Thursday, November 7, 2013

Readings on Cryptography

Cryptography is sometimes referred to as the first line of defense, as well as the last line of defense in cyber security. Both are true, depending on perspective. Whatever it may be, it is hard to argue with the opinion that modern cryptography has tremendous benefits, if it is implemented well. On the flip side, if it is done wrong, cryptography adds noting more than complexity and it creates a (false) sense of security, which may actually harm you in the long run.

Cryptography is as much about choosing the right cipher, as it is about getting the operational processes in place, and sticking to them.

As the people around me can attest to: statistics and mathematics are not my strong suit. Yet, in light of the whole "our spying agency spies!"-discussion, I have been doing a lot of reading about cryptography lately .

I do not claim that I am a cryptographer. Even more so, I claim that I am definitely not a cryptanalyst.

However, any information security / cyber security practitioner should at least be aware of the history of cryptology (cryptography + cryptanalysis), as well having some level of understanding as to what crypto can (and cannot) do.

Having an understanding of the mathematics behind cryptography is generally not needed. Having a good understanding of crypto operations, however, is a must.

My reading list:

The Code Book, by Simon Singh. A great place to start-- the book strikes the right balance between history, anecdote and it illustrates some of the more common cryptographic elements that you find in many textbooks as well, but it does so in an easy-to-read, and easy-to-follow format. Highly recommended.

The Code Breakers, by David Kahn. Arguably the most comprehensive writeup on the history of cryptography. The book of loaded with historic facts, anecdotes, and explanation of ciphers and codes. The book really does a great job at illustrating that the whole NSA spying story is nothing new-- espionage, intercepts, and code breaking has been happening for thousands of years. We've just gotten a lot better at it lately, and since we communicate more than ever, the reach (and impact) of automated spying is much larger.

Understanding Cryptography, by Christof Paar. Here we shift from gentle storytelling to hard-core math. Not for the faint of heart, but since the book is paired with video lectures on the authors website, it is actually very informative.

Code Breaking, by Rudolph Kippenhahn. The jury is still out on this one. I've only just started reading this, but so far, it seems to fit somewhere between the Code Book and The Code Breakers.

The interesting part of this, is that each of these books is cheap. $11 for the cheapest (The Code Book) to about $50 for The Code Breakers. The amount of value that you get from each of these is absolutely a good deal.

Any other reading recommendations are highly appreciated.


No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.