A book by Niels Ferguson and Bruce Schneier
The second edition of this book has been renamed Cryptography Engineering.
This book is about cryptography as it is used in real-world systems, about cryptography as an engineering discipline rather than cryptography as a mathematical science.
Building real-world cryptographic systems is vastly different from the abstract world of most books on cryptography, which discuss a pure mathematical ideal that magically solves your security problems. Designers and implementors live in a very different world, where nothing is perfect and where experience shows that most cryptographic systems are broken due to problems that have nothing to do with mathematics. This book is about how to apply the cryptographic functions in a real-world setting in such a way that you actually get a secure system.
This is the book we wish we'd had more than a decade ago when we started our cryptographic careers. It collects our combined experiences on how to design cryptographic systems the right way. In some ways, this book is a sequel to Bruce's first book Applied Cryptography, but it focuses on very practical problems and on how to build a secure system rather than just design a cryptographic protocol.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.