Friday, September 28, 2012

Cryptography from a 0

Today's bad security article, From 0 to cryptography, is a great example of an unqualified enthusiast with little experience or proper perspective.  This type of enthusiast can't wait to display their brilliance to those who know nothing about the topic and their ignorance to those with any small amount of industry experience.

The first hint is is that the writer decides to explain the Diffie–Hellman key exchange using colors rather than math.  He then follows with this by claiming that DH can resist a MITM attack.  WOW!!  I suspect the writer is a math enthusiast, as there is a math follow up and a heavy focus on even more math, including RSA.

Then we get gems like this:


Why it is this algorithm important? Because protocols like: SSL, TSL, SSH, PKI or IPSec, all use Diffie-Hellman.


SSL/TLS CAN leverage DH, but the most commonly negotiated cipher-suites do not.  PKI isn't even a protocol.


Then we get this flaming line of crap:

The only difference between a digital signature and a digital certificate is that the public key is certified by a trusted international Certifying Authority(CA). 

I think the author meant ", larg schmarg, harg trag cluten schnank".  At least mine makes more sense.  A digital certificate is NOTHING like a digital signature.

When talking about keys and secrets, there is never a mention of "out of band"???  How can we talk about applied cryptography with out that?

The biggest problem I see is all the math and command line examples give the impression, to the target audience, that this article is accurate or authoritative in some way.   There is some accurate data here, but one would be FAR better off by just reading the Wikipedia articles on the topics.  That is a pretty low bar.

I applaud _no for calling out this horse shit in the comments.

This article reminds me of this SMBC comic.



No comments:

Post a Comment