On Wed, Dec 15, 2010 at 02:02:16PM -0500, Ian Darwin wrote:
> On 12/15/10 13:15, Joachim Schipper wrote:
> > while the books looks pretty decent at a
> > glance, it's *really* dated. This is not always an issue (most of the
> > theoretical sections have aged reasonably well), but without already
> > knowing most of this stuff people may confidently do completely the
> > wrong thing. For instance, the chapter on hash functions lists only one
> > function - RIPEMD160 - that could be even considered for new
> > deployments.
>
> And I rewrote your concern into pkg/MESSAGE:
>
> The Handbook of Applied Cryptography will provide a useful introduction
> to cryptography and the mathematics behind it. Please be aware that
> this book - like any similar crypto book from the last century - is
> significantly dated. This is not always an issue (most of the
> theoretical sections have aged reasonably well), but a person reading
> this book without already knowing much about crypto might be led
> confidently to do completely the wrong thing. For instance, the
> chapter on hash functions lists only one function - RIPEMD160 -
> that could be even considered for new deployments.
>
> But do you think this is adequate? Or should I just delete the port
> instead of committing it?
I'm not sufficiently well-versed in "applied cryptography" to lend my
imprimatur, and my "aged reasonably well" comment was based on, at most,
a ten-minute scan. In short, I'm neither able nor willing to say that
there are no errors in the theory, let alone the more practical side.
It pains me to say this, since I do think this is neat and I know that
it's nice to see your work having an effect, but I'd recommend not
committing this. Again, sorry.
Joachim
P.S. If you happen to be looking for a good crypto book, I like Katz &
Lindell's "Modern Cryptography". Schneier's "Cryptography Engineering"
is more practical and supposed to be much better than his older "Applied
Cryptography". I haven't read it, though.
