Violent Python Book

Optional book ($35)

Hands-on Cryptography with Python (plus Blockchains)

BSidesSF: Weds, Aug 3, 2016 2-6 PM
DEF CON: Sat., Aug 6, 2016 at 2-6 PM, Las Vegas Ballroom 4
Sam Bowne

Home Page

Optional book ($33)
Free online version

Course Description

Learn essential concepts of cryptography as it is used on the modern Internet, including hashing, symmetric encryption, and asymmetric encryption. Then perform hands-on projects calculating hashes and encrypting secrets with RSA, and compete to solve challenges including cracking Windows and Linux password hashes, short and poorly-chosen RSA keys.

No previous programming experience required.

The best computer to bring is a 64-bit Linux machine, real or virtual. However, the Python projects can also be done on a Mac. I will have a few loaner computers available.

As you can see below, the course will include hands-on projects with blockchains, using Multichain, Ethereum, and Bitcoin.

Cryptography with Python

0. CodeCademy Python Lesson (optional)
1. Password Hashes with Python
2. Password Hashes Challenges Chal 1 Winners
Chal 2 Winners
Chal 3 Winners
3. XOR Encryption in Python
4. XOR Encryption Challenges Chal 1 Winners
Chal 2 Winners
Chal 3 Winners
Chal 4 Winners
RSA 1: Using Very Small Keys Chal 1a Winners
Chal 1b Winners
RSA 2: Cracking a Short RSA Key Chal 2a Winners
Chal 2b Winners
Chal 2c Winners

Using Cryptool 2 on Windows

Cracking a Caesar Cipher with CrypTool 2
Cracking a Monoalphabetic Substitution Cipher with CrypTool 2
Cracking AES (With Weak Keys) with CrypTool 2)

Cryptocurrencies and Blockchains

Cloud Blockchain Voting Prototype

What's a Blockchain?    ·    Vote (easy)    ·    Join the Blockchain (harder)

Multichain 1: Getting Started
Multichain 2: Making a Blockchain Survey

Ethereum 1: Making an Ethereum Contract
Ethereum 2: Making a Coin
Ethereum 3: Making an Auction

Bitcoin 1: Setting up a Private Regtest Blockchain
Bitcoin 2: Adding a Second Node to your Private Regtest Blockchain
Bitcoin 3: Joining the Samcoin Blockchain


Real Hacking (key)
Data Breaches: Real and Imaginary (ppt)
Bitcoin (key)
Security at Colleges
NETLAB password insecurity

The lectures are in Keynote and HTML formats.
If you want them in PowerPoint, use the Cloud Convert site.


Bitcoin 1: The Crypto-Currency - The New Yorker (2011)
Bitcoin 2: Merkle tree - Wikipedia
Bitcoin 3: Genesis block
Bitcoin 4: Bitcoin Block #0 on -- Click Transaction to see quote
Bitcoin 5: Coinbase, Coinbase Field - Bitcoin Glossary
Bitcoin 6: The Crypto-Currency - The New Yorker (2011)
Bitcoin 7: Cryptocurrency Prices
Bitcoin 8: Understanding Bitcoin Difficulty
Bitcoin 9: Difficulty - Bitcoin Wiki
Bitcoin 10: Mt Gox: The History of a Failed Bitcoin Exchange
Bitcoin 11: The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster
Bitcoin 12: Details of $5 Million Bitstamp Hack Revealed
Bitcoin 13: Bitcoin Exchange Gatecoin Hacked; 250 BTC & 185,000 ETH Lost (5-16-16)
Bitcoin 14: A history of bitcoin hacks
Bitcoin 15: Suspected multi-million dollar Bitcoin pyramid scheme shuts down, investors revolt (8-27-12)
Bitcoin 16: Bitcoin exchange BitFloor shuttered after virtual heist (9-4-12)
Bitcoin 17: Cryptsy Hacked: Bitcoin Worth $USD 6 Million Stolen (1-18-16)
Bitcoin 18: Hackers steal $1m from Bitcoin site (11-8-13)
Bitcoin 19: Danish Bitcoin exchange BIPS hacked and 1,295 Bitcoins worth $1 Million Stolen
Bitcoin 20: $4.1 Million missing as Chinese bitcoin trading platform GBL vanishes (11-11-13)
Bitcoin 21: List of Major Bitcoin Heists, Thefts, Hacks, Scams, and Losses (11-16-14)
Bitcoin 22: Poloniex Loses 12.3% of its Bitcoins in Latest Bitcoin Exchange Hack (3-5-14)
Bitcoin 23: Secret Service Agent Gets Six-Year Sentence for Bitcoin Theft (12-17-15)
Bitcoin 24: Block Size Chart for Bitcoin and BitcoinCash
Bitcoin 25: Bitcoin Cash | Home
Bitcoin 26: Segwit2x and the Tale of Three Bitcoins (Aug. 7, 2017)

Blockchain 1: Microsoft launches Project Bletchley blockchain framework (June 17, 2016)
Blockchain 2: Understand the Blockchain in Two Minutes - YouTube
Blockchain 3: Ethereum Blockchain as a Service now on Azure (2015)
Blockchain 4: Sydney Stock Exchange Developing Blockchain Trading System (5-19-16)
Blockchain 5: Inside Linq, Nasdaq's Private Markets Blockchain Project (11-21-15)
Blockchain 6: Santander unveils first UK blockchain for international money transfers (5-26-16)
Blockchain 7: Acronis testing blockchain for backup (5-19-16)
Blockchain 8: Blockchain Experts, a Rare Breed, May Demand Big Bucks - WSJ (5-12-16)
Blockchain 9: A Visual Demo - YouTube
Blockchain 10: Demo - LIVE ONLINE

Introduction to Cryptography Videos by Christof Paar - YouTube
Cryptography Textbook Website
RSA is 100x slower than AES (figures 9-13)
RSA Public Key format - Stack Overflow
Cracking short RSA keys - Stack Overflow
Converting OpenSSH public keys
How can I transform between the two styles of public key format
Padding oracles and the decline of CBC-mode cipher suites
Prime Numbers Generator and Checker
PadBuster: Automated script for performing Padding Oracle attacks
RSA implementation in Python
Practical Padding Oracle Attacks on RSA
Android, JavaScript and Python compatible RSA Encryption
How to Install Python on Windows
MACTripleDES Class -- HMAC from Microsoft
Cryptool 2 Tutorial
Locky Gets Clever! Ransomware uses private-key and public-key encryption
How to Program Block Chain Explorers with Python, Part 1
How to Program Block Chain Explorers with Python, Part 2
Bitcoin mining the hard way: the algorithms, protocols, and bytes
Bitcoins the hard way: Using the raw Bitcoin protocol
Elliptic Curve Cryptography: a gentle introduction
Dogecoin Tutorial
Dogeminer - Dogecoin Mining Simulator
Dogecoin - Wikipedia
DogePay - DogeCoin Price
Ethereum - Wikipedia,
Ethereum Project
Ethereum Homestead 0.1 documentation Mining Pool | Litecoin, Bitcoin, Multipool, Dogecoin, Scrypt, X11, SHA256, X13, X15, NeoScrypt, Scrypt-N
Inside Linq, Nasdaq's Private Markets Blockchain Project
Dangers of using receive API - Unconfirmed inputs used for transaction fees (From 2014)
Receive Payments API -
Bitcoin Transaction from Joe to Alice
Bitcoin Network Still Backlogged With Tens of Thousands of Unconfirmed Transactions, Causing Delays (from 2015)
Bitcoin's Capacity Issues No 'Nightmare', But Higher Fees May Be New Reality (Mar. 2016)
Bitcoin's 'New Normal' Is Slow and Frustrating (Feb., 2016)
Bitcoin block size live
How to completely kill Bitcoin at the 1 MB hard limit (Mar., 2016)
Weaknesses - Bitcoin Wiki
Block size limit controversy - Bitcoin Wiki
Creating your own experimental Bitcoin network
How to Create Your Own Cryptocurrency | CryptoJunction
Genesis block - Bitcoin Wiki
List of address prefixes - Bitcoin Wiki
RSA implementation in Python
Execute Python3 Online
ASN.1 Parser | phpseclib -- Converts RSA Keys to Decimal Form
Mastering Bitcoin: Free Online E-Book
bitcoin/bitcoin.conf at master bitcoin/bitcoin GitHub
Bitcoin Double Spends - Max. is About 4 Per Day
Top 5 Cryptocurrency Scams of 2014
Cryptocurrency Scams Exposed - A Site Listing Scams, Funded by Scamsite Ads
Four genuine blockchain use cases | MultiChain
Difficulty - Bitcoin Wiki
Understanding Bitcoin Difficulty
How to Install Python 2.7.10 on Ubuntu & LinuxMint
Beyond Blockchain: Simple Scalable Cryptocurrencies
DAO Trading Launched on May 28, 2016
Customizing blockchain parameters | MultiChain
Kunstmaan Labs - Hands on with Multichain
Multichain: A Build-Your-Own Blockchain Service for Banks
MultiChain Private Blockchain White Paper
Simple Encrypted Arithmetic Library - SEAL - Homomorphic encryption
Blockchain Voting slides
CNSA Suite and Quantum Computing FAQ
DAO Attack Wouldn't Have Been Possible With Synereo's Smart Contracting Language (7-3-16)
The Blockchain Brain Drain: How The States Are Driving Blockchain Companies Abroad (6-28-16)
The DAO's Wild Ride: Where Does Blockchain Go From Here? (7-1-16)
A brief history of cryptocurrency drama, or, what could possibly DAO wrong? (7-2-16) -- HIGHLY RECOMMENDED
A Legal Analysis of the DAO Exploit and Possible Investor Rights (6-21-16)
How to setup a local test Ethereum Blockchain
A 101 Noob Intro to Programming Smart Contracts on Ethereum
Ethereum TESTNET Morden Block Chain Explorer
Create a Hello World Contract in ethereum
Breaking Into the KeyStore: A Practical Forgery Attack Against Android KeyStore (July, 2016)
Ethereum Accounts, Address and Contracts (Live)
Namecoin: A Trust Anchor for the Internet -- POSSIBLE PROKECT
Solidity by Example -- Voting
Contract Tutorial ethereum/go-ethereum Wiki GitHub
Ethereum hands-on tutorial
Setting up geth Ethereum node to run automatically on Ubuntu
How to get a Morden Test Wallet on Ethereum and write a simple Will contract
Ethereum DApp Essentials Part 1 -- Useful explanations of concepts
What is bitcoin and the blockchain?
Practical Applications of Blockchain Technology
How to make miner to mine only when there are Pending Transactions? - Ethereum
Getting started with Blockchain (Beta)
GitHub - kadena-io/juno: Smart Contracts Running on a BFT Hardened Raft -- IMPORTANT ALTERNATIVE TO BLOCKCHAINS
Ethereum is the Forefront of Digital Currency
Ethereum Enthusiasts Determine Their DAO After A Successful Hard Fork (7-21-16)
Cross-Chain Replay Attacks on Ethereum (7-17-16)
DAO hacked, Ethereum crashing in value (6-17-16)
Bitcoin Plunges After Hacking of Bitfinex Exchange in Hong Kong (Aug 3, 2016)
Bitcoin Mining Profit Calculator Game
CCDC 5: How to Win CCDC
Arizona Cyber Warfare Range -- Revolutionary advancement in cyber security happens here.
Why do we use XTS over CTR for disk encryption?
Disk encryption theory - Wikipedia
A Graduate Course in Applied Cryptography -- POSSIBLE ALTERNATIVE TEXTBOOK
AES Encryption in Python Using PyCrypto -- USE FOR PROJECTS
Attacks on RSA cryptosystem
NSA’s VPN exploitation process (portion of book)
Hosting a DNS domain on the blockchain -- Ethereum-based prototype (2017)
Why isn't Internet DNS based on blockchain? (from 2016) Fastest and easiest way to buy and sell bitcoins
Public Key Cryptography: Diffie-Hellman Key Exchange (short version) - YouTube
Length extension attack - Wikipedia
Everything you need to know about hash length extension attacks
A Primer on IOTA (with Presentation)
Generating Addresses: Learn the Basics - IOTA
Documentation - IOTA - Getting Started
Tutorial: Getting Started - Beginners - IOTA Forum
IOTA Support - Tutorial - Nostalgia Light Wallet
IOTA Node Tutorial
iotaledger/cli-app: CLI App that acts as a wallet
Node.js Introduction
'Hello World' in IOTA: Payments and Messaging Leaderboard
SSH Tunnel in 30 Seconds (Mac OSX & Linux)
IOTA - The Machine Economy - Reddit
IOTA cool tools
MD5 Length Extension Attack
A sample implementation of MD5 in pure Python
Introducing Ethereum Development - Part 1 - MetaMask and Web3
Getting Started as an Ethereum Web Developer
cryptography of archive formats zip, rar and 7zip
Full break on 1024-bit RSA keys (and ~1 in 8 2048 keys) in libgcrypt via L3 cache timing
Rindjael Flash Animation (SWF File)
Lifetimes of cryptographic hash functions

New Unsorted Links

Bitcoin 27: 3 Things to Know About Bitcoin Mining in China (June 13, 2017)
Bitcoin 28: Banks fear bitcoin's mining centralization in China
Custom RBIX Shellcode Encoder/Decoder -- INTERESTING PROJECT
Ch 3a: Why can I encrypt data with one DES key and successfully decrypt with another?
Ch 3b: A Tutorial on Linear and Differential Cryptanalysis
Brainwallet - JavaScript Client-Side Bitcoin Address Generator -- SHOW TO CLASS
Hash-based Signatures: An Outline for a New Standard (from 2015)
Google Tests New Crypto in Chrome to Fend Off Quantum Attacks (2016)
Introducing Azure confidential computing--ENCRYPTING DATA IN USE
Ch 4a: AES Rijndael Cipher - Visualization - YouTube
Ch 4b: PyCrypto API Documentation
Ch 5a: Block cipher mode of operation - Wikipedia
Ch 5b: Galois/Counter Mode - Wikipedia
Ch 5c: Shor's algorithm - Wikipedia
Ch 2g: What is the Difference Between Common Law and Civil Law?
Penetration Testing in Active Directory using Metasploit (Part 2)
Ch 6a: CSRC - NIST Computer Security Publications
SpiderLabs/CryptOMG: CryptOMG is a configurable CTF style test bed that highlights common flaws in cryptographic implementations.
Ch 5d: Bug #996193 "OFB chaining mode requires padding" : Bugs : Python-Crypto
Ch 5e: Benefits and Vulnerabilities of Wi-Fi Protected Access 2 (WPA2) -- CCMP Mode Explained
2017-10-08: Algorithm for Linux $6$ password hashes
c - python crypt in OSX - Stack Overflow
Ch 7a: RSA numbers - Wikipedia
Ch 7b: Attacking RSA exponentiation with fault injection
Ch 7c: Fault-Based Attack of RSA Authentication
Hash Length Extension Attacks
CryptOMG Walkthrough - Challenge 1
CryptOMG Walkthough - Challenge 2
php - Can I blindly replace all mysql_ functions with mysqli_? - Stack Overflow
MariaDB - How to reset MySQL root user password
Automated Padding Oracle Attacks with PadBuster
Padding oracle attack explained
FeatherDuster is a tool for brushing away magical crypto fairy dust
The Padding Oracle Attack - why crypto is terrifying
The Cryptopals Crypto Challenges
Ch 9a: A (Relatively Easy To Understand) Primer on Elliptic Curve Cryptography
Why RSA encryption padding is critical
Ch 8a: Chinese remainder theorem - Wikipedia
Generate Random Prime Numbers
rsatool can be used to calculate RSA and RSA-CRT parameters
Calculating RSA private keys from its public counterpart
IBM Blockchain 101: Quick-start guide for developers
Ch 9b: security - The length of the Bitcoin's private keys - Bitcoin Stack Exchange
Ch 9c: Keylength - ECRYPT II Report on Key Sizes (2012)
Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem
Install Node.js - Ubuntu 16
nodesource/distributions: NodeSource Node.js Binary Distributions
Cryptology ePrint Archive
How the Byzantine General Sacked the Castle: A Look Into Blockchain - The Byzantine Generals' Problem
Ethereum Casper 101
Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, Ethereum & Smart Contracts
Ethereum Contracts Are Going To Be Candy For Hackers (from 2016)
Attacks on RSA cryptosystem
Understanding Common Factor Attacks: An RSA-Cracking Puzzle
MTC3 — The Cipher Contest
trufflesuite/ganache-cli: Fast Ethereum RPC client for testing and development
Blockchain Demo - A visual demo of blockchain technology
The ultimate guide to audit a Smart Contract Most dangerous attacks in Solidity
How $800k Evaporated from the PoWH Coin Ponzi Scheme Overnight (Feb., 2018)
Hack This Contract - An Ethereum / Smart Contract Exploit Training Course
Comparison of the different TestNets - Ethereum Stack Exchange
Rinkeby is extremely slow at confirming transactions - Ethereum Stack Exchange
Ethernaut Coin Flip problem
ERC20 - Ethereum Token Standard
How to stop mining empty blocks? - MultiChain Developer Q&A
MultiChain/multichain-web-demo: Simple web interface for MultiChain blockchains, written in PHP.
Crypto Identifier - Tool To Uncipher Data Using Multiple Algorithms And Block Chaining Modes
Quantum Algorithm Zoo
Post-quantum Key Exchange—A New Hope
PQCrypto Usage & Deployment
GCHQ on Quantum key distribution - NOT RECOMMENDED
PadBuster v0.3 and the .NET Padding Oracle Attack
NewHope: Quantum-robust Crypto for Key Generation using Ring Learning With Errors
Introduction to post-quantum cryptography and learning with errors
How to write a quantum program in 10 lines of code (for beginners)
Crypton: Library consisting of explanation and implementation of all the existing attacks on various Encryption Systems -- MORE PROJECTS
A Guide to Post-Quantum Cryptography
EC Council ECES. Cryptography Certification -- TechExams Community
How to generate MD5 and SHA-1 collisions of several types
From "Hello World" to "Hello Quantum" --VERY GOOD

Back to Top

Last updated 8-6-16 9:45 pm