I thoroughly enjoyed this book. It was energetic, clear, well-organized, fully illustrated, and comprehensive. I believe it's THE book to read if you want an introduction to one of the major enablers of modern computing. Furthermore, because the book's goal is to explain the foundations of both secret and public key cryptography, it should stay relevant for many years.
"Cryptography Decrypted" does not spare any effort to ensure the reader understands the subject. Concepts are clarified and reinforced through text and diagrams on nearly every page. The authors know many readers are not attracted to mathematics, so they move the "heavy lifting" to an appendix. Even then, for readers willing to apply a little effort, the appendix is understandable and enlightening. At every stage of writing this book, the authors must have remembered to keep the non-cryptographer reader in mind. Kudos to their editors for keeping them on track!
The only disappointment was the book's failure to mention the Secure Shell (SSH). Because the authors believed it important to discusses popular implementations of cryptography (IPSec, SSL, PGP), I had hoped that SSH would be included. Most every UNIX sys admin is familiar with SSH, and might have enjoyed learning more about the guts of this indispensable tool.
I don't often give 5 star reviews; only 3 of my last 10 merited that rating. I give the highest marks to books which impress, educate, and entertain. "Cryptography Decrypted" delivers. If you have an interest in cryptography, read this book!
(Disclaimer: I received my review copy free from the publisher.)
There is another audience for this book: technical writers. The authors set the highest standards in document design, clear writing and integration of prose and illustration. They have managed to explain a complex, difficult subject easy to understand.
Part I of the book lays the foundation by explaining the basics: defining terms, the evolution of ciphers and how they worked, and the fundamentals of the data encryption standard (DES) and secret keys. I found this part of the book to be fascinating because the authors used easy-to-follow examples that were augmented by visual depictions of how everything works. For example, a quick explanation of Polybius square numbers and how to transpose them to diffuse a cipher was not only something completely new to me, but was something I was able to thoroughly understand after reading less than three pages of this book! I am sure that a professional cryptographer would find this material basic. I found it empowering because I began to see a larger picture of this obscure science unfold while learning some interesting numerical manipulation techniques. For the first time I really understood this stuff to the degree that I could explain it to non-technical people. The authors also used historical anecdotes to make the subject interesting. Some of the highlights of this part of the book include transposition ciphers, diffusion and confusion strategies, and the frank discussion of DES in its various forms (double, triple), and its strengths and vulnerabilities.
In parts II and III the book thoroughly covers public keys and digital certificates - two topics that you cannot avoid if you are among the primary audience of this book. If you carefully read these sections you will come away with a good grasp of public keys and how they work, digital certificates and how they fit into the scheme of things and message digest mechanics. In fact, you will be able to hold your own in conversations with security experts when discussing these topics. If you are struggling with HIPAA requirements and the thousands of pages of associated documentation you will be armed to fully understand the issues and factors.
Part IV addresses technologies that support secure electronic commerce: secure e-mail, secure socket layer (SSL)/transport layer security (TLS) and IP security. Like sections II and III, these highly technical, complex technologies are explained in an incredibly clear manner. As in the previous sections I learned a lot and came away with a strong understanding. What I really liked about this section is the chapter on cryptographic gotchas - it covered some common attacks and how to safeguard against them. I also enjoyed the treatment of smart cards and their particular vulnerabilities.
I love this book for a number of reasons. First, the authors know their subject. More importantly they have produced a book that epitomizes how to communicate highly technical subjects to not-so-technical people. Finally, this book is remarkably error-free considering the copious use of numeric examples. The author's web site has a single entry for errata! If you need to quickly get up-to-speed on HIPAA or e-commerce security then this book is the best place to start. If you are a technical writer and want to see how it *should* be done get this book even if you do not care about cryptography or security.