InfoSec Reviews – Introduction to Cryptography with Open-Source Software

Reviewer Name: Roy Hills

Reviewer Qualifications: CHECK Team Leader, CREST Assessor, Visiting Lecturer at University of Greenwich

Book Title: Introduction to Cryptography with Open-Source Software

Author: Alasdair McAndrew

Publisher: CRC Press

Date of Publishing: 24 May 2011

ISBN(13): 9781439825709

Price (UK&US price – full price, not discounted price): £49.99, $79.95

URL of Publisher Site: CRC Press

URL of Amazon UK web page: Introduction to Cryptography with Open-source Software (Discrete Mathematics and Its Applications)

URL of Amazon US web page:

If you’re comfortable with basic mathematics and know a little number theory and algebra, this book is an ideal introduction to how cryptography actually works. The main strength of this book is its use of three complementary methods to explain the concepts and algorithms: a text description, the mathematics, and worked examples using Sage.

The use of Sage to demonstrate the mathematical concepts and algorithms is a central theme in this book. Some books use general purpose programming languages, such as C. However, Sage is a simpler and more intuitive language, which avoids the complex syntax of C and the need to include support for big numbers and the like. So, an algorithm that might be a page of C code can be represented in just a few lines of Sage. This lets you concentrate on the math rather than the language.

Sage software is freely available and open source under the GPL license. You can download it from to run on Linux, MacOS or Solaris, or download a Sage virtual machine on Windows. You can also use an online Sage notebook from your web browser at

The book includes introductions to number theory, information theory and finite fields for people who haven’t met these concepts before, or who are a bit rusty and need to brush up on them. I found these chapters useful as they focus on those areas that are used in cryptography, so you don’t have to wade through unnecessary detail. I think the book strikes a good balance with the mathematics: it doesn’t try to over-simplify things, or shy away from the complex areas. Nevertheless, it keeps the math manageable, and explains the algorithms in text and by example so you won’t get lost.

I have a couple of minor criticisms: firstly there are a few errors and typos in the text: most are just distracting, but one says the Fortuna entropy pools are reseeded, “at least once every 100ms,” when it should read, “at most, every 100ms”, which is misleading. Secondly, the screenshots are a blurred and have some peculiar artefacts: it looks as if the publisher has used a lossy compression format, such as JPEG, with a high compression setting. Fortunately, there aren’t many screenshots and this problem doesn’t affect the tables and diagrams.

This book is 461 pages in length and it is concise enough to covers a lot of ground in those pages. There are a couple of appendices: an introduction to Sage and some additional number theory, but both are short and useful and are not simply padding.

The structure of the book is mostly logical, but I was surprised to see block and stream ciphers covered late in the book after public key systems and digital signatures. That’s not really a criticism though; more a personal preference.

I was glad to see a good coverage of elliptic curves, which is becoming increasingly popular for low-powered mobile devices. This fairly modern topic is missing from many of the classic cryptography books, such as Schneier’s Applied Cryptography.

I spent a few evenings with this book, pen and paper and Sage notebook, and found the combination of mathematics, text explanation, and Sage examples a very good way to approach this complex subject. If you want or need to understand the details of cryptographic algorithms, and you’re willing to work through the exercises and give your brain a bit of a work out, this is an excellent book.

This book has definitely earned a place on my bookshelf.

This is an excellent book for anyone who needs a detailed understanding of modern cryptography and wants to understand how the algorithms work. The combination of text descriptions, mathematics and worked examples in Sage really helps to explain this complex subject.