Book review: Serious Cryptography: A Practical Introduction to Modern Encryption

Posted on by Ben Rothke

Philosopher Alfred North Whitehead noted that modern philosophy is simply a series of footnotes to Plato. When it comes to cryptography, much of it is simply footnotes to Bruce Schneier’s classic work Applied Cryptography: Protocols, Algorithms and Source Code in C.

In Serious Cryptography: A Practical Introduction to Modern Encryption (No Starch Press 978-1593278267), Jean-Philippe Aumasson has written not just some good footnotes to Schneier, but a valuable work on modern encryption and cryptography. A lot has changed since Applied Cryptography came out over 22 years ago and Aumasson does a good job in updating the reader.

The back-cover notes that this book is written for both seasoned practitioners and beginners looking to dive into the field. That’s true for the former, but for most beginners, this is far too intense of a book for them. This is a great resource for developers who want to know how to effectively implement encryption and cryptography in their code.

Aumasson covers all the key areas of crypto, including random numbers, block and stream ciphers, hash function, and much more. Classic protocols from RSA, Diffie-Hellman, to TLS and more are discussed.

The book makes heavy use of C++ coding, Linux scripting and college-level math. Such that the reader needs to be conversant with those area to make the most of this book.  Each chapter also closes with some references to further reading for those that want to dig deeper into specific areas.

The book closes with a short chapter on Quantum and Post-Quantum and while it is not here yet, quantum crypto will revolutionize the world of cryptography when it does.

As an engineer immersed in the topic, Aumasson brings real-world experience and advice to every chapter. At 270 pages, the book does sacrifice some things for its lack of depth, but is a superb introduction to modern encryption and cryptography.  For those looking to quickly get up to speed on the topics, this makes for an excellent go-to guide.

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs