I've tried covering only those concepts that a developer *must know* to understand what's going behind the scenes of framework function calls.
For example in case of Django, when a user is created, it uses PBKDF-2 for storing user password. A developer *should not* know at all how the pseudo-random function inside the KDF works. But they must know that PBKDF-2 is used because modern GPUs, custom circuits are damn powerful at parallel password cracking. This will make the developer realize why we use PBKDF-2 in the first place.
The course builds up intuition step by step. It starts from simple symmetric key encryption then we go to cryptographic hash functions then to password hashing then to rainbow tables & salt and then finally to PBKDF-2.
I'm releasing the first part of the course. The second part is planned to be around public-key cryptography. The tentative concepts that I think I will cover are (lessons in order of teaching): Diffie Hellman key exchange, RSA, E2E encryption, TLS / HTTPS, certificate authorities.
Most of the HN crowd might know about these concepts so I believe we all will step up to discuss how we can make the course's content a timeless resource for developers all around. I am not going to leave it as is, I will keep on iterating based on our discussions. Your inputs / time won't go waste.
Imagine yourself back to be as a beginner programmer...
- could this course have helped you back then?
- what changes I should make to the course that would have helped the younger you back then?
5 years back I helped freeCodeCamp.org in creating their public-key cryptography curriculum: https://github.com/freeCodeCamp/CurriculumExpansion/pull/184. That course never went live on the freeCodeCamp platform.
So I recently built a 100% free, open-source course on cryptography designed completely for developers: https://github.com/Cryptography-for-Devs/Cryptography-for-De...
I've tried covering only those concepts that a developer *must know* to understand what's going behind the scenes of framework function calls.
For example in case of Django, when a user is created, it uses PBKDF-2 for storing user password. A developer *should not* know at all how the pseudo-random function inside the KDF works. But they must know that PBKDF-2 is used because modern GPUs, custom circuits are damn powerful at parallel password cracking. This will make the developer realize why we use PBKDF-2 in the first place.
The course builds up intuition step by step. It starts from simple symmetric key encryption then we go to cryptographic hash functions then to password hashing then to rainbow tables & salt and then finally to PBKDF-2.
I'm releasing the first part of the course. The second part is planned to be around public-key cryptography. The tentative concepts that I think I will cover are (lessons in order of teaching): Diffie Hellman key exchange, RSA, E2E encryption, TLS / HTTPS, certificate authorities.
Most of the HN crowd might know about these concepts so I believe we all will step up to discuss how we can make the course's content a timeless resource for developers all around. I am not going to leave it as is, I will keep on iterating based on our discussions. Your inputs / time won't go waste.
Imagine yourself back to be as a beginner programmer... - could this course have helped you back then? - what changes I should make to the course that would have helped the younger you back then?
-vkweb.