A Few Thoughts on Cryptographic Engineering is Matthew Green’s blog with a post appearing every month or so. Highly recommended reading! Topics covered include cryptography, security engineering, latest infosec news, etc. Did I already say highly recommended reading?
Blog
Shorts posts for your enjoyment.
-
A Few Thoughts on Cryptographic Engineering (blog)
Blogs April 16, 2024
-
Encrypted & authenticated data diode communications
Network security Cryptography November 14, 2023
Data diodes provide physically guaranteed one-way communications in computer networks. Data diodes can be built using commercial off the shelf components, such as by disconnecting the receive end of a fiber transceiver. Several dedicated appliances are also available. Traditionally, data diodes have been used in high security settings, such as military or industrial control systems. Data diodes might also have a place in other industries, such as health care or finance, especially to transmit logs, analytics, usage, or billing information.
-
Passkeys
Web security October 13, 2023
I noticed my various infosec-related channels have been talking a lot about Passkeys lately. Are they going to replace passwords? Is it a loss of user control? These are very good and excelllent questions. Adam Langley wrote an excellent blog post. If you also have Passkeys on your mind, start by reading Adam’s post.
-
Two cryptographers playing cards
Cryptography October 02, 2023
I tooted the following puzzle:
Do you teach cryptography? If yes, ask your students to design a protocol for two people to play a cards game over the internet (eg Uno, Gin Rummy, Go fish or whatever). The protocol should be trustless so the players don’t have to rely on a centralized server to deal cards and players shouldn’t be able to peek at the deck unless the game rule allows it.
Give extra points to students who come up with simpler protocols, formal proofs, or an actual implementation.
-
tl;dr sec
Newsletter August 20, 2023
tl;dr sec is a weekly newsletter by Clint Gibler. The newsletter summarizes what’s going on the infosec world. The content covers a wide range of topics. I found out about it because Clint Gibler heads Security Research at semgrep and a very good friend of mine happens to work there.
-
Cryptopals
Cryptography Challenges August 16, 2023
9+ years later, Cryptopals remains a tremendously valuable tool for learning about cryptography by working on practical pieces of code. Cryptopals is a collection of 8 sets of challenges, starting very gently and ending with some non-trivial problems. By working through these challenges you will implement various cryptosystems and well known attacks.