Cryptography Decrypted

Cryptography is one of the central components of information security. Without it, much that we take for granted, such as e-commerce and confidential e-mail, would be impossible. Cryptography has four main components: confidentiality (information can't be understood by anyone for whom it is not intended); integrity (information can't be altered in storage or transit without the alteration being detected); nonrepudiation (the sender can't later deny having created or sent a message); and authentication (the sender and receiver can confirm each other's identity and the origin and destination of the information). Each of these basics is discussed.

The meat of the book is divided into four parts: secret key cryptography, public key cryptography, key distribution, and real-world systems. Numerous illustrations clarify difficult concepts, such as hash functions.

This is one of the better introductions to contemporary cryptography, covering all the major topics in a user-friendly manner. While no mathematical background is required, readers will be surprised by how many mathematical concepts will become familiar by the end of the book.

While no novella, Cryptography Decrypted still captures the reader's attention. It is useful for any security professional needing to understand encryption, especially computer security specialists.

This review of mine originally appeared at...

Rating:
Summary: The best one for beginners
Review: Thank you Mel&Baker. A perfect book for the beginners.

Rating:
Summary: Cryptographic Review by a Simple-Minded Internet User
Review: The catchy title for this book fits the authors' entire presentation of the development and evolution of cryptography. The authors have provided an extensive and comprehensive look at cryptography. They have provided simple and easy to understand discussions of the subject matter,and interspersed it with many interesting historical facts. This book provides the functional details surrounding security, and its software technological advances. Cryptology is the foundation to making the Internet as secure as possible. As a software engineer, I never understood how cryptological software actually worked behind the scenes with our Government E-Commerce software application. This book finally made this technology succinctly clear to me. Cryptography is not only used by engineers, average Internet users use cryptographic software when they access and interact with many Internet sites. Consequently, this book could help the everyday Internet user understand how the sites they access are made secure through cryptography. If you want to truly understand what is happening with security in the ever-changing technological world, you must read this book!

Rating:
Summary: Excellent for HIPAA and e-commerce security - top writing
Review: The primary audience for this book is anyone who has to quickly get up-to-speed in security infrastructure and cryptology. If you are working in health care and are overwhelmed with the technical requirements imposed by the Health Insurance Portability and Accountability Act (HIPAA), then you are going to love this book. If you are involved in e-commerce you will definitely find this book essential reading and the key to understanding the underpinnings of web and e-commerce security.

There is another audience for this book: technical writers. The authors set the highest standards in document design, clear writing and integration of prose and illustration. They have managed to explain a complex, difficult subject easy to understand.

Part I of the book lays the foundation by explaining the basics: defining terms, the evolution of ciphers and how they worked, and the fundamentals of the data encryption standard (DES) and secret keys. I found this part of the book to be fascinating because the authors used easy-to-follow examples that were augmented by visual depictions of how everything works. For example, a quick explanation of Polybius square numbers and how to transpose them to diffuse a cipher was not only something completely new to me, but was something I was able to thoroughly understand after reading less than three pages of this book! I am sure that a professional cryptographer would find this material basic. I found it empowering because I began to see a larger picture of this obscure science unfold while learning some interesting numerical manipulation techniques. For the first time I really understood this stuff to the degree that I could explain it to non-technical people. The authors also used historical anecdotes to make the subject interesting. Some of the highlights of this part of the book include transposition ciphers, diffusion and confusion strategies, and the frank discussion of DES in its various forms (double, triple), and its strengths and vulnerabilities.

In parts II and III the book thoroughly covers public keys and digital certificates - two topics that you cannot avoid if you are among the primary audience of this book. If you carefully read these sections you will come away with a good grasp of public keys and how they work, digital certificates and how they fit into the scheme of things and message digest mechanics. In fact, you will be able to hold your own in conversations with security experts when discussing these topics. If you are struggling with HIPAA requirements and the thousands of pages of associated documentation you will be armed to fully understand the issues and factors.

Part IV addresses technologies that support secure electronic commerce: secure e-mail, secure socket layer (SSL)/transport layer security (TLS) and IP security. Like sections II and III, these highly technical, complex technologies are explained in an incredibly clear manner. As in the previous sections I learned a lot and came away with a strong understanding. What I really liked about this section is the chapter on cryptographic gotchas - it covered some common attacks and how to safeguard against them. I also enjoyed the treatment of smart cards and their particular vulnerabilities.

I love this book for a number of reasons. First, the authors know their subject. More importantly they have produced a book that epitomizes how to communicate highly technical subjects to not-so-technical people. Finally, this book is remarkably error-free considering the copious use of numeric examples. The author's web site has a single entry for errata! If you need to quickly get up-to-speed on HIPAA or e-commerce security then this book is the best place to start. If you are a technical writer and want to see how it *should* be done get this book even if you do not care about cryptography or security.

Rating:
Summary: The best introductory book bar none
Review: This book clearly explains the foundation of cryptography, numbers, and the techniques that have emerged to provide modern security technologies. The book starts with Part I, that sets the context by introducing terms and the basics, including ciphers, data encryption standard (DES) and secret keys. The authors did a remarkable job by making complex concepts easy to understand. The next two parts go into more detail about public keys and digital certificates. While these are relatively simple to learn on the surface, the details have always eluded me until I read this book because more papers and books on the subject get too deep into details too fast and assume knowledge of advanced math on the part of the reader. Not so this book - the authors make it easy through clear writing, illustrations that illuminate the textual descriptions and a knack for explaining the complex in simple and easily digestible chunks.

I especially liked Part IV, which covers secure electronic commerce because it covered the full spectrum of technologies and the information is immediately useful to all IT and security professionals. Like in the first three parts of this book I came away with a complete understanding of how everything works.

This book epitomizes clear writing. Moreover, it is simply amazing how much knowledge can be relatively painlessly gained from reading this book. Although I am sure the authors intended to make the inner workings of cryptography accessible to non-security professionals (which they unquestionably accomplished), they also set a standard of excellence in technical writing by producing a book that is, in my opinion, near perfect in its ability to seamlessly use lively prose and well thought out illustrations to convey highly technical information. If you need to learn cryptography but are challenged by the math and the impenetratable writing of other books on the subject, start with this one.

Rating:
Summary: One of the best cryptography book
Review: This book definitely is a good start in cryptography. It is easy to understand and cover so many areas, i.e. Digital Signature, IPSec, SSL... It translates difficult concepts into simple English!!! Two thumbs up !!

Rating:
Summary: Great book for everyone
Review: This book explains basic of cryptography in plain English.
Everyone can understand how cryptography works.
If you don't know anything about it, then you gotta read this.

Rating:
Summary: An easy-understood book
Review: This book is fantastic...Simple and clear... A must-read book for beginner....Also, a good material for teaching.

Rating:
Summary: excellent explanation of cryptography and it's uses
Review: This is a nice book that makes apparently elliptical subjects clear enough for the average person to understand. It shows you how cryptography works and its limitations. It also shows you how daunting a task it is to try to secure communications.
A must read for anyone who wants to understand the fundamentals without getting a brain fog.