Many cryptographic schemes and protocols, especially those based on public-keycryptography, have basic or so-called "textbook crypto" versions, as these versionsare usually the subjects for many textbooks on cryptography. This book takes adifferent approach to introducing cryptography: it pays much more attention tofit-for-application aspects of cryptography. It explains why "textbook crypto" isonly good in an ideal world where data are random and bad guys behave nicely.It reveals the general unfitness of "textbook crypto" for the real world by demonstratingnumerous attacks on such schemes, protocols and systems under variousreal-world application scenarios. This book chooses to introduce a set of practicalcryptographic schemes, protocols and systems, many of them standards or de factoones, studies them closely, explains their working principles, discusses their practicalusages, and examines their strong (i.e., fit-for-application) security properties, oftenwith security evidence formally established. The book also includes self-containedtheoretical background material that is the foundation for modern cryptography.

Average Customer Review: ( 11 customer reviews )
Write an online review and share your thoughts with other customers.

The focus of this book is the correct design of cryptographic protocols that resist attack. This is in contrast to books like Applied Cryptography, which focuses on the tools and the building blocks used to construct systems, glossing over how to use those things together to build strong systems. While the innards of block ciphers and so on can be interesting, Schneier himself is prone to saying something along the lines of, "The world is filled with insecure systems built by people who read Applied Cryptography". That is, in order to build secure systems with cryptography, one should understand how to use cryptographic tools properly. We do not need to know how the tools themselves work... we can take it for granted as long as we understand their behavior.

It must be said that the average person shouldn't be designing their own cryptographic protocols, either. One of the things this book does well is demonstrate the large number of non-intuitive ways in which cryptographic protocols can go wrong. For example, the chapters on authentication schemes demonstrate a large number of schemes authored by reputable cryptographers that turned out to have significant weaknesses.

For the above reason, this probably isn't a text that needs to be on everybody's desk. I would say it is essential for anyone who wants to understand why protocol design is so hard, and it is also valuable to the few people who will go on to build new protocols, particularly graduate students in cryptography.

Here's what I like about the book:
- Cryptography is a rapidly evolving field, and this book is quite up to date, covering AES and other recent protocols. This is quite in contrast to books like Applied Cryptography, which is painfully out of date.

- The text is pretty lucid, staying away from arcane mathematical symbols when possible, and explaining them well when not. While it's a bit more math-y and not quite as fun to read as Applied Cryptography, it is nearly as good in this respect, and the content is far better.

- It's the first book I've seen to do a good job covering the state of the art in provable security techniques. It introduces fairly recent provable security models, and does so in a way that it doesn't take a mathematician to understand.

- Its coverage of topics is great, particularly in that it spends much time examining real-world protocols such as SSL/TLS, SSH and Kerberos.

If you are in the target audience for this book, you won't regret buying it. Even at the $54.99 list price (which is what I paid, sadly), you shouldn't feel even remotely cheated, particularly considering the fact that there are shorter books with only a fraction of the content that cost a lot more.

23 of 27 found the following review helpful:

Good reference, poorly editedMay 19, 2004
By Zeph Grunschlag "cryptomathic"
What's great about Mao's book is that so many aspects of cryptography are covered in an approachable manner and with many good examples.
What's not so great about Mao's book is that it is chock full of errors. There are many mathematical typos. But what really kills this book for me are the ridiculous number of English mistakes - on average about two or three per page. Most mistakes are simple grammatical mistakes that can be re-parsed by the reader on the fly. However, there are more serious errors that make it very difficult to understand the meaning of significant passages and concepts.
Given Mao's refreshing conversational style it's a real shame that Prentice Hall couldn't come up with some decent editing. Hopefully a second edition will fix this.

10 of 11 found the following review helpful:

It's a College TextBookNov 23, 2004
By Hugh K. Boyd
It's a pretty good one too, but it's still a college text. The orientation of this book is far more theoretical than practical, complete with abstract mathematical notation that sometimes does more to confuse than to elucidate (although the author, to his credit, includes a glossary of mathematical notation early in the text). Still, the book is complete and up-to-date, covering everything from probability theory and number theory through the latest stuff on PKI, symmetric crypto (including AES), and authentication.

Cryptography is not an easy subject, and this book will take a while to wade through for all but the most mathematically astute readers. Nonetheless, for those wanting a "deep dive" into the theoretical underpinnings of the subject, this is a good book. Security practitioners will likely find Schneier's "Applied Cryptography" an easier, more enjoyable, and equally beneficial read, although it is due for an update.

7 of 8 found the following review helpful:

A great guide to the state of the art in cryptographySep 16, 2003

This is an excellent guide to the state of the art of modern cyptography. Its unique style will benefit a very wide audience: security practitioners are given an insight into cryptographic theory while theoreticians can learn valuable lessons about what goes on in practice.

In the early chapters excellent examples are given to motivate security considerations that feature later. Also, the necessary mathematical background is provided in a very accessible manner.

The book covers many of the latest important developments in cryptography including the Advanced Encryption Standard, identity -based encryption and provable security.

4 of 4 found the following review helpful:

A nice book on recent years' results in cryptoSep 11, 2003
By Feng Bao
An excellent book on crypto, concentrating more on the principle behind the modern crypto than just description of the algorithms. Many recent results are included. I would encourage all my PhD students to have it.

See all 11 customer reviews on Amazon.com