Table of Contents for
Serious Cryptography

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Serious Cryptography by Jean-Philippe Aumasson Published by No Starch Press, 2017
  1. Cover Page
  3. Title Page
  4. Copyright Page
  5. Brief Contents
  6. Contents in Detail
  7. Foreword
  8. Preface
  9. Abbreviations
  10. Chapter 1: Encryption
  11. Chapter 2: Randomness
  12. Chapter 3: Cryptographic Security
  13. Chapter 4: Block Ciphers
  14. Chapter 5: Stream Ciphers
  15. Chapter 6: Hash Functions
  16. Chapter 7: Keyed Hashing
  17. Chapter 8: Authenticated Encryption
  18. Chapter 9: Hard Problems
  19. Chapter 10: RSA
  20. Chapter 11: Diffie–Hellman
  21. Chapter 12: Elliptic Curves
  22. Chapter 13: TLS
  23. Chapter 14: Quantum and Post-Quantum
  24. Index
  25. Serious Cryptography
  26. Resources
  27. serious Cryptography
  28. serious Cryptography

FOREWORD

If you’ve read a book or two on computer security, you may have encountered a common perspective on the field of cryptography. “Cryptography,” they say, “is the strongest link in the chain.” Strong praise indeed, but it’s also somewhat dismissive. If cryptography is in fact the strongest part of your system, why invest time improving it when there are so many other areas of the system that will benefit more from your attention?

If there’s one thing that I hope you take away from this book, it’s that this view of cryptography is idealized; it’s largely a myth. Cryptography in theory is strong, but cryptography in practice is as prone to failure as any other aspect of a security system. This is particularly true when cryptographic implementations are developed by non-experts without sufficient care or experience, as is the case with many cryptographic systems deployed today. And it gets worse: when cryptographic implementations fail, they often do so in uniquely spectacular ways.

But why should you care, and why this book?

When I began working in the field of applied cryptography nearly two decades ago, the information available to software developers was often piecemeal and outdated. Cryptographers developed algorithms and protocols, and cryptographic engineers implemented them to create opaque, poorly documented cryptographic libraries designed mainly for other experts. There was—and there has been—a huge divide between those who know and understand cryptographic algorithms and those who use them (or ignore them at their peril). There are a few decent textbooks on the market, but even fewer have provided useful tools for the practitioner.

The results have not been pretty. I’m talking about compromises with labels like “CVE” and “Severity: High,” and in a few alarming cases, attacks on slide decks marked “TOP SECRET.” You may be familiar with some of the more famous examples if only because they’ve affected systems that you rely on. Many of these problems occur because cryptography is subtle and mathematically elegant, and because cryptographic experts have failed to share their knowledge with the engineers who actually write the software.

Thankfully, this has begun to change and this book is a symptom of that change.

Serious Cryptography was written by one of the foremost experts in applied cryptography, but it’s not targeted at other experts. Nor, for that matter, is it intended as a superficial overview of the field. On the contrary, it contains a thorough and up-to-date discussion of cryptographic engineering, designed to help practitioners who plan to work in this field do better. In these pages, you’ll learn not only how cryptographic algorithms work, but how to use them in real systems.

The book begins with an exploration of many of the key cryptographic primitives, including basic algorithms like block ciphers, public encryption schemes, hash functions, and random number generators. Each chapter provides working examples of how the algorithms work and what you should or should not do. Final chapters cover advanced subjects such as TLS, as well as the future of cryptography—what to do after quantum computers arrive to complicate our lives.

While no single book can solve all our problems, a bit of knowledge can go a long way. This book contains plenty of knowledge. Perhaps enough to make real, deployed cryptography live up to the high expectations that so many have of it.

Happy reading.

Matthew D. Green
Professor
Information Security Institute
Johns Hopkins University