Comments

CuriousNovember 22, 2011 9:34 AM

I am unable to buy every book that is mentioned here or there, but I do look it up on Amazon and make a bookmark for the item, in case I order it later on.

One book I found interesting and bought, is "Privacy on the line" by Whitfield Diffie (Working for ICANN today afaik) and Susan Landau. I am not really into cryptography and as such cannot review this particular book. I have only read half of it so far, but I found it all interesting (I am not a good book reader).

The reason I bought the book, was because I incidentally had watched Whitfield Diffie on some security convention (RSA Conference 2011), in a panel discussion with Brian Snow (NSA retired) among others.

http://www.youtube.com/watch?v=0NlZpyk3PKI (45 min long)

Okian WarriorNovember 22, 2011 12:04 PM

There have been lots of complaints about the Stanford online AI class - frustration over the generally poor quality at all levels.

People have been leaving that class in droves, switching to the online "machine learning" and DB courses (also from Stanford).

I understand that the course is free and everything that implies.

My point is that you shouldn't have high expectations about online courses, even if they're from Stanford or taught by a publicly known expert.

This is sort of like purchasing a particular model of car in the first year it is offered: lots of bugs and design flaws.

The course may be great, or it may be frustrating. There's no way to tell.

Alan KaminskyNovember 22, 2011 12:12 PM

@free

The Handbook of Applied Cryptography (HAC) is a great book, and it is free, but it was published in 1996 and last updated in 2001. The field of cryptography has grown enormously since then. As an example, the more recent book The Handbook of Elliptic and Hyperelliptic Curve Cryptography (2005), covering just that subset of the field, is even larger than HAC.

Back in August I spoke with Alfred Menezes, one of the HAC authors. He said he had no plans to write an updated version of HAC. The field has just gotten too big.

HAC is still a good reference for fundamental concepts. But for coverage of the latest stuff -- like AES, SHA-2, SHA-3, elliptic curve based cryptography, pairing based cryptography, homomorphic encryption, etc. -- you'll have to look elsewhere.

GweihirNovember 23, 2011 7:05 AM

@free: That one is a bit dated. For fundamentals still usable, but for the all-important engineering, current attack capabilities and usability aspects go somewhere else. As long as you realize that, it should be fine.

Sorry, cannot recommend seomthing else either. Bruce et al.'s "Cryptography Engineering" is pretty good, but only covers the basics in numerous important areas, such as entropy gathering and password handling. Not a criticism, just an observation. Problem is, despite numerous hints to this fact, people tend to think it and other books are complete. And far too many do not bother to actually understand the subject, they are just looking for recipes and completely miss that the described ones are basic and often only for illustrating things. They read these books as they read algorithm books and completely miss that security is fundamentally different from ordinary algorithmics where as soon as you have the functionality you are done.


GuyNovember 23, 2011 8:23 AM

@Nickson

How long did it take for you to receive email confirmation? Still waiting... hope these classes aren't "full."

B-ConNovember 23, 2011 10:41 AM

@Guy

I registered several days ago before I saw it get more "mainstream" popularity on places like reddit, here, etc, and I haven't received a confirmation yet. (If I was too late, then so is basically everyone.)

I haven't done Stanford online classes before, but my guess is that they will wait until closer to the beginning of the class to send confirmations, that way they can convey a serious tone of commitment in doing so. Right now they're probably only interested in promoting the class.

GuyNovember 23, 2011 11:34 AM

@B-Con

Thank you very much for your feedback. I'd appreciate it if you or anyone else posts once they receive some sort of confirmation.

go_cardNovember 23, 2011 2:27 PM

(Stanford Student) Prof. Boneh is great. I really, really enjoyed taking this class last year. I highly recommend it (at least the in-person version). That said, I don't know how the quality might degrade at scale, I haven't taken the free versions of these classes. (CS 229 (aka ml-class.org) is really great, although requires significantly more math.)

Isaac RemuantNovember 29, 2011 8:36 AM

There have been lots of complaints about the Stanford online AI class -
frustration over the generally poor quality at all levels.
Yes, people complain a lot about stuff, specially over the internet. That doesn't mean the quality is poor. There's also been a lot of praise. The class has an inmense amount of students of different backgrounds and has to try and appeal to all of them. Not an easy task. It can't be too hard.

The goal of the class was to excite people into getting into the field and implemententing things on their own.

People have been leaving that class in droves, switching to the online "machine learning" and DB courses (also from Stanford).
This is like saying people left Algebra to Physics or to Discrete Mathematics in college because they didn't like the former. One is a subset or the other has barely anything to do with AI. If you're only after the free course then you could go take one about knitting because you like how it is given. If you are there for the AI. It won't matter if you like how they teach DB better.

I understand that the course is free and everything that implies.

My point is that you shouldn't have high expectations about online courses, even if they're from Stanford or taught by a publicly known expert.
Define high expectations. You shouldn't have UNREALISTIC ones. As always in education, a lot of the value comes from a student that enjoys and is committed to learning what he is being taught. There's obvious downsides and some very interesting upsides (community, time management, fluff removal) regarding online education.

This is sort of like purchasing a particular model of car in the first year it is offered: lots of bugs and design flaws.
I can agree on that. This is, indeed, going through an experimentation processs. I think that annoyances are vastly outweighted by the benefits but that's up to you.

The course may be great, or it may be frustrating. There's no way to tell.
Yes there is. TRY it. Worst case scenario. You learn something.

DavidNovember 30, 2011 5:57 PM

@b-con, @guy, @jerbear

mine arrived just now... I was worried it had gone into a black hole!

Guess I'll be spending my summer holidays boning up on some very old & tired maths knowledge!!

But it should be fun - hope to see you guys in there (maybe we need a Schneier 'groupies' sub-section!)

Bruce SchneierDecember 2, 2011 7:51 AM

"Back in August I spoke with Alfred Menezes, one of the HAC authors. He said he had no plans to write an updated version of HAC. The field has just gotten too big."

I am not updating Applied Cryptography for the same reason.

StudentMarch 31, 2012 5:58 AM

I'm taking Prof Boneh crypto course and appreciate every single minute of his lectures. There is a big audience for his course and people start to translate it into different languages. I quite amazed of his knowledge and the way that he presents it.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..