Hacker News new | past | comments | ask | show | jobs | submit login

Tptacek said it's a bad idea to read Applied Cryptography. "Take that book Applied Cryptography that's on your bookshelf and burn it. Do that as a commitment to really learning crypto. But absolutely don't read it. If you don't read it, you have nothing to unlearn, so you're much better off." Source: http://wiki.securityweekly.com/wiki/index.php/Episode292 time index 22:10, but the whole podcast is good.

Instead, he recommends Cryptography Engineering: http://www.amazon.com/Cryptography-Engineering-Principles-Pr...

Another way to get a primer on crypto is to do the Matasano crypto challenges: http://cryptopals.com/

The solutions aren't (yet?) published, but don't let that stop you. It will be fairly obvious when you've come up with a solution that solves the challenge. It's also an excellent way to get you really thinking about all of the problems with crypto. And it will hopefully scare you from ever implementing your own crypto scheme, which is always a good thing.

Make sure to do all the challenges though. They get exponentially more difficult, but the best ones are near the end.

This came up often enough that I wrote a blog post about it:


> Instead, [tptacek] recommends Cryptography Engineering*

So do I, by the way - CE is a modern book and it shows just how hard it really is to build a secure protocol. But it assumes a certain baseline background.

AC is old. I do not dispute that. But as to why certain types of constructs are used, it's still a properly readable book.

And quite true, the threat models in AC do not account for active attackers who are flipping bits to do real-time differential cryptanalysis. When the book was written, "data at rest" was the most common problem.

If there is an equally readable, modern book which explains the whys of the constructs, I'd love to know. CE is a great book once you understand the basics - but IMO it's not really fit for a first pass.

Applications are open for YC Winter 2022

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact