[HN Gopher] Practical Cryptography for Developers
___________________________________________________________________
Practical Cryptography for Developers
Author : r_singh
Score : 52 points
Date : 2021-03-23 18:00 UTC (5 hours ago)
(HTM) web link (cryptobook.nakov.com)
(TXT) w3m dump (cryptobook.nakov.com)
| sweis wrote:
| This book is mostly minimal examples in whatever Python library
| the author decided to use. There are some major gaps.
|
| For example, the section on Python libraries doesn't even mention
| the most commonly used Python crypto library (cryptography):
| https://github.com/nakov/Practical-Cryptography-for-Develope...
|
| Similarly, the Java section essentially mentions a single,
| obscure library besides the JCE and Bouncy Castle:
| https://github.com/nakov/Practical-Cryptography-for-Develope...
|
| There's also no mention of libsodium besides a bullet list item.
| MontagFTB wrote:
| Related to this subject, I spent some time going through the the
| cryptopals crypto challenges[0], which gave me the solid hands-on
| knowledge of crypto data structures and algorithms. If you're the
| type who learns by doing, this set of challenges is worth the
| time invested.
|
| [0]: https://cryptopals.com/
| IncRnd wrote:
| The book, when including quantum-safe cryptograpgy, should
| include quantum-resistant, such as algorithms currently in-use
| but with higher security strength due to configurations, curves,
| or key-sizes.
|
| This is important, since this book is intended for developers to
| use cryptography today.
| lanecwagner wrote:
| Oh dang, I might need to rename the course I published a few
| months ago... https://qvault.io/practical-cryptography-course/
|
| At first glance, looks like a solid book. I'll be going through
| it in more detail later.
| gostsamo wrote:
| The repo of the book hasn't been updated for more than an year
| though it is stated that the book is not finished.
| valbaca wrote:
| For _once_ a site that I wish was asking for my email. I 'd love
| to be notified when this book is finished.
| tptacek wrote:
| I'm skimming this, but why does a developer need to know about
| contest also-rans like Skein, or stuff like Whirlpool? Contra the
| book text, Whirlpool is not popular, and it is probably not a
| good idea to use it in new designs, if only because modern
| protocols are built in SHA2, SHA3, and Blake2.
|
| The MAC/HASH stuff seems a bit fuzzy, too; for instance, part of
| the idea behind SHA-3 is not needing the HMAC construction
| anymore. Also, a bit strange to have MACs and KDFs in the same
| section. Are they closely related?
|
| The bcrypt vs. scrypt vs. Argon2 stuff, also, is pretty unclear.
|
| I think the randomness coverage is actually pretty bad. For
| instance, it walks programmers through building their own
| userland CSPRNG, which is a terrible idea --- most Linux
| randomness flaws have stemmed from userland CSPRNGs. It also
| doesn't understand the difference between /dev/random and
| /dev/urandom.
|
| There's also a sort of inexplicable walkthrough of bare Diffie-
| Hellman (ECDH is deferred), and not much coverage of
| authenticated key exchange, which is what in practice what
| systems using DH-style key exchange need.
|
| Just a shotgun blast of random thoughts. I know it's early days
| for the book.
|
| Other books in this space that I like: Aumasson's "Serious
| Cryptography" and David Wong's "Real World Cryptography".
| intrepidhero wrote:
| Since the above isn't finished I'll toss out a recommendation. I
| snagged this a book[0] on a whim from a university library. I'm
| usually more of a skimmer when it comes to textbooks but I
| accidentally read it cover to cover. Really helped me wrap my
| mind around the basic math behind modern cryptography.
|
| [0]: https://www.amazon.com/Mathematical-Cryptology-Computer-
| Scie...
___________________________________________________________________
(page generated 2021-03-23 23:01 UTC)