bucy wrote:
] They read AC and then feel empowered to go
] roll their own crypto for some project instead of using
] off-the-shelf standards (PGP, X.509, even RSA PKCS, etc). And
] they get it wrong every time.

I think there is a market for a book on applied applied applied cryptography that talks about how to make effective use of time tested libraries, both open and closed, to implement reliable real world systems.

But I think a lot of people don't even understand the basics of Schneier. They don't get why their hash needs a timestamp, even though its clearly explained. Security is just like Databases or UI, in that you can't just up and do it and expect to get it right. Unfortunately, unlike the other two, security fails silently.

RE: Handbook of Applied Cryptography