Serious Cryptography -A Practical Introduction to Modern Encryption, de Jean-Philippe Aumasson, é uma das recomendações de  Ayende Rahien (Oren Eini) – principal desenvolvedor e líder do RavenDB – para todos os interessados neste tema tão importante e não trivial.

Serious Cryptography talks about cryptography, obviously, but it does it in such a way that it is understandable. I think that it is unique in the sense that most of the other cryptography books and materials that I have read started from so many baseline assumptions or were so math heavy that they were not approachable. The other types of cryptography books, like the Code Book are more in the sense of popular science. They give you background, but nothing actionable.

What I really liked about Serious Cryptography (henceforth, the book) is that it is a serious discussion of cryptography without delving too deeply into math (but with clear explanations and details on it) and that it is practical. Oh, it isn’t an API guideline and it isn’t something that you can just pick up and learn cryptography, but it does an amazing good in laying out the field and explaining all sort of concepts and ideas that are generally just assumed.

I read it in two days, because it was fascinating reading and because it is relevant to what I’m actually doing. Some of the most fun parts is “how things fail” when the author discuss various failure that happened in the real world, what caused them and what actions were taken as a result.

– Oren Eini

O livro trata de criptografia, aleatoriedade, funções para hashing, block ciphers, e técnicas envolvendo chaves públicas como RSA.

O livro também apresenta boas introduções sobre os principais modelos de ataque, limitações e usos para HTTPS, entre muitos outros tópicos interessantes. Mais que isso, mostra sobre falhas comuns de implementação e como evitá-las.

Trata-se de leitura obrigatória para qualquer um envolvido em projetos onde segurança é requisito crítico. Um livro para ser lido mais que uma vez!