Hacker News Comments on
Serious Cryptography: A Practical Introduction to Modern Encryption
·
4
HN comments
- This course is unranked · view top recommended courses
Hacker News Stories and Comments
All the comments and stories posted to Hacker News that reference this book.Serious Cryptography https://www.amazon.com/gp/product/1593278268/ref=ppx_yo_dt_b...It's quite accessible for non-math majors and includes source code. It seems to have been written with software engineers in mind. The formatting of the source code in Kindle isn't great but otherwise the book is excellent and balances between "cookbook" and "graduate level textbook". The author is also quite reputable having designed BLAKE2.
⬐ wepple+1 on this, it hits the right spot between being not too mathy/theoretical but going sufficiently deep for most engineers.It’s probably the right book for anyone who needs to learn more about crypto but isn’t planning to become a full time cryptographer
⬐ qorrectThis sounds perfect thank you.
JP Aumasson is one of the authors of the BLAKE hashes and wrote "Serious Cryptography":https://www.amazon.com/Serious-Cryptography-Practical-Introd...
⬐ bmitcThanks!
Yes. However, it never hurts to test your code.Assuming you're a C-programmer, read the libsodium docs first. https://download.libsodium.org/doc/public-key_cryptography/s...
If you're using higher level language, use a library that provides bindings for it https://download.libsodium.org/doc/bindings_for_other_langua...
By using libsodium, you're not rolling your own crypto. Rolling your own crypto would mean
-trying to find new one way functions for public key crypto -trying to implement RSA from textbook -trying to implement RSA-OAEP from papers, RFCs, books etc.
Using a library is not anywhere near those. There are other ways to fail cryptography too, from not doing public key authentication, to storing private keys in insecure places.
So it's highly recommended you take time to read a book on the topic. The best modern book currently availalbe is https://www.amazon.com/Serious-Cryptography-Practical-Introd...
⬐ loup-vaillant> By using libsodium, you're not rolling your own crypto.That's debatable. Libsodium does not have a proper authenticated key exchange. The key exchange does the job somewhat, but it has worse security properties than a properly crafted interactive protocol.
Problem is, designing your own key exchange protocol is more delicate than most construction. I know, I designed my own, and made several serious mistakes in the process (one of which voided an important security property).
Granted, rolling your own constructions is generally less error prone than rolling your own primitive. But it still shouldn't be done without at least having followed and fully understood an introductory course in cryptography (I recommend https://www.crypto101.io/). I mean, I did quite a bit more than that, and I still don't fully trust myself.
For those looking to get working knowledge of modern cryptography, I recommend https://www.amazon.com/Serious-Cryptography-Practical-Introd...I've been working my way through it and it's the most lucid intro text I've read on the subject.