Programming Throwdown - Cryptography
Episode Date: March 30, 2017In this episode we explain how data is encrypted and decrypted, and how you can use encryption in the things you build. Show notes: http://www.programmingthrowdown.com/2017/03/episode-64-cryp...tography.html ★ Support this podcast on Patreon ★
Transcript
Discussion (0)
programming throwdown episode 64 cryptography take it away jason i actually want to talk about
interns and uh how important that is,
understanding how the whole internship process works and the implications there.
I'll kind of walk through sort of the whole internship kind of cycle.
Basically, typically you interview, so you're typically in college.
You could be undergrad, you're, so you're typically in college, you could be
undergrad, graduate student, doctoral student.
Um, you will interview around like December, January ish, you know, so you'll apply around,
I guess, November, December.
Um, but definitely check with whatever company you're interested in cause it varies.
Um, and then, you know, you'll do a typically a couple of phone interviews and then if you're interested in because it varies. And then, you know, you'll do typically a couple
of phone interviews. And then if you're accepted, you'll sort of formally accept the offer and then
you'll be committed to spending your summer at, you know, whatever company you apply to.
It's pretty cool. I mean, I think it's very sort of loose.
Like I've seen really amazing, super exciting internships where you're basically a full-time engineer.
You have a ton of responsibility.
You have a lot of help and some amazing work comes out of it.
I've seen internships that didn't go as well.
So because it's such a short time, it's there's going to be high variance.
Right. But one really key thing is it's super, super important to do an internship if you want to go into industry.
It raises your chances of getting a job significantly.
I mean, there are times in companies I've worked at where there have been hiring freezes and they still will um hire people who are interns um even through the hiring freeze so
it's really important i personally haven't done an internship but uh i have uh over the years kind
of mentored interns and uh that's another part of it is you'll get you'll get paired up with a mentor who is kind of responsible, kind of like a manager.
And they're responsible for helping you, making sure that, you know, if you're blocked on something that they can get you unblocked.
Of course, this is really important for an internship where you only have a couple of months.
And I think, Patrick, you actually did an internship, right? I did. I interned at a company that I ended up going to work for once I graduated,
because that's like a thing companies try to do is for the interns that do, you know, well,
they sort of already learned about them. They've started spent some money training them. And so
they try to be generous and giving them offers to come work
there the other thing i don't think you mentioned is that being in engineering specifically computer
science i've never heard of an internship that was not paid oh that's a good point so in other
sort of disciplines it's very common to have internships that are not paid, that you sort of are expected to give
work away in exchange for the experience. But all of the programming internships I know of
are paid, and they're actually paid pretty well, like much better than
the sort of other summer jobs I took that were internships.
Yeah, absolutely. Yeah, internships are paid if you do some type of engineering role um i have a
friend who's in biology and uh their internships are not paid so it's kind of uh um and and they
still it's still very common to do internships even in that field so so we're super lucky to uh
be in a field where they pay uh interns um and uh, I think it's a great experience. The other part of it is,
you know, there's definitely a big rift, I think, between academia and industry right now.
I mean, if you're in academia, you probably are being taught about linked lists and about
hash tables and things like that, which are super important. And then
typically you'll have maybe one software engineering class, but that class will,
at least at my university, was just woefully out of date. You know, it's like UML diagrams or
something, which is like, you know, popular in the nineties or something. And so, you know,
getting an internship gives you just like an extraordinary experience.
It's very hard to sort of replicate in school.
Um, it also will help your interview skills.
Um, you know, it'll look, it'll look good on your resume and all of that.
So, uh, definitely check it out if it's not on your radar.
Um, you know, uh, it would be good to just, you know, check out some, pick your favorite
companies, um, and see sort of what they have to offer on the internship side.
The other part of it is it's not, uh, as big a risk for a company.
So, you know, depending on state to state, but, but in general, if, if a company hires
you, uh, especially if you're there for more than three months,
you know, there's definitely it's hard to get rid of people to say like perfectly honestly,
it's hard, very hard to fire people in general.
And I think in Europe, it's even harder.
Right.
And so what that means is people are going to be risk adverse.
Right.
They're going to take every possible
precaution, um, not to be put into an awkward position. Right. And if you've done an internship
that, uh, that gives extraordinary signal to that company. I mean, and so if the, if it's
a choice is between you and somebody else who, as far as the interview goes is, you know, maybe
even a little better, did a little better in the the interview but you're a sort of a sure thing and they're just high variance because
they didn't do an internship um i think that that will you know factor in right on the flip side um
i don't think internships like matter to other companies um to the degree that they're worth getting so in other
words like don't do an internship at a company that you would never work for just to do an
internship i feel like that's a waste i think you would be better off like taking a coursera course
or something and putting that on your resume i disagree um really well i'd like to hear your opinion uh so i i think you're
it is absolutely true that doing an internship doesn't matter nearly as much to another company
but even if they discount your work like work experience there or sort of you know kind of
pretend that it isn't there i don't think it's a negative, right? It's
not, they're not going to be like, oh, you did an internship at another company. We don't want you
here. And I think there's a bunch of positives to it. One, from your end, you're going to be able
to have gotten a little more experience in the process of doing that, that you can talk about
during your interview, that you will help you in your last. So typically, well,
sometimes internships happen at the end of your schooling, but often they happen sort of before
your final year or before your final two years. And then it sort of gives you an opportunity to
shape that last year or two years to what you learned about during your internship or what you
sort of learned about the real world. I guess that sounds bad to say, but non-academia,
it's sort of what Jason was alluding to. And I think all of those things actually help you when you go to interview, people can tell, oh, this person is sort of ready. Like they sort of,
they've sat here, they're not going to ask, you're not going to have to ask questions like,
what is it like to be a programmer? Like, what do you do all day?
Those might be questions that come from someone who's not.
And I think all of that sort of comes through
in sort of the disposition of a person,
even during interviewing,
if they've done an internship before.
I mean, taking a Coursera course is great.
I don't know how to really compare and contrast those,
but I think there is value.
I mean, at some point taking it
in sort of a field of computer science you're not interested
in going into and at a company that's
not very reputable or whatever
at least you still get paid
so there's that and like making money
is sort of good to like help you get through college
because I was sort of broke in college
yeah same here so that was really nice
and I see what you're saying
but I wouldn't say
it's a case by case basis.
You sort of have to make a decision.
But I do actually think there's enormous value.
In my time when I was back at college after doing an internship, it gave me, I feel, a much different view on my professors and what they were saying.
Where it allowed me to sort of apply what was being said a little more intelligently.
And sort of focus on the parts that I really wanted to make sure I knew.
And sort of, in my mind, since I wasn't going in academia,
it allowed me to discount some of the stuff that I realized was sort of no longer applicable
to kind of the stuff I would need when I first came out of the gate.
It makes sense.
I mean, I think it, yeah, I mean, I'm definitely kind of like a bookworm.
So, you know, it's a bit of like, I think it, yeah. I mean, I'm definitely kind of like a bookworm. So,
so, you know, it's a bit of like, I think my values coming out, but yeah, I think,
so maybe, I mean, one thing that I think we both agree on is definitely,
you know, take the time to like intern to take the time to pick a company for your internship that you'd want to work for like that like like interning you know uh gives
you a huge leg up at that company that you interned at and so don't kind of like waste that
like if if you really want to work at you know uh general electric or something then do an internship
there and and what that means is kind of really doing research kind of early on the companies and where you want to work.
But yeah, I see your point that there's definitely, you get a ton of experience either way. do internship at GE and then you go interview somewhere else and they don't really know much
about GE or care or something like that you're still going to have experience that's going to
show that you would have had otherwise all right time for uh news so um yeah so this is this is one of these things it's almost like scary to
even bring up but we have to talk about it they're listening um yeah that's right uh so
so i'm sure everyone's seen by now this whole vault seven wiki leaks thing uh basically um and i guess i mean i don't
know if it's i mean i don't know how much of it has been sort of proven or not i haven't been
following it too closely i have to admit but basically wiki leaks released a bunch of documents
from the cia and uh among other things it, uh, if you had a Samsung smart TV, um, that they had some sort of hack where from your wifi router, um, they could like get into your wifi router.
And then from there they could get into your TV and they could actually turn on the microphone, um, just at will. So, um, and so presumably they were just turning on the
microphone, they're collecting all of this audio and then they were shipping it to Germany because
I guess the idea was that if they get caught, then they can like say that it was the Germans
who were doing it. So it was sort of like a way to cover their tracks. Um, but I guess apparently there's like, and again, this is all from the WikiLeaks. I don't know if any of it is
true. I'm not gonna, I have no idea. Right. But, but, uh, according to this report, there's a
bunch of Americans, you know, living in Europe doing like all this analysis on all of this
illegally collected data. Um, and, uh, you know, presumably they're like looking for people who are
like speaking a certain way or saying dangerous things i don't know but uh but the whole thing
is crazy i mean it goes way beyond samsung tvs it's like iphones there's like zero day exploits
for iphones that that that they had that they weren't giving to anyone so that
they could like survey people on their iPhone. Um, uh, you know, my, my ignorance of the topic
is kind of showing through. I saw the initial news article and that's kind of what I've linked here.
Um, but, uh, there's a ton of information. Um, it's, uh, if, if oh if you're at work don't download this at work like like
wikileaks has the zip with like all this data you probably don't want this on your work computer
um um that's one of these things it's like you don't really think about because it's not really
illegal it's not like pornography or something like that but i just i just i don't know maybe it's just me
being paranoid but i feel like this is probably not something that you want on your work computer
um um but yeah i mean you know when you have time at least read the articles uh it's it's
fascinating i mean even if it's not true just the the like the whole story just seems completely plausible and uh yeah i mean it's it's
it's an amazing read there's also tools you can actually download these like windows and linux
tools that supposedly let you i don't know sniff ports or something i don't know too much about it
but they have the source code and everything which is kind of wild yeah as you said even if it is sort of fabricated that it was the
cia or the cia was behind that or not fabricated but whatever miscommunicated misunderstood who
knows even if that part isn't correct then um it it gets people thinking about all these sort of
internet of things the smart tvs the smart toasters, the smart microwave, you know,
anytime they put a microphone on there to listen to you for some reason,
you know, even a sort of legitimate reason,
then someone could figure out a way to tap into that and gather that data.
Even if the company is complicit or non-complicit with that
yeah i mean i you know i had friends uh your co-workers who uh you know would put tape over
their laptop camera and uh tape over their microphone and i kind of like i mean i didn't
think they were kind of like tinfoil hat wearers or something like that. I mean, I feel like, you know, makes sense.
Maybe you have an accident and you turn it on when you're not supposed to.
Or like, you know, maybe you actually download a virus like you install some program that's malware or something.
Right.
But I thought the idea of like, oh, the government has some zero day exploit in the OS and they could just, you know, turn on your camera.
Well, I thought that was kind of like a stretch like kind of out there um but yeah after this report uh i believe
it i mean i still haven't taped over my camera maybe i just don't care if someone's watching me
um but but yeah i totally think that i could be watched at any time which is which is which is
kind of strange i don't sounds... Oh, go ahead.
I'm sorry.
This sounds really silly, but you said put tape over the camera,
and I have actually done that a couple times
because we used to have a video conferencing tool
that had the option of having video on or off,
and sometimes you would sort of not be paying attention
or not have the configuration right,
and it would turn on the video by default.
And then until you sort of realized it and turned it off people would see you sort of you know no
not doing something weird it just sort of catch you off guard and so i actually did have something
over it when i don't think people are watching i like scratch my face like you know you just do
these like yeah ritual things and yeah i mean it's kind of embarrassing right and so i put
electrical tape over it like some opaque tape that you couldn't see through.
Because I thought that made sense.
And then someone the other day had cellophane tape, like clear scotch tape.
You know, it's like sort of hazy over theirs.
And I didn't get it at first.
And then I, like, realized and then asked them to confirm that this was why.
It's sort of, one, it wasn't as tacky because it wasn't as obvious when you looked at it.
Also, some of the computers used the camera to do ambient light sensing
or in that area to do ambient light sensing.
And if you tape over it with tape, you ruin that.
Or, like, sorry, electrical tape or a piece of paper.
But if you put the cellophane tape, it can still sense the light,
but everything is still too blurry.
Right, right. That makes sense.
I was like, oh, I guess that seems silly. But to silly but to me i was just like wow that's really smart yeah totally so if you don't want to go all
the way we're going to yep we're going to see a lot of this now i think um you know like we're
going to see a whole market of of smartphone cases that can you know cover and uncover the camera.
I just feel like this is a thing that's going to happen.
I feel the opposite. I feel like people are scarily desensitized and not caring about this.
Well, I mean, you'd be right in the case of me.
I don't really care enough.
Maybe that's a scary thing.
But no, I think that even if 1% of the people care enough, that's enough of a market for someone to make a case with a lid or something.
I'm not denying cases will be made.
I'm just denying that they're going to get used.
Yeah, I agree with that.
Well, my news article is about Shaw 1 collision.
So I guess this is from Google announced i i guess they were trying to call
it something cool they called it shattered so they named the bug it's not really a bug but
there's a tradition of naming i guess exploits and bugs so they named it shattered but what it
really is is sha one which is a way of hashing the data which means you sort of take a document or a bit of data and you run it
byte by byte or sets of bytes by sets of bytes through an algorithm and you get some,
it's called a hashback. It's some representation of that data so that if you make any change to the data, it is statistically improbable
that the hash is the same for two different inputs.
Now, of course, if your hash is smaller than your input,
it's always possible, right?
So if you have an input that's 256 bytes
and you use only one byte hash,
then of course there's always you know there's always a chance
that they'll have a collide a collision um but with a big enough hash the chance of collision
goes down dramatically right you could imagine you know for 256 um a one byte number a 256
combinations that any two documents have what would that be one in 256 chance of collision
um and then there's sort of the what do they call it the the birthday problem where right the there's
sort of a little bit of unintuitiveness if you're not used to dealing with it where your chance of
collision goes up more quickly than you would otherwise sort of think um but even with that
that with the longer hashes it sort of was for a long time unreasonable to
expect that there would be a collision which is two different inputs causing the same result
and the reason why that's bad is if you imagine someone is like when you see the
sort of hash codes for downloads when you download especially like security tools like an
ssh tool and you'll see like oh here's the hash and you're supposed to hash it on your computer
to make sure that the thing you download matches the thing the author intended to and so that way
you know nobody's changed it and with a collision they could give you a virus instead of an ssh tool
and so what google did here was created two different PDFs.
And I haven't actually opened the PDFs,
but I read that they were essentially two images.
So on the first PDF, there's an image.
On the second PDF,
there's a completely different image.
They don't resemble each other at all.
But if you run them through this SHA-1 algorithm
for generating a hash,
the hash will be identical.
And what that means...
Right, and they did it on purpose.
Right, they found two different documents that collided.
Right, and yeah, and they can...
And the important thing is that because you could generate just random data
and hash it and then generate more random data and hash it,
and eventually you'll get a collision right but in this case they can actually manipulate the collision so in other words like they can
get something not just random but something they want to collide with something else and that's
where it gets kind of dangerous right and a funny kind of side note on this they uh uh they put into chrome a unit test where there was
a collision um and and so just as part of chromium and i guess chromium like uh i actually don't know
why they put it as a unit test maybe it's just to remind people never to use SHA-1 but as soon as they put in that unit test
and they put in those two PDF files
it actually broke a git
like it literally broke the repository
and the chromium repository was down for like almost a week
because git saw these two files with the same SHA-1
and just had a heart attack
yeah so this is dangerous you know they have on the website Git saw these two files with the same SHA-1 and just had a heart attack.
Yeah, so this is dangerous.
You know, they have on the website, we'll link it in the show notes,
they have a list of how much effort they put into getting this collision.
But if you sort of look through the trend of these things,
whenever sort of algorithm like this is sort of proven to be vulnerable so a lot for a long time people
have said don't use shaan one because it's close to being vulnerable but sort of no one had actually
proven it to be like proven here definitively have a collision and now that they have it'll
only probably be a matter of months maybe a year or whatever before the computation falls even
cheaper and you know maybe a couple years or
whatever it just means that basically any time now you should expect this to become commonplace
where people are able to create collisions so using sha1 for something security related has
just become much more dangerous yeah it's kind of like wep like wep you know someone hacked it
you know it was a big deal.
And,
and then like less than a year later,
there was WEP attack.
Like you could just sudo apt-get install WEP attack and then get any WEP password you want.
And it's just completely democratized.
Yeah.
All right.
Well,
time for book of the show.
Book of the show. My book of the show is my first audio book from Audible.
As I said last show, I was getting kind of eye strain from too much smartphone, too much computer.
And I decided to get an Audible account and listen to audio books and wear one of those opaque masks when
I'm on the bus. And I did that and it feels really good. And so my first audio book was Scott Adams,
who's the creator of Dilbert. He wrote a book called How to Fail at Almost Everything
and Still Win Big, the story of my life or kind of the story of my life. And, uh, it's interesting.
I mean, it's, it definitely, you know, it reads kind of like a self-help kind of manual. I mean,
it is a self-help kind of manual. It, you know, he does definitely talk about his life and maybe
it's just because I'm getting, you know, to the end of it. But, uh, I really was interested in the beginning and it is all about his life, his trials, his tribulations, sort of
his mentality, um, sort of what got him through the different hard parts in his life, et cetera.
Um, but then the second half of the book is all about, uh, I guess the title of the book,
which is all about how you, how the audience can fail at everything and still win
big and and that's the part that um you know it just it's you know like it's definitely interesting
but it's actually maybe what it is is honestly i have a lot of the same mentality as as scott adams
and so for this reason it's like i'm just hearing myself say things like like like nothing seems that interesting to
me because i already think sort of the same way and so for that reason maybe you know someone else
could uh get more out of it or maybe it's a contentious book to other people um but i found
that part like a little boring for me but the first part is just super interesting about his life i always kind of wondered you know
people who write comics sort of like what's kind of their persona and you definitely get a long
glimpse into that so yeah i totally recommend it um it was a great listen and uh i'm really
happy with my purchase i actually normally have sci-fi recommendations,
except that I'm in the middle of a really long book.
And so I try to not do my recommendations until I finish with the book,
although I know I have in the past.
So I'm withholding that one until next episode,
and I'll be finished with that book.
So instead, I don't think I've ever covered this,
but I really like make magazine and make magazine has been around oh i don't even know how long now
for quite a while a long time and i've always sort of when i've gone to the bookstore and seen a copy
of it that i was like particularly interested and i would pick it up or i would sort of follow
their blog online um but it's But I finally got a subscription to it
and just been receiving in the mail,
which I really like just sort of getting it by default
and then reading through it
whether I sort of thought I would or not.
Which is weird because I guess I don't normally read
that many in print books or magazines,
but I'm enjoying this one.
And Make Magazine caters to what i guess
they sort of helped create the name for the maker crowd the maker movement which is to sort of say
people who enjoy making things with their hands not just buying things off the shelf so putting
together electrical kits or making circuits 3d printing making their own quadcopters
just the whole gamut of sort of mixing art and technology and coding and electronics
and they cover all of those things and the magazine itself is just sort of i think really
well done i don't often do projects that i find in there, but it's still inspiring, even if I don't
to sort of read through it and see the way they've described something and the cool stories they have
in there and the tools they recommend and learning about sort of, you know, hey, what are people
doing with Arduinos these days or with wireless sort of little PCBs? And so if you've not checked
out, I'm sure most people have probably heard about it but if not and you feel like you're into
that kind of do it yourself
crafting
trying new things experimenting
definitely check it out
cool
so this is I guess can you get an electronic
version or it's only in print? I'm sure
so I have the print version I guess
I just think it's a really well done print magazine
but I know they also do have the print version. I guess I just think it's a really well done print magazine.
But I know they also do have a digital version.
Cool. Very cool.
Yeah, so you can definitely get, you know, one of Patrick's mega million hour audio books or you get the Scott Adams audio book, which is eight hours.
Eight hours? That's like one day of commuting for me.
That's right.
No, that's not true. On Audible.
So you could go to audibletrial.com
slash programming throwdown, all one
word. We have a link in the show notes.
And you can get started on that.
I thought it was great.
It's got a pretty cool interface.
Oh, one thing I noticed is the interface on Android is way better than iOS.
I think it's because on iOS, they can't actually sell it as an in-app purchase because iOS, like Apple, want to take a cut.
So they have to sort of get you to go to the website.
But yeah, the android version is is very
slick um and the android version doesn't have the cia spying on you so there's that too oh
actually i don't even know if that's true they're probably spying on you on both of them but
oh that was horrible if you if you don't uh if you're not interested in Audible or you already have an account, you can also sponsor us on Patreon.
All of your donations go to help the show in some way.
At the end of the year, last year, we had a bit extra, so we gave away some free t-shirts.
But to be a sponsor on Patreon, you go to patreon.com slash programmingthrowdown.
And we appreciate all of your
donations and your support yes thank you for all the help so i checked my audiobook is just a little
bit shy of 46 hours in length wow that's intense i'm only i'm very close to the end oh wow so yeah
it's uh yeah that's that's awesome okay, that's a teaser for next time. People will probably go figure out what it is and they'll be like, oh, I know.
No, nobody cares that much.
Okay.
Tool of the show.
Tool of the show.
My tool of the show is Tesseract.
Tesseract is pretty cool.
It actually was a company.
Oh, no, it was done by Microsoft.
Then Microsoft kind of abandoned it and Google picked it up.
And it's been maintained by Google ever since.
And basically, it's OCR.
So, OCR stands for Optical Character Recognition.
And so, you can give it an image, and it will tell you the text in the image.
Now, it's meant for books. So, you know, you can't give it like a street
corner with like a stop sign. It's not going to show you the word stop. You know, it's meant for
a book where it's, you know, text and there's not really any background, right? With that said,
though, it's extremely accurate. So, you could give it, you know, you could have a page. I don't know how
it works with forms. Like it may or may not be accurate. I haven't tried that, but you could
definitely give it a page from like a textbook that you've scanned or, you know, a letter that
you've received that you've scanned. You can just take this, you can download Tesseract. You have
it through a homebrew if you're a Mac user, or if you're on Linux, you have it through, you know,
Apt or Yum or whatever package manager you're using.
If you're on Windows, you could probably download a binary.
I don't know.
But you get this Tesseract binary, and it's just as simple as saying,
look, Tesseract and then the file name, and then boom, you know, you have the text.
And it even tries to use sort of the spatial, it tries to be spatially aware. So if some of
the text is center aligned, some of it's left aligned, it'll kind of pad with spaces.
So for some things I was doing recently, I had like a bunch of images that I wanted to convert to text.
And in my case, the images had a background, but I was able to sort of remove the background using some image processing.
So get it to where it was just the text.
And it worked great.
It just it just dumped out all the text for I had a lot of image. I mean, thousands of images.
And it there was a couple of like weirdness thousands of images and it it uh you know there
was a couple of like weirdness like you know there's like maybe one or two letters is off
but uh it actually uses like also the knowledge of the language so so for example if these are
english documents and you tell it english it will um you know take that into account. So if it thinks the word is T-H-I-M-K,
but it knows that it's very close to think,
which is an English word, it'll change it to think.
So that fixed a lot of the errors.
But yeah, if you ever need that,
Tesseract is pretty cool.
Will it do, you know, sort of like you said,
scan where it is sort of aligned and flat well if you
just sort of like take a picture with your cell phone will it you know kind of i mean i guess
there's tools on your cell phone but if you just had pictures that you had snapped with the camera
or whatever and it wasn't sort of like uh properly aligned and it's sort of off center and there's
some background oh yeah that's not a problem okay um that shouldn't be an issue yeah it's just what
it can't do is like a street sign or something sure um but yeah if you have a document you've taken
like or a check or something you've taken like a crooked picture it shouldn't be a problem cool
mine is less useful but maybe more fun is uh pandemic the board game the app no uh the Pandemic nice board game
made into an application an app
for uh iOS and
Android I checked that's available on both
it isn't free I think it was
at this time two dollars on both
um if you've never played
Pandemic the board
game I would recommend checking
it out it's very fun if you're not
into board games very much you've probably never played a board game i would recommend checking it out it's very fun if you're not into board games very
much you've probably never played a board game like this it's what's known as a cooperative board
game which means each of the players who are playing you can play with i think uh you can play
by yourself but you can play with i don't remember i think six people may be the limit i'm sorry i
actually haven't played with other people the physical i think it's that much i think it's four but if you have the expansion it goes up to six
if i remember okay that might be what i'm thinking about but okay so some number of other people but
everybody is sort of on the same side on the same team in this case you're a set of researchers and
scientists that are trying to cure viruses from that are infecting the world.
And there are sort of rules for moving the game along where the viruses obey sort of certain rules of logic
that the game tells you how to apply in cards that are used.
And by playing those cards and obeying the rules
that are in the rule book during the phase of the game's turn,
the virus is sort of spread throughout the world. And that spreading in the rulebook during the phase of the game's turn the virus is sort of
spread throughout the world and that's spreading throughout the world you have to combat with the
other people on your team to try to rid the world of those viruses bacteria disease um and those
pandemics and that board game is a lot of fun uh it's really highly rated. People really enjoy that game.
Yeah, it's great.
The app is a really good implementation of the board game.
So I actually don't get a ton of time to play this with people because I just don't tend to actually get as much time
to play board games as I'd really like.
But I can still enjoy the board game by playing on my iPad or my iPhone.
Can you play over the internet with friends i won't this
sounds i don't want to make it sound sad or cheeky to say i don't know because i don't have friends
but uh i don't i've not i i don't actually let me bring it up and see i've not tried you could
you could just play with your face oh wait you have a facebook can you play with your oh you
don't have a twitter account either i'm really bad i don't know i kind of enjoy i don't know a big multiplayer game person so i don't
actually know oh it's asking me other questions i'm not sure i'm sure the internet can tell you
this answer i did not come prepared you've stumped me i would definitely you know i think a game like
this is kind of fun if you could play with like your family you know if each of you can just play
on your own phone and
it just goes round robin but it might take a long time to get through a game so you've played
pandemic though before the board game yeah right okay cool yeah so have you played the the newer
one where there's sort of like a meta game where stuff happens in between the games oh no so i think it's called uh pandemic
legacy okay okay anyways for anyone out there who has played pandemic and enjoyed it there's
something called pandemic legacy and i've not played this before but this sort of what happens
is you play and based on things that you choose to do or winning or losing against the viruses in the game,
there's sort of envelopes and instructions that come along with the game that you open that modify the game and the game rules in sort of irreversible ways.
And so people don't sort of like you won't find online exactly.
I'm sure if you go digging, you can find it.
But it sort of doesn't tell you what those are but it might be something like renaming a country or adding new connections or deleting connections i don't actually know i've
not played it but you sort of end up physically altering the board that you have as you play
these games you can't like go back so by the end of playing this sequence of games you have sort of like a customized board to your
sequence it's almost like like campaigns indeed yes yeah so if you've not heard about that before
people seem to really like that i haven't had a chance to play those because you sort of need
to play it you know many times through over the course of several sessions but you kind of want
to play with the same people so that you can kind of enjoy the unfolding together yeah makes sense super cool time to talk about
cryptography cryptography you want to get us started well i thought i'd be a little cryptic
and instead tell a story no okay
the the thing instead You should be...
Yeah, instead we're going to actually encrypt
this whole conversation.
So from now and for the next 10 minutes,
you'll only hear static.
Yeah, it's only going to be pig Latin.
Okay.
Well, all joking aside,
we're going to sort of give kind of a high-level overview
of different parts of cryptography.
This is a huge field from the
sort of practical standpoint of how do you encrypt stuff efficiently and where does it live in your
code to the mathematical sort of proofs of robustness of various cryptography algorithms
to i know just all sorts of things at every level. This is a very wide sweeping topic.
And, you know, there's whole professions and fields that are, you know, sort of dedicated
to the working with cryptography.
And we're going to just sort of give it a high level overview in the kind of different
aspects and parts.
And we'll probably miss a whole bunch. But the thing,
cryptography is,
you know,
I won't give you,
I don't know the like breakdown,
the word crypto and graphic,
but you know what cryptography is,
is about,
I have some data and I don't want other people to know what that data is.
So I have information that I want to keep secret or I want to give it to
someone else and know that only they
can read it. So Jason and I can communicate and only Jason and I know what's being said so that
no one else can be a part of it or only the people we choose to be part of it are part of it. And the
kind of most obvious way that people do this and is actually even still used and underlies a lot of the
practical cryptography that's done today is sort of the shared secret so if i meet with jason in
advance and whisper into his ear the password is i'm not going to share this on the podcast
and then he you know writes that down on a piece of paper. And then I apply some algorithm using that secret to some data I have and send it to him.
And then he knows in advance that secret.
And he undoes it.
Then he can read.
I can know that only he can read it.
And we've shared that secret.
Sorry, we've shared that message.
But we had to prearrange sharing that password.
And that's tricky for a number of reasons. Because if we use the same password over and over and over again, we become at risk for people uncovering that by analyzing our data through various techniques. to meet in person and securely deliver that that's sort of expensive especially if i need to do this with many many people or i want to do it with someone who maybe is in a place it's difficult
to get to um but having a shared secret and using it over and over again like we said it leaves you
subject to sort of someone analyzing patterns and what you're sending and the solution to that that
it's still used today is sort of known as like the one-time pad and this came from i guess one of the wars
world war one world war two where there would literally be sort of a pad of of these shared
secrets that two people would have and the passwords the things that you used to encoding
were at very very long so that you that you sort of were more immune to this
analysis and you only used it for sending one message. So if you sort of have a password that's
as long as your message and you only use it once, it is actually very simple to prove that it's
impossible for someone who doesn't have that password to decode your message, because every message of
that link is equally possible. Right. Like to give you like a visual example of this, right? Let's
say you have like one of these 10 code passwords, you know, where it kind of looks like a telephone
screen and you have the digits zero through nine and you have to punch in like, let's say a four
digit password, right? So, you know, you type in the in like let's say a four digit password right
so you know you type in the password let's say it's one two three four or something right so
someone who's kind of watching you maybe they sit right next to the door they always see you kind of
doing kind of the same motion if they kind of see you enough times they can kind of pick up on what's
going on or maybe um maybe even a better way of making the analogy is someone can kind of see you enough times, they can kind of pick up on what's going on. Or maybe even a better way of making the analogy is someone can kind of dust the area and they can see, oh, you know, the one, two, three, four buttons have like a lot of smudges on them.
And maybe the one button is even more smudged because you got most of your finger oil on the one button.
And so they can kind of like
over time kind of reverse engineer the password, right? But if your password was like 30 digits
long and you're punching, you know, all 10 of the digits three times in just a random order,
that's going to be really, really hard. Like, like it's not like they can't use the same tricks I just described, right?
So these one-time pads, these shared secrets, if you could sort of communicate them, they actually are sort of the goal of a lot of cryptography is to be able to sort of get to this because this is really robust.
And so what you end up with a lot of this is how to share those one-time pads. This is also, we didn't really say this,
but the idea is you want people to kind of be able to know
how you're encrypting your data,
how you're applying your cryptographic techniques.
So the algorithm that you're using to encode your data
should be able to be known. And even if people know that they still can't figure out what you're
doing. That's like sort of a because otherwise you run into all sorts of other problems. But again,
with this analysis, and in this particular one, these one time pads are symmetric. So
the thing that I do to my data,ason also does to his data to undo what i
did and that's called symmetric key cryptography so that this sort of these one-time pads are both
a shared secret and symmetric so that begs the question well what are alternatives and this is
where you start to get to uh much more of what you hear today, which is public key cryptography. And public key cryptography
means instead of making one key, I make two keys, one key that's public and one key that's private.
And only I know my private key, but I can give away to the world my public key.
And there's a lot of interesting things this unlocks. And it's sort of probably a little too difficult to explain the underlying algorithms of public key cryptography and the kind of how prime numbers are used as a part of this.
I feel like that would get really confusing over podcasting. But when you hear words like RSA, cryptography, and then the pretty good privacy, the PGP
set of tools also uses public key cryptography.
And what it allows you to do is sort of a sequence of things.
One is if I have data and I want to make sure that only Jason can read my data, I look up
in a telephone book of sorts, Jason Gauci, his public
key is, and you know, whatever it is. And I apply the algorithm with his key to my data. And I now
know that the only person who can undo that is Jason, because this is an asymmetric encryption.
So in order to, if you apply the encryption key again,
you don't get a decrypted data.
You just get essentially garbled data.
And so I apply his public key.
I send it to Jason.
Jason applies his private key.
And then he can read my original plain text message,
my unencrypted data.
And so that solves as me, the sender,
as Patrick, the sender to Jason, I now know that
only Jason can read my message. But when Jason receives the message, he doesn't actually yet know
that Patrick sent it. So I can write in there at the end, you know, dash Patrick. But if Bob,
I guess, yeah, okay, if Bob sent that message and just wrote dash Patrick at the end,
Jason has actually no way of being able to tell that apart.
And this is another awesome thing
that public key cryptography allows you to do
is what's called signing.
And I'll see if I can get this correct and understandable.
So when I go to sign a message,
so I write my letter out, dear Jason,
you're really awesome, dash Patrick. And then I apply his public, I apply his every day. Yes,
I make sure to send you one every day because no one else is going to. Oh, dang.
So I write that message. I apply his public key using the algorithm. I encrypt that data. Now I want to have him be able to verify that it's for me. So we talked about SHA-1 hashing before. And that's not secure, so don't use that. But assume you use some other kind of hashing that's secure.
SHA-5 or something. Yeah. So, and you, and you take the hash. So some representation of the data that is
reasonably easy to believe that no one else could sort of change the data in any way.
You take that hash. And then now I do something a little bit weird. I take my private key and I sign,
I apply using the same algorithm as before to encrypt the data I encrypt the hash with my
private key now I take the original message that's encrypted with Jason's public key
the hash which is encrypted with my private key and I send those to get oh I guess actually sorry
not the encrypted data the unencrypted data and then my sign and then I encrypt that whole thing
because I don't want other people to be able to see that. So I want to encrypt the whole thing. I send the whole
encrypted thing to Jason. Jason applies his private key to the whole message. So now he can see,
Jason, you're awesome, dash Patrick. But he doesn't actually know it came from me yet. He
has a bunch of sort of still encrypted data at the bottom. And he goes,
oh, I want to make sure this came from Patrick. So he goes and looks up in the phone book of keys. He looks up Patrick, my public key, and he applies that to the encrypted data at the bottom
of the message. He sees that now he has what he believes is a hash. So he hashes the decoded
message that I sent him. And he compares that with the now unencry believes is a hash. So he hashes the decoded message that I sent him.
And he compares that with the now unencrypted,
hopefully, hash.
And if they match,
he knows that that message came from me,
is only read by him,
and nobody can have changed it.
And that's sort of like the awesome part
of public key cryptography
or one of the many awesome things
that allows you to do.
And that's basically, in a nutshell, how everything on on the internet works like if you go on the internet this month
and you pay your bills the only reason you can do that is because of what patrick just said
yep so ssl encryption relies on this to uh be able to send your data securely sshing if you
ssh into your computer also uses these techniques
this is very very widely used yep yeah whenever you see that little lock icon on the browser on
the on the top left which now you should see almost everywhere um um that means that this
this technique is in play like it's just i mean it mean, it sounds complicated. I mean, and it is, but I mean, it's happening so fast that you don't even notice, but it's actually a lot going on and it's,
it's every single packet is being encrypted in this way. So, I mean, this is happening.
If you go to even just like google.com or something, this is happening thousands of times.
So maybe not thousands, but hundreds.
Well, so yeah, you know, what I just described and I said these phone books, if you hear about sort of the certificate authorities that come up a lot recently with in regards
to SSL, those are about sort of the phone book of trusted companies.
So that's where my browser can go to verify that Google's a site I go to on Google is actually coming from Google. A site I go to from Amazon is actually from Amazon, at some point there has to be something to get it started. Right. And the trust that gets the whole thing started, as Patrick said, are these stores. So like there's a whole bunch of work going into making sure that you get these public keys safely and securely. And then the only other thing that I think is sort of interesting here, and then we'll move on from this part, is to say that these algorithms, these public key
cryptography algorithms are pretty slow. Like they're not very efficient, both in this sort
of generating keys is very expensive, but actually encoding messages this way is very costly.
And so what you normally try to do is minimize the data you need to exchange this way and then
this goes back to the one-time pad we talked about before so actually what you want to do is exchange
in the encrypted something you've encrypted with one-time pads but now i have a way to share my
one-time pad with jason so i can use this public key stuff we just talked about to send him a one
time pad encryption and then i can use
that which is very very fast to encrypt the rest of my data yep but then every time jason and i
communicate we exchange a one-time pad right yep um cool so let's talk a little bit about
um the encryption so you have a key and let's see me sort of exchange that key correctly and all of that.
Now you have some data like you have, you know, every month I have a cron job that that sends Patrick an email saying he's amazing because, you know, I don't have time to do that.
I did mine personally, but yours is a cron job.
I see where I lay in this stack.
And so that, so I need to, I need to encrypt that somehow. Like I need to take my key
and take this plain text and I need to apply the key and turn the plain text into something that
looks unintelligible until it's decrypted. Right. Um, so, you know, there's, there's this,
this idea of doing this has been around for extremely long time. Um, so, you know, there's, there's this, this idea of doing this has been around for
extremely long time.
Um, there's something called the Caesar cipher, which correct me if I'm wrong, but it actually
comes from, because it came from the days of Julius Caesar.
I'm pretty sure that that that's actually accurate.
And, uh, what it involves is basically applying a certain number.
So the key in this case is just a number, like let's say five, right?
And what you do then is you take your message, which assume it's all letters, and you rotate
all the letters by five.
So what that means is A becomes B, C, D, A becomes F, B becomes G, C becomes H, and it rolls over.
So Z becomes E, right?
Now, if the number was negative 5, you'd rotate in the other direction.
If the number was 26, that would be a bad choice.
You would not do any rotation, and the person would just see your plain text, right?
A similar idea is a substitution cipher, which is a little bit
more sophisticated. In this case, you're not doing, you know, that same rotation to every letter,
but you use your key to generate a mapping. So you could say, you know, A is G. So wherever I
see an A in this encrypted or unencrypted text, wherever I see an A, I turn it into a G.
And then now when I have the encrypted text and whenever I see a G, because I have the key, which tells me sort of the mapping, I'll go back and change it back to an A and I'll get my original message back.
These ciphers are totally stateless, right?
Like if you have the key, then you could just apply that key
and you could decode half the message.
You could decode the end of the message.
It doesn't matter, right?
But they're also extremely weak for this reason, right?
Like for example, if I have this huge message,
let's say I encrypt like a huge document, right?
I know that the word the is very common, T-H-E, that that word is very common in English.
So if I see, you know, in the encrypted message, if I see a bunch of three-letter words, I could say, oh, that's probably the. So let me like apply my
substitution cipher and let me see kind of how the rest of the document looks. And I can keep
kind of playing around with sort of my innate knowledge of language and then end up with a substitution and end up like reverse engineering the cipher.
So stateless ciphers are bad.
And so people started making stateful ciphers.
So, for example, what I can do is I can say I'm going to encrypt this block of data using my key. But then what comes out of the encryption is the encrypted text,
but then also some other numbers. And now when I go to encrypt the second block of data,
I'm going to use those numbers. And even if the second block is exactly the same as the first,
those numbers that came from the first block are going to make the second block look different,
right? Think of it as like different inputs, right? And so now my trick that I just described,
where I find all the does, that trick doesn't work anymore because the gets encrypted differently in
the first block in the second. And so, you know, everyone's kind of moved on to stateful ciphers. And there's
the block-based approach I just described. And there's even, they have a way where you can
actually do a streaming cipher. So you can, you know, it doesn't have to be broken up into these
chunks and it can still take advantage of that sort of trick. And just as sort of trivia,
that extra data that gets kept around from block to block,
that's called the nonce.
You can also start with a non-zero nonce,
but you have to agree to it.
So I could tell Patrick,
hey, I'm going to start my nonce with five. And then we both know
the first block is going to have my key and then five. And then the second block is going to be,
you know, different based on the content of the first block. And so most people use stateful
ciphers, right? But the key thing here is if you want to do cryptography, like if
you're building an app and you want to send something securely, and let's assume you're not
using SSH or HTTP, like you're writing your own custom thing. The answer here is use Libsodium.
So Libsodium is an open source library um it was put together by i think like
google and facebook and a bunch of companies and uh that's it basically lib sodium has an
encrypt and a decrypt function um they let you specify the nonce or leave it out but but use
that library don't ever ever ever write your own cryptography library.
Like even if you look at the source code for AES or Salsa20
and say, oh, I could write that myself, don't do it.
Because if you have a bug, it's gonna end very badly, right?
Like someone like, if you need something to be secure,
then chances are there's consequences
to it not being
secure. Like maybe it hurts your business or your whole product is ruined or something. Right.
And it's just not worth taking that risk for no reason, right? Like Libsodium is an amazing
library. The API is very simple. It's, um, constantly being peer reviewed and, uh, yeah,
when it gets to the nuts and bolts of it,
just use LipSodium.
And that's pretty much it.
I think it's really easy to introduce,
like we talked about all these steps.
So Jason was talking about this stateful cipher
where I was talking about exchanging one-time pads.
But obviously you might want to send more data
than the size of your password. And so you need to do all of this extra stuff to avoid these very, very clever and sophisticated attacks. And I think what Jason is pointing out is like, if you do this on your own, you're likely to sort of introduce some sort of bad assumption or a bug, a mistake, something you think or won't even know to check for.
And someone sort of looking around and figuring this out
could leave you very vulnerable.
And so, yeah, I agree.
Do not do this on your own, even if it seems really easy.
Libsodium has bindings for almost every language
because everyone else is in the same boat.
And yeah, there's really no reason
to not use it i'll also see the above talk about you know things that have come out from wiki leaks
about why you don't want to be using something that could be vulnerable and it's better for
someone else to keep track of sort of the current best practices and help keep you secure. Yep. So one of the things that you also hear about cryptography, and we'll cover this, you know,
sort of only at a high level, is all the stuff we've talked about works together to keep
you secure, but very, very determined people with lots and lots of time on their hands
still have a very good chance of being able to get at your data after
some amount of time, right?
The amount of time it takes, it's kind of the equivalent as if you, you know, have some
valuables in your house, you know, some jewelry or whatever, and you put it in a safe.
You don't want to sort of have a bank vault grade safe for what amounts to, you know,
a couple thousand dollars in jewelry,
because you spend a million dollars on a safe to protect a thousand dollars. It doesn't make a lot
of sense. Your jewelry isn't that valuable. And the cost of the safe is partly because of the size,
but also sort of rated for how long it would take someone to break into that safe.
And the thought is with enough time and money
and dedication, someone will always be able to get into the safe. But hopefully, you know,
the stuff you're storing inside isn't worth that amount of effort, then it's sort of secure.
And the same kind of applies for a lot of this encryption stuff. This is based on work that has
to be done. And the work that has to be done to undo the encryption
is much, much bigger than the work done
to do the encryption when it's done carefully.
And all of these techniques that we've talked about doing
to try to make things better
are about making sure that holds true,
that the amount of work to decrypt
is disproportionately larger
than the amount of work to do the encryption.
But if there turns out to be a problem in your algorithm or a problem in your data, and that assumption breaks, now people
can get at your data much more quickly. Also, as computers sort of become faster and faster,
if you sort of, and this is where you hear like the number of bits of encryption,
but the number of bits of encryption that were were used you know a decade ago computers and
gpus and fpgas and asics of today can break those much much much more quickly today so it maybe
takes an hour of computing an hour of computing time today to break what would have taken years
before and so what jason was sort of alluding to um before when he was talking about uh oh what
were you saying oh it slipped my mind you were saying something where uh uh not to use your own
crypto ah it's gone oh well jason had a good point related to that before uh but when you're
setting how big these are you want to sort of think about the best practices of today.
But the thought is in 100 years, who knows what's going to happen?
And you don't know if your day is going to be secure.
And one of the things people talk about that would cause a lot of problems in this assumption of it taking a long time to decrypt your data is quantum computers.
And we don't have time to sort of go into the details of this.
But the idea is that quantum computers can do the de-encryption calculations very, very quickly
in parallel. And at some point, if quantum computers become, which not everyone agrees
they ever will reach this, but if quantum computers became sophisticated enough, they would sort of be able
to almost instantaneously decrypt the data that we use today, because of their ability to, in
parallel, run a lot of the math computations that are necessary to decrypt data. And so you'll hear
people say this, like, oh, quantum computers will sort of be able to undo this.
And that's what they're sort of saying is quantum computers can do a bunch in parallel and they'll be able to decrypt these much more quickly.
It is also like just to like try to illustrate it as best I can. like a bunch of different uh uh you know keys in parallel and then returns the one that has the
most number like instances of the word duh and uh you could fire this off and then the quantum
uh processes that have that end up you know decrypting something with a lot of does in it
will start to like bubble to the top and uh you're using sort
of this trick you can you can uh try like two to the n keys in n time and uh and break almost any
password it's all kind of very pie in the sky theoretical stuff but that's that's sort of the
idea and then you'll also hear that typically immediately followed up with,
but quantum computers will also make,
hopefully for the first time, unbreakable encryption.
And what people say there is there's sort of some interesting properties
of the way quantum mechanics works that if things pan out,
you'd be able to encrypt your data using these sort of quantum properties
in a way that if someone ever tried to tamper
with your data or use the wrong key,
that the message would sort of self-destruct.
So trying the wrong key on your quantum encrypted data,
I'm being very loose with the words here,
but like trying the wrong key against it
would sort of make it explode if it wasn't right.
And so you would never try
unless you knew you had the right key
because the data would just be destroyed otherwise.
And it isn't like you can copy the data
and try it again because of these quantum properties.
You can't copy the data many, many times
and just keep trying and destroying them
until you find the right one.
No, you're sort of guaranteed
that that message only exists once
and that can only attempt to be unlocked once.
Right, exactly.
Yeah, you create sort of this entanglement
and when you make the copy,
if you try a bad key on the copy,
you'll destroy both copies at the same time
because they're sort of,
they're binded together bound together um yeah so that's that's some pretty cool stuff that may come you know in our lifetime
may not we'll see um one thing that just as like a final takeaway is um if your client is compromised
you're hosed like if you get a virus on your laptop, you're done, dude. Like
there is no cryptography that's going to help you. Like if you get a virus, that virus could just say,
oh, I'm VeriSign now. And like all my public keys are this. And, you know, oh, you thought you're
going to CapitalOne.com, but you're actually going to my website, right? Like, and so, you know,
one of the things that came out of the WikiLeaks was that they cracked like all of the end-to-end encryption
like whatsapp and and iMessage and all these things that have end-to-end encryption
the the government was able to crack it that's not true at all basically all of those cryptography um techniques are not cracked but what they did
is crack the client like if if you crack if someone's typing a message to someone else
and you've hacked their phone you can just see what they're typing before the message is even
sent right so that data is kept that data is kept in memory unencrypted.
So either once it's been decrypted or before it's been encrypted,
it's in memory in plain text and they can just look at it there
if they are able to run processes on your system.
Exactly, yeah.
So if your system, so cryptography will not help you at all
if your system is compromised.
And with that in mind, like if you have a virus or something on your computer um like don't even open your browser to uh find out how to
remove it like use your phone or something um because you know anything can cause you to give
all of your personal data at that point all right well that was sort of a high level man cryptography has a lot of parts i
don't even think we covered there's tons of stuff i'm still thinking like oh we didn't cover this
and we didn't cover yeah i know i mean yeah we could definitely talk about all the different
algorithms and but uh um but you know i think that um you kind of gave everyone a high level
gave gave you all a high level um definitely go on
wikipedia um if you're interested it's it's a fascinating subject there's a lot to cover
yeah i mean i'm always i don't know i guess in computer science you sort of are in and around
in cryptography so much that you kind of bump up against it you sort of read a little bit out
you sort of learn a little more you go a little ways you learn a little bit more and i always
sort of am fascinated like i kind of want to deep dive into it but i've never really had that
opportunity but over time i guess yeah you just really build up a lot of sort of peripheral
knowledge about it when working in computer science yeah Yeah, I mean, I did my own.
Actually, I didn't even do my own, but I used libgcrypt,
which is an older library for Eternal Terminal.
And basically some security expert went to me and said,
yeah, that library is not very secure, and so I should use libsodium instead.
And then here's a bunch of reasons why, which were unintelligible to me because I should use lip sodium instead. Um, and, and here's a bunch of reasons
why, which were unintelligible to me because I'm not from that field. Um, but yeah, there's just,
there's a wealth of information. I mean, I, uh, um, I feel like I, it's just, it's one of those
things that's like pretty far down on my list, uh, because just only because there's so many
other things that I want to learn. But, uh, um, But I could see, you know, if I got into it,
I would definitely be just reading about it for days.
I mean, there's just tons of amazing content.
And it goes all the way back to, like,
people encoding messages to help fight wars
in the Roman Empire.
I think that's it.
It feels like doing spy work.
Like, keeping secrets just sort of seems fun.
Yeah, totally. All right. spy work like keeping secrets just sort of seems fun yeah totally
all right well that's uh that's the show for for this month uh cryptography i think uh is
fascinating actually it came from a listener uh request so um so thank you for that definitely
keep emailing us with your ideas uh Uh, you know, we keep all of
them and we get to all of them eventually. And, uh, you know, it's, it's some of our best shows,
especially now, you know, we've been doing this for a long time and, uh, and, uh, some of our
best shows have come from users saying, Hey, you know, I, I just blitzed through, you know,
all five years of your show and you didn't talk about this. So the person in particular, this was, I won't say your last name,
but this was Khan, who said, hey, check out, I noticed you didn't cover cryptography.
Also, another gentleman by the name of Juan asked us the same thing. And because of you guys,
you folks, we covered cryptography.
So thank you for that.
All right.
Until next time.
See you later.
The intro music is Axo by Binar Pilot.
Programming Throwdown is distributed under a Creative Commons Attribution Sharealike 2.0 license. Binar Pilot.