Ask HN: Seeking Cryptography Certification
I would like to do some training in cryptography and information security. The goal is that I would have the credentials, confidence and toolkit to write my own cryptographic protocols.
Are there any industry recognised courses or exams that I can sit?
Beyond doing a masters, as I don’t really have the option to ditch my full time work, as much as I would like to.
25 comments
[ 3.5 ms ] story [ 68.1 ms ] threadhttps://community.zeroknowledge.fm/t/new-study-group-real-wo...
https://latacora.micro.blog/2018/04/03/cryptographic-right-a...
* https://articles.59.ca/doku.php?id=pgpfan:rsabad
Of course, that doesn't mean you can't study the field on your own for the sake of knowledge. And it will certainly make you a better infosec professionnal, whatever subfield you want to specialize in.
Also, keep in mind there are maybe 1000 people working in information security for 1 person working as a professional cryptographer. Cryptography is a bit tricky, but information security is a broad field with many interesting things to do.
If someone wants to be implementing cryptography solutions such exam/course is breaking existing solution with peer reviewed publication and finishing PhD based on that.
There are certainly exceptions and I don't mean to be discouraging - but I guess most people who studied math would agree that it is a lot of work and takes a lot of time. "There is no royal road to mathematics" as they say.
The failures you see like the recent vulnerabilities in the MEGA cryptography could have been avoided if MEGA had simply followed established best practices, no cryptographer needed. So I'd argue we need many more people with applied cryptography experience, and a university PhD in cryptography will not necessarily provide such experience.
http://swarm.cs.pub.ro/~mbarbulescu/cripto/Understanding%20C...
and "Applied cryptography" by Bruce Schneier.
the credential is "I understand cryptography" which you can print on a piece of paper if you like
One of the first things I ever learned in Dan Boneh's Crypto MOOC is to not write your own crypto protocols for your product.
Because old solutions exist for a long time, and have been open for a long time, experts and scholars have had much more time to find faults in them. They are also tested in the industry.
No matter how smart you are, you shouldn’t use your own cryptographic solution.
Use open, long-existed, tried and true solutions.
You may as well ask about a certification to give you "the confidence to make your own neurosurgery protocols."
At least the damage is much more limited with faulty brain surgery.