It fascinates me, but it seems like a lot of developers don’t know a lot about cryptography. Certainly, the litany of security bloopers caused by incorrectly implemented crypto makes it appear that way.
Encryption isn’t something that I work with every day, but as a web developer you can’t really get away from needing to secure something – and that means encryption.So, to overcome some of this it’s worth a bit of reading.
Bruce Schneier is a pretty interesting author. His books on Applied Cryptography and Practical Cryptography are excellent, and well worth a read for anyone starting to work with crypto. His blog is also an interesting discussion of security and risk in a wider context.
Troy Hunt has managed to write a number of posts that have grabbed my attention over the year or so. “Lessons in web site security anti-patterns” is just that, “A brief Sony password analysis” is fascinating, and “Our password hashing has no clothes” was eye opening. I like that his posts are strongly based on systematic analysis.
Anyway, I’ll try and update this if I find new, useful resources, or post your own favourites in the comments.