[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /sec/ - 4620



File: 1488918725253.png (240.63 KB, 204x300, spirals.jpg)

No.4620

There's this new degree in my country that looks promising. A comp sci master's program, specializing in cyber security, shared between two neato technical universities:
https://www.utwente.nl/en/education/master/programmes/computer-science/specialization/cyber-security/#why-cyber-security

Then again, will anyone care when you get this piece of paper? I can see the job interview in my nighmares already: "Lol nice meme degree. Where's your work experience doing anything security-related at all?" I know businesses get horny at the sound of the term "data science" but they're not handing over security tasks to just anyone.

If I enroll for this thing, some 3-4 years from now, it will probably be because I want to escape my current code monkey job. Not because I'm already a master hacker. I'll need to do a bridging program too, before I can be admitted, so I'll lose another year during which I'm not actually working. Will I just be setting myself up for failure?

PS: Cryptography will probably eat me alive unless I go in extremely well-prepared.

  No.4635

File: 1488926109357.png (172.3 KB, 175x200, 1483073478632.png)

>>4620
Hm, maybe I am in similar situation like you rn, got myself easy, unstressful code monkey job 1 year ago, right after i was semi-NEET for 2 years and coded soykaf just for hobby, now I'm more and more into security and server administration things, also my employers are looking for a guy to do that but they don't want me to do it because i'm too young and inexperienced (true that), also i don't have anybody to learn that things from first hand.

I found out this when checking your link and it seems even more meme:
https://masterschool.eitdigital.eu/programmes/overview/

I don't want to learn just some basic soykaf security, i want to go balls deep into some security related programming(scripting?), should i pick uni/meme uni (like above) or should i just do soykaf on my own and experiment with things?
What do you think /sec/pro lainons ?

  No.4636

I am on a meme degree (3rd of 4 years). I am not really looking at jobs yet so I can't speak to that.

In terms of actually learning stuff, you would probably do a lot better just lurking here, watching conference talks and doing some stuff on coursera. My department claim to be highly ranked but their stuff is no better than what I have done for free online.

I think the problem is that they let really unqualified people onto the masters programme because it gets them more tuition fees.

It might not be worth it unless you can make someone else pay for you to get the degree. It is a decent way of passing the time but if you want to get skilled you are probably better teaching yourself.

  No.4723

>>4620
>Cryptography will probably eat me alive unless I go in extremely well-prepared.
Learn number theory, especially modulary arithmatic.

Crypto isnt actually all that tough to learn if your decent with math. Ive done courses on crypto and its all modular arithmatic, using rings of integers, and understanding frequency analysis.

tbqh the math invovled with crypto isnt tough at all, its just different than what your probably used to... you should adjust to a crypto course fairly quickly if your even somewhat decent at math

  No.4729

>>4635
>they don't want me to do it because I'm too young and inexperienced

Yep, that's what I'm afraid of: the work experience meme. I am, however, starting to wonder if this new cybersec meme degree can land me a bureaucratic government job. Being a bureaucrat or a police techie sounds quite a bit better than my current job, which I just don't like at all.

>>4636
>My department claim to be highly ranked but their stuff is no better than what I have done for free online.

That's a shame, anon. At least you can do networking. Just make friends with the more disciplined students and see if they get really cool jobs later on.

>>4723
Other sources seem to say the same, with crypto being very different from typical math classes. Very little calculus.

Having to do a 180 from normal math sounds annoying. I do, however, believe that cybersec will remain a hot topic and a sexy meme for quite a while. Besides, if the average comp sci student turns up their nose for crypto, thinking it's too weird for them, then that just makes the meme even more special.

  No.4755

File: 1489319640614.png (58.3 KB, 200x197, 1454055471793.jpg)

Anon check this one out:
https://www.ttu.ee/studying/masters/masters_programmes/cyber-security/

I think this is not as memetic as others for this is a real MSc. with a thesis involved. Just check the course curriculum, this one is far from just being a 2 year metasploit cert, they go as deep as quantum crypto, blue team, red team, tech/internet psychology, cyberwarfare, malware etc.
They have a full tuition waiver scholarship worth looking into.

Also, you know VUSec is from your country right? They gave the world the Flip Feng-Shui paper (practical rowhammer VM escape/exploitation) and are heavies on hardware hacking among others, they also have a MSc. programme you should probably check that out: https://www.vusec.net/

Hell, Jacob Appelbaum (ex-Tor) is finishing his crypto PhD. in Eindhoven Tech:
https://www.tue.nl/en/education/tue-graduate-school/masters-programs/information-security-technology/

All the degrees I posted are even given fully in English.
No excuses anon, git gud.

  No.4799

>>4755
Thanks for posting this. It seems I've been afflicted by a vicious, virulent strain of tunnel vision as of late, because I kept looking exclusively at the content offered by TU Delft. Though they have excellent credentials in general, that does not mean they have the best cybersec courses or even the best comp sci courses. I'll need to look into these other programs, look at university ratings for their comp sci courses, look who's teaching what.

Thanks again!

  No.4800

>>4620

Cryptography is soykaf easy.

All the high level calculus/discrete math garbage you have to go through are for the sake of computer science, not security. Modern public key cryptography goes no further than high school level math. Symmetric key algorithms (e.g. AES) can be taught to a child and done on paper.

  No.4810

>>4800
What's the point of making a comment like this? You and me know that's it's not 'easy' because we can see so much work goes into making it secure. Sure, the algorithms can be explained easily but the actual process of making the whole process of encrypting and decrypting secure is the largest challenge. How many asymmetric algorithms are there? And then how many are actually in use in crypto because they work?

If It was 'soykaf' easy the govt would be fuarked you know

  No.4811

>>4800
this post is 99% garbage.

>Modern public key cryptography goes no further than high school level math.


RSA can maybe be understood on a surface level by a very smart high school student, but why it's secure requires extensive knowledge of number theory.

ECC is completely mysterious unless you give EC's and the cipher itself intensive study, both of which are far beyond the knowledge and ability of someone fresh out of high school.

>Symmetric key algorithms (e.g. AES) can be taught to a child and done on paper.


maybe a child with the longest attention span known to man and a 200-foot-long roll of butcher paper. And again, showing why it's resistant to cryptanalysis requires at least knowledge of linear algebra and a really good idea of how cryptanalysis is done.

  No.4823

I would say to research something not related to cryptography. The current cryptography algorithms are great, the problemas we are facing today in cybersecurity are far from being crypto related. I mean, we are in 2017 and SQL Injection is still one of the most common problems out there.

We don't need more crypto purists.

  No.4824

>>4823
And by crypto purists I mean those people who still believe that cryptography will save the free world by itself.

  No.4825

>>4823
>The current cryptography algorithms are great,

well, we still don't really have anything practical that resists quantum computers, but that's a while off and there are plenty of people working on it.

  No.4830

>>4825
>we still don't really have anything practical that resists quantum computers
actually DoD responded to those concerns just by enlarging the bit size of encryptions

  No.4836

>>4830
The DoD obviously doesn't know a thing about crypto then, because RSA, DSA and ECC are all completely destroyed by shor's algorithm, no matter the bit size.

  No.4945

>>4825
You are right, but as you said: here are plenty of people working on it. I think when it comes to security we're still lacking and I don't believe we'll see any great solution coming from "the industry". These people sell solutions hence they need problems to exist. This is the reason why anti-viruses were, are and always will be some soykafty piece of software. This is why a lot of people frowned their faces when some guys from DARPA showed an automated system that soon will be able to compete with soykafty level hackers (majority of people in the field just follow recipes, they are doomed).

The same doesn't apply to academia and I'm really happy to see more people going into.

  No.4947

>>4825
>>4830
there is something already in theory that resits quantum cryptography. look up stephen wiesener and quantum money.

and bit size of encryption is moot compared to quantum computing.

  No.4951

File: 1490730693834.png (24.49 KB, 128x128, 1455663192569-1.png)

come on lains, its like you're not even trying. lurk harder!
we already have post quantum crypto libraries being developed[1], the problem is that is going to be a long time before we can do some serious cryptanalysis on the algorithms.

For example, check out SIDH (Supersingular Isogeny Diffie Hellman).[2]
There is also a lot of hash-based and lattice-based algorithms.[3]

We have to exploit the fact that crypto hash functions are not vulnerable to shor's algo.

[1] https://www.microsoft.com/en-us/research/project/sidh-library/
[2] https://en.wikipedia.org/wiki/Supersingular_Isogeny_Key_Exchange
[3] https://pqcrypto.org/

  No.5013

>>4836
looked into your answer, seems like both of us are partially right
http://crypto.stackexchange.com/questions/9480/assuming-a-1024qb-quantum-computer-how-long-to-brute-force-1024bit-rsa-256bit/43529#43529

Seems like you need more qubits for more bits of RSA encryption, so basically DoD is trying to run away from even encroaching D-Wave processors gaining momentum with each new generation. This newest method was just to circumvent newest D-Wave 2000 qubit processor.
Although newest D-Wave 2000 qubit processors are only specialized in problems of quantum annealing, but I think DoD is trying to play it safe.

  No.5015

>>4620
If you want to do something else than your current job i would do it, in Holland cyber security will always have jobs open specially academics.
Anything with Tech isn't a meme degree because it's demanding now and in the future.
With an academic degree you usually do different work than non academics like you probably will go do research on given problems or subjects and not pentesting some soykafty web server because everyone can learn that online.



>>4636
Teaching yourself is a meme because you only hear the good stories from people that were already skilled or gifted at it and still most of them even go to an university to get a degree not because they need it but rather because it's fun.
Also your coursera course is never going to be worth an academic degree or anything like that he is better of going to various nearby conferences when doing his degree and participate in the community.

  No.5020

>>5015
>you probably will go do research on given problems or subjects and not pentesting some soykafty web server because everyone can learn that online.

Tbh I find it a lot harder than the "academic" stuff

  No.5032

File: 1491301852293.png (139.3 KB, 200x137, 1455733473860.png)

>>5020
> Tbh I find it a lot harder than the "academic" stuff

Really? you find pentesting web servers harder than creating shellcode from scratch for modern archs like ARM or fuzzing for memory vulns?

Maybe you should update your definition of academic.