# Profile

## jledoux

Student

**5**reviews**5**completed

First, the professor gets 4 stars in my book, but the course gets 2. He really
tried to listen to students and was really responsive in improving the course
and getting feedback. But the aim of the course was too loosely defined and
honestly I feel I learned next to nothing besides some malware jargon taking
the course and a brief overview of the extent of malware out there. To really
understand malware, you have to really understand the machine language code,
operating system, and all the internals. You need to do a lot of programming
and really get it. E.g., assembly can't be learned in half a lecture by
walking through one example. So you don't really learn or practice anything in
this course, you just get a first exposure to a bunch of topics. The first
lectures were bad format-wise, as it was the prof going through a powerpoint
slide, without the powerpoint slide only being zoomed in briefly barely long
enough to read. Granted this was adjusted after student complaints. There's no
book or further source to look up. The quiz questions just contained random
factoids from the lectures or recommended readings -- which were just a
collection of academic papers (not really at the appropriate level for the
course). The factoids don't have enough of a basis for you to really grok, so
you just end up regurgitating a few facts. E.g., at "the bottom of the kernel
stack points to the current executing thread" or China's malware forums are on
Baidu and QQ or the main target of phishing in China according in 2011
according to APAC was "____" (and list the top four choices). Also the quiz
questions never changed, making it really easy to get a perfect score in your
three attempts. The one programming challenge took maybe 30 minutes (and most
of that was just figuring out what format he wanted the answer in).

Good course, my first udacity course (after taking several coursera ones).
Loved the fact that I could just churn through it at my own pace (that is I
finished the course in about one week). Best thing about the class were the
challenge programming assignments and how he touched on very modern
cryptographic concepts. Second best thing; unlike the coursera course, spends
little to no time on formalism, but gets to interesting applications of
crypto. So you don't learn about "semantic security" or "deterministic
encryption" or the details of how symmetric encryption works (e.g., no Merkle-
Damgard construction; no work through of AES). Instead, you get a good quick
overview of stuff like if you had a symmetric block cipher here's how to
combine it (CBC, CTR, CFB) mode, Diffie-Hellman, and (textbook) RSA. Then
quickly jump into more advanced stuff like anonymous money (bitcoin),
anonymous voting, anonymous routing (tor), blind signatures, breaking GSM,
BEAST SSL attack, and secure multiparty communication. However, when going
through many of these topics he doesn't always clearly define assumptions (who
knows what information), threat model, power of attackers, etc. Worst thing
about the class: vague quiz questions. First, all questions were videos
reading a question to you aloud which is annoying format compared to being
able to read the question with its assumptions explicitly on the same page as
the answers when you try to answer. (Versus having to rewind). Next, the
questions only accepted one answer, and were occasionally subjective, and even
more rarely wrong (usually with an instructor's note at the bottom right of
the page that's easy to miss). E.g., at one point the answer to three decimal
digits was .327 and the system wouldn't accept "0.327" or "0.33", but you had
to put in "0.32"; at another point a derivation there was a sign error and no
options were correct. The answer often depends on unstated assumptions and
that you have to watch a video to hear the question, versus seeing it written
out with the assumptions actually spelled out. You just have to learn not to
take the questions too seriously, and have no problem getting the
vague/subjective ones wrong. Examples of bad questions include the first one
in the course: "Which of these involve cryptology: Opening a door, playing
poker, doing a google search, logging into udacity" (and the answer is all of
them). I had skipped the intro video (where he spoke "opening a door with a
key" (even though no key was written down) and that I'll buy when adding a
key, that is cryptology. But playing poker does not by traditional definitions
involve cryptology even though if it involves "secrets". Cryptology is the
combination of cryptography (secret writing) and cryptanalysis (how to break
cryptography without the key). Or another example, they do the standard proof
by contradiction that there's no maximal prime and instead an infinite number.
You first assume (wrongly) that you have a finite set of all primes. You
multiply them all the primes together and add one to that (e.g., P = p1 p2 p3
... pN +1) where p1 is the first prime, pN is the assumed maximal prime). At
this point, the lecture stops and asks "is p prime?" Yes, No, or Maybe. The
system would only accept "Yes" which has a perfectly logical argument (p is
greater than the assumed largest prime pN; so it can't be prime as we've
assumed all primes are smaller than pN). But you can also argue, that it must
not have any divisors with your finite list of prime numbers (since p mod p_i
= 1 for all p_i in your set and you would have p mod p_i = 0 work for some p_i
if p was composite), and if a number is not divisible by any prime number less
than itself, then it must be prime. So either option has a good argument
behind it, but only one answer works. The problems involving the actual
material often had similar issues from vaguness, poorly defined assumptions as
well. Anyhow, overall great recommended course; take away 0.5 stars from
vagueness of some questions and how assumptions about attacker/threat model
were often left unstated.

Good course. Assignments are pretty much college level, and fun. Learn things
like (old-style) buffer overflow, basic reverse engineering, how to implement
malloc, basics of assembly/gdb. Instructors are very good, though recommend
speeding up Guillermo's lectures (20%) as he speaks slowly (but don't speed up
Luis's). Really hope they follow up at some point with a Systems Programming
or Operating Systems course. The biggest downside of this course was that they
presented many challenges that were hard, there was a very long hard deadline
so you could never discuss the answers or the best way to do something. (E.g.,
you needed to be able to do some challenges in less than say 8 operations for
full credit - but some managed to do it in 6 operations -- what tricks were
used?) Also like a normal course, the course work isn't 100% self-contained in
the class -- e.g., you can watch the lectures and still have to experiment a
bunch to figure it out.

An awesome course. I signed up when the course was nearly over, so only
watched the videos and took a few quizzes after the deadline, and downloaded
some of the readings. Very engaging, well-produced, well-written lectures and
very interesting content. Great for listening while say walking your dog, or
commuting to work. (Versus say more mathematical courses where you have to
follow equations, plots, etc.) Granted I have a feeling that some of the
observed experimental effects aren't as strong as purported (e.g., effects of
experimenting on elite college students or effects of subjects attempting to
go along with what they perceive the experimenters desired results are).

Awesome course. I've tried teaching myself RSA several times, but from this
course it finally stuck and not just text-book RSA, but the real things (as
well as El Gamal). It starts being a bit annoying that it seems he's being a
stickler for things on the quizzes. E.g., a lot of quizzes rely on whether you
remember and can functionally deal with the precise definitions for semantic
security, perfect secrecy, trapdoor functions, etc. But it starts making sense
later on, as you precisely define under what characteristics you have
guaranteed security. The programming assignments are a lot of fun, though
sadly there are only six assignments (e.g., much less than a real crypto
course) and its strictly a bonus. E.g., do a padding oracle attack; or break
RSA if p and q differ by less than N^(1/4). The content of the course is hard
if you don't have any prior experience or a strong math background. However,
the course is quite doable; e.g., you can take any exam multiple times (even
the final -- though the questions/answers will vary slightly) and the
programming assignments are optional. I wouldn't recommend the course if you
don't have the programming skills to say take the XOR of two byte arrays.