Cryptography Engineering: Design Principles and Practical Applications

Posted on by Ben Rothke

Cryptography Engineering: Design Principles and Practical Applications is a much needed update to Applied Cryptography: Protocols, Algorithms, and Source Code in C

Good cryptography can ensure that your data is readable only to authorized parties. The danger of bad cryptography is a false sense of data security. The line between the two is exceptionally thin, and the difference between the two is spelled out in great detail in this text.

The first edition of coauthor Bruce Schneier’s Applied Cryptography came out in 1994. What was revolutionary then, and launched a new generation of security mavens, is now obsolete in many parts.Cryptography Engineering is a much-needed update. While not as detailed as the former work, and with significantly fewer code examples, the new text is still a valuable resource for anyone who wants to come up to speed on the essentials of modern cryptography.

The book covers the major uses of cryptography today, namely messaging security and the other fundamental areas including key management, block ciph­ers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and much more.

The three authors bring many decades of unique experience on the topic to the book. Their goal is to get the reader to think like a cryptographer, and the book does a great job of that. It is rich in real-world examples, and each chapter ends with a number of exercises to take the theoretical ideas and put them into practice.

While billed as an introductory text on the subject, Cryptography Engineering is not for the fainthearted. Anyone intrigued by the topic and with the time to dedicate to the matter will find the book worth their while.

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community