Hacker News new | past | comments | ask | show | jobs | submit login

I would highly recommend reading Cryptography Engineering [0] cover to cover. It's amazingly readable, covers the basics, the theory necessary to understand how things works and includes ample practical advice and observations on the industry.

The first thing I did after the Snowden leaks was read through the entire thing and after doing so I really wished I had done this years earlier. There's very few books that I think should be required reading across the board for software engineers, but this is one that I do think everyone writing code should read every page of.

[0] http://www.amazon.com/Cryptography-Engineering-Principles-Pr...

I don't. This book recommends, say, MAC-then-Encrypt and tries to justify it in 2010 by perpetuating FUD about provable crypto (proofs are only valid if your primitives are ideal, therefore you should worry about--one set of--risks that you can't measure, so trust us instead of proofs). There's no excuse for doing that.

In general, the authors seem to subscribe to "crypto is black magic" school of thought, which doesn't make for good pedagogy.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact