Practical Cryptography in Python: Learning Correct Cryptography by Example
Nielson, Seth James, Monson, Christopher K.
Develop a greater intuition for the proper use of cryptography. This book teaches the basics of writing cryptographic algorithms in Python, demystifies cryptographic internals, and demonstrates common ways cryptography is used incorrectly.
Cryptography is the life blood of the digital world's security infrastructure. From governments around the world to the average consumer, most communications are protected in some form or another by cryptography. These days, even Google searches are encrypted. Despite its ubiquity, cryptography is easy to misconfigure, misuse, and misunderstand.
Developers building cryptographic operations into their applications are not typically experts in the subject, and may not fully grasp the implication of different algorithms, modes, and other parameters. The concepts in this book are largely taught by example, including incorrect uses of cryptography and how "bad" cryptography can be broken. By digging into the guts of cryptography, you can experience what works, what doesn't, and why.
What You'll Learn
- Understand where cryptography is used, why, and how it gets misused
- Know what secure hashing is used for and its basic properties
- Get up to speed on algorithms and modes for block ciphers such as AES, and see how bad configurations break
- Use message integrity and/or digital signatures to protect messages
- Utilize modern symmetric ciphers such as AES-GCM and CHACHA
- Practice the basics of public key cryptography, including ECDSA signatures
- Discover how RSA encryption can be broken if insecure padding is used
- Employ TLS connections for secure communications
- Find out how certificates work and modern improvements such as certificate pinning and certificate transparency (CT) logs
Who This Book Is For
IT administrators and software developers familiar with Python. Although readers may have some knowledge of cryptography, the book assumes that the reader is starting from scratch.
Dr. Seth James Nielson is the founder and chief scientist of Crimson Vista, Inc., a boutique computer security consulting company. He is also the director of advanced research projects at the Johns Hopkins University Information Security Institute where he teaches courses in network security. At Johns Hopkins, he has been working on developing the cryptodoneright.org knowledge base, through a generous grant from Cisco. In working on this project, he came to better understand the knowledge gap between cryptographers and developers. He believes that this book can make a real difference in how cryptography is used and deployed in cyberspace.
Dr. Chris Monson has a PhD in machine learning, has spent over a decade at Google in various engineering and leadership roles, and is currently the director of machine learning at Data Machines Corp. He has broad experience writing and teaching programming courses in multiple languages, and has worked in document password recovery, malware detection, and large-scale secure computing.