Real-World Cryptography
David Wong
  • MEAP began June 2019
  • Publication in Spring 2020 (estimated)
  • ISBN 9781617296710
  • 500 pages (estimated)
  • printed in black & white

Contains one of the most understandable introductions to cryptography I have ever read.

Harald Kuhn
If you’re browsing the web, using public APIs, making and receiving electronic payments, registering and logging in users, or experimenting with blockchain, you’re relying on cryptography. And you’re probably trusting a collection of tools, frameworks, and protocols to keep your data, users, and business safe. It’s important to understand these tools so you can make the best decisions about how, where, and why to use them. Real-World Cryptography teaches you applied cryptographic techniques to understand and apply security at every level of your systems and applications.
Table of Contents detailed table of contents

1 Introduction

1.1 A Peek Into the World of Cryptography

1.1.1 Symmetric Cryptography: Symmetric Encryption

1.1.2 Kerckhoff’s Principle: Only the Key is Kept Secret

1.1.3 Asymmetric Cryptography

1.1.4 A Map of Cryptography

1.1.5 Two Goals: Confidentiality and Authentication

1.2 Real World Cryptography

1.2.1 Theoretical Cryptography Versus Real World Cryptography

1.2.2 From Theoretical to Practical

1.3 A Word of Warning

1.4 Summary

Part 1: Primitives - the Ingredients of Cryptography

2 Hash Functions

2.1 What Is a Hash Function?

2.2 Security Properties of a Hash Function

2.3 Security Considerations for Hash Functions

2.4 Hash Functions in practice

2.5 Standardized Hash Functions

2.5.1 The SHA-2 Hash Function

2.5.2 The SHA-3 Hash Function

2.5.3 SHAKE and cSHAKE, Two eXtendable Output Functions (XOF)

2.5.4 Attack of the Chapter: Ambiguous Hashing and TupleHash

2.6 Hashing Passwords

2.7 Summary

3 Message Authentication Codes

3.1 What Is a Message Authentication Code?

3.2 Security Properties of a Message Authentication Code

3.3 MAC in the real world

3.4 Message Authentication Codes in Practice

3.4.1 HMAC, a Hash-Based Message Authentication Code

3.4.2 KMAC, a hash based on cSHAKE

3.5 Attack of the Chapter: SHA-2 and Length-Extension Attacks

3.6 Summary

4 Authenticated Encryption

4.1 What Is a Cipher?

4.2 Symmetric Encryption in the Real World

4.3 The AES-CBC-HMAC Encryption Algorithm

4.3.1 The Advanced Encryption Standard (AES)

4.3.2 Mode of operation and integrity: How AES-CBC-HMAC works

4.4 Authenticated Encryption with Associated Data (AEAD)

4.4.1 What is an AEAD?

4.4.2 The AES-GCM AEAD

4.4.3 Chacha20-Poly1305

4.5 Key Wrapping and Nonce-Misuse Resistance

4.5.1 Wrapping Keys: How To Encrypt Secrets

4.5.2 AES-GCM-SIV and Nonce-Misuse Resistance Authenticated Encryption

4.6 A Map of Authenticated Encryption

4.7 Other Kinds of Symmetric Encryption

4.8 Summary

5 Key Exchanges

6 Asymmetric Encryption and hybrid encryption

7 Digital Signatures

8 Randomness and Secrets

Part 2: Protocols - The Recipes of Cryptography

9 Session Encryption

10 End-to-End Encryption

11 Authentication and Authorization

12 Hardware Cryptography

13 Cryptocurrencies

14 Advanced Asymmetric Primitives

15 Bleeding-Edge Cryptography

Part 3: Conclusion

16 Final words: the dangers of developing and implementing crypotgraphy

About the Technology

Cryptography is the foundation of information security. This simultaneously ancient and emerging science is based on encryption and secure communication using algorithms that are hard to crack even for high-powered computer systems. Cryptography protects privacy, secures online activity, and defends confidential information, such as credit cards, from attackers and thieves. Without cryptographic techniques allowing for easy encrypting and decrypting of data, almost all IT infrastructure would be vulnerable.

About the book

Real-World Cryptography helps you understand the cryptographic techniques at work in common tools, frameworks, and protocols so you can make excellent security choices for your systems and applications. There’s no unnecessary theory or jargon—just the most up-to-date techniques you’ll need in your day-to-day work as a developer or systems administrator. Cryptography expert David Wong takes you hands-on with cryptography building blocks such as hash functions and key exchanges, then shows you how to use them as part of your security protocols and applications. Alongside modern methods, the book also anticipates the future of cryptography, diving into emerging and cutting-edge advances such as cryptocurrencies, password-authenticated key exchange, and post-quantum cryptography. Throughout, all techniques are fully illustrated with diagrams and real-world use cases so you can easily see how to put them into practice.

What's inside

  • Best practices for using cryptography
  • Diagrams and explanations of cryptographic algorithms
  • Identifying and fixing cryptography bad practices in applications
  • Picking the right cryptographic tool to solve problems

About the reader

For cryptography beginners with no previous experience in the field.

About the author

David Wong is a senior engineer working on Blockchain at Facebook. He is an active contributor to internet standards like Transport Layer Security and to the applied cryptography research community. David is a recognized authority in the field of applied cryptography; he’s spoken at large security conferences like Black Hat and DEF CON and has delivered cryptography training sessions in the industry.

Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
MEAP combo $59.99 pBook + eBook + liveBook
MEAP eBook $47.99 pdf + ePub + kindle + liveBook
Prices displayed in rupees will be charged in USD when you check out.

placing your order...

Don't refresh or navigate away from the page.

FREE domestic shipping on three or more pBooks