Cryptography Engineering spells out the difference between good and bad cryptography in great detail.
***** Cryptography Engineering: Design Principles and Practical Applications. By Niels Ferguson et al; published by John Wiley & Sons, Inc., www.wiley.com; 384 pages; $55.
Good cryptography can ensure that your data is readable only to authorized parties. The danger of bad cryptography is a false sense of data security. The line between the two is exceptionally thin, and the difference between the two is spelled out in great detail in this text.
The first edition of coauthor Bruce Schneier’s Applied Cryptography came out in 1994. What was revolutionary then, and launched a new generation of security mavens, is now obsolete in many parts. Cryptography Engineering is a much-needed update. While not as detailed as the former work, and with significantly fewer code examples, the new text is still a valuable resource for anyone who wants to come up to speed on the essentials of modern cryptography.
The book covers the major uses of cryptography today, namely messaging security and the other fundamental areas including key management, block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and much more.
The three authors bring many decades of unique experience on the topic to the book. Their goal is to get the reader to think like a cryptographer, and the book does a great job of that. It is rich in real-world examples, and each chapter ends with a number of exercises to take the theoretical ideas and put them into practice.
While billed as an introductory text on the subject, Cryptography Engineering is not for the fainthearted. Anyone intrigued by the topic and with the time to dedicate to the matter will find the book worth their while.
Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), is a senior security consultant with BT Global Services.