Cryptography and Network Security: Principles and Practice (3rd Edition)

William Stallings

1 Excellent
Cryptography and Network Security: Principles and Practice by Stallings is a very good book on crypto.

It is not as detailed as Schneier's Applied Cryptography, but is still a great book.

2 Meat and Potatoes
This review is for the 3rd edition -
I'm not a cryptographer by any means. I've owned Applied Cryptography(AC) for 4 years. It's been quite helpful but leans farther into theory (not covered in it) than I was willing or able to research at the time. I often found myself needing to refer to other resources over the years. I purchased this book after thumbing through it a few times at the bookstore. I'm not one to run out and spend $80 on a book in haste. After a couple of collective hours in it at the store I bought it with the intention of returning it in the 30 allotted days for a full refund. That date comes tomorrow and I have no intention on returning it.

I would describe it as a self-contained reference. It covers cryptography principles and practices as the title implies. When discussing the algorithms it covers them with roughly the same notation and detail as AC. However, I found the explained examples to be clearer. When I found myself getting lost I took the text's advice and referred to the chapters on mathematics and number theory. Not only did it clear the fog it also bit me with the math bug. Leading me to buy another great book, Prime Obsession (nothing to do with crypto). I should mention that this book is void of code. I didn't find this to be a problem because if I'm not using a crypto lib I usually have to implement the crypto code from scratch. With the knowledge presented in this book I can do it better. FYI: The OpenSSL lib offers a bunch of implemented algorithims.

3 Surprised that the reviews are posted just to confuse
I am looking at the previous reviews and am really surprised that the book has been published in Aug 2002 (just recently) and the earlier reviews show that they were posted in year 2000 and 2001. It is just confusing the readers because they are not the real reviews. I have not gone through the book, so I don't know how good or bad it is, but at least I know that the reviews are not real. If the reviews are for the earlier editions, then they should be posted under those editions, which anyway have a different ISBN number. Really disappointed.
Unfortunately, I have to put some rating for the book, as in the submission form it is a mandatory field. Hence, I have to put some rating for my submission to go through. I am just putting an average rating, but please ignore my evaluation, as I have not even seen the book.

4 A course oriented book
One of the better books in Security, concentrating on algorithms, rather than stopping at attack descriptions. Very detailed coverage of converntional and public-key encryption. I recommend this book to anyone interested in Security and has some knowledge on algorithms.

5 good book
(this book is good: you can take the encryption algorithms, which are presented in their entirety, and produce practical software. half of the book is dedicated to both symmetric block and public key style encryption.)

I'm just tired of all these reviews which go something like this: "This book is good for people wanting an overview but for a real presentation of the topic look to " I mean this is a fine point to make regarding books like Quantum Physics in 21 days or DOS for Dummies, but for every book out there, there's a more complicated one, and a zillion people looking to assert their superiority regarding the subject matter.

6 The all in one overview
As CTO of an internet security company I am often required to locate information or explain concepts to people regarding network security and the Public Key Infrastructure. Having a ready reference with excellent drawings has made the communication of key concepts easy. For details of implementations, I send the engineers to Applied Cryptography, but for the overview of the Net protocols, I bought everyone in the company this book.

7 A good book that covers breadth
This is a good solid book that attempts and succeeds at covering a very large field in a few hundred pages. It goes into depth on key concepts, and explains those well, but for the most part stays at an abstract or theoretical level. I've read it cover to cover and am buying copies for co-workers.

8 Good introduction to concepts, lousy description of concepts
The books intends on giving an introduction to cryptography covering both the theoretical and the practical aspects of the field.

The first two parts of the book gives an introduction to conventional (symmetric) and public-key cryptography. These parts are mainly theoretical and gives a good introduction for the novice.

The third and the fourth part of the book describes how to use these tools in practice. Though, it would ideally be a nice pedagogical way to teach the concepts (after all cryptography, is a lot about practice) the book fails to accomplish this. The chapters mainly list the different technical aspects of the protocols, but give only few example to how the protocols work in real life. This makes it hard to use the book to get an introduction of the applications. I doubt it would helpful for a person with knowledge within the field---he or she would most likely prefer to refer to the original documents.

In conclusion the first two parts are useful for an introduction, while the two last are a pain.

9 Good introduction to concepts, lousy description of concepts
The books intends on giving an introduction to cryptography covering both the theoretical and the practical aspects of the field.

The first two parts of the book gives an introduction to conventional (symmetric) and public-key cryptography. These parts are mainly theoretical and gives a good introduction for the novice.

The third and the fourth part of the book describes how these tools in practice. Though, it would ideally be a nice pedagogical way to teach the concepts (after all cryptography, is a lot about practice) the book fails to accomplish. The chapters mainly list the different technical aspects of the protocols, but give only few example to how the protocols work in real life. This makes it hard to use the book to get an introduction of the applications. I doubt it would helpful for a person with knowledge within the field---he or she would most likely prefer to refer to the original documents.

In conclusion the first two parts are useful for an introduction, while the two last are a pain.

10 Solid coverage for professionals, students and instructors
This book is intended to serve both as a textbook for an academic course of study, and as a self-study and reference guide for practicing professionals. The material has been extended to emphasize encryption and its central position in network protection. The structure and flow have been reorganized with both classroom use and solo instruction in mind, and additional teaching material, such as additional problems, have been added.

Chapter one is an introduction to the topics to be covered. In a practical way it outlines the concerns involved in the phrase computer security, and the priorities occasioned by the networked nature of modern computing. There is also an outline of the chapters and sequence in the rest of the book. While the text does note that cryptographic techniques underlie most of current security technologies this is only done briefly. Examples in the major categories listed would help explain this primary position.

Part one deals with conventional, symmetric, encryption and the various methods of attacking it. Chapter two covers the historical substitution and transposition ciphers. Symmetric block ciphers are discussed in chapter three, illustrated by an explanation of DES (Data Encryption Standard). The additional conventional algorithms of triple DES, IDEA (International Data Encryption Algorithm), and RC5 are reviewed in chapter four. The use of conventional encryption for confidentiality is outlined in chapter five.

Part three looks at public-key encryption and hash functions. Chapter six introduces public-key encryption and its uses in confidentiality, authentication, and key management and exchange. Number theory is the basis of these modern algorithms, so some basic mathematical concepts are outlined in chapter seven. Digital signatures and message authentication is introduced in some detail in chapter eight. The algorithms themselves are explained in chapter nine, including MD5 (Message Digest algorithm), SHA (Secure Hash Algorithm), and others. Protocols using digital signatures are described in chapter ten.

Part three takes this background material and relates its use in security practice. Chapter eleven looks at authentication, concentrating on Kerberos and X.509. The examples of e-mail security systems given in chapter twelve are PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extension). Security provisions for the Internet Protocol (IP) itself are reviewed in chapter thirteen. Web security, in chapter fourteen, again concentrates on protocol level matters, but also discusses the SET (Secure Electronic Transaction) standard at the application level.

Part four outlines general system security. To the general public the primary concern of security is to deal with intruders and malicious software, so it may seem odd to the uninitiated to find that both of these subjects are lumped together in chapter fifteen. Chapter sixteen finishes off the book with a description of firewalls and the concept of trusted systems that they rely on.

Each chapter ends with a set of recommended readings and problems. Many chapters also have appendices giving additional details of specific topics related to the subject just discussed.