Author: Keith M. Martin
Publisher: Oxford University Press
Audience: Students and those interested in practical cryptography
Reviewer: Andrew Johnson
Is cryptography something that can become "Everyday"?
This book's title suggests that it might be a very basic introduction to cryptography - it isn't. But neither is it a deep mathematical exploration of the principles of cryptography. It presents the ideas more as practical algorithms than theory and in this sense it is an introductory book aimed at the non-specialist.
Chapter 1 sets the tone for the rest of the book. It explains cryptographic considerations such as what makes a good cryptosystem. The problem is that rather than introduce the ideas in a conversational narrative the author has a tendency to make lists and tabulate points. This makes much of the first chapter read like a book that is never going to get to grips with its main subject matter. If you find Chapter 1 too dull to read don't give up on the book, simply move on to Chapter 2.
Chapter 2 looks at some historical crytposystems - the Caesar cypher, the Playfair cypher and so on. Not of too much use in the real world, but you need to know about them and they are explained at a level that means that you could actually implement them as programs - a feature of most of the book. Chapter 3 considers the practical versus theoretic aspects of security and again it is a bit to "listy" to be enjoyable.
The second section of the book is about the sort of cryptography you are likely to encounter. First we look at symmetric block ciphers and the DES and AES in sufficient detail to allow you to make a start on implementing them. At least the details are enough for you to understand what they are all about. The next chapter is about public key cryptography and explains two methods, RSA and elliptic curves, and discusses how these are used in the real world. The following chapters deal with data integrity i.e. hashing, digital signatures, entity authentication and cryptographic protocols. All explained in enough detail for you to appreciate their real world implementations. You might not be able to code them all based on the information but you would be better prepared to track down the extra details you need to create something.
Part III of the book is about key management, which is often ignored in favor of more basic topics. Two chapters on key management and certificates tell you what you need to know in general without covering how keys are managed in particular operating environments.
The final chapter deals with uses of cryptography - which is again a set of lists. The chapter could have been omitted.
This is not an easy read and the lists of points that it repeatedly presents could have easily been transformed into a narrative explanation of what you need to know. However, when it gets onto its core topics and actually starts to tell you about cryptographic systems it gets much better.
If you want to know about a specific scheme without too much maths then this is a good book to look it up in. It is particularly useful to any programmer wanting to learn the basics of modern cryptography.