> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Michael Wojcik > > For someone who does want more background in cryptography, I'd > recommend Schneier's /Applied Cryptography/ over /Cryptography > Engineering/. The latter is for people implementing cryptography, which > beginners should never do.
Huh - I thought Cryptography Engineering was the 3rd edition of Applied Cryptography, renamed. But now I look at it, it seems you're right, it's a different book entirely. However, I never got the impression that Cryptography Engineering was meant for people implementing new algorithms or anything like that. They very roundly and repeatedly beat into you, don't do that, without loads and loads of courses in mathematics, and a thoroughly vetted public and expert review process. (Such as AES/SHA, etc). They do a nice round job of covering the basics, describing what a block cipher is, what a hash algorithm is, PKI, symmetric/asymmetric, etc, what the characteristics are, how to think about threat models, and how to use these things in the ways that they're intended to be used, etc. So don't discount Cryptography Engineering, but definitely consider Applied Cryptography in addition, or instead.