DjangoCon Europe, 2nd to 7th June 2015, in Cardiff, Wales. 6 days of talks, tutorials and code.

Let's learn about cryptography together

If you don't know anything about cryptography yet but would like to, this workshop - using a series of challenges specifically written for people who aren't strong in maths - is for you.

Note: this session is part of DjangoCon Europe’s open day. It’s free and all are welcome to attend, but please register because places are limited.

About the workshop

For many years, I had entirely given up on ever understanding the slightest thing about cryptography. Being weak in maths, the amount required to understand even the most fundamental part (let alone discovering a flaw in someone else’s work) seemed entirely dazzling..

The Matasano crypto challenges

Then I ran into the Matasano crypto challenges. These challenges helped me understand an cryptography up to an extent I had always considered beyond my reach - though there is still a lot I don’t know. The challenges start with implementing the most basic encryption yourself - and then breaking it. Then you get to improve it, and break it again. And again. And again. Doing this, you will learn many of the fundamentals of practical cryptography as it’s used in innumerable systems and many of the subtle design flaws that can weaken them.

Format of the workshop

The format of this workshop is simple: we’re going to start from challenge 1, and work together on increasingly difficult challenges to increase our understanding. The challenges are very well written: they provide just enough hints to get you thinking in the right direction, but still need you to think carefully. However, should you get stuck, then we can work together to help.

We will not finish all 56 challenges in this workshop. I’ve only made it up to #20 myself. However, I hope this workshop gives you enough experience, confidence and perhaps a minor addiction, to continue with the rest on your own. Perhaps you’ll come back next year and teach me new things.

What do you need to know to join?

Very little. You don’t need to know anything about cryptography. The challenges have been written specifically for that. You should know a bit of basic Python, e.g. how to use for loops and if statements, open and read a file, or print some output to the screen. If you can add, subtract and multiply, you know enough maths. It would be helpful if you already have a basic understanding of binary and hexadecimal (e.g. be able to explain why 29 equals 0x1D and 0b11101 - it’s fine if you need a calculator for that).

If you already know how to discover the key length in repeating key XOR or how to detect ECB vs CBC mode, this workshop will probably be too basic for you. (If you don’t know any of those words, don’t worry - there’s absolutely no need to.)

Note that these challenges are not my work - I’m simply helping you run through them.

About Erik Romijn

Erik’s a member of the Django core development team. One of his missions is to make security easier for Django developers who aren’t security professionals. He has written and given talks on practical security steps, and runs Erik's Pony Checkup, an automated security service for Django sites.

He lives in Amsterdam, where he’s part of DashCare. He’s the Chair of the Dutch Django Association and organises events such as its annual sprint. He was also one of the organisers of Django: Under the Hood in 2014.