14

Recently I am growing passion for security/encryption/cryptography. I follow some famous people in this domain on twitter and read articles over the web. However, this topic seems deep and every time I read something new I kind of get information overload.

I believe the reason for this is that I do not have my basis correct in this. What is the best way to get deeper in this ? Is there any beginners book for it to set a foot ? I would appreciate any starting point that would guide me to the right direction and I would pick things from there.

Ulkoma
  • 8,793
  • 16
  • 66
  • 95
tony9099
  • 779
  • 1
  • 5
  • 10
  • I enjoyed this book as a beginner: http://www.amazon.com/Cryptography-Practice-Discrete-Mathematics-Applications/dp/1584885084/r – Henning Klevjer Nov 07 '14 at 07:16
  • @HenningKlevjer i checked it, kind of expensive for 60$s,, I downloaded Handbook of Applied Cryptography as it is free, have you read it ? – tony9099 Nov 07 '14 at 07:24
  • I have not read it, sorry. For a beginner it might be more motivating to "go easy first", especially if you are not too comfortable with the mathematics. Some books seem to throw the reader directly into maths, while others (like the one I recommended) provide a basic introduction to subsitutions and permutations, historic ciphers, etc. which at least for me was a comfortable introduction. You could always try the Cryptography chat room: http://chat.stackexchange.com/rooms/784/cryptography – Henning Klevjer Nov 07 '14 at 07:38

3 Answers3

19

One possible path into cryptography is through implementation. Take some standard function or set of functions, e.g. the SHA family of hash functions. From the standard, produce your own code; the standard includes some test vectors that will help you verify that your implementation is correct. Then compare your code with existing libraries, e.g. OpenSSL, Crypto++ and sphlib; benchmark your code and see what you could do to make your code run faster and/or smoother. Though obtaining a fast hash function implementation is not extremely useful by itself (since fast implementations are already freely available), the exercise will grant you precise and deep knowledge of how these functions work, and that will be a strong asset to understand research papers about them.

Hash functions are a nice starting point since they tend to be accurately specified, and they use no key. Once you have mastered a few hash function, try HMAC. Then proceed to symmetric encryption (especially RC4, DES and 3DES, and AES). At that point you will have some notions of the internal working of some symmetric cipher, and, maybe more importantly, you will know how to read and understand algorithm specifications.

Further steps will be to dabble in asymmetric crypto, basically RSA. Asymmetric cryptography requires some mathematics; you may want to have a look at the Handbook of Applied Cryptography, which is freely available and is a good reference book (this book has no relation whatsoever with the "Applied Cryptography" from Bruce Schneier -- the latter is an oft-cited introduction book, but much less useful as a reference). If you want to implement your own RSA, using a programming language or library that provides big-integer arithmetics will make things simpler (e.g. Java with java.math.BigInteger, C#/.NET 4.0 with System.Numerics.BigInteger, or some external library like GMP). Alternatively, go ahead and write your own big integer code (there again, a healthy exercise); for that, you will want to read chapter 14 of the Handbook.

Once you have done hash functions, HMAC, symmetric encryption and RSA, you can proceed to write your own SSL/TLS library, beginning with TLS 1.0. Writing a TLS client that can connect to and interoperate with existing TLS server will given you intimate knowledge of the SSL/TLS handshake, and you will be able to understand all the research about known attacks on SSL and how they are fixed (e.g. BEAST, Poodle,...). Use this answer as a reading guide about TLS.

Implementation is not the only way to learn cryptography, but it works.

Community
  • 1
Thomas Pornin
  • 322,884
  • 58
  • 787
  • 955
5

It depends on what exactly you're looking for.

For a general introduction to security, including cryptography, I'm currently going through the free online course https://www.futurelearn.com/courses/introduction-to-cyber-security , which I hotly recommend. It's organized as sessions and the next one starts in January.

For a beginner-level discussion of cryptography and cryptanalysis in particular, Simon Singh's Code Book is a good introduction to the history of cryptography and the challenges of the field : http://simonsingh.net/books/the-code-book/

For an expert tour of the subject, that will also give you reference material if you try to implement or use cryptographic algorithms, I have heard very good things about Bruce Schneier's books, like Applied Cryptography, but I do not own one personally.

EDIT: Apparently, Applied Cryptography is a old and has proven to have quite a number of flaws, so it's better to use one of its newer replacements like Cryptography Engineering ( https://www.schneier.com/book-ce.html ). Thanks for the heads up, Xander!

Hadrien G.
  • 795
  • 5
  • 13
  • 5
    I would not recommend Bruce Schneier's *Applied Cryptography*. While it was oft-recommended in its day, its day has passed, and looking back, it contains a number of significant flaws. This, in fact, is one of the main motivations he had for writing its replacement, *Practical Cryptography*. Today even this is outdated, and has been replaced with a third book called *Cryptography Engineering* which is my opinion is a reasonably good introductory text. – Xander Nov 07 '14 at 14:47
  • Hmmm. I'm going to add this as an edit to my post for extra visibility. – Hadrien G. Nov 07 '14 at 15:27
3

I recommend reading Fred Piper's "Cryptography - A very short introduction". A small concise book with excellent content to understand the basics of cryptography.

zyked
  • 341
  • 1
  • 5