Order from a Major Online Bookstore
Ultimate Book Price Comparison Engine
Save Your Time And Money
| AnyBook4Less.com | Order from a Major Online Bookstore |
|
| Home | Store List | FAQ | Contact Us | | ||
| Ultimate Book Price Comparison Engine Save Your Time And Money |
||
 |
Title: Practical Cryptography by Niels Ferguson, Bruce Schneier ISBN: 0-471-22357-3 Publisher: John Wiley & Sons Pub. Date: 28 March, 2003 Format: Paperback Volumes: 1 List Price(USD): $50.00 |
Average Customer Rating: 3.83 (12 reviews)
Rating: 3
Summary: Can't really recommend it
Comment: Well, I can't really recommend the book. It's readable enough,
but I can't figure out their target audience. Only someone actually
implementing a cryptographic system would get anything out of
this book. At the end of the book, they warn you that a good
implementation is so hard that you really should hire an
expert to do it. They also say "The world is full of of bad
security systems designed by people who have read Applied
Cryptography. Practical Cryptography is likely to have the
same effect."
They say they wrote the book as an introduction to the state
of the art ("[people] .. must learn it somewhere, and we didn't
know of any other suitable books.") Given that no one but a
programmer or mathematician would get through half the book,
it's unlikely to reach a general audience, or even the managers
who really need their advice.
The content level of the book is very uneven as well, with
general, strategic advice mixed with algorithm discussions. Yet
there's almost no nuts and bolts programming advice. They just
point you off to other sources for all of that.
They have these little "So what should I do?" sections at the
end of most chapters, but they are pretty cynical. The most
common advice amounts to "there's no way to know without analyzing
your requirements." The other comments are along the lines of
"the software industry is a mess", "the standards process is a mess",
"the patent process is a mess", "(technique X) hasn't been around
long enough to be analyzed much, is a patent minefield, or has been
broken, or nearly broken. Don't use it." And finally, that security
depends on the weakest link, which generally won't be the
cryptography anyway. (Don't even try to do this at home!) This
may all be true, but it's not really helpful.
I don't know if you could implement a complete system from their
description of which techniques are reasonably good. If you
trusted their implementation advice, should you also trust their
overall advice, which is to leave this to the experts?
The whole thing leaves me with the impression that they are pretty
bitter about the whole field. They want people to do better on
security, but they have no expectation that they will. They want
to be listened to (and hired), but don't expect that either. The
book is mostly to say "see how complicated this is (you idiots!)?"
Rating: 4
Summary: A practical (bit boring) executive summary of AC
Comment: For those of you (including myself) who were expecting an updated version of the Applied Cryptography, this book is NOT it. Based on the pre-publication blurbs here and there, I thought it may be a simple how-to book without too much theory. The book didn't turn out to be that sort of thing either.
This book is, sort of an executive summary of Applied Cryptography (AC), with some updates. It touches upon the insights that Scheneier mentioned in Secret and Lies (like crypto is the easy part and that won't solve security). It mentions some newer material, notably AES related stuff. The description is, in effect, a simplified version of AC. Also, it doesn't try to cover everything, and yes, some explanations about the practical applications are stressed slightly more than in AC.
So if you want to be practical, just go over the essential and latest stuff, this is a good book to read. But I must say that it's not as fun to read as AC. Not as many jokes, and absolutely no crazy stuff (like bio-computing and the significance of dark matters). Oh well, maybe that's what being practical means... But it doesn't give you the feeling of throughness that AC gave. Maybe this comes from my reading AC too much in detail (I actually translated the whole book into Japanese), but I think it is inherent in the book itself. In trying to cover as much ground as possible, the book hurries a lot.
So if you are in a hurry to cover just enough important stuff, get this book. And if you need some explanation on the newer stuff, get this. But I also recommend getting AC as well.
Rating: 5
Summary: Concrete presentation of a difficult subject
Comment: I've read a large number of cryptography books. Very few of them come down to brass tacks. They give you a description of a few algorithms, their strengths and weaknesses, and leave it at that. Either that, or they describe in lovingly complex detail the implementation of a particular protocol, one usually so fraught with options and details that you wonder how, at the end of it, that anybody writes a conforming implementation.
Practical Cryptography does neither of these things. It presents algorithm classes, why they exist, and what the best known algorithms are in each class. It explains how the various strengths and weaknesses of algorithms in each class combine to make a cryptosystem weaker or stronger. Then it goes on to show you how to use that information to build working cryptosystems.
People have complained about the book's seeming schizophrenia. On one hand, the authors are trying to show you how to build a secure cryptosystem. On the other, they're telling you how hopeless a task it is to build one that has no vulnerabilities, even if you're an expert in such things.
This can be annoying, but I more find it refreshing. Writing a secure cryptosystem is very hard. People should be aware that it is hard, and they are likely to make mistakes. It isn't something that should be attempted lightly. The current state of computer security is depressingly abysmal. People should be encouraged, as much as possible, to not contribute to the problem.
I'm not following my own advice, and I am building a new cryptosystem. I have found this book a more valuable resource than any other book on cryptography that I have yet read. Even if you aren't building your own cryptosystem, I think you will find the insights this book has into complexity and design to be useful tools in evaluating other cryptosystems.
 |
Title: Beyond Fear by Bruce Schneier ISBN: 0387026207 Publisher: Copernicus Books Pub. Date: 28 July, 2003 List Price(USD): $25.00 |
 |
Title: Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition by Bruce Schneier ISBN: 0471117099 Publisher: John Wiley & Sons Pub. Date: 18 October, 1995 List Price(USD): $60.00 |
 |
Title: Secrets and Lies : Digital Security in a Networked World by Bruce Schneier ISBN: 0471253111 Publisher: John Wiley & Sons Pub. Date: 14 August, 2000 List Price(USD): $29.99 |
 |
Title: The Art of Deception: Controlling the Human Element of Security by Kevin D. Mitnick, William L. Simon, Steve Wozniak ISBN: 0471237124 Publisher: John Wiley & Sons Pub. Date: 04 October, 2002 List Price(USD): $27.50 |
 |
Title: Modern Cryptography: Theory and Practice by Wenbo Mao ISBN: 0130669431 Publisher: Prentice Hall PTR Pub. Date: 25 July, 2003 List Price(USD): $54.99 |
Thank you for visiting www.AnyBook4Less.com and enjoy your savings!
Copyright� 2001-2021 Send your comments
