Cryptography Decrypted / Edition 1

Paperback (Print)
Rent from
(Save 75%)
Est. Return Date: 07/31/2015
Buy Used
Buy Used from
(Save 41%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $4.65
Usually ships in 1-2 business days
(Save 91%)
Other sellers (Paperback)
  • All (19) from $4.65   
  • New (9) from $39.26   
  • Used (10) from $4.65   


Fundamental security concepts like cryptography and digital signatures are becoming as much a part of our everyday lives as megabytes and the Internet. Anyone working with computer security--security professionals, network administrators, IT managers, CEOs, and CIOs--need to have a comfortable understanding of the cryptographic concepts in this book.

Cryptography Decrypted shows you how to safeguard digital possessions. It is a clear, comprehensible, and practical guide to the essentials of computer cryptography, from Caesar's Cipher through modern-day public key. Cryptographic capabilities like detecting imposters and stopping eavesdropping are thoroughly illustrated with easy-to-understand analogies, visuals, and historical sidebars.

You need little or no background in cryptography to read Cryptography Decrypted. Nor does it require technical or mathematical expertise. But for those with some understanding of the subject, this book is comprehensive enough to solidify knowledge of computer cryptography and challenge those who wish to explore the high-level math appendix.

Divided into four parts, the book explains secret keys and secret key methods like DES, public and private keys, and public key methods like RSA; how keys are distributed through digital certificates; and three real-world systems. Numerous graphics illustrate and clarify common cryptographic terminology throughout.

You will find coverage of such specific topics as:

  • Secret key and secret key exchanges
  • Public and private keys
  • Digital signatures
  • Digital certificates, Public Key Infrastructure (PKI), and PGP
  • Hashes and message digests
  • Secure e-mail, secure socket layer (SSL), and Internet Protocol Security (IPsec)
  • Protecting keys
  • Cryptographic attacks
  • Authentication, confidentiality, integrity, and nonrepudiation

"Even after ten years working in the field of information protection for a major electronics manufacturing company, I learned a lot from this book. I think you will too."

--From the Foreword by John Kinyon


Read More Show Less

Editorial Reviews

Analyzes secret key exchange problems, and describes the evolution of public key cryptography, with its solution to the key exchange problem. The authors then explain how keys are distributed through digital certificates, and show how three real-world systems<-->secure mail, secure socket layer, and Internet protocol security<-->use cryptographic keys and methods. Annotation c. Book News, Inc., Portland, OR (
Read More Show Less

Product Details

  • ISBN-13: 9780201616477
  • Publisher: Addison-Wesley
  • Publication date: 12/22/2000
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 384
  • Sales rank: 598,469
  • Product dimensions: 7.30 (w) x 9.12 (h) x 0.81 (d)

Meet the Author

H.X. Mel consults and develops computer systems for organizations such as Lucent, Xerox, MIT, the U.S. Government, Motorola, Goldman Sachs, and PricewaterhouseCoopers. Doris Baker is a freelance technical writer and editor.


Read More Show Less

Read an Excerpt

Chapter 9: Pioneering Public Key: Public Exchange of Secret Keys

Let's recap and lay the groundwork to see how a new twist on secret key distribution empowers a new form of cryptography.

Alice and Bob have developed secure secret keys.Alice encrypts her computer files and feels secure that no one can decrypt the files without her individual secret key. Alice and Bob's digital conversations use their shared secret key to authenticate each other, confidentially exchange files, and validate the integrity of the files (ensure that the files have not been altered during transit).

But as you saw in Chapter 8, sharing secret keys is difficult and expensive. Alice must either personally deliver the shared secret key to Bob or unequivocally trust a courier. Trustworthy couriers are expensive. And if Bob forgets their shared secret key, Alice must repeat the same key delivery process.

The Search for an Innovative Key Delivery Solution

The secret key delivery problem has plagued cryptographers, governments,a nd kings for thousands of years. How do you securely deliver a secret key to a confidant using insecure public lines of communication? Although the key may pass through BlackHat's hands, BlackHat must not be able to ascertain the secret key. It's a tough problem. What advantage does Bob have over BlackHat that Bob can exploit?

Developing an Innovative Secret Key Delivery Solution

While a graduate student at Berkeley in the early 1970s, Ralph Merkle devised a system that enabled people like Alice and Bob to exchange secret keys over a public line, marking the beginning of public key cryptography. Even though BlackHat is assumed to be listening to Alice and Bob's communications, Merkle envisioned a way to create a difficult, time-consuming problem for BlackHat. At the same time, Merkle's approach makes it easier for Alice and Bob to establish their shared secret key.

The goal was to create a problem that would take BlackHat a long time to solve even with the aid of a computer. Here's what Merkle devised.

First Attempt: A Database of Key/Serial Number Pairs

Suppose that Alice makes 1,000,000 new secret keys and stamps a unique serial number on each one (see Figure 9-1). Note that there's no reason to order the serial numbers. Alice keeps a database of each secret key and serial number.

If Alice then sends Bob a plaintext electronic copy of that database, he can easily pick a serial number (say, serial number 500,121) and its paired secret key (1yt8a42x35); then he calls Alice to tell her to use the secret key associated with serial number 500,121. But as Figure 9-2 shows, what's easy for Alice is also easy for the eavesdropping BlackHat. BlackHat has copied the database Alice sent to Bob—remember that it was sent over public lines—and quickly figures out the secret key. So this secret key exchange doesn 't work for Alice and Bob....

Second Attempt: An Encrypted Database of Key/Serial Number Pairs

Now suppose that Alice encrypts her serial number/secret key database and then ships the encrypted database to Bob. Alice tells Bob the encryption method she used but not the encryption key. Because Bob doesn't know Alice's encryption key,he must try all possible keys. Say it takes Bob about one hour, using his desktop computer, to find Alice's encryption key.1 After decrypting the entire database, Bob selects a secret key and tells Alice the matching serial number — say, serial number 500,121. As before, Alice knows to use secret key 1yt8a42x35 (see Figure 9-3). But, like Bob,BlackHat can also spend about an hour decrypting Alice's database, so BlackHat can also figure out that serial number 500,121 matches secret key 1yt8a42x35. We still need a method that will make BlackHat's job much tougher than Alice and Bob's job.

Merkle's Insight: Individually Encrypted Key/Serial Number Pairs

This brings us to Merkle's creative insight. As the result of this innovation, Bob’s work doesn’t change, but BlackHat's work increases dramatically. Let's see how. Previously, Alice encrypted the entire database with one secret key. But that didn't make BlackHat work longer than Bob. Now Alice sends 1,000,000 encrypted secret key/serial number pairs (see Figure 9-4).

Each secret key/serial number pair (second column, Table 9-1) is encrypted with a unique secret key (third column, Table 9-1) to make the encrypted pair (final column, Table 9-1). Alice uses a million different secret keys to encrypt the 1,000,000 individual secret key/serial number pairs. Table 9-1 shows each secret key/serial number pair encrypted with a separate key.

Bob gets 1,000,000 encrypted secret key/serial number pairs and picks one encrypted pair—say,Pair3. He spends an hour deciphering it and learns that Pair3 means secret key 1yt8a42x35 and serial number 500,121 (see Figure 9-5). As before,he tells Alice that he will encrypt with the secret key matching the serial number 500,121. Alice quickly matches the serial number to the corresponding secret key in her database.

As before, Alice and Bob assume that BlackHat is listening, has copied all 1,000,000 encrypted pairs Alice sent to Bob, and has heard Bob tell Alice to use the secret key associated with serial number 500,121.

1. Obviously, Alice does not choose a "strong" cryptographic method to encrypt her database. Recall from Chapter 4 that a strong encryption method is one in which the most practical attack is to try each possible key and there are so many possible keys that it's infeasible to try even half of them.
Read More Show Less

Table of Contents





1. Locks and Keys.

Locks and Combinations.

Defining Cryptographic Terms.

Making and Solving Puzzles.


2. Substitution and Caesar's Cipher.

Cryptanalysis of Caesar's Cipher.

Empowering the Masses.

The Importance of Separating the Method and the Key.

Adding Keys.

A Weakness of Caesar's Ciphers: The Failure to Hide Linguistic Patterns.

More Complex Substitution: Vigenere's Cipher.


3. Transposition Ciphers: Moving Around.

Patterns and Cryptanalysis.

Adding Complexity.

Computer Transposition.

Combining Substitution and Transposition.


4. Diffuse and Confuse: How Cryptographers Win the End Game.


The Polybius Cipher.

The Principle of Confusion.

Cryptographic Locks and Keys.


5. DES Isn't Strong Anymore.

The Historical Need for an Encryption Standard.

Cycling Through Computer Keys.

Double and Triple DES.

DES (and Other Block Cipher) Modes.

The Avalanche Effect.

Supplement: Binary Numbers and Computer Letters.


6. Evolution of Cryptography: Going Global.

Early Cryptography.

Commercial and Military Needs.

Entering the Computer Age.


7. Secret Key Assurances.



An Authentication Attack.

Not Really Random Numbers.


Using the MAC for Message Integrity Assurance.

Why Bother Using a Message Authentication Code?

File and MAC Compression.

Nonrepudiation: Secret Keys Can't Do It.


8. Problems with Secret Key Exchange.

The Problem and the Traditional Solution.

Using a Trusted Third Party.

Key Distribution Center and Key Recovery.

Problems with Using a Trusted Third Party.

Growth in the Number of Secret Keys.

Trust and Lifetime.



9. Pioneering Public Key: Public Exchange of Secret Keys.

The Search for an Innovative Key Delivery Solution.

Developing an Innovative Secret Key Delivery Solution.

First Attempt: A Database of Key/Serial Number Pairs.

Second Attempt: An Encrypted Database of Key/Serial Number Pairs.

Merkle's Insight: Individually Encrypted Key/Serial Number Pairs.

Black Hat's Frustrating Problem.

The Key to Public Key Technology.

A New Solution: Diffie-Hellman-Merkle Key Agreement.

Alice and Bob Openly Agree on a Secret Key.

Problems with the Diffie-Hellman Method.

Separate Encryption and Decryption Keys.


10. Confidentiality Using Public Keys.

New Twists on Old Security Issues.

Confidentiality Assurances.

Distribution of Public Keys.

Two-Way Confidentiality.


11. Making Public Keys: Math Tricks.

Alice's Easy Problem.

Grade School Math Tricks.

More Grade School Math.

Division and Remainders: Modular Math.

Modular Inverses.

Using Modular Inverses to Make a Public Key.

Putting It All Together.

Giving BlackHat a Difficult, Time-Consuming Problem.

Trapdoor to the Easy Problem.

Knapsack Cryptography.

Modulo Calculations.

Exercise: Find Which Numbers Sum to 103.


12. Creating Digital Signatures Using the Private Key.

Written and Digital Signature Assurances.

Reviewing and Comparing Authentication.

Secret Key Authentication.

Private Key Authentication 117

Authentication and Integrity Using Private and Secret Keys.

Private Key Authentication Methods.



Signing Terminology.


Assurances in Both Directions.

Summary of Public Key Assurances.

Public Key Means Public / Private Key.

Assurance Initiated.

Compressing before Signing.


13. Hashes: Non-keyed Message Digests.

Detecting Unintentional Modifications.

Detecting Intentional Modifications.

Signing the Message Digest.

Detecting BlackHat's Forgery.

Replay Attacks.

Supplement: Unsuccessfully Imitating a Message Digest.


14. Message Digest Assurances.

Two Message Digest Flavors.

Non-keyed Message Digest Assurances.


Collision Resistance.

Weak Collision Resistance.

Examples of One-way and Weak Collision Resistance.

Strong Collision Resistance.

Non-keyed Digest Implementations.

Keyed Message Digest Assurances.

A MAC Made with DES.

DES-MAC Security.

Message Digest Compression.

Digest Speed Comparisons.

Hashed MAC.


15. Comparing Secret Key, Public Key, and Message Digests.

Encryption Speed.

Key Length.

Ease of Key Distribution.

Cryptographic Assurances.

Symmetric (Secret) Key.

Asymmetric (Public) Key.



16. Digital Certificates.

Verifying a Digital Certificate.

Attacking Digital Certificates.

Attacking the Creator of the Digital Certificate.

Malicious Certificate Creator.

Attacking the Digital Certificate User.

The Most Devastating Attack.

Understanding Digital Certificates: A Familiar Comparison.

Issuer and Subject.

Issuer Authentication.

Transfer of Trust from the Issuer to the Subject.

Issuer's Limited Liability.

Time Limits.

Revoking Trust.

More than One Certificate.

Fees for Use.

The Needs of Digital Certificate Users.

Getting Your First Public Key.

Certificates Included in Your Browser.


17. X.509 Public Key Infrastructure.

Why Use X.509 Certificate Management?

What Is a Certificate Authority?

Application, Certification, and Issuance.

Certificate Revocation.

Polling and Pushing: Two CRL Delivery Models.

Building X.509 Trust Networks.

Root Certificates.

More Risks and Precautions.

Distinguished Names.

Certification Practice Statement.

X.509 Certificate Data.

Challenge Response Protocol.


18. Pretty Good Privacy and the Web of Trust.

The History of PGP.

Comparing X.509 and PGP Certificates.

Building Trust Networks.

Bob Validates Alice's Key.

Casey Validates Alice's Key Sent by Bob.

Dawn Validates Alice's Key Sent by Casey via Bob.

Web of Trust.

PGP Certificate Repositories and Revocation.

Compatibility of X.509 and PGP



E-mail Cryptographic Parameters.

Negotiation of SSL and IPsec Cryptographic Parameters.

User Initiation of Cryptographic E-mail, SSL, and Ipsec.

19. Secure E-mail.

Generic Cryptographic E-mail Messages.

Invoking Cryptographic Services.

Confidentiality and Authentication.

Choosing Services.

Positioning Services.

Deterring E-mail Viruses.


20. Secure Socket Layer and Transport.

Layer Security.

History of SSL.

Overview of an SSL Session.

An SSL Session in Detail.

Hello and Negotiate Parameters.

Key Agreement (Exchange).


Confidentiality and Integrity.

TLS Variations.

Anonymous Diffie-Hellman.

Fixed and Ephemeral Diffie-Hellman.

Comparing TLS, SSL v3, and SSL v2.

A Big Problem with SSL v2.

A Possible Problem with TLS and SSL.

Generating Shared Secrets.

Bob Authenticates Himself to AliceDotComStocks.


21. IPsec Overview.

Enhanced Security.

Key Management.

Manual Distribution.

Automated Distribution.

IPsec Part 1: User Authentication and Key Exchange Using IKE.

SSL/TLS and IPsec Key Agreement.

Security Association.


IKE Nomenclature.

Benefits of Two-Phase Key Exchange.

IPsec Part 2: Bulk Data Confidentiality and Integrity for Message or File Transport.

Protocol and Mode.

ESP Examples.

AH Examples.

Management Control.

Implementation Incompatibilities and Complications.


22. Cryptographic Gotchas.

Replay Attack.

Man-in-the-Middle Attack.

Finding Your Keys in Memory.

Does Confidentiality Imply Integrity?

Example 1.

Example 2: Cut-and-Paste Attack.

Public Key as a Cryptanalysis Tool.

Example 1: The Chosen Plaintext Attack.

Public Key Cryptographic Standards.

Example 2: The Bleichenbacher Attack.

BlackHat Uses Bob's RSA Private Key.


23. Protecting Your Keys.

Smart Cards.

Types of Smart Cards.

What's Inside a Smart Card.

Protections and Limitations.

Smart Card Attacks.



Appendix A. Public Key Mathematics (and Some Words on Random Numbers).

Appendix B. (A Few) IPsec Details.


Index. 0201616475T04062001

Read More Show Less


A Tool for Everyone

In the past, cryptography was used mainly to secure the communications of the powerful and influential, the military and royalty. But the widespread use of computers, and the attacks to which they are vulnerable, has expanded the need for secure communications around the globe. This book describes the protection afforded by modern computer cryptographic systems and explains how the pace of modern technology requires continuing attention to the security of those systems.

The advent of computers changed a great many things, but not the fundamentals of cryptography. Through stories and pictures, Cryptography Decrypted presents cryptography's evolution into a modern-day science, laying out patterns from the past that are applicable today. It also gives you a thorough understanding of terms that are destined to become as much a part of our language and life as megabyte and Internet. As you begin to think about controlling various aspects of your life using wired or wireless communication, on line all the time, your understanding of cryptography--its benefits and its pitfalls--will make you feel a little more in control of a rapidly changing world.

Because rapid advances in the speed of hardware will continue to threaten the security of current cryptographic methods, it's essential that you choose appropriate techniques and perform ongoing assessment if you want to maintain your digital security. You can make such choices and assessments only if you know the basic concepts of cryptography. Cryptography Decrypted offers you that knowledge through visual representation of difficult concepts, an easy-to-use reference for reviewing key cryptographic terminology, and instructive historical information.

You need little or no background in cryptography to read this book. Neither does it require technical or math genius. It's designed so that anyone from CIOs to self-taught computer enthusiasts--and everyone in between--can pick up this book without any knowledge of encryption and find it fascinating, understandable, and instructive.

If you have some understanding of computer cryptography, Cryptography Decrypted is systematic and comprehensive enough to solidify your knowledge. It provides a simple description of the component parts of secret key and public key cryptography. (Those who already understand and don't wish to cover any more material about secret key cryptography may choose to read only Parts II through IV, bypassing Part I.)

Throughout the book, we use images to clarify cryptographic terms. After explaining the basic cryptographic components, we describe real-world cryptographic systems, some possible attacks on those systems, and ways to protect your keys.

The book provides a historical framework on which to build your understanding of how and why computer cryptography works. After a discussion of how cryptography has evolved into an essential Internet tool, we analyze secret key exchange problems and then explain the evolution of public key cryptography, with its solution to the key exchange problem. Along the way we explain some simple background on the math tricks that make public key cryptography secure. Traditionally, those who have thoroughly understood cryptography have been trained as mathematicians or scientists. Our goal here is to explain computer cryptography with rather little discussion of math. If the esoteric details aren't of immediate concern to you, you can skip Chapter 11 ("Making Public Keys: Math Tricks"), Chapter 14 ("Message Digest Assurances"), and the appendixes without diminishing your understanding of the basic concepts. Appendix A describes some aspects of public key mathematics, including inverses, primes, the Fermat test, Diffie-Hellman, DSA, elliptic curve, and pseudo-random number generation. Appendix B provides details of IPsec, a security system introduced in Chapter 21.


Read More Show Less


Welcome to the Front Line

If your computer is connected to or transmits over an electronic network, your data is on the front line. Attackers are getting more competent by the month, and their attacks more intrusive, virulent, and widespread--from Melissa to the Love Bug to the unknown virus that ate your hard drive.

Although few of us leave our valuables unlocked, few of us know how to use cryptographic locks to secure our digital possessions. By the time you finish reading this book, you will.

Most governments, including those of Canada, China, France, Saudi Arabia, and the United States, consider cryptographic tools to be munitions of war, so it's reasonable to think of potential attacks on your data as a kind of war. Your opponent is anyone who wants to read, modify, or destroy your private documents.

In large part, this is a book about the cryptographic keys and methods you use to safeguard your digital possessions. Figure I-1 shows cryptographic keys and the symbols we use to portray them. Part I of this book explains secret keys and secret key methods. Part II describes public and private keys and public key methods. Part III explains how keys are distributed, and Part IV shows how three real-world systems--secure mail, Secure Socket Layer (SSL), and Internet Protocol Security (IPsec)--use cryptographic keys and methods.

A Devastating Opponent
  In World War II the German Observation Service--Beobachtungs-Dienst, or B-Dienst--was a small group of codebreakers who played a powerful role in the Battle of the Atlantic. B-Dienst uncovered the positions of Allied convoys that German submarines then destroyed, devastating the Allied Atlantic forces from 1941 to 1943. For example, during three days in March 1943, the Germans sank 21 Allied vessels while losing only one submarine. Better communications security and new technologies such as sonar helped the Allies turn the tide.  

Need a Quick Read?

Section Chapter(s) Major Points Covered
Part I: Secret Key 1-4 The difference between cryptographic methods and cryptographic keys. The security of modern cryptographic methods. Best feasible attack against a modern method: trying each key
  5 Effect of technology in weakening DES
  6 Historical insights into cryptography
  7 Secret key assurances: confidentiality, authentication, and integrity
  8 Maintenance and management problems in sharing secret keys
Part II: Public Key 9 Foundation of public key cryptography: easy and hard problems
  10 Public key encryption and public key assurances
  11 Simple cryptographic mathematics
  12 Private key encryption and private key assurances
  13 Detecting message modification with nonkeyed message digests and hashes
  14 Message digest assurances
  15 Comparing secret key, public key, and message digests
Part III: Distribution 16 Digital certificates: digitally signed public keys of Public Keys
  17 x.509 digital certificates, certificate authorities, and certificate revocation
  18 Pretty Good Privacy (PGP) compared to x.509
Part IV: Real-World 19-21 Examples of real-world systems (secure e-mail, SSL, IPsec) Systems
  22 Some cryptographic attacks
  23 Protecting your keys with smartcards
Appendixes A Mathematics underlying public key technology
  B IPsec details
Read More Show Less



Every January for the past 10 years, members of a cult from all over the world have headed to Silicon Valley for a summit. In the early years, only a few cryptographers, mathematicians, and forward thinkers in the relatively new field of computer security showed up for this then-obscure event, known as the RSA Security Conference. Imagine, if you will, a group of distinguished eggheads and computer nerds getting together to talk about cryptographic algorithms and how they might one day be used to solve security problems.

In Internet years, that first event was a very long time ago. A decade for everyday people, it was an Internet generation for those of us involved with computer technology. The problems were small and often theoretical then. We couldn't imagine the looming frenzied pace of change, the way the World Wide Web (World Wide what?--it wouldn't be invented for another year) would explode, and the e-izing of everything and anything. With those changes came what those original visionaries predicted: e-fraud, e-theft, e-vandalism, e-scams, e-viruses, and e-everything-else bad along with e-everything good.

Nowadays, there are dozens of computer security conferences and exhibits. Even so, our understanding of cryptography is weak, often only abstract. Practical applications of cryptography are just beginning to become commonplace. These solutions are still young. It is a struggle for an information technology professional, and often an information protection professional, to understand how security technology works and how to apply cryptography appropriately to solve real business problems.

The RSA Security Conference is bigger than ever. Hidden among the product demos, sales pitches, and seminars, interesting technical papers are still presented. It was at RSA 2000 that I met the joyful and energetic H. X. Mel. Like many others, he and Doris Baker had a vision of how to improve security. Their vision, however, was not product implementation, but education--to make cryptography understandable to the people who need it. Their book, this book, is more than "Alice and Bob" diagrams and yet less than a tome full of math. Instead, it is filled with examples of the principles behind today's solutions, explained with an interesting historical perspective.

Even after 10 years as an IT architect in the field of information protection for a major electronics manufacturing company, I learned a lot from this book. I think you will, too.

--John Kinyon

Read More Show Less

Customer Reviews

Average Rating 5
( 2 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted May 9, 2001

    Does what it says on the label

    This is one of the best crypto books I've read. Although cryptography is a rather dry subject, this engaging book makes it accessible, even to those without mathematics degrees. I liked the structure of the book: it starts with a brief history of cryptography, moves through crypto theory, and ends with useful information about real-world practical applications. I learnt new stuff throughout. Personally, I found the diagrams a little hard to follow. The authors use a consistent symbolic style throughout but I think the book cover could have done with a fold-out flap showing the key to all the symbols. That said, it's a valiant attempt to explain the steps in complex crypto processes, and better than most others. To end with another compliment, my copy is now replete with scribbled comments in the margins, a good sign that it was a stimulating read.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted March 18, 2001

    Excellent Writing - HIPAA & E-Commerce Gem

    If you are working in health care and are overwhelmed with the technical requirements imposed by the Health Insurance Portability and Accountability Act (HIPAA), then you are going to love this book. If you are involved in e-commerce you will find this book essential reading and the key to understanding the underpinnings of web and e-commerce security. Technical writers who do not care about cryptography or security can learn much from this book. The authors set the highest standards in document design, clear writing and integration of prose and illustration. The foundation is laid in Part I with the basics: defining terms, the evolution of ciphers and how they worked, and the fundamentals of the data encryption standard (DES) and secret keys. I found this stuff fascinating because the authors used easy-to-follow examples and illustrations showing how everything works. For example, a quick explanation of Polybius square numbers and how to transpose them to diffuse a cipher was something completely new to me. However, I was able to thoroughly understand it after reading less than three pages of this book! I am sure that a professional cryptographer would find this material basic. I found it empowering because I began to see a larger picture of this obscure science unfold while learning some interesting numerical manipulation techniques.For the first time I really understood this stuff to the degree that I could explain it to non-technical people. I liked the historical anecdotes that made the subject interesting. Highlights of this part of the book include transposition ciphers, diffusion and confusion strategies, and a discussion of DES in its various forms, and its strengths and vulnerabilities. In parts II and III the book thoroughly covers public keys and digital certificates - essential if you are among the primary audience of this book. These sections will give you a good grasp of public keys and how they work, digital certificates and how they fit into the scheme of things and message digest mechanics. If you are struggling with HIPAA requirements you will be armed to fully understand the issues and factors. Part IV addresses electronic commerce security technologies: secure e-mail, secure socket layer (SSL)/transport layer security (TLS) and IP security. Like sections II and III, these complex technologies are explained in an incredibly clear manner. I learned a lot and came away with a strong understanding. The best part is the chapter on cryptographic gotchas - it covered some common attacks and how to safeguard against them. I also enjoyed the treatment of smart cards and their particular vulnerabilities. I love this book for a number of reasons. First, the authors know their subject. More importantly they have produced a book that epitomizes how to communicate highly technical subjects to not-so-technical people. The author's web site has a single entry for errata, making this book remarkably error-free considering the many numeric examples. If you need to quickly get learn HIPAA or e-commerce security this book is the best place to start.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)