Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Handbook of Applied Cryptography. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Handbook of Applied Cryptography
by Decius at 3:25 pm EST, Dec 9, 2004

] The Handbook was reprinted (5th printing) in August 2001.
] The publisher made all the various minor changes and
] updates we submitted.

While this reference is a bit more academic then Schneier's book, it is quite useful, and now its available for free online. Enjoy!


 
RE: Handbook of Applied Cryptography
by bucy at 3:51 pm EST, Dec 9, 2004

Decius wrote:
] ] The Handbook was reprinted (5th printing) in August 2001.
] ] The publisher made all the various minor changes and
] ] updates we submitted.
]
] While this reference is a bit more academic then Schneier's
] book, it is quite useful, and now its available for free
] online. Enjoy!

Nice ... we had access to it online while I was taking such a class in the spring.

I have to say that knowing what I know now, Schneier's
has some shortcomings. e.g. Schneier doesn't give any
analytic framework whatsoever to reason about the security of various constructions from crypto primitives.

What's worse, though probably far from Schneier's intent, it has the effect of giving a lot of folks just enough knowledge to be dangerous. They read AC and then feel empowered to go roll their own crypto for some project instead of using off-the-shelf standards (PGP, X.509, even RSA PKCS, etc). And they get it wrong every time.


  
RE: Handbook of Applied Cryptography
by Decius at 5:50 pm EST, Dec 9, 2004

bucy wrote:
] They read AC and then feel empowered to go
] roll their own crypto for some project instead of using
] off-the-shelf standards (PGP, X.509, even RSA PKCS, etc). And
] they get it wrong every time.

I think there is a market for a book on applied applied applied cryptography that talks about how to make effective use of time tested libraries, both open and closed, to implement reliable real world systems.

But I think a lot of people don't even understand the basics of Schneier. They don't get why their hash needs a timestamp, even though its clearly explained. Security is just like Databases or UI, in that you can't just up and do it and expect to get it right. Unfortunately, unlike the other two, security fails silently.


There is a redundant post from lclough not displayed in this view.
 
 
Powered By Industrial Memetics