Ben’s Books of the Month: Two Great Resources on Cryptography


Posted on by Ben Rothke

In the past, I have reviewed one book per month. The good news is that there are so many good information security books coming out that I may start doubling up. So, this month, I have two reviews for the price of one. 

“Cryptography is the backbone of security in our digital world, and it continues to grow in importance as services, capabilities, and our lives become ever more digital,” writes noted cryptographer Taher Elgamal in the foreword to Modern Cryptography: The Practical Guide (Rheinwerk Computing).

For many people, just hearing the term cryptography is enough to give them palpitations. In fact, so many people were failing the cryptography domain of the CISSP Common Body of Knowledge (CBK) exam that ISC2 removed it completely.

While there used to be ten CBK domains, a few years back, ISC2 removed it entirely and subsumed cryptography in the Security Architecture and Engineering domain.

In Modern Cryptography: The Practical Guide, author Sandip Dholakia has written an up-to-date technical guide that gives the reader a comprehensive overview of all of cryptography's core areas. 

While many aspects of cryptography involve extremely advanced mathematical and number theory concepts, the book focuses on real-world cryptography usage. No PhD is required in mathematics; instead, a first-year college background in math is enough.

The book covers all of the fundamental concepts of cryptography, including algorithms, digital signatures, and hash functions, managing encryption keys in the cloud and much more.

There is a really good chapter on one of the new areas of cryptography, post-quantum cryptography. The media hype makes it seem that every cryptographic algorithm is at risk due to quantum computing, but the reality is not like that, as the book explains.

For those looking for a dedicated book on the topic, Cryptography Apocalypse: Preparing for the Day When Quantum Computing Breaks Today's Crypto by Roger Grimes provides nearly everything the reader needs to know and is an essential and unique reference.

Every information security professional needs to have a thorough understanding of cryptography. Modern Cryptography is a really good book on the topic, living up to its title of being a very practical guide.

Frederic Wheelock’s Latin: An Introductory Course Based on Ancient Authors is almost 70 years old. Should you get an original copy, nothing will have changed. But when it comes to cryptography, books can quickly become obsolete. 

I reviewed the first edition of Serious Cryptography: A Practical Introduction to Modern Encryption (No Starch Press) in 2017. Author Jean-Philippe Aumasson is back with an updated edition of his valuable book. 

While Modern Cryptography: The Practical Guide is a more general reference, Serious Cryptography is written primarily for developers and those interested in writing secure code. The vast majority of security vulnerabilities can be tied back to insecure or poorly written code, so books like this are invaluable in ensuring secure software is developed and implemented. 

Each chapter has been updated to reflect new cryptography developments, improving the text's clarity and conciseness.

As an added perk, a new chapter on cryptocurrency cryptography details numerous interesting cryptography techniques used in blockchain applications, representing some of the most intriguing advancements in the field of cryptography.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

Cryptography

cryptography security architecture digital signatures Encryption quantum computing

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs