Forging administrator cookies and crocking crypto … for dummies

Security for virtualized datacentres

Security pro Laurens Van Houtven has created a free introduction cryptography course to help programmers lift their infosec game.

The Crypto 101 book contained everything needed to understand complete systems including block and stream ciphers; hash functions; message authentication codes; public key encryption; key agreement protocols, and signature algorithms.

Van Houtven (@lvh) said the course developed simple to more advanced primitives demonstrating the importance of each, and culminated in complete cryptosystems like Transport Layer Security (TLS), GPG, and Off The Record (OTR).

"Learn how to exploit common cryptographic flaws, armed with nothing but a little time and your favourite programming language," Van Houtven wrote of the course.

"Forge administrator cookies, recover passwords, and even backdoor your own random number generator."

"... . The goal of this book is not to make anyone a cryptographer or a security researcher. The goal of this book is to understand how complete cryptosystems work from a birds eye view, and how to apply them in real software."

Laurens Van Houtven

Crypto 101 contains exercises in which technology bods could test their crypto chops

Van Houtven said cryptography could no longer be deemed a game for experts given the recent large breaches resulting from borked or non-existent encryption.

See more here:
Forging administrator cookies and crocking crypto ... for dummies