Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: Everyday Cryptography

samzenpus posted about 2 years ago | from the read-all-about-it dept.

Encryption 56

benrothke writes "When Bruce Schneier first published Applied Cryptography in 1994, it was a watershed event, given that is was one of the first comprehensive texts on the topic that existed outside of the military. In the nearly 20 years since the book came out, a lot has changed in the world of encryption and cryptography. A number of books have been written to fill that gap and Everyday Cryptography: Fundamental Principles and Applications is one of them. While the title may give the impression that this is an introductory text; that is not the case. Author Keith Martin is the director of the information security group at Royal Holloway, a division of the University of London, and the book is meant for information security professionals in addition to being used as a main reference for a principles of cryptography course. The book is also a great reference for those studying for the CISSP exam." Read below for the rest of Ben's review.While the book notes that almost no prior knowledge of mathematics is required since the book deliberately avoids the details of the mathematical techniques underpinning cryptographic mechanisms. That might be a bit of a misnomer as the book does get into the mathematics of cryptography. While the mathematics in the book is not overwhelming, they are certainly not underwhelming. For those that want a deeper look, the book includes an appendix for many of the mathematical concepts detailed in the book.

Two benefits of the book are that it stresses practical aspects of cryptography and real-world scenarios. The mathematics detailed avoids number throaty with a focus on practicability. It also shows how cryptography is used as the underlying technology behind information security, rather than simply focusing on the abstracts of the potential of cryptography.

With that, the books 13 (made up of 4 parts) chapters provide a comprehensive overview of the theory and practice around all as aspects of contemporary cryptography. Each of the chapters end with a summary, detailed lists of items for further reading, and sets of penetration questions that challenge the reader. Readers are advised to spend time on these questions as it is often easy for the reader to feel that they understand the material. The questions can quickly humble the reader and show them that it may not be the case.

Part 1 is titled Setting the Scene and provides a comprehensive introduction to the fundamental of cryptography. Chapter 1 (freely available here) details the basic principles about cryptography and provides a high-level introduction.

Chapter 2 provides a good overview of the history of cryptography. It details a number of obsolete, yet historically relevant ciphers, such as the Vigenère cipher from the 1500's, to the Playfair cipher from the mid-1800's and others. Martin provides a good overview of the cryptanalysis of the Vigenère cipher and lessons learned from it.

Chapters 4-9 comprise part 2, and provide a thorough overview of the various forms of encryption (symmetric and asymmetric) and digital signatures. This section gets into some of the deeper mathematics of cryptography. While the author states that almost no prior knowledge of mathematics is needed; those without a background will surely be confused by some of the material.

Chapter 7 closes with a good overview of the relationship between digital signatures and handwritten signatures. The author notes the importance of resisting any temptation to consider digital signatures as a direct electronic equivalent of handwritten signatures. He then provides a detailed outline of the environmental, security, practical and flexibility differences between them.

Key management is one of the most important aspects of cryptography and often the most difficult to execute on. Part of the difficulty around key management is at the user level, with key updates, passphrase management and more. Ultimately, effective key management is essential to the underlying security of the crypto system. The 2 chapters in part 3 provide a thorough synopsis of the fundamentals of key management.

Part 4 closes the book with two chapters on practical cryptographic applications. Chapter 12 details how cryptography can be used on the internet, secure payment cards, video broadcasting and more.

The book concludes with an appendix on the mathematics of cryptography, which takes a look at the basic mathematical concepts the underlie some of the material in the book.

This book is not for the fainthearted and is not an introductory text on the topic. It is meant for the advanced reader or someone taking a college level course. For such a reader serious about a significant overview of the essentials on the topic, Everyday Cryptography: Fundamental Principles and Applications is an excellent reference.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase Everyday Cryptography: Fundamental Principles and Applications from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

56 comments

Sorry! There are no comments related to the filter you selected.

Frist Psot (-1)

Anonymous Coward | about 2 years ago | (#41661135)

Frist Psot

Re:Frist Psot (-1, Offtopic)

Sulphur (1548251) | about 2 years ago | (#41661263)

Frist Psot

How do you decode that?

Re:Frist Psot (1)

Quiet_Desperation (858215) | about 2 years ago | (#41662049)

It's a simple three way substitution cipher.

F maps to I. r maps to a. i maps to m. Advance the next key, s now maps to a. t amps to m. P maps to o. Advance the next key. s maps to r. o maps back to o (tricky!) and t maps to n.

Everyday book reviewing (1)

Anonymous Coward | about 2 years ago | (#41661149)

While the book notes that almost no prior knowledge of mathematics is required since the book deliberately avoids the details of the mathematical techniques underpinning cryptographic mechanisms. That might be a bit of a misnomer as the book does get into the mathematics of cryptography

While the review makes no claim as to the reviewer's grasp of the English language. That might be a blatantly obvious conclusion as it is nigh unreadable.

Re:Everyday book reviewing (1)

HairyNevus (992803) | about 2 years ago | (#41661201)

I guess it's true; everyone's a critic.

Re:Everyday book reviewing (0)

Anonymous Coward | about 2 years ago | (#41661371)

Trim yer EARS!!! Trim 'EM!!!

Re:Everyday book reviewing (0)

Anonymous Coward | about 2 years ago | (#41661361)

What shocked me is that the review's author is also a book author himself... I guess someone has to keep the copy editors busy.

Re:Everyday book reviewing (1)

rubikscubejunkie (2664793) | about 2 years ago | (#41661603)

everyone makes mistakes.....

Re:Everyday book reviewing (1)

localman57 (1340533) | about 2 years ago | (#41661727)

True. That's why those of us with sense reread something with our real name on it a couple of times before pressing post. Slashdot's big enough that this review will likely be in the first couple of pages of results when you google his name.

Re:Everyday book reviewing (1)

rubikscubejunkie (2664793) | about 2 years ago | (#41661913)

as i said,,,,everyone makes mistakes.. this is not the NY time or s academic journal. this is slashdot. yeah, perfect grammar and spelling is great....but let's not fool ourselves. Does the audience here really want that?

Re:Everyday book reviewing (0)

Anonymous Coward | about 2 years ago | (#41662403)

it's been cross-posted [rsaconference.com] and advertised on the reviewer's twitter account.

the review really is a shameful piece of work and it's not just spelling and grammar. he gives no solid reason whatsoever why this book is better (or even significantly different from) the 1996 edition of applied cryptography, which he mentions in the introduction. here are the topics he presents: historical ciphers; modern symmetric/asymmetric encryption; key management; and a few applications shoved into the last chapter.

apart from the applications, none of these things have fundamentally changed since 1996. sure, the book might have more up-to-date details but, oh, that's right, the review doesn't mention it either way. there are supposedly-difficult (note: this is completely subjective) questions, and some "mathematics" in an appendix (not a good sign). there is no comment on technical details at all.

Re:Everyday book reviewing (0)

Anonymous Coward | about 2 years ago | (#41662867)

>>>>shameful

shameful? a little overdramatic...no?

Re:Everyday book reviewing (0)

Anonymous Coward | about 2 years ago | (#41664195)

no. if i were a published writer, i would feel rightly ashamed of writing this piece of drek "review." i can only imagine what his book is like.

Re:Everyday book reviewing (2)

jeffmeden (135043) | about 2 years ago | (#41662951)

it's been cross-posted [rsaconference.com] and advertised on the reviewer's twitter account.

the review really is a shameful piece of work and it's not just spelling and grammar. he gives no solid reason whatsoever why this book is better (or even significantly different from) the 1996 edition of applied cryptography, which he mentions in the introduction. here are the topics he presents: historical ciphers; modern symmetric/asymmetric encryption; key management; and a few applications shoved into the last chapter.

apart from the applications, none of these things have fundamentally changed since 1996. sure, the book might have more up-to-date details but, oh, that's right, the review doesn't mention it either way. there are supposedly-difficult (note: this is completely subjective) questions, and some "mathematics" in an appendix (not a good sign). there is no comment on technical details at all.

And never mind the similarity between this and the Schneier book Practical Cryptography (which would seem like a much more relevant comparison...)

Re:Everyday book reviewing (3, Insightful)

Baloroth (2370816) | about 2 years ago | (#41661583)

Seriously, this review reads like something I might have written in middle school. All the sentences are short and factual with abrupt endings and poor transitions, composed into overly short paragraphs. It's more like the outline notes for a review than a review itself. In fact, I think it might be, since there isn't any actual "review" at all, just a list of "he says x at point y."

And I'm not even going to touch the "number throaty" he appears to be glad the author avoided.

Re:Everyday book reviewing (3, Funny)

localman57 (1340533) | about 2 years ago | (#41661759)

If he had written it in middle school, it would have ended:

Want to find out if the cryptanalysts ever broke Vigenère's cipher? Then read the book!

Re:Everyday book reviewing (2)

clintp (5169) | about 2 years ago | (#41662713)

If he had written it in middle school, it would have ended:

Want to find out if the cryptanalysts ever broke Vigenère's cipher? Then read the book!

"Cryptography is a land of contrasts."

Re:Everyday book reviewing (0)

Anonymous Coward | about 2 years ago | (#41661795)

And a new Internet meme is born.

Re:Everyday book reviewing (0)

Anonymous Coward | about 2 years ago | (#41663413)

Your book report should include:
- for whom the book is written
- two benefits of the book
- a one or two sentence summary of each chapter
- a concluding statement

Re:Everyday book reviewing (2)

Chrisq (894406) | about 2 years ago | (#41666393)

While the book notes that almost no prior knowledge of mathematics is required since the book deliberately avoids the details of the mathematical techniques underpinning cryptographic mechanisms. That might be a bit of a misnomer as the book does get into the mathematics of cryptography

While the review makes no claim as to the reviewer's grasp of the English language. That might be a blatantly obvious conclusion as it is nigh unreadable.

No he's just demonstrating how something can be encrypted without mathematics

The mathematics avoids number throaty?? (1)

neminem (561346) | about 2 years ago | (#41661239)

What the frack does that even mean?

Re:The mathematics avoids number throaty?? (3, Informative)

crazyjj (2598719) | about 2 years ago | (#41661277)

It means he should have gotten a third party to help proof his review.

Re:The mathematics avoids number throaty?? (2)

jeffmeden (135043) | about 2 years ago | (#41661409)

It means he should have gotten a third party to help proof his review.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You would think he would know one or two...

Re:The mathematics avoids number throaty?? (3, Interesting)

localman57 (1340533) | about 2 years ago | (#41661635)

The Amazon reviews are a bit of a riot:

One can read this book in a short time, and I think doing so is a good idea for those of us who use computers, especially at work. ”

This is a great book to give to every corporate user who quickly needs to come up to seeped on what they need to do.

Re:The mathematics avoids number throaty?? (1)

rubikscubejunkie (2664793) | about 2 years ago | (#41662133)

u have a URL for that? too funny. could not find those commetns for this book.

Re:The mathematics avoids number throaty?? (1)

localman57 (1340533) | about 2 years ago | (#41662397)

Bottom of the review. Talking about Rothke's book, not the one reviewed in the article.

Re:The mathematics avoids number throaty?? (0)

Anonymous Coward | about 2 years ago | (#41662905)

goes to show that online book reviews don't do a good job of spell checking.

Re:The mathematics avoids number throaty?? (1)

rubikscubejunkie (2664793) | about 2 years ago | (#41667791)

Not sure what people expect from online reviews. If the want perfect reviews, let them pay for a subscription to the New York Times. If not, free review here, Amazon, BN, etc. But you get what you pay for.

Re:The mathematics avoids number throaty?? (2)

IamTheRealMike (537420) | about 2 years ago | (#41663581)

OMG. Undoing moderation in this thread to post more gems from those reviews:

5.0 out of 5 stars. A *must* for Iall computer users! ... Companies should be buying this book by the boxload. It will save them a world of aggravation.

If a company wishes to survive in the current environment where predators of all types are everywhere, then they must protect their assets. It only takes one mistake to open the protective dikes and let a person with malicious intent to gain access to important company information ..... The twenty points presented are unquestionably those that would be in everyone's top twenty list of actions that the standard employee should perform ..... Given the recent virus and terrorist threats, government mandated rules for privacy, and the exponential increase in Internet usage, computer security is rapidly becoming the most serious and dangerous issue faced by many businesses. The solution is to educate all employees in the basics of computer security, which can be done using this book as a resource.

I think we know that there are constant threats to our computer systems. Confidential information can be grabbed from us, and computer viruses can slow down or stop processing, as well as introduce plenty of unwanted material. As Ben Rothke explains, that means that we need to use great caution in downloading (or even "upgrading") software. By the way, you may want to be really careful when you log into any system. Some systems keep track of your login name and this record may be accessable by all sorts of people. If you accidentally type in your password instead of your login name, you really ought to change that password.

Each topic is covered in a double-page spread with about 400 words. That's actually quite a lot for an awareness booklet meaning that some employees may need `gentle persuasion' to read it.

Each chapter is short and to the point. Exactly what a end-user needs. We got 25 copies and saw immediacy in the benefits.

Best guess on "throaty" (2)

Zontar_Thing_From_Ve (949321) | about 2 years ago | (#41661425)

My best guess is he meant "number theory" and made a typo that got spell corrected about as badly as it could be.

Re:Best guess on "throaty" (1)

Stavr0 (35032) | about 2 years ago | (#41661733)

"Damn you autocorrect!"

Re:The mathematics avoids number throaty?? (1)

Stavr0 (35032) | about 2 years ago | (#41661465)

Motormouthing?
Verbiage?

In any case, 'some strange usage of the word "throaty" that I wasn't previously aware of'.

Re:The mathematics avoids number throaty?? (1)

rubikscubejunkie (2664793) | about 2 years ago | (#41661537)

theory...... you know MS Word always confuses theory and throaty :)

Re:The mathematics avoids number throaty?? (0)

Anonymous Coward | about 2 years ago | (#41662919)

It could be a number recently discovered that exists between the number thirty and forty but mathematicians are not quite sure where it fits yet and cryptographers refuse to acknowledge until that has been determined. I'm sure that's it.

Re:The mathematics avoids number throaty?? (2)

N Monkey (313423) | about 2 years ago | (#41666303)

The mathematics avoids number throaty??

What the frack does that even mean?

It means that the mathematics isn't too deep. 8P

Packt! (0)

Anonymous Coward | about 2 years ago | (#41661259)

But how does this apply to Drupal and/or Drush?

Pffft (0)

Anonymous Coward | about 2 years ago | (#41661387)

What a boring and niche topic. Write about something important like Drupal. I'll wait for him to write 'Everyday Drupal' book and then I'll care.

Re:Pffft (1)

rubikscubejunkie (2664793) | about 2 years ago | (#41661649)

boring, yes. niche...no!!! crypto is the foundation of e-commerce, banking, and more. w/o crypto, there would be none of that.

Re:Pffft (0)

Anonymous Coward | about 2 years ago | (#41661921)

*facepalm*

Are you really so daft?

Spoiler Alert (2, Funny)

Anonymous Coward | about 2 years ago | (#41661441)

Some examples of "Everyday Cryptography":

C24ECA6EBF46867514A111761CC08 - compare at $3.88!

E589967E4C2CCFA1888AD29C16CB - compare at $4.77!

1904ECB28EF98C7FB11715226452E - compare at $2.93!

F7B098C3998C58B36D9ABE8DB653 - compare at $4.13!

8C9721A45F3FB355DCB56F2EED86 - compare at $6.32!

Re:Spoiler Alert (0)

Anonymous Coward | about 2 years ago | (#41661671)

ROFLMAO! Thanks! I needed that...

You know you want to decode it (2)

Quiet_Desperation (858215) | about 2 years ago | (#41662137)

Message: bka mtn lke lwp hga me

Key: pfrbeoxqasthnmlyjkigdwcvzu

Re:You know you want to decode it (1)

localman57 (1340533) | about 2 years ago | (#41662417)

"Be sure to drink your Ovaltine"? What the fuck does that mean?

Re:You know you want to decode it (0)

Anonymous Coward | about 2 years ago | (#41662839)

it means you've found the REAL cyphertext...

Re:You know you want to decode it (0)

Anonymous Coward | about 2 years ago | (#41662883)

Wow. You don't get out much, do ya? I'll give you a hint: yrots a samtsirhc

Re:You know you want to decode it (0)

Anonymous Coward | about 2 years ago | (#41662939)

I was going to mock the guy, but I wasn't going to assume an American Christian.

However, it's the second thing Google finds with just "be sure". That deserves mocking.

Re:You know you want to decode it (1)

retchdog (1319261) | about 2 years ago | (#41665685)

a christmas story is an almost, if not completely, secular piece of americana.

Re:You know you want to decode it (0)

Anonymous Coward | about 2 years ago | (#41671795)

Sure, but still Americana. And having seen it doesn't mean a person would remember every quote from it.

Re:You know you want to decode it (0)

Anonymous Coward | about 2 years ago | (#41662555)

Message: bka mtn lke lwp hga me

Key: pfrbeoxqasthnmlyjkigdwcvzu

MORE ovaltine? Its all I drink already!

A very good teacher (5, Informative)

mattpalmer1086 (707360) | about 2 years ago | (#41664271)

I haven't read the book, but I studied cryptography under Professor Keith Martin at RHUL. He was never anything but encouraging of my attempts to design cryptographic protocols. On one occasion I was trying to invent a new symmetric key exchange protocol, reducing the trust required in the trusted third party. He gave me some good pointers, but did observe that the protocol required in the assignment was, by definition, supposed to be a *trusted* third party protocol. Nevertheless, he allowed me to work some of the ideas out a bit more. It was a lot of fun (but a terrible protocol!).

Anyway, I must get a copy of this book. It it's anything at all like his teaching it will be money well spent.

Re:A very good teacher (0)

Anonymous Coward | about 2 years ago | (#41665487)

OTOH I once bought a short book on security by Ben Rothke after he posted another review here and incidentally plugged his book. It was only $6, which made it one of the cheapest books on computers sold by Amazon, so I figured what could I lose? Answer: six bucks. It was like a long elementary article on computer security for dummies you can find on the web, a complete waste of time and money.

Ben: I've got issues over that purchase.

Re:A very good teacher (0)

Anonymous Coward | about 2 years ago | (#41665711)

>>>It was only $6, which made it one of the cheapest books on computers sold by Amazon,

Amazon has over 50,000 ebooks for 99 cents.

There are millions of used books for under a dollar.

So it certainly was not the cheapest.

Re:A very good teacher (0)

Anonymous Coward | about 2 years ago | (#41667349)

An anonymous coward is upset about a $6.00 purchase....what has life come to.

Re:A very good teacher (0)

Anonymous Coward | about 2 years ago | (#41665693)

Very cool. I always enjoyed professors who were like that.

Additional reading (1)

tbid18 (2495686) | about 2 years ago | (#41670993)

I'd also recommend Introduction to Modern Cryptography [amazon.com] , for those interested in the subject. I've had to use it for a class, and though cryptography is pretty complex (at least for me, anyway), this book does a great job at presenting the material.

Re:Additional reading (1)

rubikscubejunkie (2664793) | about 2 years ago | (#41672731)

Seems like a good book also, but more more focused on the advanced user.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>