Practical Cryptography (Review)

  • Ben Rothke
  • Security Management
  • September 2003

Practical Cryptography. By Niels Ferguson and Bruce Schneier; published by John Wiley and Sons, 877/762-2974 (phone), 800/597-3299 (fax), (Web); 432 pages; 150.

As Mark Twain acidulously remarked, “A classic is something that everybody wants to have read and nobody wants to read.” Bruce Schneier’s Applied Cryptography, published in 1996, is a classic in the canon of computer security works; it’s a seminal, important book for the experts in the field or for those with the technical background, but it is far too complex and mathematical for most readers.

Enter Practical Cryptography, Schneier’s (and coauthor Niels Ferguson’s) guide for the rest of us. It is a superb text for anyone who needs to understand the core details of cryptography but who has neither the desire nor the knowledge required to slog through a torrent of abstraction and theory.

Where Applied Cryptography is a reference, Practical Cryptography reads like a narrative. The authors plot the design of a secure cryptographic system from algorithm selection to design philosophy, to analysis, to debugging, and, finally, to implementation. The discussion of implementation is crucial, because while books on encryption theory abound, few actually discuss how to practically put the technology to use.

Though this book is much more accessible than its predecessor, it is by no means quick or easy reading. Security professionals who don’t work in the trenches of IT security can safely pass this book by. But anyone looking for a practical, usable book about implementing cryptography will find a definitive resource here.

Categories: Practical Cryptography, Text

Sidebar photo of Bruce Schneier by Joe MacInnis.