Real-World Cryptography
David Wong
  • MEAP began June 2019
  • Publication in Early 2021 (estimated)
  • ISBN 9781617296710
  • 500 pages (estimated)
  • printed in black & white

Contains one of the most understandable introductions to cryptography I have ever read.

Harald Kuhn
If you’re browsing the web, using public APIs, making and receiving electronic payments, registering and logging in users, or experimenting with blockchain, you’re relying on cryptography. And you’re probably trusting a collection of tools, frameworks, and protocols to keep your data, users, and business safe. It’s important to understand these tools so you can make the best decisions about how, where, and why to use them. Real-World Cryptography teaches you applied cryptographic techniques to understand and apply security at every level of your systems and applications.

About the Technology

Cryptography is the foundation of information security. This simultaneously ancient and emerging science is based on encryption and secure communication using algorithms that are hard to crack even for high-powered computer systems. Cryptography protects privacy, secures online activity, and defends confidential information, such as credit cards, from attackers and thieves. Without cryptographic techniques allowing for easy encrypting and decrypting of data, almost all IT infrastructure would be vulnerable.

About the book

Real-World Cryptography helps you understand the cryptographic techniques at work in common tools, frameworks, and protocols so you can make excellent security choices for your systems and applications. There’s no unnecessary theory or jargon—just the most up-to-date techniques you’ll need in your day-to-day work as a developer or systems administrator. Cryptography expert David Wong takes you hands-on with cryptography building blocks such as hash functions and key exchanges, then shows you how to use them as part of your security protocols and applications. Alongside modern methods, the book also anticipates the future of cryptography, diving into emerging and cutting-edge advances such as cryptocurrencies, password-authenticated key exchange, and post-quantum cryptography. Throughout, all techniques are fully illustrated with diagrams and real-world use cases so you can easily see how to put them into practice.
Table of Contents detailed table of contents

1 Introduction

1.1 A Peek Into the World of Cryptography

1.1.1 Symmetric Cryptography: Symmetric Encryption

1.1.2 Kerckhoff’s Principle: Only the Key is Kept Secret

1.1.3 Asymmetric Cryptography

1.1.4 A Map of Cryptography

1.1.5 Two Goals: Confidentiality and Authentication

1.2 Real World Cryptography

1.2.1 Theoretical Cryptography Versus Real World Cryptography

1.2.2 From Theoretical to Practical

1.3 A Word of Warning

1.4 Summary

Part 1: Primitives - the Ingredients of Cryptography

2 Hash Functions

2.1 What Is a Hash Function?

2.2 Security Properties of a Hash Function

2.3 Security Considerations for Hash Functions

2.4 Hash Functions in practice

2.5 Standardized Hash Functions

2.5.1 The SHA-2 Hash Function

2.5.2 The SHA-3 Hash Function

2.5.3 SHAKE and cSHAKE, Two eXtendable Output Functions (XOF)

2.5.4 Attack of the Chapter: Ambiguous Hashing and TupleHash

2.6 Hashing Passwords

2.7 Summary

3 Message Authentication Codes

3.1 What Is a Message Authentication Code?

3.2 Security Properties of a Message Authentication Code

3.3 MAC in the real world

3.4 Message Authentication Codes in Practice

3.4.1 HMAC, a Hash-Based Message Authentication Code

3.4.2 KMAC, a hash based on cSHAKE

3.5 Attack of the Chapter: SHA-2 and Length-Extension Attacks

3.6 Summary

4 Authenticated Encryption

4.1 What Is a Cipher?

4.2 Symmetric Encryption in the Real World

4.3 The AES-CBC-HMAC Encryption Algorithm

4.3.1 The Advanced Encryption Standard (AES)

4.3.2 Mode of operation and integrity: How AES-CBC-HMAC works

4.4 Authenticated Encryption with Associated Data (AEAD)

4.4.1 What is an AEAD?

4.4.2 The AES-GCM AEAD

4.4.3 Chacha20-Poly1305

4.5 Key Wrapping and Nonce-Misuse Resistance

4.5.1 Wrapping Keys: How To Encrypt Secrets

4.5.2 AES-GCM-SIV and Nonce-Misuse Resistance Authenticated Encryption

4.6 A Map of Authenticated Encryption

4.7 Other Kinds of Symmetric Encryption

4.8 Summary

5 Key Exchanges

5.1 What is a Key Exchange?

5.2 Key Exchange Standards

5.2.1 Diffie-Hellman (DH)

5.2.2 Diffie-Hellman Standards

5.2.3 Elliptic Curve Diffie-Hellman (ECDH)

5.3 Summary

6 Asymmetric Encryption and Hybrid Encryption

6.1 What is Asymmetric Encryption?

6.2 Asymmetric Encryption in Practice and Hybrid Encryption

6.3 Standards for Asymmetric Encryption and Hybrid Encryption

6.3.1 Textbook RSA

6.4 Attack of the Chapter: RSA PKCS#1 v1.5

6.5 Asymmetric Encryption with RSA-OAEP

6.6 Hybrid Encryption with ECIES

6.7 Summary

7 Digital Signatures

7.1 What is a Digital Signature?

7.2 Security Properties and Considerations

7.3 Digital Signature Standards

7.3.1 RSA signatures with PKCS#1 v1.5 and RSA-PSS

7.3.2 ECDSA + deterministic ECDSA (nonce issues)

7.3.3 EdDSA

7.4 Summary

8 Randomness and Secrets

8.1 What is Randomness?

8.2 What is a Pseudo-Random Number Generator (PRNG)?

8.3 Obtaining Randomness in Practice

8.4 Randomness Generation and Security Considerations

8.5 Public Randomness

8.6 Key Derivation With HKDF

8.7 Managing Keys and Secrets

8.8 Avoiding Key Management, Or How To Split Trust

8.9 Summary

Part 2: Protocols - The Recipes of Cryptography

9 Secure Transport (Session Encryption)

9.1 What is SSL/TLS?

9.2 How Does TLS Work?

9.2.1 The TLS Handshake

9.2.2 How TLS 1.3 Encrypts Application Data

9.3 The State of the Encrypted Web Today

9.4 Other Secure Transport Protocols

9.4.1 The Noise Protocol Framework: A Modern Alternative To TLS

9.4.2 Wireguard

9.5 Summary

10 End-to-End Cryptography

10.1 Why End-to-End Encryption?

10.2 A Root of Trust Nowhere To Be Found

10.3 Encrypted Emails, Pgp And The Failure Of The Web Of Trust

10.4 Secure Messaging, Moving Away From PGP

10.4.1 Trust On First Use (TOFU)

10.4.2 X3DH, The Signal protocol’s handshake

10.4.3 Double Ratchet: Combining a Symmetric Ratchet and a Diffie-Hellman ratchet

10.4.4 End-to-End Encryption Today

10.5 Summary

11 Authentication protocols

12 Cryptocurrencies

13 Hardware cryptography

14 Post-quantum cryptography

15 Next-gen algorithms

Part 3: Conclusion

16 Final Words: The Dangers of Developing and Implementing Cryptography

What's inside

  • Best practices for using cryptography
  • Diagrams and explanations of cryptographic algorithms
  • Identifying and fixing cryptography bad practices in applications
  • Picking the right cryptographic tool to solve problems

About the reader

For cryptography beginners with no previous experience in the field.

About the author

David Wong is a senior engineer working on Blockchain at Facebook. He is an active contributor to internet standards like Transport Layer Security and to the applied cryptography research community. David is a recognized authority in the field of applied cryptography; he’s spoken at large security conferences like Black Hat and DEF CON and has delivered cryptography training sessions in the industry.

placing your order...

Don't refresh or navigate away from the page.
Manning Early Access Program (MEAP) Read chapters as they are written, get the finished eBook as soon as it’s ready, and receive the pBook long before it's in bookstores.
print book $24.99 $59.99 pBook + eBook + liveBook
Additional shipping charges may apply
Real-World Cryptography (print book) added to cart
continue shopping
go to cart

eBook $19.99 $47.99 3 formats + liveBook
Real-World Cryptography (eBook) added to cart
continue shopping
go to cart

Prices displayed in rupees will be charged in USD when you check out.

FREE domestic shipping on three or more pBooks