Book advice

Michael Fuhr mfuhr at
Mon Aug 21 03:57:28 CEST 2006

On Sun, Aug 20, 2006 at 10:08:37PM +0200, Johan Wevers wrote:
> Not directly related to GnuPG, but does anyone here know the book
> "Handbook of Applied Cryptography" fromn A.J. Menezes, P.C. van Oorschoot
> and S.A. Vanstone, printed in 1996? I found it on eDonkey and wanted to
> know if someone knows if it is advisable. It appears quite mathematical
> in its approach, much more so than Schneier's "Applied Cryptography".

I have both books, among others.  HAC seems to be highly regarded
as a reference amongst cryptographers, while AC is more of a popular
exposition for non-cryptographers.  HAC is more academic in tone;
it's dense with definitions, facts, algorithms, and examples, and
the chapter endnotes contain a lot of background information.  It's
also free[1].  AC is more conversational, making it approachable
for newcomers.  If you've read AC and want more detail then HAC
might have what you're looking for.  Both books are about a decade
old so you'll find nothing about AES and only brief mention of
elliptic curves.

Newer books worth considering are _Practical Cryptography_ by
Ferguson and Schneier, with less coverage than AC but with more
emphasis on using cryptography to build a secure system; and _Modern
Cryptography_ by Mao, with more math and rigor.  The latter book
has production flaws like numerous typos and a poor binding (at
least on my copy) but I liked the author's emphasis on showing why
"textbook crypto" is insufficient for building secure systems --
something obvious to cryptographers but less so to the naive.
Rescorla's _SSL and TLS_ is good, being a detailed description of
how a real, widely-used protocol works.  Another interesting book
is _Decrypted Secrets_ by Bauer, especially if you're interested
in rotor machines and cryptanalysis of classical ciphers.

Here are a few links with book recommendations:


Michael Fuhr

More information about the Gnupg-users mailing list