Customer Reviews

Cryptography For Dummies

5 star:		(2)
4 star:		(5)
3 star:		(0)
2 star:		(1)
1 star:		(1)

 

 

I've stumbled across cryptography for about the past year, so recently I decided to go ahead and learn some basics (as I think the subject and InfoSec is really interesting). Most cryptography books out there are for the advanced and are mathematically rigorous. While I gladly welcome math, I needed an overview to bring me up to speed, prepping me for more intermediate (and eventually advanced) texts later.

I've never read a Dummies book dealing with computer technology before, because although they're written for absolute novices, the low-level writing style irritates me, usually takes too long to get to the "interesting stuff", and the "yippity-skippity!" attitude will eventually make me go seek a more advanced text. Basically, Dummies books "hold your hand", and if this is what you need, they're great! But if not, they can be rather slow for you (as for me).

However, Cryptography for Dummies is pretty good, aside from a few misses. By this being a Dummies book, the impression of this text being for complete neophytes is false - if you don't have any experience with basic computer science topics (e.g. binary, binary-to-decimal conversions, bits/bytes/words, etc.), the first couple chapters may be a little hard to understand, as the author assumes you at least know that stuff.

Aside from that, the author does a good job explaining the basic topics one needs to understand cryptography and its inner-workings. However, the author's writing style leaves much to be desired at times. At points, I found myself scratching my head, re-reading passages several times, trying to figure out what the author meant. At times when he should explain the nuances of something, he doesn't, leaving you to go, "HUH?" (A good example of this are the early parts where he talks about keys but doesn't explain what a key is or how they interact with other parts of a cryptographic system.)

There are other sections where the author leaves entire descriptions of things out, where you'll have to figure it out for yourself. Perhaps this is purposeful, so he won't get too far into the topic, as this book is basically an overview. Something else I noticed too is the vast amount of errors the book has! I'm not sure if Dummies has an 'Errata' section on its site.

While this book is by no means a complete text (probably not even a 1/3-complete text), overall, it's good for those who want an overview of the subject, and plan on venturing further, as I do.

Cryptography is one of the most intimidating aspects of computer security, conjuring up, as it does, such concepts as hash functions and public-key infrastructures. For the average user who wants to know about cryptography without gaining the proficiency of a cryptographer, Cryptography for Dummies is the perfect introduction.

The book details the core elements of cryptography that the average user needs to understand, leaving the theoretical topics to more long-winded texts. Emphasis is put on simplicity and straightforwardness, with as little gibberish as possible. Screen shots and illustrations are used effectively without being condescending or insulting.

As the book progresses, the chapters plumb more detail. Those wishing just a quick introduction should stop after part one. For the more ambitious, sections on public-key infrastructures, secured sockets layer, authentication systems, and virtual private networks lie ahead.

This book is an excellent introduction to the field. Perfect for someone who is concerned with information security within their organization, a nice starting place for someone considering a career in security, and very useful to the IS staff person who gets stuck with the job when there isn't money to pay for an expert. I do security training for end users and am considering using content from this book and Network Security For Dummies to develop a basic course. It's nice to have some of these concepts explained in plain English. Makes it easier to do my job.

This book was excellent for getting you over that hill of understanding. If you don't have much back ground in cryptography or don't need to know the nitty-gritty details of how it all works then this is the book for you. The book is well indexed and fairly up to date. The only problem I found with this book is that sometimes it went back over some things already covered but, this is a minor issue. I used it extensively for doing an intro research paper on cryptography.

This book will open the eyes of anyone who wants to learn about the subject. And the Author does a great job of making it a fun read too. The reason i bought this book, it to understand whats up with digital certificates. My eyes were opened when i found out that many certificates are not cross compatible with all apps... its hundreds of facts like this, that will help you to finally figure it out everything you need to know to make it happen for you. Especially with PGP (its free and it rocks)

A good introduction to how cryptography works. Very simple, yet accurate. It covers basically all the fundamentals of how cryptography works, how it's used, and how it *should* be used. Math is kept extremely minimal.

I don't usually have the need to buy Dummies books, but my mom's workplace was thinking of encrypting their data (she works in health care and they need to protect patient data carefully now). I bought her this book and she was thrilled with it. The book gave her some step-by-step example on how to encrypt email and the explanations of how crypto works made sense to her. Yes, the book is a bit simplistic, but that's what it is supposed to be! I applaud the author for taking on such a complex subject. Although other books are more technical, this is a good book for someone who needs an introduction to the subject.

I started out giving this book a 3 - 3.5 stars, by the time I finished Chapter 5 it dropped to 2.5. Now that I finished the book I believe it deserves no more than 2.

Part 1 (Ch1 - Ch4) of the book started off well, with a lot of What, How and Why. Later chapters of the book are mainly What - this is the name of the protocol and this is what it stands for. Nothing one couldn't find easily on the Net. The author spent three whole chapters on PKI, and it is some of the worst explanation I've ever read. I came away dumber and know less about PKI.

The book has credibility problems, and here is why:

p.219 TCP/IP was discussed in the context of a single protocol, and that IPsec was touted as a replacement of TCP/IP. TCP/IP is a suite of protocols, including application protocol such as FTP, HTTP, telnet...etc and data link layer protocols such as Ethernet, Token Ring.. etc. Exactly how does IPsec "upgrade or enhance" these protocols ? The author suggests combining IPsesc with normal VPN tunneling protocols to provides the best solution for encrypted data transport. I don't know what "normal" VPN tunneling protocol means, but 9 out of 10 VPN products on the market already provides IPsec as an option. It is just another protocol to do VPN, and it is the preferred option compare to PPTP (even Microsoft would agree to that). Don't think of them as two different technology.

The entire book makes no mention of IPv6, didn't even earn an index entry. How can one discuss IPsec for secure transport without knowledge of IPv6, which has it already built-in.

p. 225 The suggestion that one should employ a CISSP to do penetration test because they are more "proficient" and likely to know what they are doing without "damaging" your network - its quite simply laughable. Yes I know, CISSP is quite bankable. Government and large companies loves them. They are the ones who do risk management, set security policy and go to lunch with CIOs. It is however, a certification that has been described as a mile wide and an inch deep. Meaning, a CISSP would have a good "introductory" overview of the different aspects of the security landscape, but not necessary the deep technical knowledge to carry out an attack. Not to be dis-respectful to all the hard working CISSPs out there, I myself, is working to become one. CISSP should be a minimum requirement for all security professionals. It is not, however, a technical cert.

p. 229 The author had this to say on war chalking, "I have seen these marks myself on sidewalks in San Francisco and New York, so I know this is not rumour." You mean you never heard of it until now ?

Also, almost no mention of the Twofish algorithm in AES submission, although Bruce Schneier was briefly cited in the Appendix. Quite disappointing, the book does introduce users to some terminology of the field, and some of the links are quite useful - hence, the 2 stars.

This book lacks credibility. It gives a weak high level outline for crypto and has some very embarrassing inaccuracies when detail is attempted to be covered. It's also shockingly dated in places and very poorly written with disorganized statements. Save your money and visit some websites that would give you better general and specialized information and not cost you a bean. This book is not value for money.