What do you think?
Rate this book
Real-World Cryptography
If you’re browsing the web, using public APIs, making and receiving electronic payments, registering and logging in users, or experimenting with blockchain, you’re relying on cryptography. And you’re probably trusting a collection of tools, frameworks, and protocols to keep your data, users, and business safe. It’s important to understand these tools so you can make the best decisions about how, where, and why to use them. Real-World Cryptography teaches you applied cryptographic techniques to understand and apply security at every level of your systems and applications.
400 pages, Paperback
Published October 12, 2021
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 16 of 16 reviews
December 12, 2021
A nice addition to the pantheon of cryptography books. I read this shortly after Serious Cryptography: A Practical Introduction to Modern Encryption. Both books fall into the "limited math cryptography" genre, but while I would generally recommend Serious Cryptography over this were I forced to choose, this book was the best I have encountered at discussing the context around the different cryptographic primitives and how they might be used as part of larger systems. All of the topics are necessarily covered with minimal depth, but many are surfaced, like key management and an overview of hardware solutions, which otherwise don't ever seem to find space in normal cryptography books. As the title suggests, this book provides some connective tissue between what's typically covered and 'the real world', and as such I would treat it as an extended syllabus, from which items for further research could be gleaned.
With this understanding, my only criticism of the book is probably the tone and phrasing of the writing, which comes across as both too informal and under-edited, as though it were taken from, or meant for, a blog post. I think with some tidying, the book could be slightly shorter and more easily digested.
With this understanding, my only criticism of the book is probably the tone and phrasing of the writing, which comes across as both too informal and under-edited, as though it were taken from, or meant for, a blog post. I think with some tidying, the book could be slightly shorter and more easily digested.
September 24, 2022
En este libro encontrarás todo lo que necesitas saber sobre criptografía como desarrollador de software, explicado de una manera sencilla (la mayoría de las veces) y también lo más que se puede simplificar.
Me gustó mucho el orden en el que presenta los temas, en la primera sección del libro hablando sobre primitivas, o los bloques de construcción básicos de los sistemas que usan criptografía. Dentro de esta sección empieza no por lo que teóricamente se enseña primero, sino por construcción más usada y más simple: hashes. Esta idea la sigue por todo el libro, construyendo sobre las ideas anteriores, a diferencia de "Serious Cryptography", en la que la mayoría son capítulos autocontenidos y a veces, requieres leer otra parte del libro para entenderlo. Esta forma me gustó más porque siento como que tomé un curso completo bien fundamentado de criptografía aplicada básica.
La segunda parte del libro habla sobre los protocolos criptográficos, que se pueden entender como una serie de pasos que hacen uso de las primitivas criptográficas, para lograr un objetivo, por ejemplo, lograr la comunicación segura entre dos actores que no se habían visto nunca. Esta es la parte, a mi entender, más complicada del libro. Es difícil de meter todo en tu cabeza porque trata con cosas y problemas del mundo real que normalmente son más complicados que los académicos. Además, para entenderlos, debes tener bien entendidos y hasta cierto punto, dominados los puntos anteriores.
También es un libro muy completo porque habla de la mayoría de usos que le damos a la criptografía hoy:
- Comunicaciones secretas y confiables
- Cifrado de extremo a extremo
- Criptomonedas
- Cómo proteger la parte física de los sistemas
- Criptografía post-cunántica
- Lo que viene para la criptografía: pruebas con cero conocimiento, criptografía completamente homomórfica, etc.
- Cómo puedes usar mal la criptografía y cómo protegerte
Sin duda es un libro que recomendaría a todos los desarrolladores que estén interesados en crear programas "seguros". Pongo seguros entre comillas porque el libro te deja claro que la seguridad criptográfica actual en realidad es un juego de poder: quien tenga más poder se va poder proteger mejor, pero no existe un programa completamente seguro.
Finalmente, en cuanto al estilo de escritura en general, lo sentí menos formal que "Serious Cryptography" y en algunos puntos también siento que David se rindió ante la complejidad del tema, pero por lo menos te deja con una idea de lo que te espera si quieres estudiar eso a fondo.
Me gustó mucho el orden en el que presenta los temas, en la primera sección del libro hablando sobre primitivas, o los bloques de construcción básicos de los sistemas que usan criptografía. Dentro de esta sección empieza no por lo que teóricamente se enseña primero, sino por construcción más usada y más simple: hashes. Esta idea la sigue por todo el libro, construyendo sobre las ideas anteriores, a diferencia de "Serious Cryptography", en la que la mayoría son capítulos autocontenidos y a veces, requieres leer otra parte del libro para entenderlo. Esta forma me gustó más porque siento como que tomé un curso completo bien fundamentado de criptografía aplicada básica.
La segunda parte del libro habla sobre los protocolos criptográficos, que se pueden entender como una serie de pasos que hacen uso de las primitivas criptográficas, para lograr un objetivo, por ejemplo, lograr la comunicación segura entre dos actores que no se habían visto nunca. Esta es la parte, a mi entender, más complicada del libro. Es difícil de meter todo en tu cabeza porque trata con cosas y problemas del mundo real que normalmente son más complicados que los académicos. Además, para entenderlos, debes tener bien entendidos y hasta cierto punto, dominados los puntos anteriores.
También es un libro muy completo porque habla de la mayoría de usos que le damos a la criptografía hoy:
- Comunicaciones secretas y confiables
- Cifrado de extremo a extremo
- Criptomonedas
- Cómo proteger la parte física de los sistemas
- Criptografía post-cunántica
- Lo que viene para la criptografía: pruebas con cero conocimiento, criptografía completamente homomórfica, etc.
- Cómo puedes usar mal la criptografía y cómo protegerte
Sin duda es un libro que recomendaría a todos los desarrolladores que estén interesados en crear programas "seguros". Pongo seguros entre comillas porque el libro te deja claro que la seguridad criptográfica actual en realidad es un juego de poder: quien tenga más poder se va poder proteger mejor, pero no existe un programa completamente seguro.
Finalmente, en cuanto al estilo de escritura en general, lo sentí menos formal que "Serious Cryptography" y en algunos puntos también siento que David se rindió ante la complejidad del tema, pero por lo menos te deja con una idea de lo que te espera si quieres estudiar eso a fondo.
October 21, 2022
I was reading this for "professional development" at work. This is also the first book I have read where the author follows me on twitter and has spoken to me before. That made it kind of an interesting experience.
I got through everything except the ZKP/Lattice part in 2-3 weeks, and then procrastinated sitting down and really focusing on ZKP/Lattices until today. The chapter on Lattices in particular, turned out to be missing a few pretty important bits of mathematical context, and I had to sit down with a notebook and pen to figure out what was missing (but then afterwards I felt good that I actually understand a lattice-based protocol).
The book has two halves, one on "cryptographic primitives" (encryption, hashing, etc), and one on "modern protocols" (TLS, E2EE, up to fancy stuff like MPC and PQC). I think the first half is really good, while the second half was somewhat mixed. This is probably a function of the fact that you can write a much more satisfying ~20 page chapter about modern hash functions than you can about Zero Knowledge Proofs or something.
There aren't a lot of very good books on the kind of cryptography you would do if you're a software engineer working in the space (that also include minimal amounts of math), and this book does a really good job of that. I saw tons of things with real world applicability that weren't in my college crypto class and that I have seen come up.
Some other general reviews: whoever the editor on this book was did not do a good job. There were some grammar issues and stiff wording that made me wonder what they did at all. On the other hand, I guess it makes sense knowing the margins on these kinds of books. Also, as some of the reviewers said, I thought the variation in how deep this book goes into certain topics was kind of strange.
General review: if you work with cryptography in real life, the first half to 3/4's of this book are really really solid for that, and the last half is still kind of fun. This is also one of the better "minimal math" crypto books.
I got through everything except the ZKP/Lattice part in 2-3 weeks, and then procrastinated sitting down and really focusing on ZKP/Lattices until today. The chapter on Lattices in particular, turned out to be missing a few pretty important bits of mathematical context, and I had to sit down with a notebook and pen to figure out what was missing (but then afterwards I felt good that I actually understand a lattice-based protocol).
The book has two halves, one on "cryptographic primitives" (encryption, hashing, etc), and one on "modern protocols" (TLS, E2EE, up to fancy stuff like MPC and PQC). I think the first half is really good, while the second half was somewhat mixed. This is probably a function of the fact that you can write a much more satisfying ~20 page chapter about modern hash functions than you can about Zero Knowledge Proofs or something.
There aren't a lot of very good books on the kind of cryptography you would do if you're a software engineer working in the space (that also include minimal amounts of math), and this book does a really good job of that. I saw tons of things with real world applicability that weren't in my college crypto class and that I have seen come up.
Some other general reviews: whoever the editor on this book was did not do a good job. There were some grammar issues and stiff wording that made me wonder what they did at all. On the other hand, I guess it makes sense knowing the margins on these kinds of books. Also, as some of the reviewers said, I thought the variation in how deep this book goes into certain topics was kind of strange.
General review: if you work with cryptography in real life, the first half to 3/4's of this book are really really solid for that, and the last half is still kind of fun. This is also one of the better "minimal math" crypto books.
June 19, 2020
I read this as part of the book review process by Manning so I don't know by the time it's finished if my review will still be to the point (especially since my review is also passed to the author before the final book). I liked the fact that this book tries (and achieves) to spend as little math as possible and at the same time inform the reader on what they should know about Cryptography in 2020. From encryption to key signing, exchanges, hardware tokens, authentication, TLS problems with the current implementations and issues with the previous ones. For people who want to get into cryptography and don't want to get overrun by reading a math book just to understand how TLS works this book is awesome. My -1 star is mainly because there were some parts that I wanted more detail (i.e how OIDC works, how Noise protocol framework works ) and the fact that the author dismisses PGP and email encryption and suggests Signal which is not for email. The last part is problematic since instant messaging is not the same as email and email is still a big thing in 2020. I get that PGP has a lot of problems but pointing to a different thing is not a proposal. Companies should not be allowed to keep track of users' emails.
If you're already familiar with current state of Cryptography this is still a good refresher and useful as a reference book
If you're already familiar with current state of Cryptography this is still a good refresher and useful as a reference book
April 16, 2022
(disclaimer: I read the version 14 on the MEAP program because that was the version I had downloaded to my tablet when it was mentioned that it was basically complete, pending some edits, that version had indeed the need of some edits)
The book is really complete on everything related to cryptography. From the basics to cryptocurrency or post-quantum algorithms.
I didn't quite like the structure, sometimes going too much into detail, sometimes skimming. I feel it probably serves better some practitioners trying to formalise their mental model than people trying to get into cryptography.
But again, the book is very complete and it is worth the time to read it.
The book is really complete on everything related to cryptography. From the basics to cryptocurrency or post-quantum algorithms.
I didn't quite like the structure, sometimes going too much into detail, sometimes skimming. I feel it probably serves better some practitioners trying to formalise their mental model than people trying to get into cryptography.
But again, the book is very complete and it is worth the time to read it.
September 22, 2022
I had a big debate about whether to give this book 4 or 5 stars. I thought the writing and expose was really good. I just think that real world cryptography is really boring. But since these are supposed to be personal ratings, and not what we think others would give the book, I think 4 is fair. Well written, learnt a lot... but just turned out the subject is really boring
October 24, 2020
Hodnocení pro MEAP v09.
První část o krypto primitivách ujde, další kapitoly jsou rozplizlé a roztěkané.
TLS popsáno naprosto nedostatečně. U E2E chybí třeba popis problému s opakovaným odesláním nedoručených zpráv ve Whatsappu, když server podhodí nový klíč.
První část o krypto primitivách ujde, další kapitoly jsou rozplizlé a roztěkané.
TLS popsáno naprosto nedostatečně. U E2E chybí třeba popis problému s opakovaným odesláním nedoručených zpráv ve Whatsappu, když server podhodí nový klíč.
February 3, 2022
A book that provides comprehensive knowledge on cryptography without drilling into the detailed mathematics underneath. Also like its coverage of the potential impact of quantum computing and the research for readiness facing post-quantum cryptography.
June 23, 2022
Easy to understand. This book gives me all I need to understand how cryptography works behind the scene as a developer.
June 24, 2022
Goes crazy with the math close to the end but it is a great introduction to the field, both academic and "real world".
November 18, 2022
Really excellent book to provide the framework for thinking about cryptography. Do I truly understand more than 25% of it? Hell no, but some of the dots are starting to connect.
January 8, 2023
Good reference source, explanations are straightforward, accompanying illustrations are helpful.
March 25, 2023
Inspiring. A new journey starts.
May 10, 2023
Simple but yet complete overview of current cryptography methods & algorithms
June 25, 2023
Very good
Very good with details. Maybe even covered topics which is not directly related to cryptography.
However book cover a lot with good and understanable examples.
Very good with details. Maybe even covered topics which is not directly related to cryptography.
However book cover a lot with good and understanable examples.
July 10, 2022
a great, friendly introduction to cryptography
Displaying 1 - 16 of 16 reviews