Characteristics
- Title: Serious Cryptography: A Practical Introduction to Modern Encryption (1st edition)
- Author: Jean-Philippe Aumasson
- Editor: No Starch Press
- First publication date: 2017
- Price (as of 25/04/2026): $59.99 (2nd edition, No Starch Press) or much cheaper if you get your hands on a second-hand 1st edition
- Pages: 282 (269 of technical content)
Outline
Outline of the book can be found on No Starch Press website.
Context
I read the first edition of Secure Cryptography as one of my friends was getting rid of it and asked me if I wanted it. I obviously accepted but, for this reason, I cannot tell you how much a second-hand first edition costs nor can I write about updates made in the second edition such as Chapter 15: Cryptocurrency Cryptography as it is not in the book I have.
The second edition of the book came out in 2024 and I am pretty sure it includes every update the cryptography world had since 2017. Here is its cover:
Overall opinion
Despite only having the first edition, this book is the best I have read on cryptography for several reasons:
- I did not read a lot of other books on cryptography
- It is meant for non-cryptographers
- It was directly relevant for my everyday job
I appreciated the level of vulgarization used in the book, I often run into cryptography articles written by professionals and it is often hard to apprehend. JP Aumasson clearly explains concepts and also answers the “Why was it designed as such?” question in every chapter. As an engineer, I do not need to understand deeply the mathematics beyond cryptography in my day to day job but I still need to advise people on what is secure or not. That being said, I you read the book, I am pretty confident you will have a deeper understanding of cryptography than most people in your job’s meeting room.
The book is articulated more or less chronologically, following cryptography history, starting with basic concepts, then symmetric encryption and asymmetric encryption, finishing with today’s interrogations on post-quantum cryptography.
The first chapters are about basic concepts such as encryption, why people want to encrypt messages and how it was done in the past. The author also explains randomness and the threat model in cryptography : what are the prerequisites for attacker in which situations etc. That distinction is important, we often see “Man in The Middle” examples in the pentester community but less often threat models of attackers able to perform replay attack such as resending cryptographic material.
The following chapters are about today’s symmetric cryptography: block and stream ciphers, hash functions, keyed hashing and explains concepts such as hard problems. The later chapters are focused on asymmetric cryptography with RSA, elliptic curves, TLS implementation and post-quantum cryptography.
My favourite sections were:
- the AES full explanation in the block ciphers chapter as JP Aumasson takes it as a guiding example, dissecting the algorithm entirely
- all the distinctions in MAC vs HMAC in the keyed hashing chapter
- the elliptic curves chapter as I did not learn it in school and was very interested in how it works
- the quantum and post-quantum chapter as it explains the future challenges for cryptography
I also liked that pieces of actual implementations of the algorithms presented were included in the books with annotations. Mostly, these were in the How things can go wrong sections, which of course are of interest for vulnerability researchers and pentesters. It includes pitfalls that were the causes of actual vulnerabilities.
Conclusion
I recommend Serious Cryptography to anyone interested in cryptography and that, like me, do not have a master degree in mathematics.
Many thanks to Jean-Philippe Aumasson for his work and the time spent writing his book.