Hacker News new | past | comments | ask | show | jobs | submit login

I don't understand something about infosec interviews (and that goes for the CISSP as well).

Why bother asking about crypto at all?

* What’s the difference between symmetric and public-key cryptography

* In public-key cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which function?

* Cryptographically speaking, what is the main method of building a shared secret over a public medium?

* What’s the difference between Diffie-Hellman and RSA?

* What kind of attack is a standard Diffie-Hellman exchange vulnerable to?

* What’s the difference between encoding, encryption, and hashing?

Here's my issue: if these are the questions you're asking, you're clearly never going to actually work with cryptography in your job. You may indeed end up deploying some appliance that uses "standard Diffie Hellman" somewhere, but you'll have no more control over that than you would over the LZW variant it uses to compress.

And that's fine! I think fewer people should deal with crypto, because people invariably get it wrong. But it's my suspicion that these questions are really just shibboleths; they're trivia meant to establish whether you're in the club or not.

In contrast:

* Where do you get your security news from: you will somehow have to keep abreast of security news (although, be honest, this is really just a question designed to bolster the club of security bloggers).

* What’s the difference between HTTP and HTML? Presumably if your candidate doesn't know how computers work, they won't do well at infosec.

* How does HTTP handle state? This is a fine question, although I don't understand why he calls cookies a "non-native" hack, since they're standardized as "HTTP's State Tracking Mechanism".

* What exactly is Cross Site Scripting? Sure, this is a great example of the kind of vulnerabilities corp infosec people routinely stumble across...

* What’s the difference between stored and reflected XSS? ... and if you've read anything about XSS, you know the OWASP-y taxonomy (although I might ask a corp infosec person to recite the OWASP top 10 instead)...

* What are the common defenses against XSS? ... and sure, you should know how to spot a bad fix to XSS, like trying to filter the <script> tag.

* What kind of network do you have at home? I have a Macbook. And an access point. I think the access point might be a 2wire? I guess I'm out the door.

* What is Cross-Site Request Forgery? As with XSS, a reasonable appsec thing for infosec generalists to know.

* How does one defend against CSRF? A little less reasonable but still germane (he appears to get this one wrong).

* What port does ping work over? This is the oldest trick question in the book (I think Cambridge Technology Partners made it up), but, sure, you're going to have to be able to firewall ICMP in your job.

* How exactly does traceroute/tracert work at the protocol level? One of my favorite interview question for developers is "how would you speed up normal traceroute" so I'm biased.

These are all reasonable questions, some I like better than others, that all have something to do with the actual job of being in infosec.




I completely disagree. A person who is really passionate about IT security will know about cryptography because they are interested in how security works, not because it's a requirement for the job interview. In fact, I am surprised at the number of highly paid security 'professionals' who are little more than auditors with a pen and a form to tick.

Asking about crypto is a great way to weed out the auditors from the pros. There is also a difference between cryptographic algorithms and cryptographic implementations. I wouldn't expect you to write algorithms, but I definitely would like you to explain real-life implementations. A good set of crypto questions to ask, that are quite basic and yet will trip up lots of security pros:

* What's the difference between a Verisign certificate and a self-signed certificate?

* In which environment would I use the Verisign cert and in which one would I use a self-signed?

* In what cases would I expect the Verisign cert to generate warnings in my browser? What about the self-signed? How do I fix these errors?


Questions about Verisign certs vs. self-signed certs are good, because that's an issue that actually comes up in infosec.

There definitely are good crypto questions to ask. But these questions aren't those. They demonstrate only enough of a command of cryptography to pass an interview. They're signalling questions, not assessment questions.

And, with the exception of things like "what's wrong with self-signed certificates", the real crypto questions will weed out essentially 100% of your candidates (and 99% of appsec candidates as well). Note: the "real" questions I'm thinking of have very little to do with algorithms.

There's a word for things you ask about because a person who was really a member of your club would be fascinated by them: shibboleth.


And a really good security guy may also know of Shibboleth as an implementation of identify federation / cross-domain SSO. ;-)


Some more interesting crypto questions, for interested HN'ers:

- Write code to verify message integrity, given a tuple (message, authentication_code) and a function authentication_code(message) (Google "Timing attack" if you think you couldn't possibly get this wrong);

- We store passwords salted and hashed with MD5. What do you think? How about SHA1? (Yes, this is bad, since these algorithms are too fast and hence allow dictionary attacks on the passwords; "PBKDF2" or "OpenBSD's Blowfish scheme" are good; bonus points if they know about scrypt; should include a discussion of password complexity);

- An open source project put a project-1.0.zip, project-1.0.zip.md5 and a project-1.0.zip.md5.sig file on their FTP server. Discuss. How about SHA1? (The .md5.sig file safeguards the .md5 file, provided the PGP key used is well-known. Collision attacks for MD5 exist; therefore, a malicious maintainer could serve a carefully-chosen but benign file to most clients and one with a backdoor to, say, .mil. Conversely, no (second) preimage attacks are known, so only the maintainer could do this. SHA1 is safe, for now, but it would be wise to upgrade. Bonus points if they know that the zip format is easy to manipulate. A small amount of bonus points if they express surprise at seeing a zip, since it's mostly GNU projects that use this "double checksum" and those tend to use tarballs);

- We have an API of the form http://mysite/set/key1=val1,key2=val2,...,keyN=valN,hash=foo where foo=MD5(customer's secret || key1 || val1 || key2 || val2 || ... || keyN || valN), where || denotes concatenation. Discuss. How about SHA1? If you disagree with this design, what would you propose? (This idea, based on an old design of AWS, is completely horrible, for either MD5 or SHA1. The obvious issue is that MD5(secret || "a" || "b" || "c" || "d") = MD5(secret || "ab" || "cd"), so that it's a valid hash for either a=b,c=d or ab=cd; the less obvious issue is that MD5 and SHA1, being based on the Merkle–Damgård construction, allow calculation of MD5(msg || msg2) from MD5(msg) and the length of msg. The correct solution is to use e.g. HMAC-SHA1(customer's secret, key1 || "," || val1 || "," || key2 || "," || val2 || "," || ... || keyN || "," || valN), ideally with a way to select the algorithm. Or use HTTPS with client certificates.)

But I agree that people, by and large, shouldn't be directly using any of this stuff.


Re: the crypto questions.

Not only are these just trying establish if you're in the club or not, but judging from his answers on the DH vs RSA questions (which are not-well formed to begin with), it seems like he's trying to establish if you're in the club that knows the names but has no knowledge of WTF is actually going on in crypto.


I'm the author and I wouldn't say I am a crypto guy, but the conceptual difference between RSA and DH is clear to me, and I defend the proposition that it should be for others in infosec as well.

Can you explain where this is in error?


I can't speak for the parent comment, but saying that "Diffie-Hellman" is a good answer to the problem of establishing a secure channel over an untrusted medium is like saying "plutonium" is a good answer to the problem of submarine propulsion.


It's a category error to those well-versed in cryptography, like "explain the difference between mergesort and recursion" - two unrelated concepts. (Whereas "explain the difference between quicksort and mergesort" is an interesting question.)

Your answer also does not sufficiently differentiate between e.g. key agreement (DH), message authentication ("signing"; HMAC), symmetric encryption (AES), or asymmetric encryption and signing (RSA).


I completely disagree as well. A security professional will often be in charge of evaluating various vendors encryption products for potential use within a company. If they know nothing about key management, for example, how would they even know how to evaluate the security (or lack thereof) of any given encryption solution?


This is exactly the thing I am saying "give me a break" about! Knowing what public key is, or that DH can be "man in the middled" is not enough to assess vendor crypto. It's not even close. More importantly, knowing the answers to these questions isn't even an indicator that you might know enough to assess vendor crypto.

And that's fine. Very few people (even in appsec) have that qualification. By way of example: I don't consider myself one of those people; I know three of them, total. Colin Percival might not consider himself one of those people.

What's not fine is pretending you've assessed a qualification that you don't understand.


To add to your argument...

Most of the infosec people I work with would score exceptionally low on the questions in TFA. That's because to do their job they have to argue with management, get buy in etc. Unless there's a gaping hole they're going to go with whatever the product does. They're not going to get involved with key exchange algorithms because the tool abstracts that. They're going to get involved with compliance. That's why we have things like FIPS-140-2, Common Criteria, EAL, CAPS etc.

Is that a bad thing? Possibly. One would hope that such products do a proper job. The realisation is not always so. We've broken two FIPS-140-2 products in the past 3 years, one of which was used in the Chinese olympics bid with dangerous results.

Personally I think knowing your boundaries and being able to express them (for example whenever people mention crypto I tell them I'm not the right guy, and if it was transatlantic I'd definitely say tptacek would be someone more worth talking to in that area) is more important than attempting to be a one-stop shop for all things security.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: