic tool for any problem
Real-World Cryptography reveals the cryptographic techniques that drive the security of web APIs, registering and logging in users, and even the blockchain. You’ll learn how these techniques power modern security, and how to apply them to your own projects. Alongside modern methods, the book also anticipates the future of cryptography, diving into emerging and cutting-edge advances such as cryptocurrencies, and post-quantum cryptography. All techniques are fully illustrated with diagrams and examples so you can easily see how to put them into practice.
Cryptography is the essential foundation of IT security. To stay ahead of the bad actors attacking your systems, you need to understand the tools, frameworks, and protocols that protect your networks and applications. This book introduces authentication, encryption, signatures, secret-keeping, and other cryptography concepts in plain language and beautiful illustrations.
Real-World Cryptography teaches practical techniques for day-to-day work as a developer, sysadmin, or security practitioner. There’s no complex math or jargon: Modern cryptography methods are explored through clever graphics and real-world use cases. You’ll learn building blocks like hash functions and signatures; cryptographic protocols like HTTPS and secure messaging; and cutting-edge advances like post-quantum cryptography and cryptocurrencies. This book is a joy to listen to—and it might just save your bacon the next time you’re targeted by an adversary after your data.
A staggeringly comprehensive review of the state of modern cryptography. Essential for anyone getting up to speed in information security.
Thomas Doylend, Green Rocket Security
Table of Contents
1 Primitives – The ingredients of cryptography
2 Introduction
3 Kerckhoff’s principle – Only the key is kept secret
4 Key exchanges or how to get a shared secret
5 Classifying and abstracting cryptography
6 From theoretical to practical – Choose your own adventure – Part 1
7 From theoretical to practical – Choose your own adventure – Part 2
8 Hash functions
9 Security considerations for hash functions
10 Standardized hash functions
11 The SHA-3 hash function
12 Avoid ambiguous hashing with TupleHash
13 Message authentication codes
14 Security properties of a MAC
15 Integrity of cookies
16 Authenticated encryption
17 The interface of AES
18 A lack of authenticity, hence AES-CBC-HMAC
19 The AES-GCM AEAD
20 ChaCha20-Poly1305
21 Other kinds of symmetric encryption
22 Key exchanges
23 Group theory
24 The discrete logarithm problem – The basis of Diffie-Hellman
25 The Elliptic Curve Diffie-Hellman (ECDH) key exchange
26 How does the Elliptic Curve Diffie-Hellman (ECDH) key exchange work
27 Small subgroup attacks and other security considerations
28 Asymmetric encryption and hybrid encryption
29 Hybrid encryption
30 Textbook RSA
31 Asymmetric encryption with RSA-OAEP
32 Signatures and zero-knowledge proofs
33 Zero-knowledge proofs (ZKPs) – The origin of signatures
34 The signature algorithms you should use (or not)
35 RSA-PSS – A better standard
36 The Edwards-curve Digital Signature Algorithm (EdDSA)
37 Subtle behaviors of signature schemes
38 Randomness and secrets
39 Slow randomness Use a pseudorandom number generator (PRNG)
40 Obtaining randomness in practice
41 Public randomness
42 Managing keys and secrets
43 Protocols – The recipes of cryptography
44 Secure transport
45 How does the TLS protocol work
46 The TLS handshake – Part 1
47 The TLS handshake – Part 2
48 How TLS 1.3 encrypts application data
49 The Noise protocol framework – A modern alternative to TLS
50 End-to-end encryption
51 The failure of encrypted email
52 Key discovery is a real issue
53 More user-friendly than the WOT – Trust but verify
54 Double Ratchet – Signal’s post-handshake protocol
55 User authentication
56 One password to rule them all – Single sign-on (SSO) and password managers
57 Don’t want to see their passwords Use an asymmetric password-authenticated key exchange
58 One-time passwords aren’t really passwords – Going passwordless with symmetric keys
59 User-aided authentication – Pairing devices using some human help
60 Was my key exchange MITM’d Just check a short authenticated string (SAS)
61 Crypto as in cryptocurrency
62 A problem of trust Decentralization helps
63 How does Bitcoin work
64 Forking hell! Solving conflicts in mining
65 A tour of cryptocurrencies
66 A round in the DiemBFT protocol
67 Hardware cryptography
68 They’re in your wallet – Smart cards and secure elements
69 Banks love them – Hardware security modules (HSMs)
70 Trusted Platform Modules (TPMs) – A useful standardization of secure elements
71 Confidential computing with a trusted execution environment (TEE)
72 What solution is good for me
73 Constant-time programming
74 Post-quantum cryptography
75 From the birth of quantum computers to quantum supremacy
76 Hash-based signatures – Don’t need anything but a hash function
77 Many-times signatures with XMSS and SPHINCS+
78 Shorter keys and signatures with lattice-based cryptography
79 Kyber, a lattice-based key exchange
80 Do I need to panic
81 Is this it Next-generation cryptography
82 Fully homomorphic encryption (FHE) and the promises of an encrypted cloud
83 Chapter 15 Where is it used.
84 Homomorphic commitments to hide parts of the proof
85 An arithmetic circuit to a rank-1 constraint system (R1CS)
86 When and where cryptography fails
87 Where are the good libraries
88 Cryptography is not an island
89 Appendix. Answers to exercises
Resolve the captcha to access the links!