
Practical Cryptography - zerognowl
http://practicalcryptography.com/
======
hannob
Skimming through it this seems largely a description of historic and broken
cryptography and almost no information about practical modern cryptography.

(also the obligatory note: no HTTPS for a webpage about cryptography?)

~~~
delinka
Think of it as "cryptography in practice." And in practice, it's often broken,
whether from poor implementation or design flaws.

~~~
hannob
Except that it's not even that. You're right that a lot of crypto is broken,
but usually because of implementation bugs, not because people use vigenere
ciphers.

------
TrueDuality
> Cryptography refers almost exclusively to encryption

Ooof first line. That's like saying math refers almost exclusively to physics.
Grabbing that name from a well respected and popular book as well.

Tsk. Tsk.

~~~
paulddraper
There is a section dedicated to hashes, but ooof indeed.

~~~
RandomInteger4
Well, one could argue that cryptographic hashing is like encryption which
isn't meant to be reversible.

------
45h34jh53k4j
Copyright James Lyons © 2009-2012 Latest reference is Stinson, Douglas (2005).
"Cryptography: Theory and Practice"

intro to classic crypto. Not so practical in 2016?

Wheres the circa 2016 https?

------
sweis
This site contains little practical information about cryptography.

------
gone35
_[...]cryptography is the study and practice of obscuring information_

What about authentication?

------
xs
So what type of job can you get if you specialize in cryptography?

~~~
tptacek
This is a surprisingly tricky question.

If you are _really_ good at cryptography engineering --- that is to say, top-
of-your-field good _simultaneously_ at systems engineering and cryptography
--- then there are fairly lucrative jobs you can get either as a consultant
for a firm like Rambus/CRI, or as a crypto engineer at one of the big tech
firms.

Unfortunately, if you're not that person, or you can't live in California, the
answer is a bit fuzzier.

There are some big obstacles to working in the field:

* The overwhelming majority of crypto is built (poorly, dangerously) by amateurs, and there's no real force in the industry to change that.

* The overwhelming majority of crypto is built as, at best, a feature of a much larger product. Even when crypto is critically important to the value proposition of a product, in terms of lines of code or commits per year, it's usually not that big a factor. This means that even projects that need good crypto tend not to have a headcount allocated just for crypto (it's also a major reason why most crypto is done by amateurs).

* There are good jobs breaking crypto, but not that many of them. Being able to reliably find cross-site scripting is --- at the firm level at least --- more lucrative than being able to reason through a practical exploit for an unknown key share bug. There are crypto pentesters (with extremely high bill rates), but that brings you back to "top-of-field for multiple disciplines".

* You can, of course, make an academic career. You'd go for a PhD in cryptography, and then either stay in school as a professor, or join a _research group_ at one of the big tech firms (this is a different job than crypto engineering at one of the big tech firms; your principle job will probably still be to publish) --- so far as I can tell, those research group positions are exclusively staffed with PhDs.

That's not to say people shouldn't study crypto! They absolutely should: it is
mind-expanding in ways orthogonal to the other specialities engineers take on
to expand their minds. It will make you a better systems programmer. It might
make you better at software security, too (it might not, though). It will, at
least, mean that when your project is called on to, I don't know, encrypt a
password reset token, you'll be able to do that competently.

~~~
antirez
This is a great reply, but as I was reading it I was thinking how odd it is
that is much more lucrative and simple to learn JavaScript for 12 months or so
compared to have a math degree and solid crypto programming skills.

------
strictnein
Interesting that Sir Francis Bacon counted in binary, which wasn't formally
invented until after his death:

[http://practicalcryptography.com/ciphers/classical-
era/bacon...](http://practicalcryptography.com/ciphers/classical-
era/baconian/)

edit: Binary "invention" \-
[http://www.computinghistory.org.uk/det/5913/Gottfried-
Wilhel...](http://www.computinghistory.org.uk/det/5913/Gottfried-Wilhelm-
Leibniz-invents-the-Binary-System/)

------
mhw
Hmm; appears unrelated to
[https://www.schneier.com/books/practical_cryptography/](https://www.schneier.com/books/practical_cryptography/)

