U. Washington Crypto Course Now Online for Free

Alien54 writes "Who wants to pay for Stanford's Crypto Course, when University of Washington has made the whole Cryptography Course available online for free. Yes, all the presentations, videos (mp3, WMV), homework, quizzes etc. are available online. The material seems pretty decent, and is intended for an advanced audience." Found on linkfilter.

Study cryptography!

[Radicode]

I think most online software developpers should learn the basics of cryptography. Not only would it improve security but it would also lead to better design in general. No more "base 64 encoded password in a text file" stuff please!

Radicode

Re:Study cryptography!

Bx, cbvag gnxra.

Re:Study cryptography!

[Metabolife]

No, just the password to root written on a post-it near their monitor.

Re:Study cryptography!

[Lord+Ender]

Actually, any company that cared about its own reputation and customers would have a security specialist write ALL code that does authentication or cryptography. It is actually pretty tricky to get right, despite how easy some APIs make it look.

If you are too small to afford a security specialist who can code, look outside the organization. Letting regular developers do security is an incredibly risky business decision.

Re:Study cryptography!

/me raises hand. "guilty"

Re:Study cryptography!

[timeOday]

No, just the password to root written on a post-it near their monitor.

I'll grant that's a bad idea, but I think 95%+ of threats come over the network these days.

Re:Study cryptography!

[Toveling]

That's actually relatively secure. If a user has a strong password, but with it written, it's much more secure than if it's weak but memorized. If a malicious user has physical access to the machine, then he's going to get what he wants, one way or another password or no.

Re:Study cryptography!

[dhasenan]

Not so. In a home environment, yes; but if you're talking about a server in a corporation, you'd need to open it up and modify the contents. A business will likely be using LDAP or something similar, or at least you'll need to provide another password in order to modify anything beyond the workstation you're on. And that password is on a machine that you won't have physical access to.

Re:Study cryptography!

I think most online software developpers should learn the basics of cryptography.

You're hardly alone, a couple of years ago O'Reilly started publishing books like Secure Coding: Principles and Practices that touch on cryptography as something all devs should know about. However, I think that this is probably one of the lesser-selling series in all that they publish, which is sad.

Re:Study cryptography!

[PatrickThomson]

Exactly. Re vista's security model, people said "what's to stop the malware from confirming the 'install this?' prompt, but malware can't read a password postitted out of view of the webcam. If someone has physical access to the machine you're stuffed anyway.

Re:Study cryptography!

[cras]

No more "base 64 encoded password in a text file" stuff please!

So how should it be done, assuming the user wants passwords to be remembered? No matter how you store it, it's no more secure than base64 encoding since you'll have to be able to open it anyway. Unless you're talking about something completely different.

Re:Study cryptography!

No. Its more important to do product which fulfills its specifications than try to do the perfect product.

I have studied and implemented most of the public and private key encryption/hashing methods. I have also been in software projects where requirements of the product didn't justify implementation/use of secure encryption so I coded simple scrambling well knowing that it can be broken with very little effort.

Re:Study cryptography!

[cataBob]

So how should it be done, assuming the user wants passwords to be remembered?

One way hash.

Re:Study cryptography!

No, just the password to root written on a post-it near their monitor.

I know! I've actually seen people typing their root password one letter at a time mere feet from the computer they're logging onto. It's almost as though these imbeciles thought that the integrity of their physical security was sufficient to protect their data! I've actually seen people unplugging peripherals on the idiotic assumption that this will keep their computer from using them. My friend's sister actually thinks that blowing out candles will keep them from burning their house down. I just can't seem to explain that security through obscurity is no security, and all it takes is a 50 cent lighter and anyone can light the candle and place it under a curtain when you're away.

Re:Study cryptography!

[cras]

Oh, from server's point of view, not from a client's point of view which actually needs to know the password to be able to send it.

Re:Study cryptography!

[MK_CSGuy]

Still one way hash - the "server" calculates the hash and stores it,
and when it receives the password from the "client" (if it is a real client-server-over-network scenario then obviously you should transfer the password safely, uing SSH for example) it calculates its hash and compares it with the stored hash. If it's a match - bingo.
Because it is much more problematic to get the password from its calculated hash, it is safer to store the hash and not the password.
In its most basic form you can still attack it (Rainbow tables) but you can defend against it with salting.

Hey, just found through that wikipedia article about salting this article about Storing Passwords - done right. Haven't read it myself really, but from skimming I can see that it implements a salted hash mechanism in C# & ASP. Maybe it could prove useful to you or others.

Re:Study cryptography!

[ArghBlarg]

A slashdotter who did not build his own computer is like a jedi who did not build his own lightsaber.

Maybe that should read

A security programmer who did not build his own crypto is like a jedi who did not build his own lightsaber.

Doesn't make so much sense now (or does it?)

More programmers could do well do learn crypto -- at least where to get the tools and algorithms, and how to apply them. I'm no math whiz so I'd be reticent to devise my own S-boxes from scratch. But it's still a worthy exercise to study up on the subject.

Re:Study cryptography!

[Schraegstrichpunkt]

Actually, any company that cared about its own reputation and customers would have a security specialist write ALL code that does authentication or cryptography. It is actually pretty tricky to get right, despite how easy some APIs make it look.

Huh? As opposed to using well-known implementations? How is this more secure?

Re:Study cryptography!

[pyite]

I'll grant that's a bad idea, but I think 95%+ of threats come over the network these days.

So what? All the same principles apply. Saying "study cryptography" is good, but it's really more useful to study information theory and security in general. A little broader thinking on the matter will let you apply the knowledge to cryptography as well as security of, well, anything. Just read all about Claude Shannon for a fun time.

Re:Study cryptography!

[Lord+Ender]

What I am trying to say is that integrating authentication and cryptography properly into a complex program is not easy. I'm not saying you need to write out the MD5 algorithm. Using the supplied one is fine. But you would be surprised how many people write programs that use the right algorithm, but can then be easily curcumvented by, for example, using predictable session cookies.

Re:Study cryptography!

[Lord+Ender]

I'm not opposed to using well-known implementations. Where did you get that idea?

If you actually studied it, you would be surprised to realise how many programs have a secure sign-on mechanism, using well-known implementations, but have other flaws that allow it to be completely circumvented (such as guessing session cookies).

And the people who use hashing to store passwords, but don't salt the hashes...

And the people who use public key implementation, but completely mis-design the PKI...

There is so much that can go wrong, just "using" the right algos won't do it. You have to use them right, throughout the entire app. You have to look for ways around them. Lots of people don't get this.

Re:Study cryptography!

My friend's sister actually thinks that blowing out candles will keep them from burning their house down. I just can't seem to explain that security through obscurity is no security, and all it takes is a 50 cent lighter and anyone can light the candle and place it under a curtain when you're away.

Right... so what happens when she leaves them lit, wanders off or heads out, and they fall over because the wax at the bottom has gotten all warm and mushy? You know, when it falls over on the table / counter / floor? Dumbass.

Re:Study cryptography!

[Schraegstrichpunkt]

I'm not opposed to using well-known implementations. Where did you get that idea?

Probably from your sig:

A slashdotter who did not build his own computer is like a jedi who did not build his own lightsaber.

Ok, so I totally misinterpreted what you were saying. I thought you were saying that a every company should hire people to build their own implementations, but I think what you're saying is that *when* they make their own implementations, only security experts should be allowed to do it (or, they should at least be heavily involved). That makes much more sense.

Re:Study cryptography!

[arodland]

Sure, building a good, integrated system is hard, and I'll grant you that it takes an expert. But I'll go one step further than what you said a moment ago and say that you most emphatically should not be writing your own algorithms.

Re:Study cryptography!

[cras]

You still talked only about server side. That's obvious to me that passwords shouldn't be stored in plaintext there. But in the client side the client needs to know the plaintext password (or equilevant secret) to be able to send it to server, and if user wants the password to be remembered, there aren't really any better choices to store it to disk than base64-coded, unless the operating system itself supports something special (such as OSX's keychain).

Re:Study cryptography!

[stoborrobots]

I thought you were saying that a every company should hire people to build their own implementations, but I think what you're saying is that *when* they make their own implementations, only security experts should be allowed to do it (or, they should at least be heavily involved). That makes much more sense.

I think Lord Ender is saying something slightly stronger than that... The way I read it, his point is that even when a company is using the well-known implementations of the algorithms, they should have a security expert involved in the design of how the crypto is used in the product... Like not just having your developers storing MD5 hashed passwords in the db, but having someone knowledgable to ensure that they use salted hashes...

As Schneier points out in his essay on security pitfalls in cryptography, "... just as it's possible to build a weak structure using strong materials, it's possible to build a weak cryptographic system using strong algorithms and protocols...." Thus, we need security experts to ensure we don't undermine the strength of our system with weak structures...

Re:Study cryptography!

[MK_CSGuy]

Well, I guess the best choice is to remember them yourself. If you really need to manage a database of passwords then you should encrypt the database with one master password which you will need to remember (one password vs many passwords). This is also how OSX keychain works, according to this article.
It is also possible to encrypt the database with a key which is only available on a usb stick (for example) and use the usb stick to decrypt it.

Re:Study cryptography!

He was being sarcastic? Dumbass.

Also worth visiting...

[Sheetrock]

The MIT OpenCourseWare site has a sizeable amount of free learning materials. I had it bookmarked a while back when they weren't offering that much but they've since put a lot online.

Re:Also worth visiting...

[vinay.ys]

There is nothing on the courseware that can't be found in text books available all over the world. So it isn't all that great a news. Also, most univ. profs put up notes and presentations online.

Re:Also worth visiting...

[Sheetrock]

It really depends on which course you're looking at. I was interested in a review of calculus, and was able to obtain a free book, accompanying teacher's guide (answers to all problems in the text), presentations/notes, and assignments. Other courses are more sparse, but if you can point to a larger resource in one spot on the Internet I'd like to know about it.

Re:Also worth visiting...

[Chalex]

MIT has the full text of the book Structure and Interpretation of Computer Programs online. They also have the videos of all the lectures. I've been going through them slowly; they really make you think.

Re:Also worth visiting...

[hlimethe3rd]

MIT's courseware ranges quite a bit from the very complete to the just-an-outline, but the variety of subjects online, and number of levels within each, is pretty impressive. I've found it a good resource just for a quick reference, or for a self-taught subject. Definitely a good thing for the school to do.

Re:Also worth visiting...

[RackinFrackin]

Another great online crypto resource is the Handbook of Applied Cryptography. The full text is available for download.

Re:Also worth visiting...

[RackinFrackin]

Doh!

Next time I'll read the article.

Re:Also worth visiting...

[Aerion]

They also have the videos of all the lectures. I've been going through them slowly; they really make you think.

Those lectures are from 1986! The course content has changed a fair amount since then, although mostly it's a matter of the order in which they are taught.

Anyway, in recent terms, we've opted for the lower-bandwidth option (not that we usually worry about bandwidth here) of lecture slides with accompanying audio clips. This also means that lecture attendance has dropped severely.

Re:Also worth visiting...

[Sheetrock]

I'm probably going to run through this series anyway. One bonus over slides of recent lectures is that if they start to lose me on a topic, at least I can be amused by what we used to look like in the 80s.

Re:Also worth visiting...

SICP has been online for ages. I remember referring to the online version even when I was taking the introductory CS course many years ago.

Re:Also worth visiting...

[johansalk]

Hi. I'm going through these videos too. Where can I find the updated lecture slides and accompanying audio clips? Thanks.

Re:Also worth visiting...

That's the free tease. If you want to see the stuff that's not 20 years old pay $30k a year.

The Zatanna School of Cryptography: Thanks, Taco!

[RobotRunAmok]

I so, so TOTALLY love the fact the little sub-title/blurb for this story is in a backwards-writing code, and that there is a misspelling.

Sometimes, it's all just so perfect.

Thanks again.

Encrypted

[MrSteveSD]

And once you've cracked the encryption, the course is free!

What about certifications?

[Zweideutig]

Isn't the whole point of taking post secondary courses to have the credentials necessary to get a job in your chosen field?

Re:What about certifications?

[kfg]

No.

KFG

Re:What about certifications?

Believe it or not, some people are still into learning for learning's sake: you know, the whole increase your knowledge thing.

Re:What about certifications?

[daveb]

Isn't the whole point of taking post secondary courses to have the credentials necessary to get a job in your chosen field?

As others have said "hell No"!

oh alright - yeah, sometimes

Sometimes you need various accreditation to get/keep/progress in a job. this may be

• an academic certificate such as Bachelors/Masters/PhD
• professional accreditation - pass the bar in law, accountants have something - it's common in various professions to have to get approval from a body of esteemed peers
• a industry/vendor related such as those offered by Novell, Microsoft, Cisco, Redhat etc

BUT (and it's a big point) eventually you get to the stage where another bit of paper just doesn't matter. You are interested in knowledge and skills for their own sake. That motivation is desirable even in the accreditation activities above. But what do you do when you've got all the paper you want/need/care-about? Often self-study and keeping abreast of the field is enough. But sometimes it's good to take a prepared and structured course that is relevent to you regardless of whether you get the final qualification.

I regularly "cherry-pick" courses with no intention of getting the final certificate. It plays hell with the institutions completion-rate reports, but that's not my problem.

I love the idea of these courses being made freely available for cherry pickers such as myself that just want to learn

It's visible in Europe too!

[MarkByers]

The US Government has allowed us in Europe read it too! They finally realised that learning about cryptography doesn't mean you are a terrorist.

Or perhaps they are using the website to collect IP addresses of potential terrorists?

Re:It's visible in Europe too!

[Radicode]

No, all "approved" methods on the website are tainted with a reversable key known by the US gov. Now they can read your e-mail too :-P

Re:It's visible in Europe too!

[v1]

I would be willing to bet that there is a "classified rule" in that educational system, "thou shalt not teach of crypto that we are as yet unable to break".

Better to sell locks to which you already posess the key.

Re:It's visible in Europe too!

[gkhan1]

What, are you crazy??? Ofcourse they teach ciphers the US is unable to make! Hell, I never took crypto-courses at the university, and I can teach you a few that is practically unbreakable simply because I'm curious about this stuff.

Hell I'll teach you the Vernam cipher right now! For each message create a totally random string of letters as long as the message to serve as a key. Convert the letters in the key and the message to binary numbers, XOR them together, and convert them back to letters. Make sure the key was mindblowingly random (no PRNGs!) and that you never, ever, EVER! use the key again. To decrypt, just XOR the cipher with the key again.

There, that's unbreakable. Completetly, 100%, mathematically proven, not-even-when-the-aliens-come-with-their-supercomp uters unbreakable.

So no, I'm fairly certain that they teach whatever they want.

Re:It's visible in Europe too!

[v1]

btw, that's more commonly referred to as a "one time pad". I rather doubt most people have heard of it referred to as "Vernam cipher ".

For unbreakability, if used properly, yes, a one time pad is effective. In reality though, this relies on the repeated exchange of a codebook, and in that case the frequent need for physical exchange between the parties produces more risk and opportunity for exploit/discovery than it's worth.

Any attempt to generate the pads without physical exchange via a formula etc just reduces the security of the system by introducing analyzable patterns that can be used to break the formula and thus break the pad.

Re:It's visible in Europe too!

[meringuoid]

I would be willing to bet that there is a "classified rule" in that educational system, "thou shalt not teach of crypto that we are as yet unable to break".

I doubt it. That requires too many people to know the secret. If you've broken Popularly Used Cipher X but not Popularly Used Cipher Y, you keep the fact deadly secret. You want people to keep using the broken code, rather than switch to the unbroken code.

Now, if you try to ban people teaching Y because you can't break it, then you have to let every crypto researcher know about it so that they can know what not to teach.

But that kind of negates the secrecy, doesn't it? Suddenly the fact that Cipher X has been broken is public knowledge; you've just told hundreds of civilian professors about it, and someone's going to leak. The world switches to Cipher Y, and your great advantage in cryptanalysis is gone.

It's possible, of course, that you might try a double-bluff: ban discussion of the _broken_ cipher, and try to trick people into switching _away_ from the stronger version. But in general, it's probably better practice to keep silence as far as practical. Let 'em keep guessing. Every move you make, every public word you say, will be analysed by your adversaries, and whether you're lying or telling the truth it's all information that might be useful to them in ways you can't predict...

Re:It's visible in Europe too!

[gkhan1]

Well, technically, the Vernam cipher and the one time pad is slightly different, the Vernam cipher uses XOR where the one-time pad uses good ole' Vigenère style addition.

The cipher was invented by Gilbert Vernam, and I like using the term because it describes the general cipher instead of the one-time pad, which really is a much more restricted application of it. Also, I beliece that's the term David Kahn used most often in The Codebreakers, and who am I to argue with David Kahn :P. As a plus, it sounds way cooler.

And yes, obviously you are right. My point was that, used correctly (and it has been, several times, russian spies used this alot), the cipher is unbreakable. The cipher isn't useless, it just has limited application. As I said, russian spies used it alot back in the day, and even though we have had their encrypted communications for ~40 years, we still havent been able to break them. And we never will.

Re:It's visible in Europe too!

[magefile]

The Soviets didn't use it correctly, actually, and we managed to break several pads by exploiting weaknesses in the way they generated their random characters.

Re:It's visible in Europe too!

[theonetruekeebler]

They probably think spelling "realized" with an s already counts as encryption.

Of course, they also think that by "correcting" your spelling I've circumvented your copy protection scheme, thereby violating the DMCA.

Uh. so what?

[Tuffnut]

Lots of universities have their course information online. I fail to see why this case is of any significance?

American tax payers money wasted big time!

Damn! This is tax payers money that gets wasted big time! Now all the foreign people can study this course for free. It has costed some big dollars to get that course material. Tax payers money! We pay - others benefit. Do you have ANY idea how much this costs?

Re:American tax payers money wasted big time!

[kfg]

Now all the foreign people can study this course for free.

And without it they couldn't just go to a library.

KFG

Re:American tax payers money wasted big time!

[orthogonal]

Now all the foreign people can study this course for free. It has costed some big dollars to get that course material. Tax payers money! We pay - others benefit. Do you have ANY idea how much this costs?

How much are you paying the Sumerian guy (yes, and others) who invented writing? The Babylonian who invented the calendar? Hell, most of the early American industrial revolution depended on violating English patents on water-wheels and drive-shafts and various cogs and pulleys. That God there was no Berne Convention then, huh?

When you enjoy Bach's Musical Offering, do you send a buck to the descendants of Bach's patron, Frederick II of Prussia?

The truth is, every one of us -- even the most prolific and creative inventors -- benefit far more from our shared cultural patrimony than we contribute to it.

Most of Newton's genius would have been wasted if he'd had to spend his life chasing down gazelles to get his lunch. Little of that genius would have been transmitted to anyone without the efforts of the anonymous inventor of writing and thousands of others who refined that tool and so many other tools down through the ages.

Information, knowledge -- they are not, contrary to the more glib claims of the Open Source movement, free. Knowledge must be wrested from nature at great cost by discovers, and each of us to understand that knowledge must pay our own cost to learn it.

But the Open Source advocates aren't wrong either: knowledge can be transmitted at little marginal cost: developing the course did cost the tax- and tuition-payers of Washington State, but the additional cost to make it available to all is the negligible amount required to host it on a web server. Nor is it "free" to anyone -- anyone who wants to possess it must take the time and effort to learn it, to re-make his own mind by incorporating that new (to him) knowledge. There is no "royal road" to knowledge; commoner or king must wrestle it into his own head.

Don't be a Philistine: millions, alive and dead, your teachers and people entirely unknown to you have for fifty thousand years given you knowledge and indeed a rich material culture based on that knowledge. Don't begrudge passing it on.

Re:American tax payers money wasted big time!

Best post.ever.

encore!

Re:American tax payers money wasted big time!

So well written post that it's damn hard to find any arguments.

Re:American tax payers money wasted big time!

[ceoyoyo]

Don't begrudge passing it on.

In other words, knowledge should be free (uncontrolled). I agree that it's not free (doesn't cost anything).

Re:American tax payers money wasted big time!

Ancient Greeks, you uncultured fool

Re:American tax payers money wasted big time!

How much are you paying the Sumerian guy (yes, and others) who invented writing? The Babylonian who invented the calendar? Hell, most of the early American industrial revolution depended on violating English patents on water-wheels and drive-shafts and various cogs and pulleys. That God there was no Berne Convention then, huh?

Bottom line is, the bandwidth is paid by the residents of Washington state and the course materials (not all of the content.. most of which was developed by others) were developed by them as well.. again costing money. It is a service by U Dub. It should generate revenue for those not contributing to their tax base.

Don't be a Philistine

You should have just said "don't be ignorant" since that's the favorite retort of dipshit liberals who don't like a given point of view.

millions, alive and dead, your teachers and people entirely unknown to you have for fifty thousand years given you knowledge and indeed a rich material culture based on that knowledge. Don't begrudge passing it on.

They can go to their local library and read it then, it whatever country they're in. I see little if any reason to make anything easier for those outside the state of WA.

Unless of course, you're willing to champion the cause and put up the needed bucks. Didn't think so.

Thanks

[backslashdot]

Yeah and it was on college's website before that too.

Why don't i just visit all the websites on the internet every day? Then i wouldnt have to bother with the inconvenience of browsing slashdot.

As for having the same writeup? The bottom of the text credits linkfilter .. duh.

Re:Thanks

[Distinguished+Hero]

My apology. I assumed there was some sort of friendly rivalry going on between digg and slashdot, although with all that bile and vitriol I've just experienced, I guess not. I also found it interesting the the Slashdot post claimed "Found on linkfilter." which is a pretty obscure site that I've never heard of (and I don't think many others have as well; it doesn't even have a wikipedia entry). Furthermore, if you compare and contrast the date stamps on both the linkfilter and digg, you'll notice that the digg post predates the linkfilter post.

Why don't i just visit all the websites on the internet every day? Then i wouldnt have to bother with the inconvenience of browsing slashdot.
With one of those newfangled "RSS/Atom" readers, it's quite easy to keep yourself appraised of quite a few websites. If you still find yourself strapped for time, perhaps you could reschedule some of the time that is currently allocated to flaming innocent people on slashdot, to reading more websites instead.

Re:Thanks

And Digg doesn't have abusive moderation? Get real. The whole hive moderates you on Digg.

Re:Thanks

[MarkByers]

I totally know what you mean. If you mention Digg on this site you get modded Troll or Flamebait. Weird, huh? Personally I think both sites are good and both have positive and negative points. I see no reason why anyone wouldn't want to read both.

I guess I'm just too radical...

Re:Thanks

[MarkByers]

If you say something unpopular on Slashdot you lose the right to moderate. At least on Digg everyone is equal.

Re:Thanks

[EvilIdler]

Sure, RSS makes it easy, if you can cut down the stream to just the subjects you are
interested in. Then you need to KNOW ABOUT the sites in question - I wouldn't have
heard of Digg if people weren't constantly bitching about it here ;)

Re:Thanks

Ever tried mentioning Slashdot on Digg?

A passing reference got me -40. Yet, copying comments verbatim from Slashdot (when I'm certain they weren't the same people) usually resulted in being modded up.

I can't say I've seen many intelligent conversations there. I sometimes look at Digg, but I no longer look at the comments.

And by the way, since you seem to be very vocal about how Digg is good because of 'equality', you might try Googling for that incident with Kevin Rose a while back, where the same 10-20 people instantly Dugg certain stories, while stories with 3 times as many Diggs in half the time never made it to the front page.

It's not a democracy there either.

Re:Thanks

[Jane_Dozey]

Unfortunatly there are far too many digg and slashdot trolls running around both sites to ever have a friendly rivalry :/ There are also too many people visiting them that don't understand banter and take everything as a serious personal attack if they think you're critising something they like (ie slachdot or digg).

Next time just make sure you stick in a disclaimer making it blindlingly clear that you're having some fun rather than trolling! :)

Re:Thanks

[WilliamSChips]

Including the GNAA.

Re:Thanks

[WilliamSChips]

And all their clone accounts.

Re:Thanks

[MarkByers]

Several articles about Slashdot have made it to the front page on Digg. Many of them are very positive.

http://www.google.com/search?q=slashdot%20site%3Ad igg.com&hl=en

Compare it to the articles about Digg on Slashdot, and check the comments too:

http://www.google.com/search?q=digg%20site%3Aslash dot.org&hl=en

Re:Thanks

There's a new "Digg overtakes Slashdot" story about every two weeks, usually based on the Alexa toolbar (and you'd think in a democracy founded on the principle that it would be like Slashdot, but with no dupes, that there wouldn't be dupes, but I guess we're wrong).

Almost all of the results of searching Slashdot for "Digg" are people complaining that Digg had the story first, as if that somehow makes it wrong to post it on Slashdot.

According to your links, anyway.

More outsourcing!

People in India and China will use this course material to study crypto and eventually more American jobs will be transfered to India. This is like a jackpot to Indian educational institutes. And all of this is funded by American citizens. Like Kennedy said - ask not what your country can do for you, ask what you can do for your country. This is just wrong! College students pay huge amounts of money to get access to this kind of material. They pay - the rest of the world benefits.

Re:More outsourcing!

[dhasenan]

Okay. The alternative is that an intelligent Indian person comes to the US and studies cryptography, then goes back to India and starts teaching it.

What's the net benefit to the US? Maybe $100K. So how do we keep the money in the US? Force everyone with a graduate degree from a US university to stay in the country? Then you get a pair of intelligent Indian people; one gets a doctorate in applied cryptography and teaches everything he learns to the other.

Now we require that everyone who talks with anyone with a graduate degree from a US university has to stay in the country. Hell, why not just close the borders entirely? Nobody gets in, nobody gets out.

There's still the problem of correspondence. So why not close all borders permanently to all traffic? No goods enter or leave the country; no communications outside the country. And set up a 50-mile wide belt of land mines around all our borders so people can't use semaphore, and outlaw radio communications, and....

Hell, why not just outlaw learning. That'd show 'em.

So?

How is this special? Princeton's entire CS curriculum has been there for all to see for the last 9 years, and I haven't seen any /. articles about it in that time.

Re:So?

[Xshare]

video?

Re:So?

[EotB]

A large part of why it's so special is probably due to the NSA and US Government's stance on exported crypto in the 90s.

Re:So?

[charlieo88]

First all the links were dead. Now they're back, but all they link to are course descriptions. Even community colleges have their course catalog online now, where is the course material?

Re:Found on

[deesine]

Great, now you can get some decent comments about it.

Let's take it together

[orthogonal]

Looks like good stuff, and even the textbook is freely available. I've also enjoyed podcasted courses from several sources. One thing I do miss, when auditing by podcast, is a chance to discuss the course material with others (and the tests that would allow me to know how much of the material I'm getting).

Anyone want to join me in taking the course as a group? We could "meet" in IRC or via a listserv. and we'd probably get more out of the course by having others to bounce ideas off of, to challenge our assumptions, and to correct our errors.

If you're interested in joining me in this, reply to this post, and I'll see about organizing things in my Slashdot Journal.

Re:Let's take it together

[wied81]

i'm game...wied81@hotmail.com

Re:Let's take it together

I am in...soaponarope@gmail.com

Re:Let's take it together

[thesolo]

That's an excellent idea, I'd be very into it.

Re:Let's take it together

very interested!

Re:Let's take it together

[ben_place]

I'd like that.

Re:Let's take it together

[fbjon]

That's a pretty cool idea, I wouldn't mind participating.

Re:Let's take it together

[nintendo_is_a_cereal]

For this particular course or just a bunch in general? I've recently become very interested in crypto so for this it would be kinda cool. Plus having others would help me keep at it more than by myself.

Re:Let's take it together

[KWTm]

I, too, would be interested. It's been a while since I've done applied math, and it will be good to scrape off the rust.

It would probably be better to keep in touch via a Listserv of sorts, since time zone differences may prevent the group from coming online at the same time. Yahoo! Groups comes to mind as one possible simple way to do it, with discussions archived for people who come late to the group. IRC/IM can be used to supplement discussions.

I'll check your journal.

Since the course is about cryptography, might as well use OpenPGP. My public key will be in my journal.

Re:Let's take it together

[Quantum+Skyline]

I'm interested. Let me know at quantum dot skyline at gmail dot com

Re:Let's take it together

The course is currently much too advanced for me, so I can't join ya', however, it feels good to see someone take the lead with an open spirit of camaraderie. We need more of that around here.

Best of luck to you and the fellows who join you.

Re:Let's take it together

[lon3st4r]

looks interesting. what are you planning?

* lon3st4r *

Re:Let's take it together

[breadbot]

Yes, that sounds good. I need to take a course like this to catch up on some crypto for work!

Re:Let's take it together

[waq]

I'd like to sign up too. I'm interested in the mathematics of crypto. Email: waqjan at hotmail dot com.

What Crypto Course?

[jackb_guppy]

Did they reaad the material before posting this article??

Some math questions involving a MOD and the final homework... How much bandwidth is VeiSign using.

Where is the questions about breaking the code?

Re:What Crypto Course?

[mtenhagen]

A course on cryptography is a course how encrypt and decrypt stuff. Not how to break it.

Re:What Crypto Course?

[jackb_guppy]

The course matrial do not talk about that either. Just bandwidth and preformance issues with choosing different encyrption method available. IPSEC, SSL, ...

Re:What Crypto Course?

[RackinFrackin]

Look through the assignments. They include exercises involving number-theoretic foundations of cryptography, breaking classical cryptosystems (Vigenere ciphers), differential cryptanalysis, and other stuff.

Re:What Crypto Course?

I think he's talking about the Stanford link which is a 'certificate' course and, after a cursory glance, does not appear to have any mathematical foundation.

In contrast, the U.Wash. course does seem to be for a degree program, actually studying the mathematics of cryptography.

Why these two were compared is a mystery.

Re:What Crypto Course?

[Schraegstrichpunkt]

Did you watch any of the the videos? It's about crypto.

103885710475-109865-946598

[sidfaiwu]

4987520-23495863459802-349876927450-09827-10960349 56-875-19608917294857019. 2398798-897326-10691326! 234987340-189763865-19287638946?

Free as in what?

[ABoerma]

I mean, this is Slashdot after all.

Re:Free as in what?

[dingen]

"Free" as in "all the material is in proprietary Presenter/PDF/PowerPoint/WMV/WebViewer/MP3 and all of the instructors work for Microsoft".

Re:Free as in what?

[Stormwatch]

Serr nf va orre.

Re:Free as in what?

sorry ...

Free as in Buttsecks.

Re:Free as in what?

[gEvil+(beta)]

Serr nf va orre.

Hey now. I realize that the Pirate Bay is down, but that doesn't mean you need to post your Swede-talk here...

Re:Free as in what?

[Schraegstrichpunkt]

Serr nf va orre.

Heh. I read that without actually running rot13! I must be an uber-cryptanalyst!

Re:Free as in what?

[d_54321]

Free as in "click and find out".

Winter '02 course is also available on-line

[bal]

Winter '06 was actually our second crypto class for UW PMP; lectures and materials from when Josh Benaloh and I taught crypto in Winter '02 are also available on-line. The material covered in the two courses is similar (we added material on cryptanalysis in '06 and updated the existing material). If you're working through the course at home you might find it helpful to work through the '02 assignments as well.

Re:Winter '02 course is also available on-line

[kfg]

Very nice, really; and thank you, but. . .

would it be possible to have the HTML material presented in HTML?

KFG

MOD PARENT UP

[patio11]

1560464-40437870136830!

Comment removed

[account_deleted]

Comment removed based on user account deletion

advanced? crypto?

is the OP a moron? i can't believe this is a college class.

Independant Cryptography Learning

[tetrisaddict]

On a related note I've recently noticed this post about getting into the theory of cryptography. I don't know anything about the author nor the topic so I cannot verify is the advice is good, but it sounds reasonable.
T

Re:Independant Cryptography Learning

[Paul+Crowley]

Looks good to me. I'd just like to emphasize one thing: don't try to get into crypto by inventing symmetric primitives. Try to get into it by breaking them. There's bound to be lots of cryptanalysis yet to be done on the eStream candidates, for example - I'm sure there's room for newcomers to crypto to make breakthroughs there.

Memo from U.Wash Dean to NSA

[Gothmolly]

Dear NSA,

Our plan is working splendidly. Numerous people have given us their names, addresses, social security numbers, and personal information. This along with their expressed interest in encryption will keep the data miners happy. We will, as previously agreed, forward all correspondence from students of this class. Enclosed please find an Excel file of all information on the online course takers. I can't believe you were right, that potential enemies of the State would voluntarily sign up for something so obvious.

Yours truly
Tobias Fünke

MOD UP! #1 POST ON SLASHDOT - EVER!

Subject says it all.

Re:Found where?

[Aurisor]

Except digg has a typo:

"for advance audience"

And slashdot does not.

It's a cold day in hell.

Related: Networks course at CMU

[angio]

Since people seem to be interested in this, you might also take a peek at
the CMU computer networks course, which I put online almost entirely (lecture nodes, video, homeworks, and the programming projects). Click on "Syllabus" to get to the contentful-bits. Feedback is welcome: Srini and I hope that leaving it online will be useful for students and instructors everywhere.

Moi!

[The+Cydonian]

Strike me interested. Will be tuning in to your JE's now.

Crypto course online for free

[matt+me]

No it's not.. it's password protected!

Oh right, I get it.

Re:The Zatanna School of Cryptography: Thanks, Tac

[Gothmolly]

It's not a misspelling, the first thing you do when encrypting is compress, to remove all the redundant data. So that was Taco's little joke, he 'compressed' out the 2nd "L" character.

sadly

[friedman101]

you may be able to turn someone's credit card number into an asymetric cipher hidden inside a jpeg of his last family reunion but you can't stop the idiot user from writing his password on a sticky note on the side of his monitor.

Re:Not again!

[Aerion]

Whoops! Then I guess I shouldn't post this link...

But yes, Walter Lewin's lectures were fantastic. It's a shame that he doesn't do freshman physics anymore, with the advent of the s/learning/technology/g program (a.k.a. TEAL). I think the move to make his old 8.01 lectures available was in part to provide a good resource to those students who don't like TEAL and who don't learn well in that environment.

Not crypto.

[SanityInAnarchy]

I know most of what I need to know about crypto -- just feed it through gpg or openssl, done. I'd want to take some other course -- right now, I'm wanting to learn C# on Mono (Windows, Mac, Linux, and I do have them all) and do some more advanced algorithms and data structures.

I'd also be interested in hanging out around a class on crypto, or on introductory programming. I haven't finished college (and probably won't), but it's been a hit-and-miss whether I'm a better teacher than my professors.

munitions status

[babanada]

In the past, as I'm sure most here know, encryption software was considered to be munitions. I actually purchased the Zimmerman book that was just PGP in source code format at the UW bookstore. The idea at the time was how can you control a book? Now, I know that laws have changed, and the US has relaxed its stance on this. Most distributions of GNU/Linux have SSH included.

This is fresh in my mind because I recently created a specialized GNU/Linux distribution and debated about whether or not to include SSL and SSH. Although I knew the status of this software had changed, I could not find any definitive regulations regarding crypto software. Certainly the last four years don't make me any less paranoid about getting burned by making a mistake here. There is a good presentation that specifically talks about these issues here in TFA. Yes, it does talk about how the munitions stance has relaxed, but I'm still not entirely sure that I don't have to notify some government agency that I'm including encryption if I distribute the root filesystem in binary form.

Re:Related: Networks course at CMU

[Giometrix]

Looks promising. I'll be checking it out when I have more free time. Thanks!

Memo from Student to Osama

[SanityInAnarchy]

You're not gonna believe this. The NSA uses Excel! Call up our friends at Microsoft and let us crush the infidels once and for all!

-----BEGIN PGP SIGNATURE-----

(In case you didn't get it, the point of this satire is that if the NSA truly believes in preventing people from studying encryption, then most of the crypto experts will be terrorists.)

Re:Memo from Student to Osama

[Gothmolly]

Since the passage of the DMCA, most people who can break encryption are Teh Terrorists.

Dead URLs, all of 'em

The URL you gave is valid, but the links from that page are dead.So much for open education at Princeton.

Re:Dead URLs, all of 'em

That's because you're looking at next semester. Fall '06 starts in September. Spring '06 just ended.

Of course, the original poster probably should have noted this, and the web site certainly should have noted it.

Re:Dead URLs, all of 'em

[sacrilicious]

I randomly chose 8 links (one level deep), all were fine...

Another such course in Operating Systems...

[nddomer]

On a similar note, we made the contents (lecture slides, video etc.) from Operating Systems online. Would appreciate any comments on whether such efforts are useful to the larger community (http://www.cse.nd.edu/~surendar/teach/spr06/cse30 341/lecture.shtml).

Re:Another such course in Operating Systems...

This stuff is awesome, I feel like a kid in a candy store!

Thanks!

Re:Another such course in Operating Systems...

[daveb]

Would appreciate any comments on whether such efforts are useful to the larger community

HELL YES!!!!

I plan on downloading this as soon as I get back to work. This is ALMOST exactly what I need for some professional development.

Now - if you'd do a similar course on analysing network protocols using ethereal - something that would bring me from basic networking through to being able to take part in various honeypot challenges then I would be a happy happy man.

p.s. by "basic level" I mean someone who has studied tanenbaum in knowledge, and is around CCNA level in implimentation skills.

Re:Another such course in Operating Systems...

YES!

now all I have to do is work out how to get them without my ISP sending me broke.

Re:Another such course in Operating Systems...

Absolutely this is helpful and here is why:

--It's learning for the sake of learning.
--I can work at my own pace and not be pressured by DUE dates
--It's a great head start for people who might actually take the class normally in the future

Why pay?

"Who wants to pay for Stanford's Crypto Course, when University of Washington has made the whole Cryptography Course available online for free."

I do. Personally, I'm willing to pay money to take a couse from a school like Stanford even if a free alternative is available from a school like the University of Washington.

Re:Why pay?

[finiteSet]

a school like the University of Washington.

In other words, a top notch Computer Science school. Both the graduate and undergraduate CSE programs are consistently ranked in the top 10. Last ranking I saw put the PhD program at 5th, after a four-way 1st place tie between MIT, CMU, Berkeley and Stanford.

When/If you are accepted to Stanford, congrats and enjoy. In the meanwhile, free course material from quality schools are greatly appreciated, be it from UW, MIT, or the many other universities with similar offerings.

Re:Why pay?

I'm willing to pay money to take a couse from a school like Stanford even if a free alternative is available from a school like the University of Washington.

You do understand that you get out of a course what you put in (and I don't mean cash). You realize that by looking your nose down on free offerings (material like lecture notes, example problems, etc) from "lesser" institutions, you are throwing away an excellent resource that may just help you in your studies at whatever university you go/went to.

(BTW, I have worked with grads from all of the Top Tier schools and many of the "lesser" schools. The one thing I have learned is that ranking of the school has little to no bearing on the quality* of its students. quality being able to be productive at a job and not some god damn score on a test/class.)

Better Design

I think most online software developpers should learn the basics of cryptography. Not only would it improve security but it would also lead to better design in general.

Ah-ha, now I get it, so that's where RMS learnt UI design when he was developing Emacs. Explains it all. Why, it really is better!

djb's crypto pages

[rplacd]

I wonder if he'll open them up to the general public now.

Mihir Bellare's crypto courses at UCSD

[meese]

You're missing out on possibly the most amazing undergraduate and graduate crypto classes out there. His research and course notes (which are almost book-like) have become a standard in the community. (And other schools, such as Berkeley and Maryland, use his course notes for their crypto classes.)

Re:Mihir Bellare's crypto courses at UCSD

[Mazem]

Wow, I just read some of those notes and they really are great. It has homework problems and solutions too. Thanks.

the internet courseware picture is much better...

you gotta be joking. You find an on-line syllabus and that makes the slashdot cover?!

MIT has OpenCourseware, and a lot of other university "open" up courses just as much as UWI has, which is to say, they do not deliberately lock up the material.

So, either the editors are ignorant of these obvious facts, or this must be a *REALLY* slow day. Oh nevermind, this is slashdot.

Thoughts on podcasting?

[laddhebert]

This is good stuff. Is there any chance you'll take the podcast route like UC Berkeley did? Please see: http://webcast.berkeley.edu/courses/feeds.php . I think it is a fantastic service and allows for automatically updating for those that use iPods and/or iTunes :D

-L

Re:Thoughts on podcasting?

[laddhebert]

I guess I should take a closer look before I post things. There already is a podcast link: http://www.cs.washington.edu/education/courses/cse p590/06wi/lectures/podcast.xml -L

Re:Related: Networks course at CMU

Just finished lecture 1. Good stuff! I never took a Networking course in college so I hope this will fill in the gaps of my knowledge.

My understanding is...

[jd]

...that Open Source encryption software is exempt from access controls, provided the US Government is notified of where the source is, and that there are no constraints on binary-only encrypted software. So, if you are using a standard Open Source library for encryption that has been properly registered by its authors, I wouldn't see that there was a problem. If you don't already do so, it might be a good idea to state what encryption software is used - it would make it harder for anyone to reasonably claim it might be proprietary (as proprietary algorithms aren't exempt). A lawyer would be able to give a clearer answer, but bear in mind that 100% of all court cases involve lawyers losing.

Re:the internet courseware picture is much better.

[Schraegstrichpunkt]

All the lectures (as video), slides, assignments, and the students' final projects are posted.

Torrent?

The entire site is huge -- several gigabytes. Does anyone have a .torrent?

Cryptography Class Rule #1

[pyite]

Cryptography Class Rule #1

Don't trust the professor unless the PDFs available were obviously typeset in LaTeX.

Of course, I'm kidding. But here's some more crypto material from one of my professors.

SCPD courses

[Krishna+Dagli]

BTW, This course demands that you to run Windows. Lecture videos won't work with Linux and even Mac! Don't know if thing have changed. http://scpd.stanford.edu/scpd/courses/ProEd/compSe c/

what library?

[themusicgod1]

After DRM/trusted computing is done, there will be no libraries.

You get what you pay for

Who wants to pay for Stanford's Crypto Course, when University of Washington has made the whole Cryptography Course available online for free

Uh ... I give up. People who want to learn something about crypto?

You get what you pay for. Then again, according to that maxim, every CS course at the University of Washington should be free.

Stanford course ironic

[belmolis]

I find it ironic that the Stanford course requires the use of IE on Windows, the least secure possible combination, as well as one that will exclude quite a few potential students.

All of our CS courses

[sentientbrendan]

are publicly accessible.

check out
http://www.cs.washington.edu/education/course-webs .html

Most of them probably don't have a free text book though... but it's still cheaper than tuition. Generally lecture slides are there too. I don't know if they put these pages together with public consumption in mind though.

btw, speaking as a student, the UW is an excellent school for computer science.

Re:Found where?

[heson]

The whole point of digg, is to beta test articles for /. Get back to work (reading crap posts) and stop trolling!

Re:Related: Networks course at CMU

Could we get direct download links for the videos?

Re:SCPD courses requiring Windows

[CrankinOut]

I guess that's an "unintended consequence" of Bill Gates donating the Gates Computer Science Building (http://www.microsoft.com/presspass/press/1996/jan 96/stanford.mspx)...

Chill

[backslashdot]

I wasn't being vitriolic. I was just saying. In a friendly manner. I regret that I came across as that.

laters friendly etc. etc.

Re:Related: Networks course at CMU

These are all the streams:

mms://ilserver.sp.cs.cmu.edu//VIDEO/821/774-821-L_ 1.wmv
mms://ilserver.sp.cs.cmu.edu//VIDEO/828/781 -828-Lect_2a.wmv
mms://ilserver.sp.cs.cmu.edu//VI DEO/842/795-842-L_3.wmv
mms://ilserver.sp.cs.cmu. edu//VIDEO/849/802-849-L_4.wmv
mms://ilserver.sp. cs.cmu.edu//VIDEO/861/814-861-L_5.wmv
mms://ilser ver.sp.cs.cmu.edu//VIDEO/869/822-869-L_6.wmv
mms: //ilserver.sp.cs.cmu.edu//VIDEO/882/835-882-L_7.wm v
mms://ilserver.sp.cs.cmu.edu//VIDEO/889/842-889 -IP_addressing.wmv
mms://ilserver.sp.cs.cmu.edu// VIDEO/896/849-896-9_IPpkts.wmv
mms://ilserver.sp. cs.cmu.edu//VIDEO/911/864-911-10_Routing.wmv
mms: //ilserver.sp.cs.cmu.edu//VIDEO/918/871-918-11_BGP .wmv
mms://ilserver.sp.cs.cmu.edu//VIDEO/930/883- 930-12_Mcast.wmv
mms://ilserver.sp.cs.cmu.edu//VI DEO/941/1001-941-13_DNS.wmv
mms://ilserver.sp.cs. cmu.edu//VIDEO/983/1052-983-lec14.wmv
mms://ilser ver.sp.cs.cmu.edu//VIDEO/1001/1070-1001-L_15.wmv
mms://ilserver.sp.cs.cmu.edu//VIDEO/1018/1087-1018 -16_Transport.wmv
mms://ilserver.sp.cs.cmu.edu//V IDEO/1034/1103-1034-17_TCP1.wmv
mms://ilserver.sp .cs.cmu.edu//VIDEO/1050/1119-1050-19_tcpperf.wmv
mms://ilserver.sp.cs.cmu.edu//VIDEO/1059/1128-1059 -20_AQM_QoS.wmv
mms://ilserver.sp.cs.cmu.edu//VID EO/1063/1132-1063-21_QoS_Mobile.wmv
mms://ilserve r.sp.cs.cmu.edu//VIDEO/1074/1143-1074-lec22.wmv
m ms://ilserver.sp.cs.cmu.edu//VIDEO/1081/1150-1081- L_23a.wmv
mms://ilserver.sp.cs.cmu.edu//VIDEO/109 4/1163-1094-Lect_24.wmv
mms://ilserver.sp.cs.cmu. edu//VIDEO/1105/1174-1105-security1.wmv
mms://ils erver.sp.cs.cmu.edu//VIDEO/1109/1178-1109-L_26.wmv
mms://ilserver.sp.cs.cmu.edu//VIDEO/1121/1190-11 21-27_srini_research.wmv
mms://ilserver.sp.cs.cmu .edu//VIDEO/1126/1195-1126-L_27.wmv

Re:Related: Networks course at CMU

Thank you, unknown friend.

Re:The Zatanna School of Cryptography: Thanks, Tac

Knowing Taco, it's a misspelling.