Man the moment I realized this was Cryptopals was amazing. I’ve been doing your challenges with so much enjoyment and recommended it to many people. Thanks for teaching people cryptography!
This talk does a very good job of explaining the basic concepts of cryptography without delving into the underlying mathematics (which can be a bit of a headfuck). I've never seen an explanation of ECC that's so precise. RSA is conceptually a much simpler algorithm using very 'crude' mathematical operations (although still a bit tricky to explain *why* it works) so it's a bit simpler to understand how it works just by looking at the pseudocode.
If the other three guys had spoken a bit quicker, the guy on the left wouldn't have had to rush so much. Kudos to him though for the number of words per minute he managed to get out, especially near the end haha...
They all have a gift of high intelligence and are there to try and explain their intellectual contributions to the project but the one guy is on another level to additionally have the gifts of communication and confidence to be able to share the information in an exceptionally clear and cohesive way to make it understandable to an audience. Thus, he deserves the position of moderator that he took and we could only be so lucky to have people like that teaching in our schools and writing tech manuals. It is a rare set of qualities and kudos to them all for their work.
"If the other three guys had spoken a bit quicker, the guy on the left wouldn't have had to rush so much." No one had to rush. The blabbermouth just interrupted them in rude manner.
About the exponent being 1 (one of the first items). Shouldn't the library protect the user from doing that, by raising and exception? Even on the lowest of levels of libraries, you can always (try to) escape being run by dividing by zero...
Enable comments on the videos where corporations and the state push tag teaming us: Fascist governments encouraged the pursuit of private profit and offered many benefits to large businesses, but they demanded in return that all economic activity should serve the national interest.
it makes me wonder... has anybody tried applying natural speech perdition to decoding messages? it would basically cut down a lot of "guessing" aka processing power, ofcrouse nobody said: "Allow me to J RM= S>oS [/ ." I would guess that most of the important data sent over encrypted channels can be decoded in plain text, unless they love to take screenshots and sending it that way (kinda smart if you think about it, as there's more data to decode, but people are lazy so...) /ramble
also 50 minute talk about "unsecured cryptography", and yet... uses the fucking touch pad to switch full screen on/off. I bet that he also types in www.google.com on Google if I was siting on that panel I'd throw my shoe at his face.
TL;DR: This would require even more processing power. I am assuming by 'cut down guessing/processing power' you mean reduce the computation time devoted to brute force attacks. Your idea is smart in that it could indeed be used to apply heuristics to the brute force processes, but when you begin to think about how to implement the technique, you will find your solution actually consumes more processing power. The practical implementation would be to "bolt-on" some NLP (natural language processing) module onto an existing brute force process, this means that every time you want to check whether your brute force attempt worked, you'd execute this NLP module on the output to retrieve some probability that it matches a set of 'known' language. Here are your initial problems: 1. You'd have to have a pretty big set of 'known' language. Many companies implementing NLP have a hard enough time classifying highly-specific (precise) language, let alone any arbitrary english mutterings. Which brings me to my next point: 2. You'd have to have a set of 'known' language, for each written language you'd like to detect (see: spanish, simplified chinese, etc.) Here's your main problem: When talking about the computational complexity of an algorithm, look to the Big-O notation. Best case scenario (let's defy physics for a moment) is that your NLP module can return a probability in constant time O(1). This would be impossible unless the span containing all possible probabilities was accessible in constant time, essentially also solving every machine learning "training" problem all at once. Even if this were possible, you'd have to store (at minimum) the maximum previous probability found (in order to make a decision). Every step of the way we're adding more processes for the computer to perform. Either when talking about (1) the execution of the NLP module (highest impact), (2) the storing of previous NLP results, (3) the retrieval of previous NLP results, (4) performing iterative assertions based on previous decisions (may be as simple as an ...IF(MAX(x,y)..... ); Again, this is considering a perfect implementation. Where the engineer is cognizant of the computational complexity of each array or hashmap access. Even in the best case scenario: you're actually slowing your self down / increasing the computational overhead. Not lowering it.
Though not a practical idea for directly attacking cryptography in general, something like this approach has been used as a sort of hybrid compression/timing side channel attack, specifically skype's transmission of encrypted data only when actually speaking actually reveals a lot about the speech. See the paper "Inferring Speech Activity from Encrypted Skype Traffic". I don't see how this approach applies without the benefit of such a rich side channel though, certainly applying NLP to e.g. binary network protocols is less than useless. Furthermore, I'd reserve judgement about the qualifications of the speakers, glass houses and all that =P
So when they talk about padding, I always thought that the idea of "padding" was lang. words that are short orders: ie: attack or LOC cordinates, 41°24'12.2"N . So taking all the LOC cordinates and creating brute force set wouldn't take very long as opposed to a padded msg? or maybe im sorta right concept wise but when they say some progs just to RSA on CC# instead of taking the CC# and first running it through some code to obfuscate the CC# so it doesn't appear as a 16 digit string being passed around. I could be way off tho.... :-)
Yes, it's very relevant in pentesting in general, see cracking passwords for example. But no, given the way almost all of the encryption methods work, it's generally not a feasable technique in speeding up the decoding of messages that are meant to be decrypted, and is only really used to crack hashed messages (ones that have gone through a known function that is designed not to be reversible).
If your name is a birth year, you're ~28yo, which is about the age of these guys. Either way, these guys all seem pretty young to have a kid commenting on youtube videos...
Ptacek is not a team player, is rude to both the other panel members (admits to stepping on the others for his own enjoyment) and the audience (talking down to 8th grade level) while adding very little to the content.
Man the moment I realized this was Cryptopals was amazing. I’ve been doing your challenges with so much enjoyment and recommended it to many people. Thanks for teaching people cryptography!
This talk does a very good job of explaining the basic concepts of cryptography without delving into the underlying mathematics (which can be a bit of a headfuck). I've never seen an explanation of ECC that's so precise. RSA is conceptually a much simpler algorithm using very 'crude' mathematical operations (although still a bit tricky to explain *why* it works) so it's a bit simpler to understand how it works just by looking at the pseudocode.
From left to right:
Cartman, Stan, Kyle, Kenny
If the other three guys had spoken a bit quicker, the guy on the left wouldn't have had to rush so much. Kudos to him though for the number of words per minute he managed to get out, especially near the end haha...
That's Thomas Ptacek the ugliest feral hog in the whole group
What's he done to you then?
He 'anonymously' responded to a youtube video he was in, defending his own talk-hogging behavior by blaming it on the other guys.
They all have a gift of high intelligence and are there to try and explain their intellectual contributions to the project but the one guy is on another level to additionally have the gifts of communication and confidence to be able to share the information in an exceptionally clear and cohesive way to make it understandable to an audience. Thus, he deserves the position of moderator that he took and we could only be so lucky to have people like that teaching in our schools and writing tech manuals. It is a rare set of qualities and kudos to them all for their work.
"If the other three guys had spoken a bit quicker, the guy on the left wouldn't have had to rush so much." No one had to rush. The blabbermouth just interrupted them in rude manner.
I feel like the e=0 efficiency joke at the beginning did not get enough laughs. Here's an extra LOL on me: 🤣
This should have a cryptologic number of views
About the exponent being 1 (one of the first items). Shouldn't the library protect the user from doing that, by raising and exception? Even on the lowest of levels of libraries, you can always (try to) escape being run by dividing by zero...
I may have laughed at "Wang collisions". I blame Shadow Warrior.
Samira Peri you no mess with Lo Wang
MD4 Wang Collisions AKA Sword Fighting.
I've implemented an vhdl clockless assync sequencial circuit (11-stage pipeline) AES (128 bit) in 2012. Would rather had done it in excel...
um... the title says 48.. but the presentations says 64
What is 2^4 between friends
DAT'S DA JOHKE.
I was looking for this comment; it was bugging me
cos 48 is 64 in base 14
and yet they never enumerated them
Listen at 75 percent speed.
actually, listening at 150% made Ptacek more bearable.
Great job on the video , I wanted to go to conference this year , but i forgot to buy ticket...can wait next year
do you have one where the guy on the left doesn't interrupt so much?
is "objective-c" different from "objective c" ?
Objectively yes
but they do have the same objective
how to access the problem set?
Did you ever find out how to access the problem set? I have the same question as you.
@@mikeakridge6555 no sorry
Man that dude on the left likes to say right, right?
Enable comments on the videos where corporations and the state push tag teaming us:
Fascist governments encouraged the pursuit of private profit and offered many benefits to large businesses, but they demanded in return that all economic activity should serve the national interest.
crypto palace?
where can I download the decryption software used around 42:00
ah dont ah ever ah present ah anymore
It's the stuff between the ah's that are interesting, the ah's they are easy to ignore.
I wander why most of the comments are not being shown
it makes me wonder... has anybody tried applying natural speech perdition to decoding messages?
it would basically cut down a lot of "guessing" aka processing power, ofcrouse nobody said:
"Allow me to J RM= S>oS [/ ."
I would guess that most of the important data sent over encrypted channels can be decoded in plain text, unless they love to take screenshots and sending it that way (kinda smart if you think about it, as there's more data to decode, but people are lazy so...)
/ramble
also 50 minute talk about "unsecured cryptography", and yet... uses the fucking touch pad to switch full screen on/off.
I bet that he also types in www.google.com on Google
if I was siting on that panel I'd throw my shoe at his face.
TL;DR: This would require even more processing power. I am assuming by 'cut down guessing/processing power' you mean reduce the computation time devoted to brute force attacks. Your idea is smart in that it could indeed be used to apply heuristics to the brute force processes, but when you begin to think about how to implement the technique, you will find your solution actually consumes more processing power. The practical implementation would be to "bolt-on" some NLP (natural language processing) module onto an existing brute force process, this means that every time you want to check whether your brute force attempt worked, you'd execute this NLP module on the output to retrieve some probability that it matches a set of 'known' language.
Here are your initial problems:
1. You'd have to have a pretty big set of 'known' language. Many companies implementing NLP have a hard enough time classifying highly-specific (precise) language, let alone any arbitrary english mutterings. Which brings me to my next point:
2. You'd have to have a set of 'known' language, for each written language you'd like to detect (see: spanish, simplified chinese, etc.)
Here's your main problem:
When talking about the computational complexity of an algorithm, look to the Big-O notation. Best case scenario (let's defy physics for a moment) is that your NLP module can return a probability in constant time O(1). This would be impossible unless the span containing all possible probabilities was accessible in constant time, essentially also solving every machine learning "training" problem all at once. Even if this were possible, you'd have to store (at minimum) the maximum previous probability found (in order to make a decision).
Every step of the way we're adding more processes for the computer to perform. Either when talking about (1) the execution of the NLP module (highest impact), (2) the storing of previous NLP results, (3) the retrieval of previous NLP results, (4) performing iterative assertions based on previous decisions (may be as simple as an ...IF(MAX(x,y)..... ); Again, this is considering a perfect implementation. Where the engineer is cognizant of the computational complexity of each array or hashmap access.
Even in the best case scenario: you're actually slowing your self down / increasing the computational overhead. Not lowering it.
Though not a practical idea for directly attacking cryptography in general, something like this approach has been used as a sort of hybrid compression/timing side channel attack, specifically skype's transmission of encrypted data only when actually speaking actually reveals a lot about the speech. See the paper "Inferring Speech Activity from Encrypted Skype Traffic". I don't see how this approach applies without the benefit of such a rich side channel though, certainly applying NLP to e.g. binary network protocols is less than useless. Furthermore, I'd reserve judgement about the qualifications of the speakers, glass houses and all that =P
So when they talk about padding, I always thought that the idea of "padding" was lang. words that are short orders: ie: attack or LOC cordinates, 41°24'12.2"N . So taking all the LOC cordinates and creating brute force set wouldn't take very long as opposed to a padded msg? or maybe im sorta right concept wise but when they say some progs just to RSA on CC# instead of taking the CC# and first running it through some code to obfuscate the CC# so it doesn't appear as a 16 digit string being passed around. I could be way off tho.... :-)
Yes, it's very relevant in pentesting in general, see cracking passwords for example. But no, given the way almost all of the encryption methods work, it's generally not a feasable technique in speeding up the decoding of messages that are meant to be decrypted, and is only really used to crack hashed messages (ones that have gone through a known function that is designed not to be reversible).
0:43
HEYYYY THATS MY DAD!!!!
I've never seen one of his talks before this is so cool!!
Are you kidding?
If your name is a birth year, you're ~28yo, which is about the age of these guys. Either way, these guys all seem pretty young to have a kid commenting on youtube videos...
Yuanrui Chen Is pun intended?,😂😂
@@Maffoo 88 is also a neo-nazi symbol, maybe that explains it :|
He’s the reason I can’t stand WuTang
Ptacek is not a team player, is rude to both the other panel members (admits to stepping on the others for his own enjoyment) and the audience (talking down to 8th grade level) while adding very little to the content.
I'm really sick of listening to Ptacek and will not finish this video
@@stan.rarick8556Poor baby, hope you are not too triggered.
@@ZarkowsWorld Not at all. I just say what I observe. Have a good day, sir.
What are you on about? He just paces the panel forward. That's fine.
PORQUE PORQUE YA ESTAMOS LLENOS DE HACKERS
The guy talking fast ruined it for me. I can't listen to that
0xmod(n)
Omg jQuery!? 🤮