28 of 29 people found the following review helpful
on December 17, 2001
This book clearly explains the foundation of cryptography, numbers, and the techniques that have emerged to provide modern security technologies. The book starts with Part I, that sets the context by introducing terms and the basics, including ciphers, data encryption standard (DES) and secret keys. The authors did a remarkable job by making complex concepts easy to understand. The next two parts go into more detail about public keys and digital certificates. While these are relatively simple to learn on the surface, the details have always eluded me until I read this book because more papers and books on the subject get too deep into details too fast and assume knowledge of advanced math on the part of the reader. Not so this book - the authors make it easy through clear writing, illustrations that illuminate the textual descriptions and a knack for explaining the complex in simple and easily digestible chunks.
I especially liked Part IV, which covers secure electronic commerce because it covered the full spectrum of technologies and the information is immediately useful to all IT and security professionals. Like in the first three parts of this book I came away with a complete understanding of how everything works.
This book epitomizes clear writing. Moreover, it is simply amazing how much knowledge can be relatively painlessly gained from reading this book. Although I am sure the authors intended to make the inner workings of cryptography accessible to non-security professionals (which they unquestionably accomplished), they also set a standard of excellence in technical writing by producing a book that is, in my opinion, near perfect in its ability to seamlessly use lively prose and well thought out illustrations to convey highly technical information. If you need to learn cryptography but are challenged by the math and the impenetratable writing of other books on the subject, start with this one.
20 of 22 people found the following review helpful
on March 31, 2001
I am a senior engineer for managed network security operations. I administer systems which use cryptographic tools and processes (SSH, IPSec VPNs, etc.) and have seen cryptography hinder my network-based intrusion detection activities. I read this book to gain basic familiarity with the nuts and bolts of cryptography. I wanted a lively text which addressed modern issues, since computer books can be quickly overtaken by technological advances. This book delivers at all levels and belongs on every computer security professional's bookshelf.
I thoroughly enjoyed this book. It was energetic, clear, well-organized, fully illustrated, and comprehensive. I believe it's THE book to read if you want an introduction to one of the major enablers of modern computing. Furthermore, because the book's goal is to explain the foundations of both secret and public key cryptography, it should stay relevant for many years.
"Cryptography Decrypted" does not spare any effort to ensure the reader understands the subject. Concepts are clarified and reinforced through text and diagrams on nearly every page. The authors know many readers are not attracted to mathematics, so they move the "heavy lifting" to an appendix. Even then, for readers willing to apply a little effort, the appendix is understandable and enlightening. At every stage of writing this book, the authors must have remembered to keep the non-cryptographer reader in mind. Kudos to their editors for keeping them on track!
The only disappointment was the book's failure to mention the Secure Shell (SSH). Because the authors believed it important to discusses popular implementations of cryptography (IPSec, SSL, PGP), I had hoped that SSH would be included. Most every UNIX sys admin is familiar with SSH, and might have enjoyed learning more about the guts of this indispensable tool.
I don't often give 5 star reviews; only 3 of my last 10 merited that rating. I give the highest marks to books which impress, educate, and entertain. "Cryptography Decrypted" delivers. If you have an interest in cryptography, read this book!
(Disclaimer: I received my review copy free from the publisher.)
11 of 11 people found the following review helpful
The primary audience for this book is anyone who has to quickly get up-to-speed in security infrastructure and cryptology. If you are working in health care and are overwhelmed with the technical requirements imposed by the Health Insurance Portability and Accountability Act (HIPAA), then you are going to love this book. If you are involved in e-commerce you will definitely find this book essential reading and the key to understanding the underpinnings of web and e-commerce security.
There is another audience for this book: technical writers. The authors set the highest standards in document design, clear writing and integration of prose and illustration. They have managed to explain a complex, difficult subject easy to understand.
Part I of the book lays the foundation by explaining the basics: defining terms, the evolution of ciphers and how they worked, and the fundamentals of the data encryption standard (DES) and secret keys. I found this part of the book to be fascinating because the authors used easy-to-follow examples that were augmented by visual depictions of how everything works. For example, a quick explanation of Polybius square numbers and how to transpose them to diffuse a cipher was not only something completely new to me, but was something I was able to thoroughly understand after reading less than three pages of this book! I am sure that a professional cryptographer would find this material basic. I found it empowering because I began to see a larger picture of this obscure science unfold while learning some interesting numerical manipulation techniques. For the first time I really understood this stuff to the degree that I could explain it to non-technical people. The authors also used historical anecdotes to make the subject interesting. Some of the highlights of this part of the book include transposition ciphers, diffusion and confusion strategies, and the frank discussion of DES in its various forms (double, triple), and its strengths and vulnerabilities.
In parts II and III the book thoroughly covers public keys and digital certificates - two topics that you cannot avoid if you are among the primary audience of this book. If you carefully read these sections you will come away with a good grasp of public keys and how they work, digital certificates and how they fit into the scheme of things and message digest mechanics. In fact, you will be able to hold your own in conversations with security experts when discussing these topics. If you are struggling with HIPAA requirements and the thousands of pages of associated documentation you will be armed to fully understand the issues and factors.
Part IV addresses technologies that support secure electronic commerce: secure e-mail, secure socket layer (SSL)/transport layer security (TLS) and IP security. Like sections II and III, these highly technical, complex technologies are explained in an incredibly clear manner. As in the previous sections I learned a lot and came away with a strong understanding. What I really liked about this section is the chapter on cryptographic gotchas - it covered some common attacks and how to safeguard against them. I also enjoyed the treatment of smart cards and their particular vulnerabilities.
I love this book for a number of reasons. First, the authors know their subject. More importantly they have produced a book that epitomizes how to communicate highly technical subjects to not-so-technical people. Finally, this book is remarkably error-free considering the copious use of numeric examples. The author's web site has a single entry for errata! If you need to quickly get up-to-speed on HIPAA or e-commerce security then this book is the best place to start. If you are a technical writer and want to see how it *should* be done get this book even if you do not care about cryptography or security.
10 of 10 people found the following review helpful
on April 20, 2001
Technology is so full of acronyms and vernacular that many computer books have glossaries that are as thick as novellas. Fortunately, books such as Cryptography Decrypted: A Pictorial Introduction to Digital Security provide a good, largely jargon-free introduction to an often arcane subject.
Cryptography is one of the central components of information security. Without it, much that we take for granted, such as e-commerce and confidential e-mail, would be impossible. Cryptography has four main components: confidentiality (information can't be understood by anyone for whom it is not intended); integrity (information can't be altered in storage or transit without the alteration being detected); nonrepudiation (the sender can't later deny having created or sent a message); and authentication (the sender and receiver can confirm each other's identity and the origin and destination of the information). Each of these basics is discussed.
The meat of the book is divided into four parts: secret key cryptography, public key cryptography, key distribution, and real-world systems. Numerous illustrations clarify difficult concepts, such as hash functions.
This is one of the better introductions to contemporary cryptography, covering all the major topics in a user-friendly manner. While no mathematical background is required, readers will be surprised by how many mathematical concepts will become familiar by the end of the book.
While no novella, Cryptography Decrypted still captures the reader's attention. It is useful for any security professional needing to understand encryption, especially computer security specialists.
This review of mine originally appeared at...
9 of 9 people found the following review helpful
on March 2, 2002
Very well done book. Bravo to the authors for using normal english and plenty of illustrations. The purpose of educational books should be to impart knowledge and facilitate understanding with little effort. This book does it well. Don't let the size of this book fool you. It has plenty of in-depth information. Before reading this book, I could never understand what MOD meant. Now, using my Windows Calculator, I am as good as the best Cryptologists. :^ )
8 of 8 people found the following review helpful
on May 9, 2001
This is one of the best crypto books I've read. Although cryptography is a rather dry subject, this engaging book makes it accessible, even to those without mathematics degrees.
I liked the structure of the book: it starts with a brief history of cryptography, moves through crypto theory, and ends with useful information about real-world practical applications. I learnt new stuff throughout.
Personally, I found the diagrams a little hard to follow. The authors use a consistent symbolic style throughout but I think the book cover could have done with a fold-out flap showing the key to all the symbols. That said, it's a valiant attempt to explain the steps in complex crypto processes, and better than most others.
To end with another compliment, my copy is now replete with scribbled comments in the margins, a good sign that it was a stimulating read.
8 of 8 people found the following review helpful
on June 23, 2002
I have been around cryptography for many years and never really understood what was going on under the hood. Other references seem to assume you are a mathematical wizard. This book really covers it in plain english. I think the best part is Apppendix A which really describes the math, in simple terms, of public key encryption. I highly recommend this to folks looking to learn the subject.
4 of 4 people found the following review helpful
on September 3, 2003
Format: PaperbackVerified Purchase
As a future lawyer intending to specialize in information security law and related areas, I'm always on the lookout for books I can recommend to introduce people to the fascinating field of cryptography and its applications in information security. This is one of the best I've seen.
If you want to learn how to use cryptography yourself, you'll want Bruce Schneier's marvelous _Applied Cryptography_ at some point. But if you want to find out what the fuss is about and what, exactly, cryptography has to do with information security, you'll find this introduction very, very helpful.
What's nice about it is that it not only gives you a fairly painless introduction to the essential concepts of cryptography, but also informs you in a reliable way about the importance of cryptographic protocols in electronic information exchange. It starts at the beginning _and_ gets you through to the meaty infosec stuff; even if you're an absolute beginner, by the time you reach the bits about e.g. digital certificates and public key cryptography and secure email and so forth, you'll actually be in a position to understand it.
Highly recommended to lawyers, law students, and other infosec newbies.
4 of 4 people found the following review helpful
on May 20, 2002
I have yet to complete a computer book...EVER. I've picked through tons and tons of books, but this is the first computer book I've been able to complete. Why? Because it's SO readable! The authors don't dump terminology on you every other paragraph (ala O'Reilly) but instead try to relate what could have been difficult concepts into simple to understand terms. Bob, Alice, and the evil Black Hat show up in diagrams throughout the book reinforcing what you've learned in each chapter. I'm feeling prepped enough to take on Schneier's Applied Cryptography book, and interested enough in the topic to stick to it.
3 of 3 people found the following review helpful
on October 22, 2003
This is absolutely the BEST introduction to cryptographic technology that I've seen. You do not need a math degree to read and understand this book! It explains complicated mathematical manipulations clearly and precisely in plain English. If you've looked at other texts and given up hope understanding how cryptography works because you weren't able to understand the math, this book is your salvation.
"Cryptography Decrypted" has only 1 chapter (# 11) where you are required to understand some mathematical concepts, but even those concepts are clearly explained. There is an additional 50+ page appendix that goes into more mathematical detail for those so inclined. If you read this book, you will understand how modern day cryptography works and how cryptanalysts (and hackers) attempt to break encrypted messages. (This is not an algorithms or programming book.)