Cryptography Decrypted

Product Description
(Pearson Education) A tutorial in digital cryptography, for readers at any level of experience. Requires no technical or mathematical expertise, but does include appendices for those who have it. Topics covered include public and private keys, hashes and message digests, cryptographic attacks, and digital signatures. Softcover. DLC: Computer security. … More >>

Cryptography Decrypted

5 replies
  1. Linda Zarate says:

    This book clearly explains the foundation of cryptography, numbers, and the techniques that have emerged to provide modern security technologies. The book starts with Part I, that sets the context by introducing terms and the basics, including ciphers, data encryption standard (DES) and secret keys. The authors did a remarkable job by making complex concepts easy to understand. The next two parts go into more detail about public keys and digital certificates. While these are relatively simple to learn on the surface, the details have always eluded me until I read this book because more papers and books on the subject get too deep into details too fast and assume knowledge of advanced math on the part of the reader. Not so this book – the authors make it easy through clear writing, illustrations that illuminate the textual descriptions and a knack for explaining the complex in simple and easily digestible chunks.

    I especially liked Part IV, which covers secure electronic commerce because it covered the full spectrum of technologies and the information is immediately useful to all IT and security professionals. Like in the first three parts of this book I came away with a complete understanding of how everything works.

    This book epitomizes clear writing. Moreover, it is simply amazing how much knowledge can be relatively painlessly gained from reading this book. Although I am sure the authors intended to make the inner workings of cryptography accessible to non-security professionals (which they unquestionably accomplished), they also set a standard of excellence in technical writing by producing a book that is, in my opinion, near perfect in its ability to seamlessly use lively prose and well thought out illustrations to convey highly technical information. If you need to learn cryptography but are challenged by the math and the impenetratable writing of other books on the subject, start with this one.
    Rating: 5 / 5

  2. Ben Rothke says:

    Technology is so full of acronyms and vernacular that many computer books have glossaries that are as thick as novellas. Fortunately, books such as Cryptography Decrypted: A Pictorial Introduction to Digital Security provide a good, largely jargon-free introduction to an often arcane subject.

    Cryptography is one of the central components of information security. Without it, much that we take for granted, such as e-commerce and confidential e-mail, would be impossible. Cryptography has four main components: confidentiality (information can’t be understood by anyone for whom it is not intended); integrity (information can’t be altered in storage or transit without the alteration being detected); nonrepudiation (the sender can’t later deny having created or sent a message); and authentication (the sender and receiver can confirm each other’s identity and the origin and destination of the information). Each of these basics is discussed.

    The meat of the book is divided into four parts: secret key cryptography, public key cryptography, key distribution, and real-world systems. Numerous illustrations clarify difficult concepts, such as hash functions.

    This is one of the better introductions to contemporary cryptography, covering all the major topics in a user-friendly manner. While no mathematical background is required, readers will be surprised by how many mathematical concepts will become familiar by the end of the book.

    While no novella, Cryptography Decrypted still captures the reader’s attention. It is useful for any security professional needing to understand encryption, especially computer security specialists.

    This review of mine originally appeared at…
    Rating: 5 / 5

  3. Mike Tarrani says:

    The primary audience for this book is anyone who has to quickly get up-to-speed in security infrastructure and cryptology. If you are working in health care and are overwhelmed with the technical requirements imposed by the Health Insurance Portability and Accountability Act (HIPAA), then you are going to love this book. If you are involved in e-commerce you will definitely find this book essential reading and the key to understanding the underpinnings of web and e-commerce security.

    There is another audience for this book: technical writers. The authors set the highest standards in document design, clear writing and integration of prose and illustration. They have managed to explain a complex, difficult subject easy to understand.

    Part I of the book lays the foundation by explaining the basics: defining terms, the evolution of ciphers and how they worked, and the fundamentals of the data encryption standard (DES) and secret keys. I found this part of the book to be fascinating because the authors used easy-to-follow examples that were augmented by visual depictions of how everything works. For example, a quick explanation of Polybius square numbers and how to transpose them to diffuse a cipher was not only something completely new to me, but was something I was able to thoroughly understand after reading less than three pages of this book! I am sure that a professional cryptographer would find this material basic. I found it empowering because I began to see a larger picture of this obscure science unfold while learning some interesting numerical manipulation techniques. For the first time I really understood this stuff to the degree that I could explain it to non-technical people. The authors also used historical anecdotes to make the subject interesting. Some of the highlights of this part of the book include transposition ciphers, diffusion and confusion strategies, and the frank discussion of DES in its various forms (double, triple), and its strengths and vulnerabilities.

    In parts II and III the book thoroughly covers public keys and digital certificates – two topics that you cannot avoid if you are among the primary audience of this book. If you carefully read these sections you will come away with a good grasp of public keys and how they work, digital certificates and how they fit into the scheme of things and message digest mechanics. In fact, you will be able to hold your own in conversations with security experts when discussing these topics. If you are struggling with HIPAA requirements and the thousands of pages of associated documentation you will be armed to fully understand the issues and factors.

    Part IV addresses technologies that support secure electronic commerce: secure e-mail, secure socket layer (SSL)/transport layer security (TLS) and IP security. Like sections II and III, these highly technical, complex technologies are explained in an incredibly clear manner. As in the previous sections I learned a lot and came away with a strong understanding. What I really liked about this section is the chapter on cryptographic gotchas – it covered some common attacks and how to safeguard against them. I also enjoyed the treatment of smart cards and their particular vulnerabilities.

    I love this book for a number of reasons. First, the authors know their subject. More importantly they have produced a book that epitomizes how to communicate highly technical subjects to not-so-technical people. Finally, this book is remarkably error-free considering the copious use of numeric examples. The author’s web site has a single entry for errata! If you need to quickly get up-to-speed on HIPAA or e-commerce security then this book is the best place to start. If you are a technical writer and want to see how it *should* be done get this book even if you do not care about cryptography or security.
    Rating: 5 / 5

  4. Richard Bejtlich says:

    I am a senior engineer for managed network security operations. I administer systems which use cryptographic tools and processes (SSH, IPSec VPNs, etc.) and have seen cryptography hinder my network-based intrusion detection activities. I read this book to gain basic familiarity with the nuts and bolts of cryptography. I wanted a lively text which addressed modern issues, since computer books can be quickly overtaken by technological advances. This book delivers at all levels and belongs on every computer security professional’s bookshelf.

    I thoroughly enjoyed this book. It was energetic, clear, well-organized, fully illustrated, and comprehensive. I believe it’s THE book to read if you want an introduction to one of the major enablers of modern computing. Furthermore, because the book’s goal is to explain the foundations of both secret and public key cryptography, it should stay relevant for many years.

    “Cryptography Decrypted” does not spare any effort to ensure the reader understands the subject. Concepts are clarified and reinforced through text and diagrams on nearly every page. The authors know many readers are not attracted to mathematics, so they move the “heavy lifting” to an appendix. Even then, for readers willing to apply a little effort, the appendix is understandable and enlightening. At every stage of writing this book, the authors must have remembered to keep the non-cryptographer reader in mind. Kudos to their editors for keeping them on track!

    The only disappointment was the book’s failure to mention the Secure Shell (SSH). Because the authors believed it important to discusses popular implementations of cryptography (IPSec, SSL, PGP), I had hoped that SSH would be included. Most every UNIX sys admin is familiar with SSH, and might have enjoyed learning more about the guts of this indispensable tool.

    I don’t often give 5 star reviews; only 3 of my last 10 merited that rating. I give the highest marks to books which impress, educate, and entertain. “Cryptography Decrypted” delivers. If you have an interest in cryptography, read this book!

    (Disclaimer: I received my review copy free from the publisher.)
    Rating: 5 / 5

  5. Marc W Light CMA, CISSP, MCDBA MCSE, CCNA says:

    Very well done book. Bravo to the authors for using normal english and plenty of illustrations. The purpose of educational books should be to impart knowledge and facilitate understanding with little effort. This book does it well. Don’t let the size of this book fool you. It has plenty of in-depth information. Before reading this book, I could never understand what MOD meant. Now, using my Windows Calculator, I am as good as the best Cryptologists. :^ )
    Rating: 5 / 5

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.