Joined: 18 Apr 2002
Location: Kuala Lumpur, Malaysia
|Posted: Sun Sep 28, 2003 11:12 pm Post subject: Book Review - Cryptography Decrypted: A Pictorial Intro
Cryptography Decrypted: A Pictorial Introduction to Digital Security
Author: H.X. Mel and Doris Baker
Publisher: Addison Wesley
Book Specifications: Soft-Cover, 352 Pages
Category: Introduction to Cryptography
User Level: No prior knowledge required
Suggested Publisher Price: $29.95 USA/ $44.95 CAN/ £22.99 Net UK (inc of VAT)
Amazon.co.uk: Cryptography Decrypted
Amazon.com: Cryptography Decrypted
Info from Back: "Cryptography Decrypted shows you how to safeguard digital possessions. It is a clear, comprehensive, and practical guide to the essentials of computer cryptography, from Caesar's Cipher through modern-day public key. Cryptographic capabilities like detecting imposters and stopping eavesdropping are thoroughly illustrated with easy-to-understand analogies, visuals, and historical sidebars"
I was interested in this book as Cryptography is probably my weakest area in the realm of computer security and is fast becoming an important part. Every day we use cryptographic methods in some way, SSL for secure web transactions, encrypted VPN's, SSH, PGP and many more such technologies are already familiar to people. The fact is though these methods are transparent, people use them but have no understanding of what is going on or the history and security of the algorithms or ciphers they are using.
I have some brief experience with cryptography, I mean I've looked at Pigpens, Caesar, Vigenere, transposition, substitution and a few others bits. I've partaken and set some simple crypto challenges that can be found on this board, have read a good book on VPN's and have a vague idea about stuff like DES/AES/Blowfish and so on. For me cryptography has always been one of those mystical areas full of crazy geniuses and people with Ph.D's in Maths theory, quite a scary place! Thoughts like this are often reinforced by watching such films as "A Beautiful Mind".
This book is covering a specific area, however this is an area I believe everyone involved in computers on a professional level should be competent in. No prior knowledge is required to read this book and it doesn't require a degree in mathematics to understand it.
The book is split into 4 main parts as below:
There is a short foreword by John Kinyon, a preface and an introduction. The foreword just gives a little information about cryptography in general and the authors, the preface explains the book more in depth, the target audience and how to read it (if you want to skip the esoteric details which chapters to miss and if you are already familiar with some concepts which chapters to miss). The introduction gives a brief overview of which chapters you would be able to skip and a little about the visual Keys used during the book.
- Secret Key Cryptography
- Public Key Cryptography
- Key Distribution
- Real World Systems
Outline of chapters
This is not a complete chapter list, a full contents listing can be found HERE.
- Locks & Keys
- Substitution and Caesar's Cipher
- Secret Key Assurance
- Pioneering Public Key
- Digital Certificates
- PGP and Web of Trust
- Secure E-mail
- SSL and TLS
You can find some sample chapters here: http://www.hxmel.com/Chapters/sample.htm
At the start of each part there is a small piece leading you into the section and an outline of what each chapter covers. There are LOTS of diagrams and pictorial explanations, which help introduce basics concepts such as keys (combination padlock for example) and other things. All terms used are well defined such as cryptography, cryptographer, cryptanalyst, cipher, encrypt and so on. There are notes in the margins showing which terms are being defined and giving little titbits of info.
There are grey boxes throughout the book containing little histories of various things, or simple expansions of topics not thoroughly covered such as One Time Pads or frequency analysis. The boxes are useful, make the book more readable and interesting as they contain interesting anecdotes about people such as Edgar Allen Poe and Vigenere.
The book does skip over a few things (complex cryptanalysis attacks, some of the deeper mathematical concepts and so on), but they are as stated beyond the scope of this text. It does however cover most common aspects in enough depth for you to feel comfortable about them. The Appendixes contain some fairly intense mathematics including inverses, prime numbers, modular maths, exponential identities, Fermat test, Euclidian Algorithm and so on.
Future algorithms and the future of cryptography are also discussed as well at current trends, current methods and the history of cryptography. I didn't find anything glaring missing, perhaps a little more on cryptanalysis would have interested me but to be honest I think that deserves a book to itself.
Style and Detail
Every section is well explained with plenty of diagrams during the introduction, Bob and Alice are present all the way through as always and there is a consistent visual and textual style running through the book. The diagrams are well made and really do help in understanding some complicated topics such as the problems with secret key exchanges and trust networks. The history and introduction section is well done, engaging and very interesting to read although some things such as Pigpens were missed out.
I did learn a lot from this book, especially the inner workings of cryptography and some of the more complex mathematical concepts. It also gave me a great overview of everything currently used on the Internet and in general for secure communication. Generally things are laid out very logically with an introduction to a system or subject, how it works, its weaknesses and how to overcome any flaws.
Unusually for this kind of book, it also covers practical applications very well such as PGP, IPSec, PKI and SSL with examples and screenshots where relevant. The style of writing is quite informal and easy to read, it flows well from chapter to chapter, doesn't assume or patronise whilst retaining a good level of detail and technical information.
This book covers a very broad range and as it states itself, is not aimed at any particular audience and therefore aims for them all. One audience however it is not aimed at is hardcore cryptographers or crypto coders. If you are already deep into crypto there won't particularly be anything new for you here. If you have dabbled a little in cryptography and have a base understanding of the concepts like me, then I would thoroughly recommend this book.
Even if you've never even looked at crypto but feel it's something you should be comfortable with or something you've always been interested in but never ventured into I would also recommend this book. It's good for beginners up to intermediate but not advanced. For this audience I consider this book excellent and a fascinating read, highly recommended for every computer professional.
I give it a recommended SFDC 9/10
This review is copyright 2003 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Last edited by ShaolinTiger on Sun Jan 18, 2004 8:47 pm; edited 1 time in total