Cryptography Engineering: Design Principles and Practical Applications [Paperback]

Niels Ferguson (Author), Bruce Schneier (Author), Tadayoshi Kohno (Author)

Book Description

ISBN-10: 0470474246 | ISBN-13: 978-0470474242 | Publication Date: March 15, 2010 | Edition: 1

The ultimate guide to cryptography, updated from an author team of the world's top cryptography experts.

Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of cryptography: message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field.

After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography.

• An author team of internationally recognized cryptography experts updates you on vital topics in the field of cryptography
• Shows you how to build cryptography into products from the start
• Examines updates and changes to cryptography
• Includes coverage on key servers, message security, authentication codes, new standards, block ciphers, message authentication codes, and more

Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.

Editorial Reviews

From the Back Cover

Learn to build cryptographic protocols that work in the real world

Knowing how a camera works does not make you a great photographer. Knowing what cryptographic designs are and how existing cryptographic protocols work does not give you proficiency in using cryptography. You must learn to think like a cryptographer.

That is what this book will teach you. Dive deeply into specific, concrete cryptographic protocols and learn why certain decisions were made. Recognize the challenges and how to overcome them. With this book, which is suitable for both classroom and self-study, you will learn to use cryptography effectively in real-world systems.

• Understand what goes into designing cryptographic protocols

• Develop an understanding of the interface between cryptography and the surrounding system, including people, economics, hardware, software, ethics, policy, and other aspects of the real world

• Look beyond the security protocol to see weaknesses in the surrounding system

• Thwart the adversary by understanding how adversaries think

• Learn how to build cryptography into new products

About the Author

Niels Ferguson is a cryptographer for Microsoft who has designed and implemented cryptographic algorithms, protocols, and large-scale security infrastructures.

Bruce Schneier is an internationally renowned security technologist whose advice is sought by business, government, and the media. He is the author of Applied Cryptography, Secrets and Lies, and Schneier on Security.

Tadayoshi Kohno is a professor at the University of Washington. He is known for his research and for developing innovative new approaches to cryptography and computer security education.

Product Details

• Paperback: 384 pages
• Publisher: Wiley; 1 edition (March 15, 2010)
• Language: English
• ISBN-10: 0470474246
• ISBN-13: 978-0470474242
• Product Dimensions: 9.2 x 7.4 x 0.8 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (9 customer reviews)
• Amazon Best Sellers Rank: #37,822 in Books (See Top 100 in Books)
  • #14 in Books > Computers & Technology > Programming > Algorithms > Cryptography
  • #76 in Books > Computers & Technology > Security & Encryption

Customer Reviews

Most Helpful Customer Reviews

39 of 40 people found the following review helpful:

5.0 out of 5 stars Long awaited update of the Practical Cryptography, March 12, 2010

By 

Mihailo Despotovic (Silicon Valley, CA USA) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Cryptography Engineering: Design Principles and Practical Applications (Paperback)

I just got the book, skimmed over it and compared it with the 1st edition (Practical Cryptography).

First of all, if you don't have the 1st edition, this is an excellent buy. It's a "middle ground" book and probably the one you should start with if you are interested in practical cryptography. Then, depending on your interests and needs, you could proceed to a technically and mathematically much deeper (but somewhat obsolete) Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition or to some other direction using the foundation laid down in this book and then getting other book(s) about "hard-core" mathematics of cryptography or about "softer" methods of social engineering and real-life security.

I will now assume you know what the book is all about and that you are considering upgrading it so here are some quick things I hope to help you deciding:

- first of all, obviously, the errata from the 1st edition is incorporated into the text (there is no errata for the 2nd edition yet but keep checking on the book's home page [ [..] ]) which also contains the links from the book so you don't have to type them yourself while investigating
- the algorithms, protocols and formulas look the same but they might have minor tweaks, most of the stuff I looked up is the same as in the 1st edition
- the 2nd edition has 60 pages less and that's because the line spacing is smaller (the text is more dense) and not because some material has been omitted (at least I could not find anything significant being removed)
- one (really small) speculative mathematical subchapter has been removed (4.5.6 in 1st edition: Equation Solving Attacks); I guess the attack/math did not turn out to work
- the new addition to the team of the authors is a university professor and, as a result of that, the book has more of a textbook feel: exercises at the end of each chapter are added and the preface now contains example syllabi subchapter with three course proposals (6, 10 and 12 week) based on the book; it is also mentioned in the preface that the book is now "more suited for a self-study"
- the chapter layout is exactly the same as in 1st edition but off by one since "Our Design Philosophy" from the 1st edition has been presented a bit later as a subchapter of another chapter
- there are more references at the end (130 vs 97)
- minor: the cover is more boring, it really looks and, with the denser text inside, feels like a textbook while the 1st edition looked more like an engineering/hacking book

These are my very first quick and most likely incomplete and biased impressions, I might come back and update the review if I find anything significant.

20 of 20 people found the following review helpful:

5.0 out of 5 stars The text we've needed, March 16, 2010

By 

wiredweird "wiredweird" (Earth, or somewhere nearby) - See all my reviews
(HALL OF FAME REVIEWER)    (TOP 500 REVIEWER)   

This review is from: Cryptography Engineering: Design Principles and Practical Applications (Paperback)

It turns out that cryptography is the least of the issues in cryptographic systems. Good codes are available in good implementations all over the place (one reason the authors warn against implementing your own, since good implementations are very hard). But, as the authors say in their introductory chapter, "Cryptography by itself is fairly useless." They liken strong codes in a weak system to a bank-vault door on a tent. This book provides a first lesson in pouring some concrete into the walls behind that door.

Phrased as a text for a one semester graduate or advanced undergrad class, this highly readable text covers a range of basics - the first and most pervasive being the professional paranoia needed to actively seek out ways to defeat your own systems. The authors cover things you might expect in a crypto course, including ciphers, message digests, key exchange, and a smattering of mathematical basics. There's less of the real crypto material than you might think, however. I mean, what good is the unbreakable code when the bad guy with a root kit can read your passwords from the paging file or /dev/kmem? Instead, this book stands out for things like wiping secrets from memory as fast as you can - if you can, if language design or the physics of computer memory even make it possible. Even things like random numbers and the system clock come under careful scrutiny and analysis of their own. The reader who goes through this book cover to cover comes away with a solid appreciation of the hardware, software, and social issues involved in creating truly secure systems.

But, as the authors take pains to state, this is only an introduction. As happened with Schneier's "Applied Cryptography", it could become "... notorious for the systems that [readers] then designed and implemented on their own" after reading it. Serious cryptographic systems require specialized skills, skills that only a handful of people worldwide have. Since the authors observe that "We don't actually know how to create secure code," it's arguable that no one is qualified. But, to get even as good as the experts are today, a student has to start somewhere. This introductory text gets that student off to that start.

- wiredweird

13 of 13 people found the following review helpful:

5.0 out of 5 stars Nice intro for non-cryptographists, March 30, 2010

By 

L. Andersen (Copenhagen, Denmark) - See all my reviews
(REAL NAME)   

This review is from: Cryptography Engineering: Design Principles and Practical Applications (Paperback)

This book gives you a nice introduction to modern cryptography including message authentication, public key infrastructure and hashing algorithms. It does not delve too much in unimportant details, but gives an overview of the common pitfalls and the state of the art software available.

The book contains exercises at the end of each chapter which makes the book suitable for self teaching. Do not expect to be able to implement your own safe cryptographic algorithms simply by reading this book but learn some kind of professional paranoia and an idea of just how difficult it is to write safe code today.

I am not a professional programmer myself or a cryptographic engineer, but I did enjoy the book very much since it was able to keep me up to speed with the newest technology. I wholeheartedly recommend this book to anyone interested in an overview of cryptography, but beware that some mathematical background is required (not more than high school stuff).