Cryptography Engineering: Design Principles and Practical Applications

I just got the book, skimmed over it and compared it with the 1st edition ( Practical Cryptography ).First of all, if you don't have the 1st edition, this is an excellent buy. It's a "middle ground" book and probably the one you should start with if you are interested in practical cryptography. Then, depending on your interests and needs, you could proceed to a technically and mathematically much deeper (but somewhat obsolete)  Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition  or to some other direction using the foundation laid down in this book and then getting other book(s) about "hard-core" mathematics of cryptography or about "softer" methods of social engineering and real-life security.I will now assume you know what the book is all about and that you are considering upgrading it so here are some quick things I hope to help you deciding:- first of all, obviously, the errata from the 1st edition is incorporated into the text (there is no errata for the 2nd edition yet but keep checking on the book's home page [ [..] ]) which also contains the links from the book so you don't have to type them yourself while investigating- the algorithms, protocols and formulas look the same but they might have minor tweaks, most of the stuff I looked up is the same as in the 1st edition- the 2nd edition has 60 pages less and that's because the line spacing is smaller (the text is more dense) and not because some material has been omitted (at least I could not find anything significant being removed)- one (really small) speculative mathematical subchapter has been removed (4.5.6 in 1st edition: Equation Solving Attacks); I guess the attack/math did not turn out to work- the new addition to the team of the authors is a university professor and, as a result of that, the book has more of a textbook feel: exercises at the end of each chapter are added and the preface now contains example syllabi subchapter with three course proposals (6, 10 and 12 week) based on the book; it is also mentioned in the preface that the book is now "more suited for a self-study"- the chapter layout is exactly the same as in 1st edition but off by one since "Our Design Philosophy" from the 1st edition has been presented a bit later as a subchapter of another chapter- there are more references at the end (130 vs 97)- minor: the cover is more boring, it really looks and, with the denser text inside, feels like a textbook while the 1st edition looked more like an engineering/hacking bookThese are my very first quick and most likely incomplete and biased impressions, I might come back and update the review if I find anything significant.

Cryptography Engineering discusses building cryptographic systems from the ground up. The focus is on the engineering and security aspect, rather than the theoretical or mathematical. While the book is highly technical in some places, the writing was thoughtful and easy to understand.Part One of the book looks at the building blocks of cryptography and security. Block ciphers, hashing, and authentication are covered in depth. Possible attack scenarios are covered as well. The book does an excellent job looking at how to build a secure system and how malicious actors can try and bypass the security.Common examples uses Alice and Bob in diagrams, and 'Eve' is used to represent eavesdroppers or attackers. The diagrams helped me a lot in understanding some situations.The mid-sections of the book examine some exisiting cryptographic protocols. The focus in on how they are engineered. While there is some math, the more complex math is left as a reference. I thought this was a good decision by the authors so that the book remained readable and did not get lost in theory.There is an extensive section on Public Key Infrastructure and managing secret keys. The authors tended to focus more on security concerns in this area.Generally the book does a great job discussing cryptography and security. The three authors are clearly experts and convey their experience in a single voice throughout the book. If you are looking to build a system with cryptography, definitely get this book.

I found this to be a very readable and highly enjoyable introduction. Everything is clearly explained, the math is worked out with clear commentary so it is easy to follow along and understand, and the exercises at the end of the chapters are actually fun and interesting.

4 stars because the book is far from perfect condition.Content of the book is amazing. I just finished Applied Cryptography (also by Schneier), and I have to say I like this book a lot more.It’s not necessarily totally up to date with current date, but it’s a wonderful introduction to cryptography. It explains the building blocks and guides you through constructing complex cryptographic systems with them.There is much less outdated content in this one, so I for one will now start recommending this book over Applied Cryptography!

The math in this book is at least at an upper division college math level. I thought the book was excellent, though I would have appreciated a chapter on gnupg, or PGP.This book promises that it utterly will not leave the reader ready to go write good security software, but no book can do that.The final chapter covered Standards and Patents. The standards info was quite cynical, and from my own experience also quite accurate. A bit more on patents would have been nice, as opposed to the absence of any info about patents, For example, patents play aconfounding role in the setting of standardsand one does not need to consult a lawyer to understand that.

Most books focus on the mathematics behind cryptography. While really cool (and important to know if you plan on fooling with cryptography), those books tend to leave you a little lost in terms of recommendations on how to properly use cryptography in your own applications. This book covers the gap pretty well, I believe; it was an enjoyable read, with enough theory to be interesting but mostly lots of discussion on real use cases. I would recommend this book to anyone new-ish to cryptography that wants recommendations on which crypto algorithms or methods to use. If you want deeper understanding of how it works, you'd probably want to pick a different book to supplement however.

Good coverage of cryptography. I was looking at the reviews from others and thought this was a good book that covers the basics. It does a great job at explaining the issues of cryptography.

Excellent book I have read a lot of these books and I enjoyed them. A great read you need a bit of knowledge of the subject

This book is excellent, quite simply. Pragmatic and to the point. An excellent companion for anyone working with real-world implementations and uses of cryptography.

Very good guide to cryptography and cryptographic security at the systems level with enough detail to fully appreciate what is involved. This appears to have been the authors' aim and for me, they have fully delivered.

Good and enjoyable reading,

This is a well reounded book and can be used as a great reference to look up particular detail when you are implementing / choosing cryptographic primitives. It also provides detail on weaknesses of particular modes of operation and cautionary information where you need it most.Highly recommended book which is easy to read and very refreshing.