Industrial-Sized Deals Shop all Back to School Shop Women's Handbags Learn more nav_sap_plcc_6M_fly_beacon $5 Albums $5 Off Fire TV Stick Subscribe & Save Shop Popular Services pivdl pivdl pivdl  Amazon Echo Starting at $99 Kindle Voyage Shop Back to School with Amazon Back to School with Amazon Outdoor Recreation STEM Toys & Games

Your rating(Clear)Rate this item


There was a problem filtering reviews right now. Please try again later.

62 of 63 people found the following review helpful
on March 12, 2010
I just got the book, skimmed over it and compared it with the 1st edition (Practical Cryptography).

First of all, if you don't have the 1st edition, this is an excellent buy. It's a "middle ground" book and probably the one you should start with if you are interested in practical cryptography. Then, depending on your interests and needs, you could proceed to a technically and mathematically much deeper (but somewhat obsolete) Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition or to some other direction using the foundation laid down in this book and then getting other book(s) about "hard-core" mathematics of cryptography or about "softer" methods of social engineering and real-life security.

I will now assume you know what the book is all about and that you are considering upgrading it so here are some quick things I hope to help you deciding:

- first of all, obviously, the errata from the 1st edition is incorporated into the text (there is no errata for the 2nd edition yet but keep checking on the book's home page [ [..] ]) which also contains the links from the book so you don't have to type them yourself while investigating
- the algorithms, protocols and formulas look the same but they might have minor tweaks, most of the stuff I looked up is the same as in the 1st edition
- the 2nd edition has 60 pages less and that's because the line spacing is smaller (the text is more dense) and not because some material has been omitted (at least I could not find anything significant being removed)
- one (really small) speculative mathematical subchapter has been removed (4.5.6 in 1st edition: Equation Solving Attacks); I guess the attack/math did not turn out to work
- the new addition to the team of the authors is a university professor and, as a result of that, the book has more of a textbook feel: exercises at the end of each chapter are added and the preface now contains example syllabi subchapter with three course proposals (6, 10 and 12 week) based on the book; it is also mentioned in the preface that the book is now "more suited for a self-study"
- the chapter layout is exactly the same as in 1st edition but off by one since "Our Design Philosophy" from the 1st edition has been presented a bit later as a subchapter of another chapter
- there are more references at the end (130 vs 97)
- minor: the cover is more boring, it really looks and, with the denser text inside, feels like a textbook while the 1st edition looked more like an engineering/hacking book

These are my very first quick and most likely incomplete and biased impressions, I might come back and update the review if I find anything significant.
33 commentsWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
34 of 37 people found the following review helpful
It turns out that cryptography is the least of the issues in cryptographic systems. Good codes are available in good implementations all over the place (one reason the authors warn against implementing your own, since good implementations are very hard). But, as the authors say in their introductory chapter, "Cryptography by itself is fairly useless." They liken strong codes in a weak system to a bank-vault door on a tent. This book provides a first lesson in pouring some concrete into the walls behind that door.

Phrased as a text for a one semester graduate or advanced undergrad class, this highly readable text covers a range of basics - the first and most pervasive being the professional paranoia needed to actively seek out ways to defeat your own systems. The authors cover things you might expect in a crypto course, including ciphers, message digests, key exchange, and a smattering of mathematical basics. There's less of the real crypto material than you might think, however. I mean, what good is the unbreakable code when the bad guy with a root kit can read your passwords from the paging file or /dev/kmem? Instead, this book stands out for things like wiping secrets from memory as fast as you can - if you can, if language design or the physics of computer memory even make it possible. Even things like random numbers and the system clock come under careful scrutiny and analysis of their own. The reader who goes through this book cover to cover comes away with a solid appreciation of the hardware, software, and social issues involved in creating truly secure systems.

But, as the authors take pains to state, this is only an introduction. As happened with Schneier's "Applied Cryptography", it could become "... notorious for the systems that [readers] then designed and implemented on their own" after reading it. Serious cryptographic systems require specialized skills, skills that only a handful of people worldwide have. Since the authors observe that "We don't actually know how to create secure code," it's arguable that no one is qualified. But, to get even as good as the experts are today, a student has to start somewhere. This introductory text gets that student off to that start.

- wiredweird
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
15 of 17 people found the following review helpful
Good cryptography can ensure that your data is readable only to authorized parties. The danger of bad cryptography is a false sense of data security. The line between the two is exceptionally thin, and the difference between the two is spelled out in great detail in this text.

The first edition of coauthor Bruce Schneier's Applied Cryptography came out in 1994. What was revolutionary then, and launched a new generation of security mavens, is now obsolete in many parts. Cryptography Engineering is a much-needed update. While not as detailed as the former work, and with significantly fewer code examples, the new text is still a valuable resource for anyone who wants to come up to speed on the essentials of modern cryptography.

The book covers the major uses of cryptography today, namely messaging security and the other fundamental areas including key management, block ciph­ers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and much more.

The three authors bring many decades of unique experience on the topic to the book. Their goal is to get the reader to think like a cryptographer, and the book does a great job of that. It is rich in real-world examples, and each chapter ends with a number of exercises to take the theoretical ideas and put them into practice.

While billed as an introductory text on the subject, Cryptography Engineering is not for the fainthearted. Anyone intrigued by the topic and with the time to dedicate to the matter will find the book worth their while.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
15 of 18 people found the following review helpful
on March 30, 2010
This book gives you a nice introduction to modern cryptography including message authentication, public key infrastructure and hashing algorithms. It does not delve too much in unimportant details, but gives an overview of the common pitfalls and the state of the art software available.

The book contains exercises at the end of each chapter which makes the book suitable for self teaching. Do not expect to be able to implement your own safe cryptographic algorithms simply by reading this book but learn some kind of professional paranoia and an idea of just how difficult it is to write safe code today.

I am not a professional programmer myself or a cryptographic engineer, but I did enjoy the book very much since it was able to keep me up to speed with the newest technology. I wholeheartedly recommend this book to anyone interested in an overview of cryptography, but beware that some mathematical background is required (not more than high school stuff).
11 commentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
2 of 2 people found the following review helpful
on July 6, 2011
"Cryptography Engineering," by Ferguson, Schneier, and Kohno, is a stellar introduction to the theory and practice of software security. The authors hit the sweet spot between rigor and clarity and give the clearest accounts that I've ever read of many tough subjects, including:

* Cryptographic Hashing (MD5, SHA-2, and friends)
* Cryptographic pseudo-random number generation
* Block Ciphers
* Diffie/Hellman Key Exchange
* The Chinese Remainder Theorem
* RSA
* Kerberos
* PKI

But their aims are bigger than to acquaint us with buzzwords - they strive to inculcate the reader with the aims and mind-set of security engineering. They also offer penetrating observations on differences between the theory and practice of security, and the pitfalls of the standardization process.

All of this is packaged into a well-written, engaging book. I highly recommend it to anyone writing software, managing a software project, or just wondering what's going on in the cyber-wars.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
23 of 33 people found the following review helpful
on March 28, 2010
I bought this blind on the promise of some new work from Ferguson and Schneier. But got fooled by the different title: "Cryptography Engineering" is just an update of the first edition of "Practical Cryptography". This is good stuff by some excellent authors, but if you've already bought the first edition, there's not enough more to make it worth forking out another $40 or so.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
12 of 18 people found the following review helpful
on January 16, 2011
This relatively brief (380 page) book certainly has some useful advice for systems that need crypto. Unfortunately it fails to live up to "The ultimate guide to cryptography, updated from an author team of the world's top cryptography experts."

This is a far less in depth book than Applied Cryptography. It also omits any useful treatment of ECC.
11 commentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
on July 25, 2015
Outstanding book on this topic. Recent publication (as of this writing). Great background on advanced topics from leading public minds.

I highly recommend this as a basis for a practical understanding if you missed these topics in school. I cannot imagine a better treatment of cryptography engineering.

Includes chapters that delve into the details of the foundational mathematical framework for current cryptography.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
on September 12, 2011
The text is a deep synthesis of tradititional cryptography combined with additional and modern techniques: I found particularly intersting the definitions which in this field are often somehow heuristic and in many books lack of formalism. It was the time to begin a more formal treatise!!!
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse
on May 24, 2014
This book does a great job explaining cryptographic principles and techniques, but is a little light on technical details and the underlying mathematics. That can either be a pro or a con depending on what you are looking for. This book will stay on my shelf for many years.
0CommentWas this review helpful to you?YesNoSending feedback...
Thank you for your feedback.
Sorry, we failed to record your vote. Please try again
Report abuse

Send us feedback

How can we make Amazon Customer Reviews better for you?
Let us know here.