## Book Review: Everyday Cryptography 56

benrothke writes

While the book notes that almost no prior knowledge of mathematics is required since the book deliberately avoids the details of the mathematical techniques underpinning cryptographic mechanisms. That might be a bit of a misnomer as the book does get into the mathematics of cryptography. While the mathematics in the book is not overwhelming, they are certainly not underwhelming. For those that want a deeper look, the book includes an appendix for many of the mathematical concepts detailed in the book.*"When Bruce Schneier first published*Read below for the rest of Ben's review.*Applied Cryptography*in 1994, it was a watershed event, given that is was one of the first comprehensive texts on the topic that existed outside of the military. In the nearly 20 years since the book came out, a lot has changed in the world of encryption and cryptography. A number of books have been written to fill that gap and*Everyday Cryptography: Fundamental Principles and Applications*is one of them. While the title may give the impression that this is an introductory text; that is not the case. Author Keith Martin is the director of the information security group at Royal Holloway, a division of the University of London, and the book is meant for information security professionals in addition to being used as a main reference for a principles of cryptography course. The book is also a great reference for those studying for the CISSP exam."Everyday Cryptography: Fundamental Principles and Applications | |

author | Keith M. Martin |

pages | 592 |

publisher | Oxford University Press |

rating | 9/10 |

reviewer | Ben Rothke |

ISBN | 978-0199695591 |

summary | Excellent fundamental text on essentials of cryptography |

Two benefits of the book are that it stresses practical aspects of cryptography and real-world scenarios. The mathematics detailed avoids number throaty with a focus on practicability. It also shows how cryptography is used as the underlying technology behind information security, rather than simply focusing on the abstracts of the potential of cryptography.

With that, the books 13 (made up of 4 parts) chapters provide a comprehensive overview of the theory and practice around all as aspects of contemporary cryptography. Each of the chapters end with a summary, detailed lists of items for further reading, and sets of penetration questions that challenge the reader. Readers are advised to spend time on these questions as it is often easy for the reader to feel that they understand the material. The questions can quickly humble the reader and show them that it may not be the case.

Part 1 is titled Setting the Scene and provides a comprehensive introduction to the fundamental of cryptography. Chapter 1 (freely available here) details the basic principles about cryptography and provides a high-level introduction.

Chapter 2 provides a good overview of the history of cryptography. It details a number of obsolete, yet historically relevant ciphers, such as the Vigenère cipher from the 1500's, to the Playfair cipher from the mid-1800's and others. Martin provides a good overview of the cryptanalysis of the Vigenère cipher and lessons learned from it.

Chapters 4-9 comprise part 2, and provide a thorough overview of the various forms of encryption (symmetric and asymmetric) and digital signatures. This section gets into some of the deeper mathematics of cryptography. While the author states that almost no prior knowledge of mathematics is needed; those without a background will surely be confused by some of the material.

Chapter 7 closes with a good overview of the relationship between digital signatures and handwritten signatures. The author notes the importance of resisting any temptation to consider digital signatures as a direct electronic equivalent of handwritten signatures. He then provides a detailed outline of the environmental, security, practical and flexibility differences between them.

Key management is one of the most important aspects of cryptography and often the most difficult to execute on. Part of the difficulty around key management is at the user level, with key updates, passphrase management and more. Ultimately, effective key management is essential to the underlying security of the crypto system. The 2 chapters in part 3 provide a thorough synopsis of the fundamentals of key management.

Part 4 closes the book with two chapters on practical cryptographic applications. Chapter 12 details how cryptography can be used on the internet, secure payment cards, video broadcasting and more.

The book concludes with an appendix on the mathematics of cryptography, which takes a look at the basic mathematical concepts the underlie some of the material in the book.

This book is not for the fainthearted and is not an introductory text on the topic. It is meant for the advanced reader or someone taking a college level course. For such a reader serious about a significant overview of the essentials on the topic,

*Everyday Cryptography: Fundamental Principles and Applications*is an excellent reference.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.

You can purchase

*Everyday Cryptography: Fundamental Principles and Applications*from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

## Re:The mathematics avoids number throaty?? (Score:4, Informative)

It means he should have gotten a third party to help proof his review.

## A very good teacher (Score:5, Informative)

I haven't read the book, but I studied cryptography under Professor Keith Martin at RHUL. He was never anything but encouraging of my attempts to design cryptographic protocols. On one occasion I was trying to invent a new symmetric key exchange protocol, reducing the trust required in the trusted third party. He gave me some good pointers, but did observe that the protocol required in the assignment was, by definition, supposed to be a *trusted* third party protocol. Nevertheless, he allowed me to work some of the ideas out a bit more. It was a lot of fun (but a terrible protocol!).

Anyway, I must get a copy of this book. It it's anything at all like his teaching it will be money well spent.