I strongly recommend this book in advance based on the fact that Ferguson is the lead author, and it's based on _Practical Cryptography_, which itself almost (but not completely) atones for _Applied Cryptography_.
A lot of folks looked at it, went "Cool!" and hand wrote their own, buggy, insecure encryption software. Basically it didn't say enough (or, for that matter, very much at all) about library design, which Practical was much more about, and as a result there was a rash of one-offs that were trivially broken due to e.g. short circuiting equality comparisons, to pick something recent.
If you want to know how the Soviet standard GOST block cipher works, Applied is a great book. If you want to learn about obscure challenge-response authentication protocols nobody uses in the real world, again, Applied is your book. If you need to look up what a "Vigenere cipher" is, because you're reading something about crypto written by someone who doesn't do crypto, Applied is there for you.
But if you want to know how to implement a protocol that uses Diffie Hellman, RSA, AES and SHA1 to protect traffic without introducing 40 errors any of which completely negate the security of the algorithms you're using, you need a very different book from Applied. That book was Practical Cryptography, and now it's Cryptography Engineering.
But if you want to know how to implement a protocol that uses Diffie Hellman, RSA, AES and SHA1 to protect traffic without introducing 40 errors any of which completely negate the security of the algorithms you're using, you need a very different book from Applied. That book was Practical Cryptography, and now it's Cryptography Engineering.
Very nice! Since I wanted a book which also explains the implementation details of various cryptography algorithms, I asked my coworker if he knew one (I bought Kryptographie (Amazon.de: http://bit.ly/cxxAQT), which didn't explain anything about implementations, but is a good read for other various reasons). He recommended me Applied Cryptography and I was going to order it. This was yesterday. Today I read your tweet (http://twitter.com/tqbf/status/8879609339) and was going to have a look at Practical Cryptography. And now thanks to your hint, I preordered Cryptography Engineering. Thanks for that :).
I agree. Learning about the problems that arise in cryptography (as well as general security issues) help me avoid certain mistakes when writing my own code. This book looks promising, particularly the "learn why certain decisions were made".
