Cryptography Engineering: Design Principles and Practical Applications

I just got the book, skimmed over it and compared it with the 1st edition ( Practical Cryptography ). First of all, if you don't have the 1st edition, this is an excellent buy. It's a "middle ground" book and probably the one you should start with if you are interested in practical cryptography. Then, depending on your interests and needs, you could proceed to a technically and mathematically much deeper (but somewhat obsolete) Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition or to some other direction using the foundation laid down in this book and then getting other book(s) about "hard-core" mathematics of cryptography or about "softer" methods of social engineering and real-life security. I will now assume you know what the book is all about and that you are considering upgrading it so here are some quick things I hope to help you deciding: - first of all, obviously, the errata from the 1st edition is incorporated into the text (there is no errata for the 2nd edition yet but keep checking on the book's home page [ [..] ]) which also contains the links from the book so you don't have to type them yourself while investigating - the algorithms, protocols and formulas look the same but they might have minor tweaks, most of the stuff I looked up is the same as in the 1st edition - the 2nd edition has 60 pages less and that's because the line spacing is smaller (the text is more dense) and not because some material has been omitted (at least I could not find anything significant being removed) - one (really small) speculative mathematical subchapter has been removed (4.5.6 in 1st edition: Equation Solving Attacks); I guess the attack/math did not turn out to work - the new addition to the team of the authors is a university professor and, as a result of that, the book has more of a textbook feel: exercises at the end of each chapter are added and the preface now contains example syllabi subchapter with three course proposals (6, 10 and 12 week) based on the book; it is also mentioned in the preface that the book is now "more suited for a self-study" - the chapter layout is exactly the same as in 1st edition but off by one since "Our Design Philosophy" from the 1st edition has been presented a bit later as a subchapter of another chapter - there are more references at the end (130 vs 97) - minor: the cover is more boring, it really looks and, with the denser text inside, feels like a textbook while the 1st edition looked more like an engineering/hacking book These are my very first quick and most likely incomplete and biased impressions, I might come back and update the review if I find anything significant.

Cryptography Engineering discusses building cryptographic systems from the ground up. The focus is on the engineering and security aspect, rather than the theoretical or mathematical. While the book is highly technical in some places, the writing was thoughtful and easy to understand. Part One of the book looks at the building blocks of cryptography and security. Block ciphers, hashing, and authentication are covered in depth. Possible attack scenarios are covered as well. The book does an excellent job looking at how to build a secure system and how malicious actors can try and bypass the security. Common examples uses Alice and Bob in diagrams, and 'Eve' is used to represent eavesdroppers or attackers. The diagrams helped me a lot in understanding some situations. The mid-sections of the book examine some exisiting cryptographic protocols. The focus in on how they are engineered. While there is some math, the more complex math is left as a reference. I thought this was a good decision by the authors so that the book remained readable and did not get lost in theory. There is an extensive section on Public Key Infrastructure and managing secret keys. The authors tended to focus more on security concerns in this area. Generally the book does a great job discussing cryptography and security. The three authors are clearly experts and convey their experience in a single voice throughout the book. If you are looking to build a system with cryptography, definitely get this book.

4 stars because the book is far from perfect condition. Content of the book is amazing. I just finished Applied Cryptography (also by Schneier), and I have to say I like this book a lot more. It’s not necessarily totally up to date with current date, but it’s a wonderful introduction to cryptography. It explains the building blocks and guides you through constructing complex cryptographic systems with them. There is much less outdated content in this one, so I for one will now start recommending this book over Applied Cryptography!

Most books focus on the mathematics behind cryptography. While really cool (and important to know if you plan on fooling with cryptography), those books tend to leave you a little lost in terms of recommendations on how to properly use cryptography in your own applications. This book covers the gap pretty well, I believe; it was an enjoyable read, with enough theory to be interesting but mostly lots of discussion on real use cases. I would recommend this book to anyone new-ish to cryptography that wants recommendations on which crypto algorithms or methods to use. If you want deeper understanding of how it works, you'd probably want to pick a different book to supplement however.

Outstanding book on this topic. Recent publication (as of this writing). Great background on advanced topics from leading public minds. I highly recommend this as a basis for a practical understanding if you missed these topics in school. I cannot imagine a better treatment of cryptography engineering. Includes chapters that delve into the details of the foundational mathematical framework for current cryptography.

This book does a great job explaining cryptographic principles and techniques, but is a little light on technical details and the underlying mathematics. That can either be a pro or a con depending on what you are looking for. This book will stay on my shelf for many years.

Its a very easy read more concerned with high level applications and attacks. If you're into the math and algorithms Applied Cryptography is for you. If you just want tho know the hows and whys of the application of cryptography to solve specific problems get this one.

The math in this book is at least at an upper division college math level. I thought the book was excellent, though I would have appreciated a chapter on gnupg, or PGP. This book promises that it utterly will not leave the reader ready to go write good security software, but no book can do that. The final chapter covered Standards and Patents. The standards info was quite cynical, and from my own experience also quite accurate. A bit more on patents would have been nice, as opposed to the absence of any info about patents, For example, patents play a confounding role in the setting of standardsand one does not need to consult a lawyer to understand that.

A good reference for the basic concepts of cryptography and some topics about security, if you are new in this topic this book is a good option.

With this book I can better undertsand how cryptography works and can be implemented in real situation. This is not a theoritical book about ciphers. It's goal is as the title says "engeneering".

Tolles Buch, um Kryptographie zu verstehen! Es ist klar und leicht zu folgen, mit praktischen Beispielen. Gibt gute Einblicke in die Prinzipien und Anwendungen der Kryptographie. Sehr zu empfehlen, wenn man sich für Sicherheit oder Informatik interessiert.

a good book..

This is a well reounded book and can be used as a great reference to look up particular detail when you are implementing / choosing cryptographic primitives. It also provides detail on weaknesses of particular modes of operation and cautionary information where you need it most. Highly recommended book which is easy to read and very refreshing.