科技回声

10 条评论

baby超过 1 年前

Warning: this is more of a reference book.If you’re looking for a more gentle introduction to all things cryptography check my book <a href="https://www.amazon.com/Real-World-Cryptography-David-Wong/dp/1617296716/?_encoding=UTF8&pd_rd_w=du86Y&content-id=amzn1.sym.5f7e0a27-49c0-47d3-80b2-fd9271d863ca%3Aamzn1.symc.e5c80209-769f-4ade-a325-2eaec14b8e0e&pf_rd_p=5f7e0a27-49c0-47d3-80b2-fd9271d863ca&pf_rd_r=056FNDE8B53QDS23R6ZY&pd_rd_wg=oPBNm&pd_rd_r=bccedbf3-11dd-4bf3-aeaf-d9afc577a491&ref_=pd_gw_ci_mcx_mr_hp_atf_m" rel="nofollow noreferrer">https://www.amazon.com/Real-World-Cryptography-David-Wong/dp...</a>

评论 #38698220 未加载

imjonse超过 1 年前

While the fundamentals are always relevant, IIRC this book has been dated even 10 years ago, when Schneier's Cryptography Engineering was already recommended instead if you wanted practical advice.For a more theoretically backed approach Dan Boneh's book ( <a href="https://toc.cryptobook.us/" rel="nofollow noreferrer">https://toc.cryptobook.us/</a> ) is a very good resource.

评论 #38695919 未加载

评论 #38694658 未加载

评论 #38693446 未加载

rpicard超过 1 年前

Real World Cryptography by David Wong is a great book in this category.Published in 2021, so it’s very up-to-date.<a href="https://www.manning.com/books/real-world-cryptography" rel="nofollow noreferrer">https://www.manning.com/books/real-world-cryptography</a>

评论 #38703524 未加载

NaOH超过 1 年前

Previous discussions:Handbook of Applied Cryptography (2001) - <a href="https://news.ycombinator.com/item?id=6002694">https://news.ycombinator.com/item?id=6002694</a> - July 2013 (19 comments)Handbook of Applied Cryptography (2001) - <a href="https://news.ycombinator.com/item?id=11662441">https://news.ycombinator.com/item?id=11662441</a> - May 2016 (17 comments)

k__超过 1 年前

I liked this one:<a href="https://cryptobook.nakov.com/" rel="nofollow noreferrer">https://cryptobook.nakov.com/</a>

pluto_modadic超过 1 年前

I love this. In my college library there's a row of books on mathematics,a single shelf unit on computer science (system admin, SQL, the works),a shelf on cryptographymost books on RSAtwo books on ECCand ONE single book on essoteric protocols, and it's this one (not this edition)covers things like blind signing, dining cryptographers, homomorphic encryption, zero knowledge proofs,all before the whole bitcoin thing got annoying.bring back cool cryptography(blind ECC is annoyingly hard to explain)

评论 #38698674 未加载

kazinator超过 1 年前

> Please read this copyright notice before downloading any of the chapters.Why would I need to do that if I have no intent to redistribute?I'm not the one making a copy; the website is.> CRC Press has generously given us permission to make all chapters available for free download.Exactly; permission for them to give away copies under terms they have to understand, not me.

评论 #38693215 未加载

xpe超过 1 年前

I like this discussion of cryptographic wrong answers at<a href="https://www.okta.com/au/video/oktane19-cryptographic-wrong-answers/" rel="nofollow noreferrer">https://www.okta.com/au/video/oktane19-cryptographic-wrong-a...</a>> And crypto has generally become, I think, less scary, at least for cryptographic engineers. I don't know if that's true for a wider developer audience. But again in 1995 phlogiston era crypto, nobody really knew what they were doing, right? And the official story if you tried to learn more things, very often you'd hear, what I call, abstinence only education where people just tell you like, oh you want to do some cryptography? Okay don't.> ...> So in conclusion, we're going to look for pitfalls that we can recognize. And to do that I'm going to run through a bunch of bad ideas that keep coming back and that every time lead to disaster for some reason.> And so one of the very popular ones is algorithmic agility. Same spiel, you know the idea is look we have primitive-A and primitive-A might be, I don't know, AES or something. But what happens if is breaks? We like that, we want to use that primarily but we want to have option just in, we want to have something to fall back on. And the idea is we support both, and when A breaks, we just go turn on B and everything copacetic. A very related problem is negotiation, so lets say that I support A, B and C, you support B, C, and D and some how we're going to figure out that B and C is what we can both agree on, but we like C better so somehow hopefully we're going to end up with C. This is a really, really plausible sounding engineering decision and turns out to very regularly turn into, get us into trouble.> The poster child for this is TLS. So TLS has a cornucopia of things that you need in order to make it work, right? There's signing, there's key agreement, there's bulk encryption, there's MAC algorithms in there. I'm not even going to mention like the variety of curve choices and key sizes. But for each of these choices, TLS gives you a handful of options. And it's not like a perfect Cartesian product, but it's pretty darn close. Now the question is, why does it hurt to support more things, just go turn them off. Well it doesn't really work that way, because very often you'll see protocols come back from the dead. So FREAK and logjam were real world TLS vulnerabilities that exploited export grade ciphers which pretty much died out in the late nineties.

评论 #38703222 未加载

User23超过 1 年前

U of Waterloo is a gem of a school. It's one of the few schools that when I see it on a resume it actually moves the needle for me. Their co-op program deserves every bit of the praise it gets.

cies超过 1 年前

I read it 20+y ago and it felt like a good intro back then.