- ISBN13: 9780470474242
- Condition: NEW
- Notes: Brand New from Publisher. No Remainder Mark.
Product Description
The ultimate guide to cryptography, updated from an author team of the world’s top cryptography experts. Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You’ll learn how to think like a crypt… More >>
Cryptography Engineering: Design Principles and Practical Applications
Tags: Applications, author team, Cryptography, cryptography experts, definitive introduction, Design, Engineering, engineering design principles, key management, message security, Practical, practical applications, Principles, remainder mark
It turns out that cryptography is the least of the issues in cryptographic systems. Good codes are available in good implementations all over the place (one reason the authors warn against implementing your own, since good implementations are very hard). But, as the authors say in their introductory chapter, “Cryptography by itself is fairly useless.” They liken strong codes in a weak system to a bank-vault door on a tent. This book provides a first lesson in pouring some concrete into the walls behind that door.
Phrased as a text for a one semester graduate or advanced undergrad class, this highly readable text covers a range of basics – the first and most pervasive being the professional paranoia needed to actively seek out ways to defeat your own systems. The authors cover things you might expect in a crypto course, including ciphers, message digests, key exchange, and a smattering of mathematical basics. There’s less of the real crypto material than you might think, however. I mean, what good is the unbreakable code when the bad guy with a root kit can read your passwords from the paging file or /dev/kmem? Instead, this book stands out for things like wiping secrets from memory as fast as you can – if you can, if language design or the physics of computer memory even make it possible. Even things like random numbers and the system clock come under careful scrutiny and analysis of their own. The reader who goes through this book cover to cover comes away with a solid appreciation of the hardware, software, and social issues involved in creating truly secure systems.
But, as the authors take pains to state, this is only an introduction. As happened with Schneier’s “Applied Cryptography”, it could become “… notorious for the systems that [readers] then designed and implemented on their own” after reading it. Serious cryptographic systems require specialized skills, skills that only a handful of people worldwide have. Since the authors observe that “We don’t actually know how to create secure code,” it’s arguable that no one is qualified. But, to get even as good as the experts are today, a student has to start somewhere. This introductory text gets that student off to that start.
- wiredweird
Rating: 5 / 5
I just got the book, skimmed over it and compared it with the 1st edition (Practical Cryptography).
First of all, if you don’t have the 1st edition, this is an excellent buy. It’s a “middle ground” book and probably the one you should start with if you are interested in practical cryptography. Then, depending on your interests and needs, you could proceed to a technically and mathematically much deeper (but somewhat obsolete) Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition or to some other direction using the foundation laid down in this book and then getting other book(s) about “hard-core” mathematics of cryptography or about “softer” methods of social engineering and real-life security.
I will now assume you know what the book is all about and that you are considering upgrading it so here are some quick things I hope to help you deciding:
- first of all, obviously, the errata from the 1st edition is incorporated into the text (there is no errata for the 2nd edition yet but keep checking on the book’s home page [ [..] ]) which also contains the links from the book so you don’t have to type them yourself while investigating
- the algorithms, protocols and formulas look the same but they might have minor tweaks, most of the stuff I looked up is the same as in the 1st edition
- the 2nd edition has 60 pages less and that’s because the line spacing is smaller (the text is more dense) and not because some material has been omitted (at least I could not find anything significant being removed)
- one (really small) speculative mathematical subchapter has been removed (4.5.6 in 1st edition: Equation Solving Attacks); I guess the attack/math did not turn out to work
- the new addition to the team of the authors is a university professor and, as a result of that, the book has more of a textbook feel: exercises at the end of each chapter are added and the preface now contains example syllabi subchapter with three course proposals (6, 10 and 12 week) based on the book; it is also mentioned in the preface that the book is now “more suited for a self-study”
- the chapter layout is exactly the same as in 1st edition but off by one since “Our Design Philosophy” from the 1st edition has been presented a bit later as a subchapter of another chapter
- there are more references at the end (130 vs 97)
- minor: the cover is more boring, it really looks and, with the denser text inside, feels like a textbook while the 1st edition looked more like an engineering/hacking book
These are my very first quick and most likely incomplete and biased impressions, I might come back and update the review if I find anything significant.
Rating: 5 / 5
Nutshell review – Here is a book for the rest of us math-challenged crypto-wannabees
Although books on cryptography are often heavy on the math this book, an updated version of Practical Cryptography, sets out to show how cryptography should be applied in real-world situations. As the preface explains, the book can be used for self-study or in the classroom and even provides a schedule for that purpose.
The writing style is excellent, eloquent and clear. If you have taken, or intend to take, any of the security certifications such as from SANS or (ISC)2 you will have been (or soon will be) exposed to this subject. From my experience this domain often generates the most interest amongst security professionals but also the most confusion! This book really expands on that domain with 5 primary sections broken down into 23 chapters. Each section addresses a collection of related issues such as message security or key management and each chapter addresses a specific aspect of it such as ciphers or PKI. Each chapter provides an overview, the important issues, what works, what doesn’t and a small selection of exercises and questions to test what you have learnt to help you think about the important aspects to consider.
The math is kept to a minimum, as the book is not intended to turn you into a crypto-czar, but it does cover most everything you are going to need to be aware of for using and implementing cryptography on a practical level in your organization on a day to day basis. You can jump to any chapter as a refresher or to learn the pros and cons of a particular aspect. I would recommend the book to most all security professionals, those interested in getting to grips with and gaining a deeper understanding of (practical) cryptography and also to information security management if for nothing else than for the uses, conclusions, recommendations and pointers that almost all the chapters have.
To those security professionals at management level I would also highly recommend (1) Schneier on Security and (2) Beyond Fear: Thinking Sensibly About Security in an Uncertain World. both by Bruce Schneier, and (3) Security Engineering: A Guide to Building Dependable Distributed Systems by Ross J. Anderson.
Rating: 5 / 5