Cryptography Engineering definitely does not hold up. It predates (almost willfully, given the chronology) modern notions of AEAD, key derivation, random number generation, and elliptic curve asymmetric cryptography.
The standard recommendation these days is Aumasson's Serious Cryptography. I like David Wong's Real-World Cryptography as well.
I really enjoyed the book and it certainly helped me, but it's also the only cryptography book I've ever read. I appreciate you challenging my suggestion!
I just checked and it has been a whooping 12 years since I purchased/read the book, so I retract my recommendation.
Sorry, you're right, I should have been less clinical about this. Practical Cryptography (which is essentially the exact same book by the same authors) was also the first cryptography book that clicked in any meaningful way for me, and really lit me up about the prospect of finding vulnerabilities in cryptosystems.
I would actively recommend against using it as a guide in 2025. But you're not crazy to have liked it before. Funny enough, 12 years ago, I wrote a blog post about this:
I read the beginning of the post and it looks quite interesting. I'll read the rest tomorrow when my mind is sharper.
I checked my blog and I also wrote a post about some crypto related things shortly after I purchased the book. It's a post about a bug in the JDK that I stumbled across, which I am certain I would not have understood without Bruce's book:
I am a lot more cynical about Schneier's influence on the practice of cryptography engineering today than I was when he and Ferguson (who I am not cynical about at all) wrote the book back in 2003.
