|
Hi! I'm the author of Crypto 101. Firstly, I'm a real, honest-to-God cryptographer. I don't know if there are any particular people you had in mind whose recommendations you'd like to see, but there are a few HN bigwigs who'd probably be willing to generally endorse it :-) Also, it's been posted on HN a few times before, so it's had some scrutiny. That doesn't mean I don't make mistakes, but generally speaking, an active reader should be OK. The other thing is in the way the book is structured. I teach you to break crypto; so when I say something is broken, I prove it by showing you how to break it. Finally, the goal of this book is absolutely not to help you implement DHE. In an ideal world, the primitives we offer people are hard to misuse. Crypto 101 then only exists to satisfy programmer curiosity. It is not a replacement for a traditional academic education that will help you design new primitives; it also doesn't show you how to write secure implementations. However, Crypto 101 is still useful beyond merely satisfying curiosity now, because most cryptographic libraries _do not_ provide that easy-to-use API. Using regular hashes for password storage, various forms of broken AES-CBC (unauthenticated, key=IV, static IV...), et cetera are very real problems for real code, and Crypto 101 teaches you how to avoid that minefield. I'm also working on the "better, more accessible" crypto part, but I only have so much free time :) |