#1 in Computer hacking books
Use arrows to jump to the previous/next product

Reddit reviews on Applied Cryptography: Protocols, Algorithms, and Source Code in C

Sentiment score: 17
Reddit mentions: 28

We found 28 Reddit mentions of Applied Cryptography: Protocols, Algorithms, and Source Code in C. Here are the top ones.

applied cryptography

Found 28 comments on Applied Cryptography: Protocols, Algorithms, and Source Code in C:

u/cronin1024 · 25 pointsr/programming

Thank you all for your responses! I have compiled a list of books mentioned by at least three different people below. Since some books have abbreviations (SICP) or colloquial names (Dragon Book), not to mention the occasional omission of a starting "a" or "the" this was done by hand and as a result it may contain errors.

edit: This list is now books mentioned by at least three people (was two) and contains posts up to icepack's.

edit: Updated with links to Amazon.com. These are not affiliate - Amazon was picked because they provide the most uniform way to compare books.

edit: Updated up to redline6561

u/DucBlangis · 20 pointsr/netsecstudents

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

  1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.

  2. Architecture and Computer basics:
    Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
    Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".

  3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".

  4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".

  5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".

  6. Specialized fields such as Cryptology and Malware Analysis.

    Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)

    *edited a name out

u/RUPickman · 16 pointsr/compsci

I liked Applied Cryptography by Bruce Schneier. Easy read.


u/shazzdeeds · 7 pointsr/programming

this should keep you busy for awhile.

u/[deleted] · 7 pointsr/reddit.com


Actually, maybe that's why my relationships max out at two years.

u/q1u2acker · 5 pointsr/mathbooks

That book is probably what you want. It looks like it focuses more on math and how it applies to cryptography rather than on crypto algorithms and how they work, pros/cons, etc. It was also used in this math class at Berkeley (lots of extra reading material on that page too).

Again, I think the book you found is what you want. But here are some other options if you want some:

u/nqc · 3 pointsr/AskNetsec

Schneier's Applied Cryptography can be difficult to get through, but it is a really good book to spot read / keep as a reference.


I'd also start reading blogs to get into the security mindset. Schneier on Security, Krebs, the podcasts that have been mentioned by other posts. They often have really good archives, too.

u/B_Master · 3 pointsr/askscience

Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier. Bruce Schneier is basically the Chuck Norris of Information Assurance. The book is old and many of the technical details about cryptography are out of date, but it's still probably the best introduction to the subject.

u/KevZero · 3 pointsr/technology

Bruce Schneier is Chief Security Technology Officer of British Telecom, one of the world's leading security experts and a very vocal advocate of strong security practices that benefit common people. He's published his crypto-gram newsletter since 1998, which is translated into several different languages, and published several books on the topic, including Applied Cryptography. If anyone is qualified to give testimony to Congress on the subject of technical measures to ensure airport security, it's this man.

u/ddp · 3 pointsr/cryptography

Applied Cryptography is considered one of the best introductions.

u/wadcann · 3 pointsr/cryptography

This does not make sense to me.

> The Public keys will be base 36 numbers ranging from 00000 (0) to ZZZZZ (60,466,176).

As nsa_at_home points out, the key representation normally has nothing to do with the actual key. Cryptographers will represent things in binary as a convenient standard; you'd say "I want a key with at least 23.5 bits of entropy", say. It's very, very easy to represent a key with N bits of entropy in any form you want, which sounds to be your goal; in this case, you'd take a number in base 2 and just convert it to a number in base 36.

For most purposes, your keyspace is not large enough. Say encryption has a cost of N. That means that brute-forcing your entire keyspace only costs about 60 million times that much. If you want a signing operation to be reasonable on a computer, you probably can't blow more than, oh, say, let's say a second on it for most applications that I can think of. If I'm willing to brute force for a day, I've already covered 1/700th of the keyspace. If I get 700 computers, I've broken your encryption.

Your key has ~25.8 bits of entropy. ln(36\^5)/ln(2). A typical RSA pubkey in practical use today might have a key length of 2048 bits, to give you an idea of what you might want to shoot for.

> The Private Keys need to be originally derived from the public keys mathematically (or Vice Versa)

This makes no sense. The point of public/private key encryption is that the person who has the public key cannot derive the private key; this property means that you can give out the public key without needing to worry about anyone using the public key being able to decode messages others have encoded and sent to use using the public key.

If you don't care about this property, you would be using symmetric encryption, not pub/privkey encryption.

> The Private Keys need to be completely different yet within the same number range (0 - 60466176) without being guessable (ex: very complicated and possibly irreversible).

Now I'm really lost. A key isn't "reversible"; a process is. You can't run a key backwards; it's just a number.

The only other pieces of information out there that it might be deducible from would be the pubkey (and you've already specified that you want the privkey to be derivable from the pubkey, which doesn't make sense either, so that's already reversible) and a known-plaintext attack on the ciphertext (and as I point out above, for most practical uses, your mandated key length is so short that it probably is derivable from the ciphertext for most practical applications).

  • If you want a practical solution here, you don't want to invent a new pubkey system. That is incredibly difficult; it's taken years and many many people hammering on various crypto systems (and breaking some of them) to get us to where we are now. You want to build something with existing pubkey systems. You might want to explain what your practical goals are, because the requirements of the thing specified just don't make sense for any real-world system.

  • If you want to learn about crypto, and want to do a pubkey system as a form of practice, you are probably going to be better off reading your way through existing material than trying to learn by doing things from scratch. Honestly. I'd recommend reading and comfortably understanding Applied Cryptography to at least have a reasonable understanding of the issues that you're going to deal with. I have not read it, but I know enough people who do know what they're talking about who recommend it that it'd be my go-to recommendation. I think that you may be dramatically underestimating the scope of work that goes into developing basic crypto tools like pubkey systems.
u/xArchitectx · 3 pointsr/AskComputerScience

I'm not an expert here but I've picked up interest in the last 3 months and have been pouring through a lot of online resources related to Cryptography and coding. Here's some of what I've been working with:

Hacking Secret Cipher with Python: http://inventwithpython.com/hacking/
> Great hands on book teaching you about various types of ciphers, how they work, how to break them. If you don't know much coding, that's still okay for this book, you learn some of the Python basics.

Applied Cryptography
> Great book, essentially a cryptographers bible. I got the latest edition on Ebay for $20 total, nearly brand new, so it's cheaper than Amazon

Online course in Cryptography by Dan Boneh - standford
> I'm halfway through this course and I'm loving it. I would be done by now but I've been busy the past couple of weeks.

That first resource is great and really easy to follow. It'll give a nice foundation for computer cryptography. I was able to get through it in a little over a week.

u/8lue · 2 pointsr/netsecstudents

I made a similar jump, IT to Security Analyst.

I spun up a home lab in vmware with Kali, metasploitable, splunk, pfsense and security onion (for snorby).

I read a couple books:

Network Intrusion Detection:


Applied Cryptography:


Between this and diving into security centered news sites I went from 0 to (what felt like 60) in about 3 months. I was picked up as a security analyst for a pretty solid tech company.

u/_armen · 2 pointsr/encryption

For what it's worth, cryptography is famously hard to get right and I would strongly recommend that you use existing crypto software if you are actually trying to secure your computer.

That said, if you're interested in coding and want to learn more about encryption just for fun, you should check out the Matasano Crypto Challenges. They teach you about the fundamentals of cryptography by having you build a bunch of ciphers and then break them.

If you're looking into doing this more professionally, I've been told that Cryptography Engineering and Applied Cryptography are some good resources, though I haven't read them myself.

u/Nerdlinger · 1 pointr/geek

Oi. Disclaimer: I haven't bought a book in the field in a while, so there might be some new greats that I'm not familiar with. Also, I'm old and have no memory, so I may very well have forgotten some greats. But here is what I can recommend.

I got my start with Koblitz's Course in Number Theory and Cryptography and Schneier's Applied Cryptography. Schneier's is a bit basic, outdated, and erroneous in spots, and the guy is annoying as fuck, but it's still a pretty darned good intro to the field.

If you're strong at math (and computation and complexity theory) then Oded Goldreich's Foundations of Cryptography Volume 1 and Volume 2 are outstanding. If you're not so strong in those areas, you may want to come up to speed with the help of Sipser and Moret first.

Also, if you need to shore up your number theory and algebra, Victor Shoup is the man.

At this point, you ought to have a pretty good base for building on by reading research papers.

One other note, two books that I've not looked at but are written by people I really respect Introduction to Modern Cryptography by Katz and Lindell and Computational Complexity: A Modern Approach by Arora and Barak.

Hope that helps.

u/bilus · 1 pointr/bestof

> Suppose the voting machine stores...

No, this isn't how cryptography is used for voting (or can be used) as far as I recall. Recommended read: https://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099 :) I haven't taken much interest into secure voting apart from what I have read in this excellent book. I think it's a great starting point for any serious thinking about this topic.

I suck at explaining myself. For example, the second serial number I mentioned isn't for YOU and is not meant to prove anything but act as a "fake" (but verifiable) one you can present to blackmailer. I failed to explain even that properly.

As a side note, you make many assumptions about the voting process. For example, where I live you cannot get a duplicate voting card because this means messing with results easier so a photo would indeed be a proof etc. This is a detail though because I think you have much stricter expectations of a cryptographic system than you have of a physical one as if the latter couldn't be tampered with (they are!).

I think I'm not qualified for this discussion simply because cryptography isn't my specialization, esp. in this context. But thank you so much for sharing your thoughts.

u/trolleyfan · 1 pointr/politics

If you "didn't mean Reddit.com" you shouldn't have said "a site like Reddit".

Anyway, no, what we have isn't "secure," but it at least (most places) has a paper trail. Any sort of internet voting system, however, would be less - far less - secure and far more gameable. No system running over the internet can be secure - at least, none that you can then give access to, well, everybody.

See Bruce Schneier's website - the man who literally wrote the book on cryptography.

u/Gremis · 1 pointr/IWantToLearn

Get a copy of Bruce Scheier's Applied Cryptography, there is plenty of stuff in there that's accessable even without a strict mathematical background. Most (if not all) of the algorithms in the book are explained with an example setup using Alice and Bob (and other characters) to explain the steps of the algorithms.

It also has extensive chapters on modern stream- og blockcifers, which may be somewhat harder to dig into as a novice.

Note that it does not comtain any material on the Advanced Encryption Standard (AES), since it was written before that was adopted.

u/Disinterpreter · 1 pointr/cryptography

Ok, it's good a question. I loved cryptography learned bitcoin. But i recommended this book!
And if you suck at math i recommended write a code with existing crypto-libs (on python,go,cpp etc....)

u/moozaad · -1 pointsr/programming

Yes and no. A minimal keyspace password is still a problem but I covered that in a previous post. It's up to the engineer and the user to expand on that, not the hash. Or you have to go with lunatic 1s hash stuff which just creates it's own problems as you've pointed out - I believe there's better novel approaches to making sure more entropy is captured from the user.

Quick mention about rainbow tables; The input keyspace of any password is relatively small, which is why rainbow tables on unsalted hashs are the cheapest attack, but once you salt the password, it's impossible to predict where in the expanded hash keyspace the collision will occur, thus the whole keyspace of the hash is relevant.
You'd have to have a rainbow table for every salt (presuming another 1KiB) and for the common keyspace for user passwords. Using xkcd's easy example of 28bits entropy, that's still 8000^28 entries, so (8000^28 )*(10[pw]+1000[key]+1000[salt])bytes aka 3.888 x 10 ^112 bytes - ie. not feasible.

Which brings us back to brute forcing taking longer than the universe is old.

So entropy is the key and bring us back to xkcd... again. Educate users to make better passwords or provide better ways of capturing entropy like patterns, colours, picture (key files) and puzzles.

If you're really into the subject, go read Applied Cryptography. It'll better explain the situation than I! :D

edit: for superscripts going crazy and refocus the point.