Practical Cryptography [Paperback]

Niels Ferguson (Author), Bruce Schneier (Author)

Book Description

Publication Date: March 28, 2003 | ISBN-10: 0471223573 | ISBN-13: 978-0471223573 | Edition: 1

Security is the number one concern for businesses worldwide. The gold standard for attaining security is cryptography because it provides the most reliable tools for storing or transmitting digital information. Written by Niels Ferguson, lead cryptographer for Counterpane, Bruce Schneier's security company, and Bruce Schneier himself, this is the much anticipated follow-up book to Schneier's seminal encyclopedic reference, Applied Cryptography, Second Edition (0-471-11709-9), which has sold more than 150,000 copies.
Niels Ferguson (Amsterdam, Netherlands) is a cryptographic engineer and consultant at Counterpane Internet Security. He has extensive experience in the creation and design of security algorithms, protocols, and multinational security infrastructures. Previously, Ferguson was a cryptographer for DigiCash and CWI. At CWI he developed the first generation of off-line payment protocols. He has published numerous scientific papers.
Bruce Schneier (Minneapolis, MN) is Founder and Chief Technical Officer at Counterpane Internet Security, a managed-security monitoring company. He is also the author of Secrets and Lies: Digital Security in a Networked World (0-471-25311-1).

Product Details

• Paperback: 432 pages
• Publisher: Wiley; 1 edition (March 28, 2003)
• Language: English
• ISBN-10: 0471223573
• ISBN-13: 978-0471223573
• Product Dimensions: 7.4 x 0.9 x 9.3 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.1 out of 5 stars  See all reviews (17 customer reviews)
• Amazon Best Sellers Rank: #317,805 in Books (See Top 100 in Books)
  • #74 in Books > Computers & Technology > Programming > Algorithms > Cryptography

Editorial Reviews

Review

"...the insight into the world of security that is offered here makes for an interesting read...any readers who are responsible for network and data security will find plenty of valuable pointers..." (PC Utilities, June 2003)

"...absolutely brilliantly written.... I loved the chapters on PKI...a must read!..." (Information Security Bulletin, July 2003) --This text refers to the Hardcover edition.

From the Back Cover

Two of the world’s top experts in cryptography teach you how to secure your digital future

In today’s world, security is a top concern for businesses worldwide. Without a secure computer system, you don’t make money, you don’t expand, and–bottom line–you don’t survive. Cryptography holds great promise as the technology to provide security in cyberspace. Amazingly enough, no literature exists about how to implement cryptography and how to incorporate it into real-world systems. With Practical Cryptography, an author team of international renown provides you with the first hands-on cryptographic product implementation guide, bridging the gap between cryptographic theory and real-world cryptographic applications.

This follow-up guide to the bestselling Applied Cryptography dives in and explains the how-to of cryptography. You’ll find discussions on:

• Practical rules for choosing and using cryptographic primitives, from block ciphers to digital signatures
• Implementing cryptographic algorithms and systems in a secure way on today’s computers
• A consistent design philosophy to ensure that every part of the system achieves the required security level
• Why security affects every part of the system, and why it has to be a primary goal of the project
• How simple interfaces for cryptographic primitives reduce system complexity and increase system security

See all Editorial Reviews

Product Details

• Paperback: 432 pages
• Publisher: Wiley; 1 edition (March 28, 2003)
• Language: English
• ISBN-10: 0471223573
• ISBN-13: 978-0471223573
• Product Dimensions: 7.4 x 0.9 x 9.3 inches
• Shipping Weight: 1.4 pounds (View shipping rates and policies)
• Average Customer Review: 4.1 out of 5 stars  See all reviews (17 customer reviews)
• Amazon Best Sellers Rank: #317,805 in Books (See Top 100 in Books)
  • #74 in Books > Computers & Technology > Programming > Algorithms > Cryptography

Most Helpful Customer Reviews

92 of 97 people found the following review helpful

4.0 out of 5 stars A practical (bit boring) executive summary of AC April 16, 2003

By Hiroo Yamagata

Format:Paperback

For those of you (including myself) who were expecting an updated version of the Applied Cryptography, this book is NOT it. Based on the pre-publication blurbs here and there, I thought it may be a simple how-to book without too much theory. The book didn't turn out to be that sort of thing either.

This book is, sort of an executive summary of Applied Cryptography (AC), with some updates. It touches upon the insights that Scheneier mentioned in Secret and Lies (like crypto is the easy part and that won't solve security). It mentions some newer material, notably AES related stuff. The description is, in effect, a simplified version of AC. Also, it doesn't try to cover everything, and yes, some explanations about the practical applications are stressed slightly more than in AC.

So if you want to be practical, just go over the essential and latest stuff, this is a good book to read. But I must say that it's not as fun to read as AC. Not as many jokes, and absolutely no crazy stuff (like bio-computing and the significance of dark matters). Oh well, maybe that's what being practical means... But it doesn't give you the feeling of throughness that AC gave. Maybe this comes from my reading AC too much in detail (I actually translated the whole book into Japanese), but I think it is inherent in the book itself. In trying to cover as much ground as possible, the book hurries a lot.

So if you are in a hurry to cover just enough important stuff, get this book. And if you need some explanation on the newer stuff, get this. But I also recommend getting AC as well.

48 of 53 people found the following review helpful

5.0 out of 5 stars Concrete presentation of a difficult subject December 10, 2003

By Eric Hopper

Format:Paperback|Amazon Verified Purchase

I've read a large number of cryptography books. Very few of them come down to brass tacks. They give you a description of a few algorithms, their strengths and weaknesses, and leave it at that. Either that, or they describe in lovingly complex detail the implementation of a particular protocol, one usually so fraught with options and details that you wonder how, at the end of it, that anybody writes a conforming implementation.

Practical Cryptography does neither of these things. It presents algorithm classes, why they exist, and what the best known algorithms are in each class. It explains how the various strengths and weaknesses of algorithms in each class combine to make a cryptosystem weaker or stronger. Then it goes on to show you how to use that information to build working cryptosystems.

This book is NOT a careful discussion of the implementation details or plusses and minuses of particular algorithms. They give detailed implementation instructions and advice for some algorithms (such as RSA or Diffie-Hellman) that tend to end up being misunderstood or implemented poorly, but the main focus of the book is about putting all the information together to build a real system. This is something that I feel is sorely lacking in the field of cryptography as it stands in 2005 (when I last updated this review).

The book does have a flaw. The authors present several algorithms and techniques that they recently invented and are not 'tried-and-true'. They present good arguments as to why they're secure. But the only real test of such things is lots of peer review and real-world testing. And, since they're new, they haven't been tested in that way.

People have complained about the book's seeming schizophrenia.... On one hand, the authors are trying to show you how to build a secure cryptosystem. On the other, they're telling you how hopeless a task it is to build one that has no vulnerabilities, even if you're an expert in such things.

This can be annoying, but I more find it refreshing. Writing a secure cryptosystem is very hard. People should be aware that it is hard, and they are likely to make mistakes. It isn't something that should be attempted lightly. The current state of computer security is depressingly abysmal. People should be encouraged, as much as possible, to not contribute to the problem.

I'm not following my own advice, and I am building a new cryptosystem. I have found this book a more valuable resource than any other book on cryptography that I have yet read. Even if you aren't building your own cryptosystem, I think you will find the insights this book has into complexity and design to be useful tools in evaluating other cryptosystems. Read more ›

33 of 38 people found the following review helpful

3.0 out of 5 stars Must be used with Applied Cryptography August 20, 2004

By E. Krinker

Format:Paperback

As one other reader pointed out this book can be called Applied Cryptography Light. It is true, it gives you more theory and very little math. I did not like this book by itself since I was interested in actual implementation and i wanted to see full algorithms and math. I did end up buying Applied Cryptography and those 2 books combined provide an excellent reference. I was not able to give more than 3 stars since I did not feel i got any knowledge out of this book to be able to apply it in real life except reading: "Cryptography is hard, you might need to hire an expert..." while I want to become an expert myself one day!

26 of 30 people found the following review helpful

3.0 out of 5 stars Self contradictory and self lauding July 19, 2005

By Jean Val Jean

Format:Paperback

From the very first pages, authors emphasize the need for public algorithms and peer review. Yet, the book is full of suggestions that appear first time in the book. They even take time to give fancy names to their new proposals. It is typical to see things like "While writing this chaper we came up with this new random number generator...". Well, the authors could have used some of public scrutiny they are so fond of.

The authors are extremely biased against algorithms designed by others. For example, they bend over backwards to blow some generic weaknesses of AES out of proportions. They even add a scary story of a bored PhD student offhandedly breaking AES. I think this not only unfair but also a bit unethical to direct generic critisism to a design and then pretent it does not apply to their own.

They must be really pissed off when their own algorithm was beaten by AES in the NIST competition.

The book is useful if all you want is a light reading about security and you can manage to read it with a grain of salt.

37 of 45 people found the following review helpful

3.0 out of 5 stars Can't really recommend it May 18, 2003

By A Customer

Format:Hardcover

Well, I can't really recommend the book. It's readable enough,
but I can't figure out their target audience. Only someone actually
implementing a cryptographic system would get anything out of
this book. At the end of the book, they warn you that a good
implementation is so hard that you really should hire an
expert to do it. They also say "The world is full of of bad
security systems designed by people who have read Applied
Cryptography. Practical Cryptography is likely to have the
same effect."

They say they wrote the book as an introduction to the state
of the art ("[people] .. must learn it somewhere, and we didn't
know of any other suitable books.") Given that no one but a
programmer or mathematician would get through half the book,
it's unlikely to reach a general audience, or even the managers
who really need their advice.

The content level of the book is very uneven as well, with
general, strategic advice mixed with algorithm discussions. Yet
there's almost no nuts and bolts programming advice. They just
point you off to other sources for all of that.

They have these little "So what should I do?" sections at the
end of most chapters, but they are pretty cynical. The most
common advice amounts to "there's no way to know without analyzing
your requirements." The other comments are along the lines of
"the software industry is a mess", "the standards process is a mess",
"the patent process is a mess", "(technique X) hasn't been around
long enough to be analyzed much, is a patent minefield, or has been
broken, or nearly broken. Don't use it." And finally, that security
depends on the weakest link, which generally won't be the
cryptography anyway.... (Don't even try to do this at home!) This
may all be true, but it's not really helpful.

I don't know if you could implement a complete system from their
description of which techniques are reasonably good. If you
trusted their implementation advice, should you also trust their
overall advice, which is to leave this to the experts?

The whole thing leaves me with the impression that they are pretty
bitter about the whole field. They want people to do better on
security, but they have no expectation that they will. They want
to be listened to (and hired), but don't expect that either. The
book is mostly to say "see how complicated this is (you idiots!)?" Read more ›