// Comparison
Cryptography Engineering vs Security Engineering: Which Should You Read?
Two cybersecurity books on Cryptography, compared honestly: who each is for, what each does best, and which to read first.
Design Principles and Practical Applications
Niels Ferguson, Bruce Schneier, Tadayoshi Kohno
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.
Read this if
Skip this if
Key takeaways
- Almost every cryptographic disaster is an integration failure, not a primitive failure.
- Don't roll your own, but understand enough to recognize when the library you're using is wrong.
- Side channels are not exotic; they are the default mode of failure.
- Most production failures are economic and organisational, not cryptographic: incentives shape outcomes far more than primitives.
- Threat models from one domain (banking, telecom, military) generalize to the next once you know what to look for, and Anderson is the best in the field at showing you.
- Side channels, supply chains, and policy are first-class engineering concerns, not footnotes.
How they compare
We rate Security Engineering higher (5/5 against 4/5 for Cryptography Engineering). For most readers, that means Security Engineering is the primary pick and Cryptography Engineering is a useful follow-up.
Cryptography Engineering is pitched at intermediate level. Security Engineering is pitched at advanced level. Read the easier one first if you're not yet comfortable with the topic.
Cryptography Engineering and Security Engineering both cover Cryptography, Defensive, so reading them in sequence reinforces the same material from different angles.
Keep reading
Cryptography Engineering
→ Alternatives to Cryptography Engineering→ What to read after Cryptography Engineering