Reddit reviews Cryptography Engineering: Design Principles and Practical Applications
We found 18 Reddit comments about Cryptography Engineering: Design Principles and Practical Applications. Here are the top ones, ranked by their Reddit score.
Wiley Publishing
Umm... not sure if this is sarcasm, or if you don't belong in this sub.
In case it's the latter:
Maybe start here: https://www.schneier.com/blog/archives/2011/04/schneiers_law.html
and https://www.schneier.com/crypto-gram/archives/1998/1015.html#cipherdesign
Then https://www.crypto101.io/
Then https://nostarch.com/seriouscrypto
and https://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246
and https://www.coursera.org/learn/crypto
and https://www.amazon.com/exec/obidos/ISBN=0849385237/7181-7381933-595174
Indeed. As the article concludes, it's better to use a specialized and proven construction like PBKDF2, bcrypt or scrypt if you don't know what you're doing.
I fondly remember a quote from Cryptography Engineering (I think): "Anyone who creates his or her own cryptographic primitive is either a genius or a fool. Given the genius/fool ratio for our species, the odds aren't very good."
You need to take the time and learn and educate yourself. It is a constant process.
I'd say the very first step is to develop yourself such a mindset what cryptographers calls "professional paranoia". Always think from the security point of view when looking at systems and apps and designs and so on.
I recommend you to read Cryptography Engineering: Design Principles and Practical Applications. It is not PHP related (as you'd guess from the name), but covers also some things related to web app development. Most importantly, it helps you to grasp the idea of this "security mindset".
The already posted OWASP link gives you some good pointers about common securty problems, but make sure you understand the issues and solutions behind them (instead of just "only plain memorizing" them).
Also, you could get some pointers from this Wep Application Security Quiz.
I have the updated version: Cryptography Engineering. This was just a post to point out the updated version, I'm sure they're of equal value.
I loved Cryptography Engineering: Design Principles and Practical Applications
Also by Schneier, Cryptography Engineering: Design Principles and Practical Applications
There was a lot he left out of The Code Book. If I recall he didn’t even mention elliptic curves or the NSA’s duplicitous role in influencing their recommendation by NIST. Simon briefly mentions the history of elliptic curves here.
I would give Cryptography Engineering a read. It’s more technical than Simon’s book but if this topic interests you this approachable book is going to be a great read.
Simon also compiled a list of links for what he considers are good “what’s next” recommendations: https://simonsingh.net/cryptography/crypto-links/
Ok cool, thanks.
I read this last year but some of it was heavy stuff.
For what it's worth, cryptography is famously hard to get right and I would strongly recommend that you use existing crypto software if you are actually trying to secure your computer.
That said, if you're interested in coding and want to learn more about encryption just for fun, you should check out the Matasano Crypto Challenges. They teach you about the fundamentals of cryptography by having you build a bunch of ciphers and then break them.
If you're looking into doing this more professionally, I've been told that Cryptography Engineering and Applied Cryptography are some good resources, though I haven't read them myself.
This is pure junk - Don't use that site. It does not teach people about using modern crypto, just barely mentions that exists.....
See that book instead https://www.amazon.ca/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246
> the definitive go to (last I checked) was still Schneier's Applied Cryptography
I recall reading somewhere that Schneier doesn't recommend it anymore, but instead suggests Cryptography Engineering, which he co-wrote (and which I unfortunately have not had a chance to read).
The ever-excellent Khan Academy has produced a very nice and short series of videos explaining how cryptography works. Anyone who understands basic high school arithmetic can follow this. If you have ever been interested in the science of codes, ciphers, breaking them, etc. this is worth a look:
http://www.khanacademy.org/science/brit-cruise/cryptography
More in-depth treatments of cryptography can be found here:
https://www.coursera.org/course/crypto
and here:
http://www.youtube.com/playlist?list=PL71FE85723FD414D7&feature=plcp
And for the truly hard-core some of best books on crypto are:
http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Edition/dp/0471117099/ref=sr_1_1?s=books&ie=UTF8&qid=1340524661&sr=1-1&keywords=applied+cryptography
and
http://www.amazon.com/Practical-Cryptography-Niels-Ferguson/dp/0471223573/ref=sr_1_1?s=books&ie=UTF8&qid=1340524712&sr=1-1&keywords=practical+cryptography
and
http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246/ref=sr_1_2?s=books&ie=UTF8&qid=1340524751&sr=1-2&keywords=practical+cryptography
read this book and pick a random topic:
http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246/ref=sr_1_8?s=books&ie=UTF8&qid=1412195439&sr=1-8&keywords=bruce+schneier
This will tell you why that is! But you're in for a long read.
Tl;dr: There are a lot of very specific high-digit primes that need to be generated for RSA (asymmetric encryption) to work and that takes longer.
This is why I recommend all my pen testing peers read a book on cryptography, to better understand how things like this can break in very not obvious ways.
http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246
You can get the Handbook of Applied Cryptography for free: http://cacr.uwaterloo.ca/hac/
So I would suggest cancelling the order and replacing it with Cryptography Engineering
I would suggest "Cryptography Engineering" by Ferguson, Schneier and Kohno (https://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246).
It gives a good introduction on how cryptography is used while not bothering with too much details. It's also oriented on building secure schemes which are helpful for security.
The detail you can always learn later ;-)