Crypto questions
jonathan at screaming.org
jonathan at screaming.org
Thu Dec 21 10:29:48 PST 2000
> You don't want to be on the bleeding edge of cryptography;
> you want to be on the calm, boring and stuffy edge.
[snip]
I'd absolutely agree with everything Bill said, but would add the
following:
Based on your question, what you're asking about is how to secure SMTP
traffic. This doesn't really even equate to needing a current crypto
reading list. Rather, what you need (in addition to hiring a
professional) is a good understanding of the fundamentals of
information security, of which cryptography is only one small
part. (Bill hinted at this but I wanted to make sure it was very
explicit.)
> The classic reading list on crypto starts with Bruce Schneier's
> Applied Cryptography, plus however much of it's 1000+ item
> bibliography makes sense for you.
Still true today. However, for someone trying to gain an understanding
of information security (risk assessment, threat analysis,
countermeasures, etc.), his most recent book is probably more suitable
(and equally indispensable). Anyone who doesn't *thoroughly*
understand the principles outlined in _Secrets_and_Lies_ is *not* a
security professional.
P.S. Get off the toad node.
/jonathan
More information about the cypherpunks-legacy
mailing list