- Amazon Student members save an additional 10% on Textbooks with promo code TEXTBOOK10. Enter code TEXTBOOK10 at checkout. Here's how (restrictions apply)
Practical Cryptography Paperback – Apr 17 2003
Special Offers and Product Promotions
Customers Who Bought This Item Also Bought
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
To get the free app, enter your e-mail address or mobile phone number.
"...the insight into the world of security that is offered here makes for an interesting read...any readers who are responsible for network and data security will find plenty of valuable pointers..." (PC Utilities, June 2003)
"...absolutely brilliantly written.... I loved the chapters on PKI...a must read!..." (Information Security Bulletin, July 2003)--This text refers to an out of print or unavailable edition of this title.
From the Back Cover
Two of the worlds top experts in cryptography teach you how to secure your digital future
In todays world, security is a top concern for businesses worldwide. Without a secure computer system, you dont make money, you dont expand, andbottom lineyou dont survive. Cryptography holds great promise as the technology to provide security in cyberspace. Amazingly enough, no literature exists about how to implement cryptography and how to incorporate it into real-world systems. With Practical Cryptography, an author team of international renown provides you with the first hands-on cryptographic product implementation guide, bridging the gap between cryptographic theory and real-world cryptographic applications.
This follow-up guide to the bestselling Applied Cryptography dives in and explains the how-to of cryptography. Youll find discussions on:
- Practical rules for choosing and using cryptographic primitives, from block ciphers to digital signatures
- Implementing cryptographic algorithms and systems in a secure way on todays computers
- A consistent design philosophy to ensure that every part of the system achieves the required security level
- Why security affects every part of the system, and why it has to be a primary goal of the project
- How simple interfaces for cryptographic primitives reduce system complexity and increase system security
Inside This Book(Learn More)
What Other Items Do Customers Buy After Viewing This Item?
Top Customer Reviews
With that, Practical Cryptography is a superb text for anyone needing to know the core details of cryptography, but don't want to be bogged down with theoretical and abstract cryptographic ideas.
Where Applied Cryptography is a reference, Practical Cryptography is meant to be a narrative. The book follows the design of a secure cryptographic system from its algorithm selection, design philosophy, analysis, debugging and implementation.
The implementation aspect is crucial, as while there are many books available on the theory of cryptography, there is amazingly little about its practical implementation. While Practical Cryptography is a much easier read than Applied Cryptography, it is primarily geared for the applications
While Practical Cryptography is not as technical as its older brother Applied Cryptography, it is still not a For Dummies type of book. The average reader will likely find most of the book far too abstract for their needs. But for those that are looking for a practical and usable book about implementing cryptography, this is the definitive reference.
To quote: "one of the reasons for writing this book: to get other people to understand the insidious nature of security, and how important is to do it right."
The whole point of the book is to show how would the authors have built an encryption system if everything's to be done right. This means secure communication channel, key negotiation, random number generation and public key encryption. Basically what you have in this book is a blueprint for the best possible crypto system.
The authors describe a few cryptographic primitives, like block ciphers and hash functions, but not a whole lot and nothing in details. The authors just pick one of each (explaining exactly why the one they picked is the best) and stick with it throughout the book.
The book has surprisingly little math, if any. No details of any existing protocol in particular.
A lot of (literally dozens) attacks described, at any point, on any part, and for each a cure is proposed or "no cure possible" conclusion is made. Pretty informative.
Lots of advises, some more technical, some more philosophical. Lots of auxiliary info, like patents on crypto, dancing pigs :), implementation notes etc. Some chapters are about a dozen pages long. A touch, but it makes you think.
Oh, and it describes Mr. Schneier's new Yarrow random generator, and what's more - a shiny new extension to it called Fortuna. Fascinating stuff if you ask me.
There are some minor downsides too.
First, the pseudocode which is used for describing algorithms is strikingly bad.Read more ›
but I can't figure out their target audience. Only someone actually
implementing a cryptographic system would get anything out of
this book. At the end of the book, they warn you that a good
implementation is so hard that you really should hire an
expert to do it. They also say "The world is full of of bad
security systems designed by people who have read Applied
Cryptography. Practical Cryptography is likely to have the
They say they wrote the book as an introduction to the state
of the art ("[people] .. must learn it somewhere, and we didn't
know of any other suitable books.") Given that no one but a
programmer or mathematician would get through half the book,
it's unlikely to reach a general audience, or even the managers
who really need their advice.
The content level of the book is very uneven as well, with
general, strategic advice mixed with algorithm discussions. Yet
there's almost no nuts and bolts programming advice. They just
point you off to other sources for all of that.
They have these little "So what should I do?" sections at the
end of most chapters, but they are pretty cynical. The most
common advice amounts to "there's no way to know without analyzing
your requirements." The other comments are along the lines of
"the software industry is a mess", "the standards process is a mess",
"the patent process is a mess", "(technique X) hasn't been around
long enough to be analyzed much, is a patent minefield, or has been
broken, or nearly broken. Don't use it." And finally, that security
depends on the weakest link, which generally won't be the
cryptography anyway.Read more ›
Until page 149, when I read the following: "We can give you advice on how to write good cryptographic code...specifically, don't use C or C++". I looked for emoticons or signs of a subtle humour, but couldn't find them. Better get Linus to dust off his JDK then. :-) They have a point, but the book's title is surely a misnomer. Unfortunately this style of advice is pretty symptomatic of much of the book.
Like Burnett's "Cryptography" in the RSA Security series, this book takes a comprehensive but high level approach. I think this is the wrong way to entice curious engineers. The authors lack Burnett's enthusiasm, setting a dismal backdrop in which good security is impossible, and at times appear very condescending.
The highlight of this book is the advice that the authors give on choosing symmetric algorithms - for example they like AES for its 256 bit key size, but don't like its 128 bit block size. Some of their thoughts place them in a cryptographic minority, but their rationale for these thoughts are well worth reading, almost enlightening.
They emphasize that cryptographic algorithms need close and lengthy scrutiny by their peers and warn the reader against new and untested designs. And then present in great length, without warnings about misuse, their new and unscrutinized PRNG Fortuna.
The final chapter of the book runs along the lines of "we've told you this stuff, but you're going to get it really wrong, so just use an expert".Read more ›
Most recent customer reviews
The authors spend far too much time preaching that cryptography is only a small (albeit important) part of security. This is not a new revelation. Read morePublished on Dec 23 2003
I've read a large number of cryptography books. Very few of them come down to brass tacks. They give you a description of a few algorithms, their strengths and weaknesses, and... Read morePublished on Dec 10 2003 by Eric Hopper
If Bruce Schneier has acquired a habit, it is the ability to take the same old material and rehash it into different books, year after year. Read morePublished on Nov. 13 2003
If you liked Applied Cryptography, but were turned off by all the math, get this book.
It is Applied Cryptography Light. Read more
The combination Schneier - Ferguson invites to travel the basic aspects of the cryptography and inclusive it proposes the best queries of what one has learned and we should learn... Read morePublished on July 31 2003 by Roberto Carlos Ramirez Caicedo
If you want an honest and extremely realistic analysis of security and encryption in general, this is the book for you. Read morePublished on May 31 2003 by Ben Lane Hodson
I preordered and my copied arrived end of last week... the first two chapters alone are worth the price of the book. Read morePublished on April 22 2003 by Jeremey L. Barrett
I appreciate the authors trying to get people to "do it right" by not offering a range of options. But, at the same time, there's not enough flexibility built into this book for... Read morePublished on April 22 2003
Look for similar items by category
- Books > Computers & Technology > Computer Science
- Books > Computers & Technology > History & Culture > Privacy
- Books > Computers & Technology > Networking & Cloud Computing > Internet, Groupware, & Telecommunications
- Books > Computers & Technology > Networking & Cloud Computing > Networks, Protocols & APIs
- Books > Computers & Technology > Programming > Algorithms > Cryptography
- Books > Computers & Technology > Security & Encryption
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Textbooks