Cryptography 101 with Alfred Menezes

Posted2 months agoActive2 months ago

nmadden

120 points

19 comments

cryptography101.caTechstory

supportivepositive

Debate

20/100

CryptographyEducationSecurity

Key topics

Cryptography

Education

Security

The HN community shares and discusses Alfred Menezes' free online cryptography course, 'Cryptography 101', and related resources, highlighting the value of publicly available educational materials.

Snapshot generated from the HN discussion

Discussion Activity

Moderate engagement

First comment

Peak period

84-96h

Avg / period

Comment distribution18 data points

Loading chart...

Based on 18 loaded comments

Key moments

01Story posted
Nov 3, 2025 at 9:12 AM EST
2 months ago
Step 01
02First comment
Nov 7, 2025 at 3:08 AM EST
4d after posting
Step 02
03Peak activity
10 comments in 84-96h
Hottest window of the conversation
Step 03
04Latest activity
Nov 8, 2025 at 2:33 AM EST
2 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (19 comments)

Showing 18 comments of 19

teleforce

2 months ago

1 reply

Alfred Menezes has also written a Handbook of Applied cryptography that can be accessed and download for free:

https://cacr.uwaterloo.ca/hac/

commandersaki

2 months ago

And co-authored the "another look" papers at https://anotherlook.ca/

danhau

2 months ago

4 replies

What I would like, but haven’t found yet, is a cheat sheet on what up to date encryption method or algorithm one should use for whatever need. A kind of requirement -> algorithm dictionary.

Like, I need to authenticate that a client is a known identity. What algo? How to use it? What to avoid? I need to sign a message or document. How? I need to verify said message. How? I need to store passwords. How?

I know some crypto, but discovering and learning about them is a bit of a pain. For how important crypto is, you‘d think someone would have bothered to teach developers how to choose and deploy these algorithms properly.

chocolatkey

2 months ago

1 reply

Google’s Tink crypto library had a slightly technical page to help with that: https://developers.google.com/tink/choose-primitive

commandersaki

2 months ago

Having used Tink, I can't stand it.

I'd love to just replace it with age for all use encryption use cases, but unfortunately age doesn't do AEAD without involving a password.

hiisukun

2 months ago

2 replies

It's not new, and some people would disagree on some minor elements -- but a good place to start was regularly this blog from approximately Matasano/NCC Group members, called Cryptographic Right Answers [1]. It's very clear, gives straight forward answers in clear fashion -- and with multiple opinions often aligning.

It was updated a few times, I wonder if the equivalent exists for PQ?

Edit/Update: Found the PQ one @ [2], definitely check it out!

Maybe I'm mis-remembering, but perhaps the most controversial element was the regular recommendation of AES-GCM. It certainly has excellent security properties, but also a certain brittleness re: nonces.

[1] https://www.latacora.com/blog/2018/04/03/cryptographic-right... [2] https://www.latacora.com/blog/2024/07/29/crypto-right-answer...

thadt

2 months ago

1 reply

> Random IDs > Latacora, 2018: Use 256-bit random numbers.

> Latacora, 2024: You should get 100 lava lamps, point a camera to them and use the frames as seed for a PRNG.

Man, is my boss gonna be surprised what's getting requisition ordered this morning.

michaelscott

2 months ago

This is how Cloudflare does (did?) PRNG

michaelscott

2 months ago

I think this is a primary reason why there is no real "cheatsheet" for this stuff. The application of a given algo (and even what types of inputs you provide) are heavily dependent on the detailed specifics of your use case and how you apply them

some_furry

2 months ago

> Like, I need to authenticate that a client is a known identity. What algo?

In this case, you're asking the wrong question.

When people say "what algo?" in such a context, the answers will be flavored as "Ed25519 vs secp256k1 vs RSA-PKCS1v1.5" when you should first be asking "what level of abstraction am I dealing with?" and "what are the constraints?"

Like, maybe "algo" isn't even a relevant concern.

If I were designing a simple token-based auth scheme today, I'd reach for PASETO. Unless I need interop with a third-party provider, who almost universally use JWTs and prevent me from having any say or choice in the matter.

With PASETO, you don't need to know, or even care, about "what algo?" You only need to consider mode, which is more of a use-case question.

But with JWTs, you not only have to care about "what algo?" your system needs to be very delicate in how it processes them. https://www.howmanydayssinceajwtalgnonevuln.com

I cannot imagine proactively writing a cheat sheet for every possible use case. You might be tempted to use AI to solve this problem on demand, but the cost of a hallucination here is pretty high.

If you find yourself regularly asking this question, I'd recommend just hiring a cryptography consultant.

pona-a

2 months ago

If your needs are this simple, you may be better served by an opinionated crypto library like Monocypher [0] or libsodium [1]. Just look at the latter's FAQ page and you'll see they're taking your approach targeting developers, not cryptographers.

They'll provide you one blessed algorithm for every primitive with secure alternatives if your use-case demands them. XChaCha20-Poly1305 for encryption, EdDSA for signatures, X25519 for key exchange, BLAKE2b for a hash, Argon2i for a KDF.

[0] https://monocypher.org/

[1] https://doc.libsodium.org/doc/quickstart

throw0101d

2 months ago

1 reply

Something I've been curious about lately:

With symmetric algorithms, e.g. AES, and modes of operation, is there a "best" one? Currently GCM seems to be quite popular. Is there something (an AEAD?) better? Now that the patent of OCB(3?) is expired, is it worth changing?

some_furry

2 months ago

1 reply

I wrote a deep dive into this in 2020, but not much has changed since then.

https://soatok.blog/2020/07/12/comparison-of-symmetric-encry...

EDIT: Actually, the parts about OPAQUE are no longer relevant because they changed the protocol before the RFC was final to not need encryption, but that was just an example of where you'd make this sort of trade-off decision, so the rest of the article is still relevant.

thadt

2 months ago

1 reply

Oh hey, the AEGIS poll looks like it's due today [1].

Committing, better performance, random nonces - let's go.

[1] https://datatracker.ietf.org/doc/draft-irtf-cfrg-aegis-aead

some_furry

2 months ago

Oh sweet.

Maksadbek

2 months ago

It always astonishes me how much useful information you can find on internet being publicly available. You just need a willing to learn.