Cyber Shelf

// Comparison

Real-World Cryptography vs Security Engineering: Which Should You Read?

Two cybersecurity books on Cryptography, compared honestly: who each is for, what each does best, and which to read first.

Intermediate
5/52021
Real-World Cryptography

David Wong

David Wong's hands-on tour of the cryptographic primitives, protocols and pitfalls that show up in actual production systems, with deliberate attention to TLS, Noise, modern AEAD, and post-quantum.

Advanced
5/52020
Security Engineering

A Guide to Building Dependable Distributed Systems

Ross Anderson

Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.

Read this if

Working engineers who need to make crypto decisions in real systems: AEAD ciphers, key exchange, signatures, password hashing, PKI, end-to-end encryption, post-quantum migration. The new modern default and the book we recommend first to almost anyone touching cryptography in production.
Anyone who builds, audits, or governs systems where failure has real-world consequences: banking, healthcare, voting, telecom, defence. The single most important security book ever written, and the rare textbook that improves with each edition.

Skip this if

Cryptography researchers or readers wanting full mathematical proofs. The math is bounded to what an engineer needs to evaluate choices, not full constructions. For the next layer of depth read Serious Cryptography after this.
Readers looking for a hands-on tooling guide or a quick certification primer. Anderson works at the systems and policy layer; if you need to learn how to use Burp, this is not it. The 1,200 pages also reward patient readers, not skimmers.

Key takeaways

  • Most crypto vulnerabilities are misuse, not broken primitives; Wong's framing of "what to use, what to avoid" is the cleanest in print.
  • TLS 1.3, Noise, and Signal-style protocols compose primitives in patterns engineers should recognise on sight, this book teaches the patterns.
  • Post-quantum cryptography is no longer optional reading; the book introduces the lattice and hash-based constructions you'll be deploying within a few years.
  • Most production failures are economic and organisational, not cryptographic: incentives shape outcomes far more than primitives.
  • Threat models from one domain (banking, telecom, military) generalize to the next once you know what to look for, and Anderson is the best in the field at showing you.
  • Side channels, supply chains, and policy are first-class engineering concerns, not footnotes.

How they compare

Real-World Cryptography and Security Engineering are both rated 5/5 in our catalog. Pick by topic preference and reading style rather than by rating.

Real-World Cryptography is pitched at intermediate level. Security Engineering is pitched at advanced level. Read the easier one first if you're not yet comfortable with the topic.

Real-World Cryptography and Security Engineering both cover Cryptography, so reading them in sequence reinforces the same material from different angles.

Keep reading

Real-World Cryptography

Alternatives to Real-World CryptographyWhat to read after Real-World Cryptography

Security Engineering

Alternatives to Security EngineeringWhat to read after Security Engineering

Related topics

Cryptography