What do you think?
Rate this book
Cryptography Engineering: Design Principles and Practical Applications
The ultimate guide to cryptography, updated from an author team of the world's top cryptography experts. Cryptography is vital to keeping information safe, in an era when the formula to do so becomes more and more challenging. Written by a team of world-renowned cryptography experts, this essential guide is the definitive introduction to all major areas of message security, key negotiation, and key management. You'll learn how to think like a cryptographer. You'll discover techniques for building cryptography into products from the start and you'll examine the many technical changes in the field. After a basic overview of cryptography and what it means today, this indispensable resource covers such topics as block ciphers, block modes, hash functions, encryption modes, message authentication codes, implementation issues, negotiation protocols, and more. Helpful examples and hands-on exercises enhance your understanding of the multi-faceted field of cryptography. Cryptography Engineering gets you up to speed in the ever-evolving field of cryptography.
384 pages, Paperback
First published January 1, 2010
178 people are currently reading
1522 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 23 of 23 reviews
May 11, 2015
This wasn't easy.
The math in it isn't hard, and nothing is very complex, but I lost count of the times I thought "shit, we're doing this wrong" or "this would be insane to get right". Also, I found some stuff missing, for example any other public-key system than RSA, PGP, or the XEX/XTS modes of AES (which are used a lot in storage systems).
But all in all, this seems to be the best book on the topic out there at the moment.
The math in it isn't hard, and nothing is very complex, but I lost count of the times I thought "shit, we're doing this wrong" or "this would be insane to get right". Also, I found some stuff missing, for example any other public-key system than RSA, PGP, or the XEX/XTS modes of AES (which are used a lot in storage systems).
But all in all, this seems to be the best book on the topic out there at the moment.
December 10, 2018
Excelente livro sobre criptografia e sistemas de segurança. A primeira metade, que fala muito sobre a teoria é massante, mas vale a pena ao menos tentar entender (e escanear quando ver que está pesado demais). Tendo feito isso, você consegue tirar muito mais da segunda parte, que fala sobre a parte prática: a segurança de um sistema é definida pelo seu elo mais fraco. Esse livro implanta a paranoia de sempre estar preocupado em encontrar qual é esse elo e como alguém poderia quebrá-lo.
October 8, 2017
I generally don't review "work" books that I read in the course of implementing something but this book was quite phenomenal in how it extracts very practical suggestions for building cryptographic applications. I used this in a sizable project and probably read a few chapters way more than 5 times to get all the ideas, and I'm sure this saved me many days of debugging arcane issues. I recommend everyone who may see themselves implementing cryptographic and evaluating security software to read this book. You may be surprised how useful it will turn out to be.
May 17, 2017
I find cryptography engineering a topic that is addressed mostly by either the academic publication or StackOverflow, and litter in between.
This is a very readable and clearly structured book by some authoritative authors in the fields. The must-have reference for all security engineers.
But, it desperately needs a refresh after 7 years since it was initially published.
This is a very readable and clearly structured book by some authoritative authors in the fields. The must-have reference for all security engineers.
But, it desperately needs a refresh after 7 years since it was initially published.
January 4, 2015
This is the sort of book that terrifies me at the idea of ever touching security code, but it was great for pointing out common mistakes people make when implementing clever algorithms.
March 24, 2020
The aim of this book is to introduce the reader to cryptographic concepts and the way of thinking ("professional paranoia"), rather than give a comprehensive treatment of all available techniques and protocols. In this, I would say, it is successful. The book can be understood with high school knowledge, some things are simplified that are more satisfyingly explained in other books, but this is in line with the book's stated aim of restricting to the essentials. The practicioner's persepective is emphasized frequently, in some creative exercises and chapters that point out difficulties in the actual software implementation of cryptography. A few things are missing in this book that probably would have been interesting to read about, such as PGP or elliptic curve cryptography.
August 14, 2018
Practical review of implementation considerations for cryptographic systems. It covers a broad range of technologies and the descriptions are bound to be insightful even to people who are quite experienced but still accessible to those who are not.
There are descriptions of critical algorithms like Diffie-Hellman and RSA. The mathematics are described along with techniques to validate large calculations. Many examples show how thoughtful security systems have been compromised by simple, understandable errors.
There are descriptions of critical algorithms like Diffie-Hellman and RSA. The mathematics are described along with techniques to validate large calculations. Many examples show how thoughtful security systems have been compromised by simple, understandable errors.
January 3, 2023
It's a introductory book for beginners, but it doesn't have definitions for cryptography terms it uses. It explains them using even more terms that a beginner not knows.
The authors speak in very general terms. If you don't know the subject, you won't understand completely, and if you already have some familiarity with cryptography, it won't add much.
It focus too much on basic concepts and too little on actual engineering and implementation.
It's from 2009. Most part still valid, but and some recommendations are now outdated.
The authors speak in very general terms. If you don't know the subject, you won't understand completely, and if you already have some familiarity with cryptography, it won't add much.
It focus too much on basic concepts and too little on actual engineering and implementation.
It's from 2009. Most part still valid, but and some recommendations are now outdated.
September 10, 2021
A very readable introduction to cryptography and security
I found this to be a very readable and highly enjoyable introduction. Everything is clearly explained, the math is worked out with clear commentary so it is easy to follow along and understand, and the exercises at the end of the chapters are actually fun and interesting.
I found this to be a very readable and highly enjoyable introduction. Everything is clearly explained, the math is worked out with clear commentary so it is easy to follow along and understand, and the exercises at the end of the chapters are actually fun and interesting.
March 3, 2024
When you finish it, you feel like Neo in The Matrix, only instead of “I know Kung Fu”, it is “I know cryptography”.
Except you really just know how complicated computer security really is and how amazingly hard it is to implement at all, let alone implement it well.
And the more I learn, the more amazed I am that ANYTHING works at all these days.
Except you really just know how complicated computer security really is and how amazingly hard it is to implement at all, let alone implement it well.
And the more I learn, the more amazed I am that ANYTHING works at all these days.
May 1, 2020
Very good exercises
The topic is perfectly to get a overview of the principles. It's not about the full depth and knowing all algorithms afterwards, but to know how to correctly use them and to get to know on what to look at if it comes to security.
The topic is perfectly to get a overview of the principles. It's not about the full depth and knowing all algorithms afterwards, but to know how to correctly use them and to get to know on what to look at if it comes to security.
September 13, 2020
A nice read to get the basics of cryptography and developing a security mindset. Despite its age, still accurate and relevant in most places. Written in a clear and fun way, and a reasonable amount of focus on the math parts of cryptography.
June 28, 2017
Excellent book. Many parts I already knew the basics of, but there was always something there, which I didn't.
August 17, 2017
Should be required reading for anyone implementing any form of systems, or even most people who need to work with them.
August 21, 2017
Unbelievable awesome book. It explained lot of security and cryptography stuff that I was only vaguely aware of.
May 9, 2012
The math in this book is at least at an upper division college math level. I thought the book was excellent, though I would have appreciated a chapter on gnupg, or PGP.
This book promises that it utterly will not leave the reader ready to go write good security software, but no book can do that.
The final chapter covered Standards and Patents. The standards info was quite cynical, and from my own experience also quite accurate. A bit more on patents would have been nice, as opposed to the absence of any info about patents, For example, patents play a
confounding role in the setting of standardsand one does not need to consult a lawyer to understand that.
This book promises that it utterly will not leave the reader ready to go write good security software, but no book can do that.
The final chapter covered Standards and Patents. The standards info was quite cynical, and from my own experience also quite accurate. A bit more on patents would have been nice, as opposed to the absence of any info about patents, For example, patents play a
confounding role in the setting of standardsand one does not need to consult a lawyer to understand that.
December 15, 2015
Every software developer should read this book. If for no other reason, then read it for the constant reminders of how easy is it to screw up security. As the authors say, develop professional paranoia!
September 13, 2015
أول كتاب حاسوبي أقرأه بشكل كامل. 3> ب_ب
الكتاب ممتع مرة بالنسبة لي وأستفدت منه كثير مع أنه كثير من المفاهيم الي فيه درستها من قبل بمادة أمن المعلومات بالجامعة.
أتفق مع تفكير الكاتب جدًا من ناحية الوسوسة أصلا كذا طبيعة تفكيري بالمجمل، بس من ناحية التطبيق بحياتي غالبا لا.
الكتاب ممتع مرة بالنسبة لي وأستفدت منه كثير مع أنه كثير من المفاهيم الي فيه درستها من قبل بمادة أمن المعلومات بالجامعة.
أتفق مع تفكير الكاتب جدًا من ناحية الوسوسة أصلا كذا طبيعة تفكيري بالمجمل، بس من ناحية التطبيق بحياتي غالبا لا.
August 12, 2012
Extremely informative and practical.
May 12, 2016
Really good book on the concepts of software security. It's easy to read and easy to understand. The only hard part is implementing the principles it talks about.
February 1, 2016
Nice overview of cryptography.
February 8, 2020
Really nice and accessible, explains the principles in a clear way and the narrative style is unusually interesting for its kind.
January 18, 2018
This is a low level in the nitty gritty type of book. The math was at certain points overwhelming. However, I still learned a lot and I think this will be one of those books I return to again and again to get deeper with each read.
Displaying 1 - 23 of 23 reviews