Real-World Cryptography
David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- David Wong
- Published
- 2021
- Publisher
- Manning
- Pages
- 400
- Language
- English
Read this if
Working engineers who need to make crypto decisions in real systems: AEAD ciphers, key exchange, signatures, password hashing, PKI, end-to-end encryption, post-quantum migration. The new modern default and the book we recommend first to almost anyone touching cryptography in production.
Skip this if
Cryptography researchers or readers wanting full mathematical proofs. The math is bounded to what an engineer needs to evaluate choices, not full constructions. For the next layer of depth read Serious Cryptography after this.
Key takeaways
- Most crypto vulnerabilities are misuse, not broken primitives; Wong's framing of "what to use, what to avoid" is the cleanest in print.
- TLS 1.3, Noise, and Signal-style protocols compose primitives in patterns engineers should recognise on sight, this book teaches the patterns.
- Post-quantum cryptography is no longer optional reading; the book introduces the lattice and hash-based constructions you'll be deploying within a few years.
Notes
The Manning livebook is excellent and pairs well with the print copy. Best read with Aumasson's Serious Cryptography (deeper on primitives) and Cryptography Engineering (better on protocols and systems failures). Wong's blog and his Tamarin / cryptanalysis work are good follow-ups. If you only ever read one cryptography book, this is the one.
What to read before
What to read before Real-World Cryptography →Intermediate · 2024
Serious Cryptography
Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.
Intermediate · 2010
Cryptography Engineering
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
Beginner · 2020
Alice and Bob Learn Application Security
Tanya Janca's hands-on AppSec primer covering threat modeling, secure design, secure coding, testing, deployment, and the social side of running an AppSec program — through a friendly, narrative-driven structure.
What to read next
What to read after Real-World Cryptography →Intermediate · 2024
Serious Cryptography
Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.
Intermediate · 2010
Cryptography Engineering
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
Advanced · 2020
Security Engineering
Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.
Explore similar books
Alternatives to Real-World Cryptography →Intermediate · 2024
Serious Cryptography
Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.
Intermediate · 2010
Cryptography Engineering
A working engineer's introduction to cryptography that takes implementation pitfalls more seriously than most.
Intermediate · 2021
Designing Secure Software
Loren Kohnfelder, the original PKI author, on how to weave security thinking through requirements, design, implementation and operations rather than bolt it on at the end.