Found in 2 comments on Hacker News
brl · 2009-05-30
· Original
thread
> Until we developers have books that better elucidate the pitfalls of implementation, or better libraries that avoid the pitfalls on our behalf, we'll be stuck "building crypto", somewhat blindly.
There are a lot of really good books about cryptography now.
This book is the best one that I've seen for coverage of the pitfalls of implementation.
http://www.amazon.com/Modern-Cryptography-Practice-Hewlett-P...
> I've seen you recommend GPGME previously.
I missed the context in which tptacek was recommending GPGME, but if your problem is something other than authenticating downloaded packages or signing and encrypting email, designing with GPG as a 'primitive' is probably not such a great idea. I have seen some attempts to repurpose GPG into new applications and every time these protocols have been badly flawed because the authors don't even realize that they are inventing a brand new protocol.
Last fun book : http://www.amazon.com/Woken-Furies-Takeshi-Kovacs-Novels/dp/...
I can't resist the body swapping stuff ever since reading Lord of Light as a kid