The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site
Add your own book

Book details of 'Practical Cryptography'

Cover of Practical Cryptography
TitlePractical Cryptography
Author(s)Niels Ferguson, Bruce Schneier
ISBN0471223573
LanguageEnglish
PublishedMarch 2003
PublisherJohn Wiley & Sons
Web links for this book
Search at Bookcrossing.com
Wikipedia booksources
Shop for this book
At Amazon.com
At Amazon.co.uk

Back to shelf Privacy
Amazon.com info for Practical Cryptography

Score:

Vote for this book

The Virtual Bookcase Reviews of 'Practical Cryptography':

Reviewer Rob Slade wrote:
The preface points out that cryptography has done more harm than good in terms of securing information systems, not because cryptography fails in and of itself, but, rather, due to the improper use or implementation of the technology. This book is intended to provide concrete advice to those designing and implementing cryptographic systems. As such, it is not the usual introduction to cryptography, and is aimed at a fairly limited group. Chapter one asserts that we should be engineering for security, rather than speed or bells and whistles. Security is only as strong as the weakest link, we are told in chapter two, and (following from the idea of defence in depth) we need to have engineering in depth (and probably breadth, as well). The issues are important, but there is some lack of clarity to the organization and flow of the text and arguments: the reader may start to wonder what the essence of the message is. (I see that I should have trademarked "professional paranoia" when I started using it years ago, but it is nice to note that the point is being taken.) Chapter three is a rather unusual "Introduction to Cryptography" (and the mathematical format of the text doesn't make it easier for the math-phobic to concentrate on the meaning), but focussing on the applications and problems, the cryptanalytic attacks, and repeating the injunctions against complexity and the sacrifice of security for performance is a reasonable position. Having come this far, it is interesting to note that we are only starting part one, reviewing message security. Chapter four compares and reviews various existing block ciphers. The modes, and attacks against specific modes, of block algorithms are described in chapter five. (This material appears to be what would, in a more traditional book, be the introduction to cryptography.) Hash functions are explained, compared, and assessed in chapter six, while seven extends the concept to message authentication codes, which ensure not only detection of accidental alteration, but are also resistant to outsider modification attacks on the data or transmission. We therefore have the basic tools that we need to consider a channel that is secure from eavesdropping and manipulation by anyone not party to the communications, in chapter eight. Implementation, and the engineering or software development considerations, are examined in chapter nine. Part two deals with key negotiation, partly by introducing the concept of asymmetric (more commonly, if less accurately, referred to as "public key") cryptography, the major strength of which involves the handling of keys. Chapter ten raises the issue of randomness, which is vital in the choice of keys, and also talks about the components of the Fortuna system for generating pseudo-random numbers. Prime numbers are explained in chapter eleven, due to their importance in asymmetric cryptography. The venerable Diffie-Hellman algorithm is reviewed, along with the math that makes it work, in chapter twelve. (If you want to follow the material all the way, you'll have to be good at mathematics, but the discussion, while interesting, is not vital to the use of the system.) A similar job is done on RSA in chapter thirteen. Chapter fourteen is entitled an "Introduction to Cryptographic Protocols" but really talks about trust, risk, and more requirements for the secure channel. The high level design of a key negotiation protocol is incrementally developed in chapter fifteen. Implementation issues specific to asymmetric systems are reviewed in chapter sixteen. Part three looks at key management, and various approaches to the problem. Chapter seventeen discusses the use, and risks of using, clocks and time in cryptosystems. The idea of the key server is illustrated by Kerberos in chapter eighteen, but almost no detail is included. A quick introduction to PKI (Public Key Infrastructure) is given in chapter nineteen, followed by a philosophical review of other considerations in twenty, and additional practical concerns in twenty one. (While the division is not unreasonable, these three could, without seriously distorting the book, have been one big chapter.) Storing secrets, important for key and password reliability, is contemplated in chapter twenty two. Part four contains miscellaneous topics, including the futility of standards (twenty three), the questionable utility of patents (twenty four), and the need for involving real experts (twenty five). As noted, this book is not simply another introduction to cryptography. The content is for those involved in the guts of a cryptosystem, and the material provides significant guidance for the concerns of people in that position. copyright Robert M. Slade, 2003
Add my review for Practical Cryptography

Book description:

Security is the number one concern for businesses worldwide. The gold standard for attaining security is cryptography because it provides the most reliable tools for storing or transmitting digital information. Written by Niels Ferguson, lead cryptographer for Counterpane, Bruce Schneier's security company, and Bruce Schneier himself, this is the much anticipated follow-up book to Schneier's seminal encyclopedic reference, Applied Cryptography, Second Edition (0-471-11709-9), which has sold more than 150,000 copies. Niels Ferguson (Amsterdam, Netherlands) is a cryptographic engineer and consultant at Counterpane Internet Security. He has extensive experience in the creation and design of security algorithms, protocols, and multinational security infrastructures. Previously, Ferguson was a cryptographer for DigiCash and CWI. At CWI he developed the first generation of off-line payment protocols. He has published numerous scientific papers. Bruce Schneier (Minneapolis, MN) is Founder and Chief Technical Officer at Counterpane Internet Security, a managed-security monitoring company. He is also the author of Secrets and Lies: Digital Security in a Networked World (0-471-25311-1).

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (119)
Cars and driving (53)
Cartoons (45)
Children's books (179)
Computer (475)
Computer history/fun (111)
Computer networks (382)
Computer programming (215)
Computer security (269)
Cook books (89)
Fantasy (154)
Fiction (445)
Health and body (70)
History (135)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (83)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (55)
Technology (12)
Travel guides (307)
War and weapons (29)
World Wide Web (211)
Zen (5)
Other books (88)
Mailing list
Subscribe to booktalk, the discussion list about books at The Virtual Bookcase.
Enter your e-mail address to subscribe (you will receive an e-mail to confirm your subscription):
The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail webmaster@virtualbookcase.com.
Site credits
Copyright © 2000-2008 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement