

Schneier has a new book coming out - Cryptography Engineering - TallGuyShort
http://www.schneier.com/book-ce.html

======
tptacek
I strongly recommend this book in advance based on the fact that Ferguson is
the lead author, and it's based on _Practical Cryptography_, which itself
almost (but not completely) atones for _Applied Cryptography_.

~~~
gthank
I've got Practical, myself, but out of curiosity, what was wrong with Applied?

~~~
gchpaco
A lot of folks looked at it, went "Cool!" and hand wrote their own, buggy,
insecure encryption software. Basically it didn't say enough (or, for that
matter, very much at all) about library design, which Practical was much more
about, and as a result there was a rash of one-offs that were trivially broken
due to e.g. short circuiting equality comparisons, to pick something recent.

~~~
tptacek
If you want to know how the Soviet standard GOST block cipher works, Applied
is a great book. If you want to learn about obscure challenge-response
authentication protocols nobody uses in the real world, again, Applied is your
book. If you need to look up what a "Vigenere cipher" is, because you're
reading something about crypto written by someone who doesn't do crypto,
Applied is there for you.

But if you want to know how to implement a protocol that uses Diffie Hellman,
RSA, AES and SHA1 to protect traffic without introducing 40 errors any of
which completely negate the security of the algorithms you're using, you need
a very different book from Applied. That book was Practical Cryptography, and
now it's Cryptography Engineering.

~~~
giu
_But if you want to know how to implement a protocol that uses Diffie Hellman,
RSA, AES and SHA1 to protect traffic without introducing 40 errors any of
which completely negate the security of the algorithms you're using, you need
a very different book from Applied. That book was Practical Cryptography, and
now it's Cryptography Engineering._

Very nice! Since I wanted a book which also explains the implementation
details of various cryptography algorithms, I asked my coworker if he knew one
(I bought Kryptographie (Amazon.de: <http://bit.ly/cxxAQT>), which didn't
explain anything about implementations, but is a good read for other various
reasons). He recommended me Applied Cryptography and I was going to order it.
This was yesterday. Today I read your tweet
(<http://twitter.com/tqbf/status/8879609339>) and was going to have a look at
Practical Cryptography. And now thanks to your hint, I preordered Cryptography
Engineering. Thanks for that :).

------
almost
Oh good. I do like books on cryptography. Not because I do much cryptography,
I don't, but because I like the way it forces me to think.

~~~
rmorrison
I agree. Learning about the problems that arise in cryptography (as well as
general security issues) help me avoid certain mistakes when writing my own
code. This book looks promising, particularly the "learn why certain decisions
were made".

------
unwind
I imagine this as a big soft-bound book, kind of like
[http://www.amazon.com/Programming-Environment-Addison-
Wesley...](http://www.amazon.com/Programming-Environment-Addison-Wesley-
Professional-
Computing/dp/0321525949/ref=sr_1_1?ie=UTF8&s=books&qid=1265789142&sr=8-1).

Then, when you open it, the first non-blank page just says, centered on the
page in a large, bold, type:

DON'T -- USE A LIBRARY!

~~~
DennisP
Somebody's got to write the libraries.

------
blehn
Many of the cover designs on these programming/tech books look liked they were
designed by programmers. That's not a good thing...

~~~
tptacek
It's too bad, because the cover design on _Practical_ was pretty solid.

------
sunny_s
Any pre-requisites? crypto noob here

~~~
tptacek
No. In fact, you're better off if you _haven't_ read any other crypto books
before this one.

~~~
sunny_s
Thank You

------
gjm11
There doesn't appear to be any information about what's changed between
"Practical Cryptography" and this book. That's a pity.

