I'm skimming this, but why does a developer need to know about contest also-rans like Skein, or stuff like Whirlpool? Contra the book text, Whirlpool is not popular, and it is probably not a good idea to use it in new designs, if only because modern protocols are built in SHA2, SHA3, and Blake2.
The MAC/HASH stuff seems a bit fuzzy, too; for instance, part of the idea behind SHA-3 is not needing the HMAC construction anymore. Also, a bit strange to have MACs and KDFs in the same section. Are they closely related?
The bcrypt vs. scrypt vs. Argon2 stuff, also, is pretty unclear.
I think the randomness coverage is actually pretty bad. For instance, it walks programmers through building their own userland CSPRNG, which is a terrible idea --- most Linux randomness flaws have stemmed from userland CSPRNGs. It also doesn't understand the difference between /dev/random and /dev/urandom.
There's also a sort of inexplicable walkthrough of bare Diffie-Hellman (ECDH is deferred), and not much coverage of authenticated key exchange, which is what in practice what systems using DH-style key exchange need.
Just a shotgun blast of random thoughts. I know it's early days for the book.
Other books in this space that I like: Aumasson's "Serious Cryptography" and David Wong's "Real World Cryptography".
> Other books in this space that I like: Aumasson's "Serious Cryptography" and David Wong's "Real World Cryptography".
The latter not being published until July 27. :-)
(I know this book is also not published yet, so I guess it's totally fair to suggest a not-yet-published book as an alternative to a not-yet-published book!)
Related to this subject, I spent some time going through the the cryptopals crypto challenges[0], which gave me the solid hands-on knowledge of crypto data structures and algorithms. If you're the type who learns by doing, this set of challenges is worth the time invested.
Does anyone have experience with how this compares to https://www.manning.com/books/real-world-cryptography ? I've read Real World Cryptography and greatly enjoyed it. Flipping through this real quick, it looks like there is a good deal of overlap, though this content appears more technical and focused around sharing code snippets over higher level concepts.
Fun pop question for the audience - what protocols use AES-CFB mode? I see this mode come up every once in a while but outside of standards stating "This is how it works", what protocols and products is it useful in?
OpenPGP uses CFB mode. It has the very useful attribute of being self synchronizing. If you have an encrypted file with bad sections you can recover the data past those sections. That is the behaviour you want if you are encrypting backups which is the sort of thing GnuPG is routinely used for.
I give an example of this vs what age does in this article:
Since the above isn't finished I'll toss out a recommendation.
I snagged this a book[0] on a whim from a university library. I'm usually more of a skimmer when it comes to textbooks but I accidentally read it cover to cover. Really helped me wrap my mind around the basic math behind modern cryptography.
The book, when including quantum-safe cryptograpgy, should include quantum-resistant, such as algorithms currently in-use but with higher security strength due to configurations, curves, or key-sizes.
This is important, since this book is intended for developers to use cryptography today.
No configuration, curve or key-size would protect any of the asymmetric crypto mentioned in the book from quantum computing. You really have to switch to something mentioned in the post-quantum chapter.
Ultimately, that's true, but I am clearly referencing the interim transition. After all, that's what the book is about - developers today who use cryptography. That "ultimate" timeframe won't happen today or tomorrow. Look at CNSA for examples.
I really wish the sections on password hashing included info on what parameters should be considered secure. Recommending Argon without explaining how to configure it properly is not great.
The MAC/HASH stuff seems a bit fuzzy, too; for instance, part of the idea behind SHA-3 is not needing the HMAC construction anymore. Also, a bit strange to have MACs and KDFs in the same section. Are they closely related?
The bcrypt vs. scrypt vs. Argon2 stuff, also, is pretty unclear.
I think the randomness coverage is actually pretty bad. For instance, it walks programmers through building their own userland CSPRNG, which is a terrible idea --- most Linux randomness flaws have stemmed from userland CSPRNGs. It also doesn't understand the difference between /dev/random and /dev/urandom.
There's also a sort of inexplicable walkthrough of bare Diffie-Hellman (ECDH is deferred), and not much coverage of authenticated key exchange, which is what in practice what systems using DH-style key exchange need.
Just a shotgun blast of random thoughts. I know it's early days for the book.
Other books in this space that I like: Aumasson's "Serious Cryptography" and David Wong's "Real World Cryptography".