if crypto to you only means blockchain#Cryptocurrency, please leave
A Crash Course in Everything Cryptographic – Noteworthy - The Journal Blog ❗!important
Crypto 101
Journey into cryptography | Computer science | Computing | Khan Academy
Cryptography I | Coursera
The Cryptopals Crypto Challenges
7 Cryptography Concepts EVERY Developer Should Know - YouTube
In cryptography, these entities are usually used:
- Alice, Bob, Charles, Douglas: authentic users
- Eve: eavesdropper
- Mallory: MITM attacker
- Satan: malicious user/hacker
Algorithms
Bit security measures the number of trials required to brute-force a key. 128 bit security means 2128 trials to break.
Cryptographic nonce - Wikiwand
Comparison of cryptography libraries - Wikiwand
cryptography - Do any security experts recommend bcrypt for password storage? - Information Security Stack Exchange
BCrypt Explained - DEV Community 👩💻👨💻
Bcrypt, a Popular Password Hashing Algorithm, Starts Its Long Goodbye | WIRED
multiformats/multihash: Self describing hashes - for future proofing
Computer and Network Security by Avi Kak
lukeed/salteen: A snappy and lightweight (259B) utility to encrypt and decrypt values with salt.
Authenticity
Message authentication code - Wikiwand MAC
Hash-based message authentication code - Wikiwand HMAC, hash with secret key
Moxie Marlinspike >> Blog >> The Cryptographic Doom Principle Encrypt-then-MAC
Securing Stream Ciphers (HMAC) - Computerphile - YouTube
SHA: Secure Hashing Algorithm - Computerphile - YouTube
Public Key Cryptography:
Digital Signatures: encrypt a known data (nounce or message hash) with sender's private key
Certificate Authorities: a trusted third party that will digitally sign and publish the public key bound to a user or entity
Storing password
How To Safely Store A Password | codahale.com bcrypt
Secure Salted Password Hashing - How to do it Properly
The difference between Encryption, Hashing and Salting
Serious Security: How to store your users’ passwords safely – Naked Security
How Dropbox securely stores your passwords | Dropbox Tech Blog
scrypt - Wikiwand
bcrypt - Wikiwand
Salt (cryptography) - Wikiwand
PBKDF2 - Wikiwand
PBKDF2 Hashing Algorithm. Before moving into the PBKDF2 hashing… | by Nishothan Vettivel | Medium
https://www.ietf.org/rfc/rfc2898.txt
Argon2 - Wikiwand
P-H-C/phc-winner-argon2: The password hash Argon2, winner of PHC
How to enable Argon2 KDF in Bitwarden - gHacks Tech News
Implementation
The Linux Crypto API for user applications
This is slower than OpenSSL
AES instruction set - Wikiwand
Key Exchange
End to End Encryption (E2EE) - Computerphile - YouTube
How Signal Instant Messaging Protocol Works (& WhatsApp etc) - Computerphile - YouTube
Secret Key Exchange (Diffie-Hellman) - Computerphile - YouTube
Diffie Hellman -the Mathematics bit- Computerphile - YouTube
Key Exchange Problems - Computerphile - YouTube
Double Ratchet Messaging Encryption - Computerphile - YouTube
Block Ciphers
contrast "stream ciphers", where encrypted strings are the same length as the plaintext
Symmetric-key algorithm - Wikiwand
Lecture3 Lecture 3: Block Ciphers and the Data Encryption Standard
Anatomy of a password disaster – Adobe’s giant-sized cryptographic blunder – Naked Security study of Adobe's leaked password database
Feistel Cipher - Computerphile - YouTube
Modes of operation
Block cipher mode of operation - Wikiwand
Block ciphers, as the name suggests, encrypts blocks. The methods of segmenting data into blocks is called "modes of operation".
Modes of Operation - Computerphile - YouTube
ECB: simply divides a message into 16 byte blocks, preserves pattern (for experts only: ECB should never be used except in some very specific cases)
CBC: first block XORed with Initialization Vector (IV) (nonce), every other block XORed with the ciphertext of the block preceding it; however this introduces dependency on previous block and encryption cannot be parallelized
CTR: uses counter and nounce (similar to IV) per block to allow each block to be encrypted concurrently
Authenticated encryption - Wikiwand protects against chosen ciphertext attack on decryption oracle
Authenticated Encryption in .NET with AES-GCM
AES
Advanced Encryption Standard - Wikiwand
Lecture 8: AES: The Advanced Encryption Standard
Protect your TCP tunnel by implementing AES encryption with Python [Tutorial] | Packt Hub
Crypto competitions: AES: the Advanced Encryption Standard
AES Explained (Advanced Encryption Standard) - Computerphile - YouTube
One Encryption Standard to Rule Them All! - Computerphile - YouTube
Almost All Web Encryption Works Like This (SP Networks) - Computerphile - YouTube
DES
Even Triple DES (3-DES) is not recommended
Commands
opessl openssl is for proof of concept
man enc # show ciphers
# encryption
openssl aes-256-cbc -in attack-plan.txt -out message.enc
# decryption
openssl aes-256-cbc -d -in message.enc -out plain-text.txt
# encryption
gpg --cipher-algo AES256 --symmetric filename.tar.gz
# decryption
gpg --output filename.tar.gz --decrypt filename.tar.gz.gpg
Stream Ciphers
Chacha Cipher
alternative to AES
Chacha Cipher - Computerphile - YouTube
ARX cipher: add, rotate, xor
Public Key Cryptography
Public-key cryptography - Wikiwand
Public Key crypto simply works with numbers. This means that any messages would have to be converted into a number before being encrypted.
RSA
RSA (cryptosystem) - Wikiwand
How does RSA work? – Hacker Noon
The RSA Encryption Algorithm (1 of 2: Computing an Example) - YouTube
The RSA Encryption Algorithm (2 of 2: Generating the Keys) - YouTube
- Generate two large co-prime numbers, p and q.
- Find n = pq and phi = (p-1) (q-1)
- Select e such that 1 < e < phi, and e is coprime of phi
- Find d, which is the multiplicative inverse of e modulo phi.
- The couple (e, n) is the public key
- The couple (d, n) is the private key
- Ciphertext c = m^e mod n
- Plaintext m = c^d mod n
Pretty Good Privacy (PGP) and Digital Signatures | Linux Journal
age
Attribute-Based Encryption
A Gentle Introduction to Attribute-Based Encryption
Signature
What are Digital Signatures? - Computerphile - YouTube
Steganography
Steganography - Wikiwand
隐写术鉴赏 - YouTube
StegCloak
KuroLabs/stegcloak: Hide secrets with invisible characters in plain text securely using passwords 🧙🏻♂️⭐
How to Hide Secrets in Strings— Modern Text hiding in JavaScript | by Mohan Sundar | Bits and Pieces
Homograph
Faux Cyrillic - Wikiwand
IDN homograph attack - Wikiwand
Zero-knowledge proof/ZKP
Zero-knowledge proof - Wikiwand
把問題和答案的關聯轉變成機率問題
透過趨近無窮次的試驗,使猜對的機率趨近 0
Introduction | ZKDocs
trailofbits/zkdocs: Interactive documentation on zero-knowledge proof systems and related primitives.
Zero-Knowledge Proof (ZKP) — Explained | Chainlink
Zero-knowledge proofs explained in 3 examples
The Magic of Zero-Knowledge Proofs #SoME3 - YouTube
- SNARKs
- STARKs
- Bulletproofs
- Folding Schemes
- Lookup
Zero Knowledge Proofs - YouTube
神奇的零知识证明!既能保守秘密,又让别人信你! - YouTube