- Ferguson, Niels and Bruce Schneier. Practical
Cryptography. Indianapolis: Wiley Publishing,
2003. ISBN 0-471-22357-3.
- This is one of the best technical books I have read
in the last decade. Those who dismiss this volume as “Applied Cryptography Lite” are
missing the point. While the latter provides in-depth information on a
long list of cryptographic systems (as of its 1996 publication date),
Practical Cryptography provides specific recommendations
to engineers charged with implementing secure systems based on the
state of the art in 2003, backed up with theoretical justification
and real-world experience. The book is particularly effective in
conveying just how difficult it is to build secure systems, and how
“optimisation”, “features”, and failure to adopt a completely paranoid
attitude when evaluating potential attacks on the system can lead
directly to the bull's eye of disaster. Often-overlooked details
such as entropy collection to seed pseudorandom sequence generators,
difficulties in erasing sensitive information in systems which cache
data, and vulnerabilities of systems to timing-based attacks are well
covered here.
November 2003