// Comparison
Security Engineering vs Serious Cryptography: Which Should You Read?
Two cybersecurity books on Cryptography, compared honestly: who each is for, what each does best, and which to read first.
Ross Anderson's comprehensive textbook on the design of secure systems, covering protocols, access control, side channels, economics of security, and policy.
A Practical Introduction to Modern Encryption
Jean-Philippe Aumasson
Jean-Philippe Aumasson's working introduction to modern cryptography, written for engineers who need both intuition and enough mathematical depth to evaluate the choices a library is making for them.
Read this if
Skip this if
Key takeaways
- Most production failures are economic and organisational, not cryptographic: incentives shape outcomes far more than primitives.
- Threat models from one domain (banking, telecom, military) generalize to the next once you know what to look for, and Anderson is the best in the field at showing you.
- Side channels, supply chains, and policy are first-class engineering concerns, not footnotes.
- Modern primitives can be understood by engineers, given the right framing — Aumasson's choice to bound the math is the book's defining design decision.
- The 2nd edition (2024) covers post-quantum cryptography (Kyber, Dilithium, SPHINCS+) at the depth a deploying engineer actually needs.
- The chapters on hash-function attacks (length extension, multi-collisions) are the clearest in print and explain why half of the production bugs in HMAC-adjacent code happen.
How they compare
Security Engineering and Serious Cryptography are both rated 5/5 in our catalog. Pick by topic preference and reading style rather than by rating.
Security Engineering is pitched at advanced level. Serious Cryptography is pitched at intermediate level. Read the easier one first if you're not yet comfortable with the topic.
Security Engineering and Serious Cryptography both cover Cryptography, so reading them in sequence reinforces the same material from different angles.