What are
/r/cryptography's
favorite Products & Services?
From 3.5 billion Reddit comments
The most popular Products mentioned in /r/cryptography:
The most popular Services mentioned in /r/cryptography:
CrypTool
Khan Academy
Coursera
LUKS
Bitmessage
GnuPG
Jitsi
Cryptomator
Node.js
PHP
Signal
HxD
Repl.it
Ricochet
Discord
The most popular Android Apps mentioned in /r/cryptography:
Signal Private Messenger
OpenKeychain: Easy PGP
The most popular reviews in /r/cryptography:
I'm not sure what you're talking about. On Linux the de facto standard for disk encryption is LUKS and has been for years. It's very well integrated these days and is completely transparent in normal use.
The initial cryptography series just covers history, I have asked users what they want to learn next and I can't possibly cover it all. You can see what they want to know here (http://www.khanacademy.org/math/applied-math/crypt/v/checkpoint--advanced-lessons).
The neat thing is that users can now build lesson narratives using the CS tool. If you really want I can possibly get you access to do audio recordings as well (such as I've done here: http://www.khanacademy.org/cs/level-2-measuring-running-time/1057243083). Notice the crazy things users are creating along the side column - anything you can think of is possible.
If you make something just message it to me and I'll reach out!
ps. This is 100% unofficial and simply a reddit experiment. (but I think khan academy will only benefit from reddit community)
I'm thinking people could build -Cryptography challenges -Text based lessons with animations / simulations to get concepts across (DES/AES, substitution permutation networks...etc) -Code breaking tools / simulations
This is basically useless code for any sort of webapp, but if all you want is to encrypt a directory on your computer, and you never share/upload the code, this is fine.
Do not try to derive a key from the password - never chain cryptographic primitives yourself if a higher-level function exists. In this case, createCipher puts the password through a KDF for you.
What I would add to this tutorial is not to write node.js code to encrypt your files. If you want to encrypt a file or directory, use 7zip or GPG4win, or some other relatively well-known software that has this functionality.
This has been recommended to me, and while I haven't read it (yet), Ive found other books by the same author very useful.
You can prove however that you had the data at a certain point in time. See https://en.wikipedia.org/wiki/Trusted_timestamping
If your idea is to distribute signed messages but stay anonymous at the same time, you might want to look into Bitmessage and its broadcast system
not anymore. their page on the session protocol says they are no longer using the signal protocol and that session's protocol does not provide PFS or deniability
AES and DES in symmetric could be nice to implement, they do not require hard hard math knowledge.
Otherwise if you want something that is a bit trendy, ECC is for you; requires more advanced math to understand though
https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Cryptographic_schemes
otherwise hashing functions are often simple.
Otherwise if you want to know what kind of cryptography such app or app uses, search "white paper X" and you'll find them, they are public.
Following is an exemple of such, at the bottom there's an hyperlink "technical explanation", it's the whitepaper, to see wat it looks like.
Very cool, can't say I understand it yet but I like the hands on approach. I plan walking through the lessons in this book to get a better understanding of cryptography's practical application.
​
https://www.amazon.com/Implementing-SSL-TLS-Using-Cryptography-ebook/dp/B004IK9TVO
Brit Cruise's Khanacademy cryptography series is excellent for some basic introduction but be advised that it only covers the fundamental basics. At least the last time I checked, he may have added some more advanced stuff since then.
Hi Brit,
I just stubled across your crypto series on Khan Academy 2 days ago. I've already watched all of the videos!
First things first, thank you!
Second of all, here is the comment I left on your "Advanced Lessons" video.
I've realized, since posting that comment, that there's something more general that I'd like to see in your videos: Concrete examples where we exploit flaws and break ciphers.
For what it's worth =)
I'm not an expert in any sense, but KhanAcademy has a series on cryptography. You might know some of the earlier stuff already, but I found their explanation of key exchange and RSA encryption very interesting.
hash('sha256', $username.$password) seems problematic, because you want to prevent somebody from stealing a specific users password.
First of all, switch the username and password argument. Since the username is static for an attacker, he can calculate the hash up to the username once and then continue from there with each password. This will not add difficulty. Second problem is, that if I am going to attack a specific users password, I know the username already and still only need to attack the password.
To solve the password cracking issue, do this:
- do
$x=hash('xxx',$x)in a while loop for one second and measure how many iterations it takes to do so. - Half that value
- Store that value in the database.
- Make a hash function, that hashes this stored amount of numbers.
- You are done
This will create a hashing algorithm, that takes very long to crack, even for a single password. Combine this with a salt and you basically got bcrypt now.
PHP already knows this by default:
hashing: <code>$hash=password_hash(PASSWORD_BCRYPT,$password);</code>
testing: <code>$truefalse=password_verify($password ,$hash)</code>
Great thing about bcrypt is, that salt and difficulty are stored in the returned hash. So you do not need to keep track of those manually.
Why not dive in next month and see where you get stuck, if anywhere? It doesn't have much of a downside.
If I were you, I'd just keep digging. Try your hand on programming a bit - I like Rust myself, but the C family of languages are also quite popular. Python would be more accessible to a novice though.
>Say you could only see approximately where a finger was when entering a password, and not exactly which key was pressed, could you realistically guess the password entered?
It depends on how many guesses I'm allowed to have and if I already have the password hash or not. Modern password crackers need the hash to have something to compare.
>Do any tools to do this exist?
hashcat accepts plug-ins.
I doubt there exists one for this exact purpose, but it's a good idea.
e.g. if you narrow the keyboard down to 4 quadrants, and are able to specify that the 1st character is in the top-left quadrant and you know if the shift key is held down,etc., then your space for possible solution of a 9 character password is reduced from 72^9 (51998697814228992) down to maybe 16^9 (68719476736).
If you can do a modest 1 million guesses per second, then....
51998697814228992 / 1M = 51998697814 seconds = 1648 years.
68719476736 / 1M = 68719 seconds = 19 hours.
If you have a sha hash, hashcat and a reasonable video card will make mince meat of 16^9 problem space in a few seconds.
The main objective (a distributed asset ledger) requires first and foremost a distributed time stamp server in order to function. Blocks don't have timestamps, they ARE timestamps. Satoshi Nakamoto even refers to Bitcoin as a "Timestamp Network"
The Bitcoin whitepaper discusses a timestamp server as its foundational requirement in section #3 and #4. The Proof of work mechanism requires a timestamp network, and the entire Bitcoin system is designed around creating a timestamp network.
I disagree that it is a shoehorn, although obviously don't use it if it doesn't suite your needs. If you read section 3. Of the whitepaper, https://bitcoin.org/bitcoin.pdf it looks like Satoshi actually intended it to be used as a time-server (indeed I use it as such for timestamping drafts of papers I write, c.f. https://github.com/shennoether/btcproof )
OpenBazaar developer here. We need some help with research related to building cryptographically secure, distributed, decentralized, anonymous markets based on bitcoin. If you like cryptocurrencies, come and talk to us on #openbazaar or private message me on reddit.
I'm working on some research in the field myself; there's many topics in the area that require expansion, and it's a truly remarkable field, because the research is very applied.
If you like these ideas, stay in touch! Thanks.
Take a look at tails - this essentially captures all of your requirements (bar the virtual machine).
The problem with the virtual machine approach is that you simply cannot trust the operating system not to do something it shouldn't (capture memory, inputs, outputs etc.) Having a live disk places that trust down at the hardware level, which requires more effort to attack, especially on a wider scale.
There is certainly research in this area, Hooksafe etc, but you are still trusting the host. I am not aware of any kind of VM tech that would protect a child process from the host.
> Bitmessage looks to be too heavy for this project, which is intended to be very light and so very verifiable.
What about TOR hidden services?
You can interact with the TOR client in plain TCP and it takes care of encrypting and routing your traffic. people can connect to your .onion address and receive the messages you want to send them. You can use the same RSA key as the TOR client does for the hidden service, which means people can verify that the message they get was generated by the person that is also in charge of the hidden service. An application that uses a very similar approach is Ricochet
Here's the db dump: https://www.mediafire.com/?k5dazw0i4i5j3ya The table i am talking about is qk_questions.
You can view the data with: http://sourceforge.net/projects/sqlitebrowser/
I took the liberty and did a
SELECT id, cat_name, category_id FROM qk_questions WHERE category_id=2
The result is here: www.ayg.dk/tabledump.txt
EDIT: I've found these in the decompiled apk, i have NO IDEA if they mean anything. They occur around the same place as the connection to the server is established. I believe the data is already decrypted when received from the server, and that the app can decompile them. (i tried playing offline and its possible):
str5 = "irETGpoJjG57rrSC";
str7 = "3,141 592 653 589 793";
String str7 = "SQ2zgOTmQc8KXmBP";
Unfortunatly the apk is unreadable. I am not sure what these guys are used for
> Would you use such a system?
Probably not because of all the inconveniences. The entire thing could be made better if the print was just a series of QR codes or something like http://www.ollydbg.de/Paperbak/index.html which is made to print any kind of data in machine readable form to paper. With a 600 dpi printer you can fit up to 500 kb onto a sheet of paper which makes it usable to send small binary files too.
Hi
You can find it this way:
- Download this text file It's basically the whole bible in one text file (ca. 4 MB)
- Download HxD. It's a free Hex editor with a lot of additional features
- Open the file in it. Click in the analysis menu on statistics (I have german HxD, cannot tell the exact english menu name)
- The editor will count all existing chars and display them to you. You can hover over a bar to see what char it represents (in the status bar).
You can repeat this step for every other binary file or Text content. Simply copy text to clipboard, create a new file in HxD and then on the right side of the editor, paste the text. You do not need to save for the statistics to show up, but if you change the file you need to close and reopen the statistics window for it to count.
aes in ctr mode will not validate encrypted content (it's not authenticated encryption) meaning if someone changes the encrypted content or it gets corrupted you might not notice this. Depending on where and how it happens it throws the decryptor off but this is in no way guaranteed. You should either use a mode that verifies the content itself like GCM or you store a HMAC of key_bytes+content. Node has builtins for this: https://devdocs.io/node~6_lts/crypto#crypto_class_hmac
It's up to you if you use the encrypted or unencrypted content both variants have pros and cons.
Using encrypted content
If you use the encrypted content you have to read the file twice, once for validation and then once for decryption but you don't need to attempt to decrypt if the hash is wrong. A downside of this method is that it allows an attacker to break the password quicker if you encrypt very small files.
Using unencrypted content
Using unencrypted content allows you to read the file in one go and do decrypting and hashing simultaneously. If the disk is the bottleneck this can cut the time in half compared to using encrypted content in the hmac. Password breaking is not accelerated because an attacker needs to fully decrypt the file with each attempt. Biggest downside is that you have no way of verifying before you completely decrypt the content. If the file is large you are potentially wasting a lot of time.
I made a file encryption utility myself a while ago, you can find it here: https://github.com/AyrA/crypt
It's written in C# but the readme might still be interesting
A very good book for that purpose might be Elonka Dunnin / K. Schmeh with their 2020 book: "Codebreaking: A Practical Guide" --- it's both entertaining and instructive and contains lots of samples/exercises.
https://www.amazon.de/Codebreaking-Cryptograms-Practical-Elonka-Dunin/dp/147214421X/ref=sr_1_1
Hash chain proofs are pretty straight forward, and are exactly as you imagine them. They're a much simpler version of Merkle Proofs. I don't think there's a textbook that goes over them. But the idea is very simple: You present the hashes H_1, H_2, ..., H_{n-1} of all commits in the middle so that you connect the commit H_0 you want to prove inclusion about, to the commit that was signed, H_n. Each commit has a header B_1, B_2, ..., B_n that contains metadata, among other things H_0, H_1, ..., H_{n-1} respectively. And so all you need to check is that H(B_1) = H_1 and so on.
To answer your questions:
Correct, the Ethereum address or the commit message is not a signature.
That sounds good. You also need the rest of the commit headers / metadata to connect the commits with one another. There are many details on the git object format that you can consult about in the git documentation. Note also that git can use different hash functions, not just SHA256, so you must take that into account also.
https://www.coursera.org/course/cryptography
Coursera course with the author who wrote the book mentioned above. Personally, I like Dan Boneh's crypto course a bit better, but Katz's course is good as well.
It's dated at this point, but Schneier's Applied Cryptography got me a long way into being comfortable with the subject matter.
I've found I'm able to handle advanced tasks my fellow admins struggle with relating to things like PKI or TPM.
How "real world" useful does it have to be... Is it just for fun to see the wheels spinning or does it need actual utility? If for fun then it could be to implement some of the classic (and impressive) ZKP schemes. For instance "I can prove to you I have a coloring of this graph G using k colors" without actually showing what th coloring is. Or for a more challenging case, "I can prove to you I have a prove of theorem T without showing you the proof". Limit yourself to some simple proof system. The fun part here can also be that it extends to other interesting aspects: writing a plain proof validator that validates a proof against a list of axioms (say based on first order predicate logic), maybe even a proof searcher facilities for making the proof system nice to work with, writing parsers etc for the system etc. You could play with standard leder/parser generators in Java or even worth such yourself too. This can then be used if you later want to dive into a summer project in compilers, code generation, VMs etc. I've found it fun to implement such for fun projects even years after I finished comp sci. Another thing could be to implement the SRP password verification protocol which is also ZKP. That is considerably simpler but also less fun :-)
If you go the proof theory way i would recommend https://www.amazon.com/Computational-Complexity-Christos-H-Papadimitriou/dp/0201530821 which covers almost all i mentioned (not the coding aspect of course) including ZKPs, proof systems etc. It's very "right on" and accessible yet mathematically correct. It also contains full proofs of Godel's theorem and associated constructions used in his proof (halting statements on given Turing machines using expressions from predicate logic etc).
In addition to the written literature there is software used to help the instructors and to help the self-learners. Most widespreaded free elearning software is from the open-source project CrypTool. They offer 4 variants of their software:
- CrypTool 1 (for Windows)
- CrypTool 2 (for Windows)
- JavaCrypTool (for macOS, Linux, and Windows)
- CrypTool-Online (for the browser on PC and smartphone)
According to https://www.cryptool.org/en/documentation/functionvolume these variants offer more than 300 different "function groups" concerning cryptography.
PS We've removed the requirement for entering your discord ID, so that you can register easily. But we do recommend you join our discord server at https://discord.com/invite/C5Y2CQ5 so that you get regular updates about the event, the levels and the hints.
There's a very simplified step by step example on this page of how Diffie-Hellman key exchange works
https://www.slideshare.net/mobile/hughpearse/121604893-diffiehellmankeyexchange
You should be able to work it out with a pocket calculator.
Hello, I'm a bot! The movie you linked is called A Serious Man, here are some Trailers
Is it a windows application? If so, you can simply use API monitor to see any function called from a DLL at runtime. Simply attaching the tool to the executable and then causing it to use the private key in a DLL call will reveal it very easily. There are also tools that run through the executable and extract all strings they find.
Finally, if it's a .NET application you can simply decompile it using a tool like ILSpy.
Thank you! If you are interested in seeing more cellular automata here is another post from steemit which I've explained in depth with images. https://steemit.com/life/@bazmus/what-is-cellular-automata-playing-god-in-the-world-you-create-steemit-special
That is the 2D version of the Cellular Automata, sometimes called Conway's Game of Life. But i've added some spice to it :P
I wish that was the case too but alas it's not.
Wargaming is doing a special event for D-Day and giving players an attempt to earn in game tokens by completing missions. But these missions are "encoded" by an enigma machine. It's not listed but it was confirmed to be an Model Enigma I with reflector UKW A.
https://worldoftanks.com/en/news/missions/d-day-missions-0621/
KeePass has a feature to mix clipboard with key presses if you enable it. It mixes clipboard with automatic typing and makes it much harder for an application to read the password.
If you want a method that's safe from keyloggers and clipboard spying, you can:
- drag and drop the password, which Iirc you can't do from keepass right now
- A software keyboard that runs inside of the webpage you want to enter the password into
- Use a browser extension.
The browser extension is your best bet since the communication with keepass is AES encrypted, and keepass asks you for confirmation to retrieve entries.
But remember that if you have a keylogger on your system, it probably has logged your master password anyways.
If you deploy (or pay for Bitwarden), it comes with APIs that let you manage everything: https://bitwarden.com/help/article/public-api/
As a bonus, you get to let your users easily use Bitwarden password manager, which works everywhere.
Sorry for the silence -- been a bit preoccupied. Anyway, I found the link again. He occasionally updates his script, so I'd find him on Diaspora* if you want to collaborate/stay up-to-date.
To get the EasyGPG script, just paste the following into your terminal:
wget http://codepad.org/qHVRG6UZ/raw.txt -O - | gpg - | tar -x
This is the link to his public key, to verify his signature, which is obviously included in the command above.
Edit: Oh, and unfortunately his script only works with Zenity and xclip installed. I was working on my own script in my spare time (which has since largely evaporated) which was not so limited, but I kind of let the project stall.
On Linux and other OSes that has it, the PPS interface may be used for measuring the ticks, as long as the rate is not high enough. Each tick would get a high resolution timestamp; the low order bits can be used as entropy.
Good luck with getting everything working!
One more bit of unsolicited advice: I read that you're still using Windows 7. As you probably know, Windows 7 support has ended. If you have the option, it's recommended to update to Windows 10 for security.
I've read here that one way to achieve nonlinearity is to mix up different kind of algebras. Based on this, I've updated the cipher with a bit more obfuscation, basically it consists in that for every transformation operation the second operand sign can be switched if the operand is an odd number when encrypting, even number when decrypting. Is this considered boolean algebra? In any case, would that be enough to achieve nonlinearity and thus protection against linear cryptanalisis, even when the cipher may be attacked easily with other kind of attacks?
I think CryFS was created for this purpose exactly. It also hides the number of files and their individual sizes. I think it also somehow deals with the problem of sharing only some subset of the encrypred content, though I didn't get to that part in author's paper
Why do you wanna keep your pubkeys safe? You probably meant to say private keys. Anyway you could have a POP3 server on the RPi and programmatically decrypt the messages using PGPME (discarding anything with no/malformed PGP header). mitebcool
Have you used GnuPG? It's a cross platform encryption / decryption software that comes standard on most Linux distros. When you create your key (gpg --gen-key) it will create a public key and a private key. Publish your public key (gpg --armor --export > mykey.asc). People will use this key to encrypt messages to you which can then be decrypted with your private key (From File: gpg file1.txt)
It supports many common cyphers: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 (check with gpg --version)
To enforce AES256, edit your gpg.conf file and add the following line: personal-cipher-preferences AES256
From what i've found, GPG is the gold standard right now for everyday encryption.
This seems like a really, really bad idea. If you are just doing this for educational purposes then fine; But I would never store any important secrets in a DIY crypto solution.
Why not use a foss cross platform manager like keepassxc? It will definitely be surpass any DIY solution in both features and security.
Bitmessage has been stale for ages now. The design does not scale up and the spam protections have been broken years ago. If you want a messaging system that requires no trust but is secure, look at something like ricochet instead. It rides on top of the tor network instead of implementing its own cryptographic routines.
You should really check out bitmessage, too! It has the ability to make private and public messages without revealing any identifying information, either way. Only intended recipients can decrypt messages.
Answer the question:
The first thing, there is no "best way for encrypt" there is the most recommended because tech evolves really fast.
The most recommended I could say it's use something the most secure and most easy to use for you and you will only know that by making different encryptions, using terminal encryptors, using programs that encrypts, etc. Explore everything: sha256 (this is really cool), pgp, elliptic curve, etc. The are tons of them.
​
My suggestions:
For a simple file I would suggest like @intellibit.
For more than a singular file, take a look at Cryptomator: https://cryptomator.org/.
​
As a resume it makes a virtual folder that places between you and the target folder. This way, encrypts the data and then put it on the target folder:
you == copy & paste / move ==> virutal folder (cryptomator) == encrypts and send ==> desire folder.
When all it's finished, close the virtual folder and all your data it's encrypted.
​
Hope that answer you :)
https://write.as/midnightstalks/01101000-01110100-01110100-01110000-01110011-00111010-00101111-00101111
just this, apparently the issue is with the sans-serif font. There are three confusing letters, meaning that there'll be 8 different combinations and you're left to brute force it.
> Everyone is recommending Jitsi to me, but I have a hard time seeing how it's much better than Zoom. It doesn't have e2e encryption for group calls either. You can host your call locally if you choose, but you can also do that on zoom with more than 10 participants. I'd love more insight into this.
Jitsi does have support e2ee in group calls, but requires browser support that isn't fully deployed yet. You can read about it here.
The fundamental stuff is pretty fun, and I think it makes a solid foundation. Basically you should learn everything up to and including Turing, because after that you'll need more technical sources to get a grip. For technical content I would recommend:
​
and
​
​
for fun I would consider the Cryptonomicon and the Baroque Cycle, both by Neal Stephenson. They actually help fill in some of the historical and cultural gaps.
​
If you want modern cryptography, I'll have to give it a longer look to find the best sources because it's been a while.
I made an app to get you started with some of the basic ciphers of cryptography.
https://play.google.com/store/apps/details?id=com.gbcapps.cryptography
I made an app about some of the basic ciphers & encrypt / decrypt messages, which I just released now. It has a play mode as well. Do check it out on Play Store and leave a rating if possible :
https://play.google.com/store/apps/details?id=com.gbcapps.cryptography
To Check your Shared Key First Load your Buffered Output of “deciphered. output.tohex” here and see if the outcome is what you’re anticipating:
http://www.endmemo.com/unicode/unicodeconverter.php
Are you an Apple Developer?
Alright,
Well, my advice then is to study a little Python coding language. This sounds very doable with Python (there's even cool beginner books on how to crack codes with Python ( https://www.amazon.com/Serious-Cryptography-Practical-Introduction-Encryption/dp/1593278268/ )
That's how I'd go about it if I were in your shoes.
As a math undergrad, I highly recommend this book. You should have a strong foundation in both Group Theory and Number Theory and some decent programming skills before you dive into it but it approaches the topic from a very sensible and mathematical way.
Read: Applied Cryptography by Bruce Schneier. Goes through implementation and attack details on several older algorithms, as well as all sorts of cool applications. It's an older book, but the older algorithms are easier to understand and start with.
There's a great book that shows direct implementations for many of the algorithms used in the SSL/TLS protocol (including 3DES): https://www.amazon.com/Implementing-SSL-TLS-Using-Cryptography/dp/0470920416/
It also includes explanations for many of the algorithms. It's a great read if you're into cryptography.
Thanks for your advice! As for know I'm going to look at Princeton textbook.
I came across this book. It claims to go deep into how the Blockchain works. What do you think about it? Is it any good?
Ok, it's good a question. I loved cryptography learned bitcoin. But i recommended this book! And if you suck at math i recommended write a code with existing crypto-libs (on python,go,cpp etc....)
Not sure when you were born but I'm reading Crypto by Steven Levy right now. Great read. Gives a really good history of the (American) guys that came up with public key encryption and it's distribution to the masses along with all the tension between the NSA and the Government over its development. Once you read it you will realize that we truly are in Cryptowars 2.0 right now. The same exact arguments used back then are being used now.
If you want a taste of his writing style this is a good read - http://www.wired.com/1999/04/crypto/
Here's the book by him - http://www.amazon.com/Crypto-Rebels-Government-Privacy-Digital/dp/0140244328
Ok du får en ledtråd. Det du postat är inte krypterat. I alla fall inte som ett första steg.
För att lära dig mer om kryptering rekommenderar jag denna boken: http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323