Feedback up to slide 87

[lgarron]

As of 1c9887a1ce1f933f88857d19fb21db7b30f7bdae.

Pretend that I wrote everything in a polite, charitable voice. :-P

(But actually, some of these are worded as prescriptions. They are all meant as opinions, and you're welcome to disagree with any of them.)

• General thoughts:
  • Overall, great selection of content so far, with just the right amount of detail on each (maybe a tad too much on old, borkedy crypto).
  • Nice, clean layout and design. A bit cheesy at times, but I like it.
  • At the beginning, I would try hard to mention enough so that someone who walks away immediately will have the right ideas. Maybe a tl;dr with the good ol' "Use TLS and PGP. Now let's explain how they are built.""
• 3 Learning Objectives: shorten the fourth bullet. Looks like corporate speak.
• 6 Definitions:
  • Cryptography: "s/security/secure"?
  • Plaintext: "is not encrypted" (could be decrypted shrug)
  • Algorithm: "function" is ambiguous. Try "computation"?
  • Key space128-bit strings
  • Brute-force attack: I like the wording of the definition, but you might also brute other sets like possible messages.
  • In general, definitions seem to to follow just after their first usage. I'd reorder slides so that terms are introduced in order. If you want to highlight the most important term at the end, do that separately.
• 13: Mixed tenses. Try "until the beginning of modern cryptography"?
• 14 (Caesar cipher): perhaps add an arrow to indicate the shift?
• 14 (Caesar cipher): I'd give the example a white background in addition to a drop shadow.
• 15 -3, 23, and "ROT-23" are confusing. Perhaps swtich -3 and 23?
• 15: "no encryption is done" is false, especially since your definition of encryption did not have constraints on difficulty. I'd make sure to include a qualifier like "effectively no encryption" or just straight say that this is easy to crack because the key space is small enough to brute-force by hand.
• 16: It would be nice to have arrows between the lines to visually indicate that stuff is shuffled all over the place. Perhaps fade in 26 arrows and fade them out, but I'd include it. This could also be done with the Caesar cipher, where the shift just appears as a bunch of parallel slanted lines.
• 16: You say "randomly", but the key has "APRIL" in it. (O my TV!) Given the subtleties of randomness, I'd use a word like "arbitrarily" or use an actual random permutation
• 17: When you say "also known as a permutation", I actually assumed you were still talking about substitution ciphers (where keys are permutations of the alphabet).
• 20 and 22 do not quite have the context to motivate them. I presume that's something you'll actually say out loud, but it would be nice if the slides led into these a bit more. (As a mathetician, I also have to say that a skewed distribution is not bad on its own. It's bad here because the distribution directly reveals something about the ciphertext.)
  • Idea: give examples of distributions that reveal content, e.g. "ATTACK AT DAWN" and "ATTACK AT DUSK"
• 23: "The 1550s have us covered": I'd be wary of even vaguely suggesting that 1550s crypto got something right.
• 31 (Breaking Vigenère): Nice! The minusses and equals at the bottom are a bit hard to read, though.
• 34 "s/as they're/since the inputs are"
• 36: Allude to Vigenère, which is just an extremely frequent case of reuse (within the same message!)
• 36: In case you haven't seen it yet: https://www.schneier.com/crypto-gram/archives/1999/0215.html#snakeoil (warning sign #6). May or may not want to throw in an admonition and joke about that.
• 37: Modern crypto after only 18% of slides. Yay!
• 39: Hmm, throwing non-repudiation in there looks weird to me. The other are the Three Big Crypto Guarantees. Non-repudiation is sometimes desirable and sometimes undesirable (signatures, yo!), and I think this slide doesn't sufficiently hint or motivate which is better.
• 39 Since "authentication/authenticity" can refer to either integrity or identity, I like to use "Identification" for what you call "authenticity". But that's mostly preference.
• 41 Write as "128 to 256 bits" or "128 or 256 bits" to avoid any confusion about the hyphen
• 41: "each party requires" makes it sound like a demand of each party. I'd say "needs" and maybe tack on "in order to encrypt/decrypt/participate"
• 41: I think of MACs as symmetric-key crypto, which can provide integrity and authenticity.
• 41: Grammatically, "using" refers to the symmetric-key crypto.
• 42: My friendly neighborhood cryptographer might be a funky person who doesn't trust NIST and wants me to use CROWDISH. Is that what I want? What about that Mozilla TLS config generator thing? SHould I use that for my website?
• 43: Arguably, all three points are false. However, I think that's okay to gloss over.
• 45: IV and nonce mentioned before being defined. Avoid / motivate or highlight on the current slide.
• 47: "to the same output": Add "if you use the same key"
• 49: I think this should scare people. A lot of purportedly "secure" chat apps make rookie mistakes like this (care for an RSA exponent of 1?). I would use this as a chance to drill "don't roll your own crypto", but distinguished from "use established crypto"
• 54: Cutesy names and adversaries are now passé. Did you get this week's memo? :-P
• 61: Do you mean to imply that the question was the brilliant idea? I would swap this with the previosu slide.
• 69 and 70: Maybe leve somehting at the top telling us this is still explaining Diffie-Hellman, in case anyone tuned out?
• 73: My favorite slide! We have this one hanging in our office! :-D
• 75: The subscripts don't provide good visual separation. The fact that Mallory is partially transparent sort of looks like you want us to understand that Mallory is passive. Strawman ideas: Use primes (e.g. p'), use bold, draw bxes around the two halves numbering them as exchange 1 and exhange 2.
• 76: This is clear, though! (Are pink and yellow distinguishable enough to all colorblind folks?)
• 81: label the keys again (preferably still in normal-size font, e.g. using arrows if necessary)
• 81: Shouldn't encryption be blue (public) and decryption red (secret)?
• 85: This is the first time the private key isn't a straightforward number or sequence of bits. I'd suggest something more explicit like "these together" or this pair of numbers is the private key".
• 85. If you're going to use sentences instead of non-punctuated phrases, I'd just use periods instead of semicolons. One idea per sentence.
• 87: "B" is too small

[april]

Thank you so, so much for the feedback thus far! I'll crank away at it today. :)

[april]

BTW, a lot of concerns about the "don't roll your own crypto" are handled a lot at the end, where I actually give examples of crypto that looks good but are instead horribly insecure. :)

[april]

So you talk a lot about arrows -- the presentation is currently color highlighting things to indicate that the shifting is being done. Are you not able to see them? I have a hard time knowing exactly how to create websites that work well for colorblind people.

[april]

Also, are encryption / decryption usually that color combination? A casual google search didn't show me any standard for what colors to use for encryption and decryption. If one is really correct, I can fix it, but there are about 50 images that would need to be updated in that case. >_<

[april]

• Overall, great selection of content so far, with just the right amount of detail on each (maybe a tad too much on old, borkedy crypto).
• Nice, clean layout and design. A bit cheesy at times, but I like it.
• At the beginning, I would try hard to mention enough so that someone who walks away immediately will have the right ideas. Maybe a tl;dr with the good ol' "Use TLS and PGP. Now let's explain how they are built.""

Made this a bit more clear.

• 3 Learning Objectives: shorten the fourth bullet. Looks like corporate speak.

Fixed

• 6 Definitions:
  • Cryptography: "s/security/secure"?
  • Plaintext: "is not encrypted" (could be decrypted shrug)
  • Algorithm: "function" is ambiguous. Try "computation"?
  • Key space128-bit strings
  • Brute-force attack: I like the wording of the definition, but you might also brute other sets like possible messages.

Fixed.

• In general, definitions seem to to follow just after their first usage. I'd reorder slides so that terms are introduced in order. If you want to highlight the most important term at the end, do that separately.

The definitions were generally intended for reference after the class if needed. I made that a bit more clear.

• 13: Mixed tenses. Try "until the beginning of modern cryptography"?

Fixed

• 14 (Caesar cipher): perhaps add an arrow to indicate the shift?
• 14 (Caesar cipher): I'd give the example a white background in addition to a drop shadow.

Fixed via bolding and a pile of drop shadows

• 15 -3, 23, and "ROT-23" are confusing. Perhaps swtich -3 and 23?

Fixed

• 15: "no encryption is done" is false, especially since your definition of encryption did not have constraints on difficulty. I'd make sure to include a qualifier like "effectively no encryption" or just straight say that this is easy to crack because the key space is small enough to brute-force by hand.

Fixed

• 16: It would be nice to have arrows between the lines to visually indicate that stuff is shuffled all over the place. Perhaps fade in 26 arrows and fade them out, but I'd include it. This could also be done with the Caesar cipher, where the shift just appears as a bunch of parallel slanted lines.

Fixed as above

• 16: You say "randomly", but the key has "APRIL" in it. (O my TV!) Given the subtleties of randomness, I'd use a word like "arbitrarily" or use an actual random permutation

I reversed the order of April, so now it's way more random.

• 17: When you say "also known as a permutation", I actually assumed you were still talking about substitution ciphers (where keys are permutations of the alphabet).

Fixed

• 20 and 22 do not quite have the context to motivate them. I presume that's something you'll actually say out loud, but it would be nice if the slides led into these a bit more. (As a mathetician, I also have to say that a skewed distribution is not bad on its own. It's bad here because the distribution directly reveals something about the ciphertext.)
  • Idea: give examples of distributions that reveal content, e.g. "ATTACK AT DAWN" and "ATTACK AT DUSK"

I added another slide to give context, but I'm afraid I'm a bit to short on time to create the appropriate cryptoquip. Maybe for the next version. :)

• 23: "The 1550s have us covered": I'd be wary of even vaguely suggesting that 1550s crypto got something right.

Fixed

• 31 (Breaking Vigenère): Nice! The minusses and equals at the bottom are a bit hard to read, though.

Fixed. You'd think with all my hard work in breaking Vigenère, they would have credited me in the history books. But nope!

• 34 "s/as they're/since the inputs are"

Fixed

• 36: Allude to Vigenère, which is just an extremely frequent case of reuse (within the same message!)

Done

• 36: In case you haven't seen it yet: https://www.schneier.com/crypto-gram/archives/1999/0215.html#snakeoil (warning sign #6). May or may not want to throw in an admonition and joke about that.

Done!

• 37: Modern crypto after only 18% of slides. Yay!

Considering it's about 95% of our crypto history, I feel that's pretty good. :)

• 39: Hmm, throwing non-repudiation in there looks weird to me. The other are the Three Big Crypto Guarantees. Non-repudiation is sometimes desirable and sometimes undesirable (signatures, yo!), and I think this slide doesn't sufficiently hint or motivate which is better.

I removed non-repudiation, and added it to the section on digital signatures.

• 39 Since "authentication/authenticity" can refer to either integrity or identity, I like to use "Identification" for what you call "authenticity". But that's mostly preference.

Left this one as is, since authentication is the usual nomenclature I hear. I agree with you that identification sounds way better though.

• 41 Write as "128 to 256 bits" or "128 or 256 bits" to avoid any confusion about the hyphen

Fixed

• 41: "each party requires" makes it sound like a demand of each party. I'd say "needs" and maybe tack on "in order to encrypt/decrypt/participate"

Fixed

• 41: I think of MACs as symmetric-key crypto, which can provide integrity and authenticity.

They're covered later. I added a bit to make it clear that they don't natively provide this.

• 41: Grammatically, "using" refers to the symmetric-key crypto.

Fixed.

• 42: My friendly neighborhood cryptographer might be a funky person who doesn't trust NIST and wants me to use CROWDISH. Is that what I want? What about that Mozilla TLS config generator thing? SHould I use that for my website?

Anybody who has even heard of NIST is probably an excellent cryptographer! I updated the text, though.

• 43: Arguably, all three points are false. However, I think that's okay to gloss over.

ekr had the same complaints, but I think for crypto 101 that it is good enough.

• 45: IV and nonce mentioned before being defined. Avoid / motivate or highlight on the current slide.

I fixed this by defining them.

• 47: "to the same output": Add "if you use the same key"

Fixed.

• 49: I think this should scare people. A lot of purportedly "secure" chat apps make rookie mistakes like this (care for an RSA exponent of 1?). I would use this as a chance to drill "don't roll your own crypto", but distinguished from "use established crypto"

I made it scary instead of un-scary!

• 54: Cutesy names and adversaries are now passé. Did you get this week's memo? :-P

RESOLVED -- WONTFIX. EVER.

• 61: Do you mean to imply that the question was the brilliant idea? I would swap this with the previosu slide.

Swapped them.

• 69 and 70: Maybe leve somehting at the top telling us this is still explaining Diffie-Hellman, in case anyone tuned out?

I'd love to, but there's too much info to easily fit the header on the slide. Kind of a limitation of reveal.js.

• 73: My favorite slide! We have this one hanging in our office! :-D

Eeeeeexcellent. She's been MitM your office conversations ever since. You wouldn't believe how much positive feedback I've gotten on Mallory! He/she is super well-loved!

• 75: The subscripts don't provide good visual separation. The fact that Mallory is partially transparent sort of looks like you want us to understand that Mallory is passive. Strawman ideas: Use primes (e.g. p'), use bold, draw bxes around the two halves numbering them as exchange 1 and exhange 2.

I made Mallory less transparent. As for fixing it, I may figure out a way in the future, but I left it alone for now.

• 76: This is clear, though! (Are pink and yellow distinguishable enough to all colorblind folks?)

No idea! I think so! I could put M1 and M2 on them? Or MA/MB?

• 81: label the keys again (preferably still in normal-size font, e.g. using arrows if necessary)

Labelled and made the image and keys a big bigger.

• 81: Shouldn't encryption be blue (public) and decryption red (secret)?

Is there a proper color for this stuff? If there is, I'll go and fix it, but it's a lot of slides.

• 85: This is the first time the private key isn't a straightforward number or sequence of bits. I'd suggest something more explicit like "these together" or this pair of numbers is the private key".

Fixed

• 85. If you're going to use sentences instead of non-punctuated phrases, I'd just use periods instead of semicolons. One idea per sentence.

Fixed

• 87: "B" is too small

Made the keys bigger, looks a lot better.

Thanks again so very very much. Keep that feedback coming!

[lgarron]

I started writing more comments, but didn't finish. For the record, here's what I had:

97: "s/AES keys/AES keys are" 97: What does "2^1920x larger for calculations" mean" 100: cute! 101: second bullet should start with "are" for consistent grammar structure 96: After reaching this slide for the first time, you have to arrow through every letter 107: signatures are usually called S? 119: HOLD IT RIGHT THERE; DO I SEE BOB DECRYPTING BEFORE CHECKING THE MAC ON THE CIPHERTEXT? DON'T DO IT, BOB! DON'T DO IT! 119: Also, the treatment of encryption and signature keys is a bit uncomfy here. Can we make the signature keys quills or something? :- 137: very nice! 137: nit: s/Who the certificate is valid for/Whom the certificate is valid for 145: Somewhere before here, I think you should make clear that you're no longer talking about general people/entities, but websites.