>As in, could someone reccommend a good book, or online tutorial, or
>something, somewhere, that explains it all from pretty much first principles,
>and leaves you knowing enough at the end to be able to make sensible use of
>OpenSSL and similar? I don't want a "For Dummies" type book - as I said, I'm
>reasonably competent - but I would really like access to a helpful tutorial.
>I want to learn. So what's the best thing to go for?

There are two good books on SSL, which complement each other:

  "SSL & TLS Essentials", which is more or less an extended-precision version
  of the RFC with a more detailed explanation of everything, lots of TCP-RFC-
  style packet diagrams that aren't in the original RFC (that alone's worth
  the cost of the book), etc etc.

  "SSL and TLS: Designing and Building Secure Systems", which is all the
  background info for SSL that you can't get anywhere else, along with
  information about protocol quirks, bugs, implementation issues, etc etc.

If you want to use SSL (rather than implement it yourself from scratch) I'd
get "SSL and TLS", but if you can afford it I'd recommend getting both,
they're both very worthwhile books.  If only there were books like this
(targeted at crypto people, with all the nuts-and-bolts details) for IPsec or

>But this much remains true: I'm a competent programmer, and I know enough
>about crypto to put together some basic algorithms (like the early PGPs I
>guess). However, the complexity of the OpenSSL library has me stumped. (Plus,
>it's Unix-centric. I'd like to turn it into a Visual Studio port so I could
>compile without needing cygwin, gcc, etc., but that's another story).

If you don't specifically need OpenSSL, you could always look at cryptlib,
http://www.cs.auckland.ac.nz/~pgut001/cryptlib/index.html, which is Windows-
friendly if that's what you're after, and has an SSL implementation among a
ton of other stuff.  Alternatively, if you *really* want that Windows
functionality, there's always CryptoAPI :-).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to