I've been kind of on a hiatus from programming and stuff for a while now and am looking for a project to get back into it. I'm wondering how to break into understanding encryption better, is there anywhere I can start? I'm not talking about encryption programs, but algorithms and slef-encrypting my own files. I understand this is a very general way to ask but I genuinely don't know where to start, any help would be appreciated.
Also a quick second thing, does anyone else get the feeling of futility when trying to learn programming on their own. I've had trouble with math in the past at my high school. I attended a very difficult prep school and there were a lot of borderline geniuses there and it made me very insecure about my intelligence. I don't feel like I can even compete with some of these people, yet computer science is something I love and want to pursue. I'm attending a good university for something tech related but it's not comp sci or cyber sec, which are two things that greatly interest me. I want to transfer into these but I'm super insecure about my math ability, what should I do? I'm extremely confident I can handle programming, the one programming class I took at my HS I got an A and I've been into computers/coding since I was very young. Any Advice?
Sorry for the long retarded post, just a lot of shit on my mind as of late. Peace.
Oh young pajeet read "man openssl" or if your sane "man libressl". Also see wikipedia on whirlpool and follow the links. Get good at math or your screwed in the long term though.
James Wood
libssl and libressl are garbage. Have you ever actually used them? Use gnutls if you want a proper API and better code.
Lincoln Butler
...
Dylan Reed
Encryption is about math. If you're not sure about your understanding of it, the last thing you want to do is write your own file encryption program. Instead it would be worth your time to learn how to use gpg and luks.
Yeah probably not going to try that but maybe I will, who knows. I'm on break right now so I'm bored as hell, why not get into something that is way over my head ya know.
I don't know why this bothers me so much but I'm white.
Brayden Ward
I've found that a good way to get used to understanding crypto is following the news on it from time to time. This guy keeps a very-well written blog about crypto, and tries hard to explain things well. Give them a read: blog.cryptographyengineering.com/all-posts/
Angel Stewart
How is libtomcrypt? It's not as bloated and used in dropbear.
Jose Sullivan
You can ignore most of the dipshits above because they obviously didn't read that part
Go invent your own crypto, then figure out how to break it.
Get good at English or your[sic] going to look like a fucking moron.
Luke Clark
Not OP, but those links look awesome, thanks
Brody Adams
libressl is garbage, it's obvious you don't actually write anything with it. They kept the old openssl API, which in addition to being designed by a madman, is extremely unsafe and requires digging around in internal data structures (which change between versions!) to get the info you need. Modern openssl (which is still shit) at least cleaned that up and hid internals and added accessors. That transition, which you were obviously not affected by, required a lot of patching and uncovered a lot of bugs in programs using openssl, yet libressl is just causing a repeat of those mistakes. gnutls is much easier to use securely and lock down / strip features out of the handshake, and the code quality is way higher. Read both libraries and tell me that isn't true. We've been telling you faggots this for over a decade and it took heartbleed to get you to wake up. openssl and libressl also have licence timebombs which you'll be crying about UNISYS-style some day as if you weren't fucking warned for two decades about it. The main issue gnutls has re security is the priority string being confusing and thus potentially dangerous to a novice but they at least have sane defaults.
This one looks like it has a lot of promise, is it comparable to NaCL?
Ayden Nguyen
Dumb. Glancing over the spec as a VPN author, I don't see how you're supposed to do types of authentication that today piggyback on the TLS handshake like what SRP does (as they require multiple round trips). That's as I expected from a webdev-designed protocol - they lack the perspective to create a protocol that covers everyone's requirements. Doing only one round trip in the handshake is crippling. I also don't see how they can do something like DTLS with this protocol as it doesn't seem to cover any of the necessary functionality. Poking around to see if anyone has tried, I ran into this: What a fucking mess. Thanks for getting me to waste my time looking into a protocol I already knew to disregard based on who it was coming from. Fuck your ad hominem.
Christian Moore
That kind of attitude led to the glorious do-it-all attitude of OpenSSL
Nathan Adams
I'm not defending SSL/TLS as it's ridiculously bloated, but if you disable 99% of it (which is quite normal today outside of webdev, despite what people like you think) it does have a working structure. Noise "improves" this by breaking most authentication protocols with its crippled handshake and leaves the hardest stuff like datagram encryption as an exercise to the reader. If DCCP's sequence windows and reset algorithm were too hard for anyone to get right, how the hell is anyone going to homebrew DTLS on top of Noise? It's a dead end and can be ignored.
Brayden Wilson
Noise Protocol Framework Crypto protocols that are simple, fast, and secure fucking LOL. your post is a fucking mess
Angel Jackson
Kill yourself.
Daniel Watson
so? dont use it for datagrams. kill yourself
Nicholas Phillips
OP here again, I honestly didn't expect so much help with this, thanks. Really informative shit, exactly what I'm looking for.
What's wrong with apache? You did mean apache, right?
Luke Wilson
No. The OpenSSL license is incompatible with the GPL, and libressl inherits this problem. While you can add a license exception to GPLed code linking to OpenSSL, almost no one does, and massive amounts of free software today violates the license. Some day someone will use that to grab the ecosystem by the balls.
Asher Cruz
literally where? i never claimed that noise/strobe are full tls replacements literally where? please give me real quotes you retarded nigger
Jaxon Baker
It's not supposed to replace TLS. Also, it's not supposed to be as full-featured as currently existing crypto protocols. VPN encryption lies in the "complex but not necessary" category for "simple" crypto protocols.
I don't see the point of a new protocol that can't replace TLS. It just means we'll end up in a mixed environment with both, doubling the amount of code that needs to be kept secure and complicating software that does encryption. I also have a feeling it's pointless to argue about on Holla Forums as no one here understands what TLS actually is and can't mentally separate it from SSL.
Isaac Baker
Btw also, you have no idea how much people depend on DLTS today. It got absolutely huge in the span of about 3 years. All those cancerous 'smart' devices you see are often doing telemetry over DTLS.