[Cryptography] What to put in a new cryptography course

[Phillip Hallam-Baker]

I am giving a course on cryptography starting tomorrow at the Somerville
Artisan's Asylum. The plan is to give 8 modules of roughly an hour, two per
week. The whole point being to film the presentation and publish it as free
YouTube videos.

One of the reasons for giving the course is that the range of crypto
opportunities has moved on since 1990 but our tools haven't. The algorithms
have changed but we still use the same repertoire of primitives that were
used in PEM and PGP.

* All the 1995 patents have expired, there is a lot of basic crypto being
ignored.

* Machines, even the slowest machines are much more capable than in the
1990s.


So the question for this group is what crypto have we been ignoring that we
should be using. And here I am looking for stuff that is useful rather than
cool.


Some of the points I am planning to make are:

* The heart of cryptography is integrity, not confidentiality.

* Symmetric key is not just an inferior scheme to public key that you use
for bulk work and then forget.

* The most important data security risk is loss. See cryptolocker. So don't
just blithely encrypt stuff without planning to make absolutely sure of
availability.

* Cryptography doesn't solve any security problem. All it does is reduce it
in size to 128 or 256 bits.

* Proxy re-encryption is the key to making multi-party security work.

* End to end security is meaningless unless you define the endpoints in
your system and then it becomes complex.

* Message, transport security are not alternative choices, do both.

* Complexity is the enemy of security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160623/37ea44a9/attachment.html>