May 2025
Intermediate to advanced
328 pages
10h 9m
English
Overview
Learn how the good guys implement cryptography and how the bad guys exploit it.
Everything we do in the digital world is protected by cryptography. But when pure math and algorithms are implemented in code, vulnerabilities emerge and can be exploited by hackers and bad actors. Hacking Cryptography details dozens of practical cryptographic implementations and then breaks down the flaws that adversaries use to exploit them.
In Hacking Cryptography you’ll find unique guidance for understanding how cryptography has failed time and again, including:
In Hacking Cryptography you’ll learn the common attack principles used against cryptographic security, and how to spot the implementation errors that make cryptography unsecure. Throughout, you’ll explore historical examples where popular cryptography has failed, such as the root key compromise for Sony PlayStation 3, and see what impact those failures have had on modern cryptography.
About the Technology
Even the strongest cryptographic systems in code and hardware leave cracks and vulnerabilities a would-be attacker can exploit. In this book, you’ll learn to write cryptographically secure code, sidestep common pitfalls, and assess new bugs and vulnerabilities as they are discovered.
About the Book
Hacking Cryptography helps you secure your systems by revealing the “lockpicks” bad actors use to break cryptographic security. It dives deep into each exploit, explaining complex concepts through real-world analogies, annotated examples, and pseudo-code—no advanced mathematical knowledge required. As you read, authors Kamran Khan and Bill Cox demystify opaque cryptography concepts and techniques so you’ll understand the “why” behind each best practice.
What's Inside
About the Reader
For software and security engineers. Examples in Go.
About the Authors
Kamran Khan is a software engineer with more than a decade of experience at Salesforce, Google, and Microsoft. Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google.
Quotes
Provides an indispensable look into the adversary’s playbook, making it essential reading for any cybersecurity professional.
- Chad Yantorno, Salesforce, Inc.
Comprehensive, mathematical deep-dive into all aspects of cryptography. I highly recommend it for advanced practitioners.
- Adrian M. Rossi, BAE
An essential read for anyone serious about understanding and securing cryptographic systems.
- Julien Pohie, Thoughtworks
Examines detailed case studies of flawed cryptographic implementations, helping you avoid similar mistakes.
- Steven Murdoch, University College London
Everything we do in the digital world is protected by cryptography. But when pure math and algorithms are implemented in code, vulnerabilities emerge and can be exploited by hackers and bad actors. Hacking Cryptography details dozens of practical cryptographic implementations and then breaks down the flaws that adversaries use to exploit them.
In Hacking Cryptography you’ll find unique guidance for understanding how cryptography has failed time and again, including:
- DUAL_EC_DRBG random number generation using backdoored constants
- Exploiting the RC4 stream cipher, as used in WEP
- Block ciphers for padding oracle attacks and manipulation of initialization-vectors
- Exploiting hash functions by using length extension and rainbow table attacks
- Implementing RSA key generation vulnerable to short private exponents and exploiting it using the Weiner attack
- Exploiting PKCS1.5 padding by using Bleichenbacher's signature-forgery attack
In Hacking Cryptography you’ll learn the common attack principles used against cryptographic security, and how to spot the implementation errors that make cryptography unsecure. Throughout, you’ll explore historical examples where popular cryptography has failed, such as the root key compromise for Sony PlayStation 3, and see what impact those failures have had on modern cryptography.
About the Technology
Even the strongest cryptographic systems in code and hardware leave cracks and vulnerabilities a would-be attacker can exploit. In this book, you’ll learn to write cryptographically secure code, sidestep common pitfalls, and assess new bugs and vulnerabilities as they are discovered.
About the Book
Hacking Cryptography helps you secure your systems by revealing the “lockpicks” bad actors use to break cryptographic security. It dives deep into each exploit, explaining complex concepts through real-world analogies, annotated examples, and pseudo-code—no advanced mathematical knowledge required. As you read, authors Kamran Khan and Bill Cox demystify opaque cryptography concepts and techniques so you’ll understand the “why” behind each best practice.
What's Inside
- Random number generator and backdoor constants
- RC4 encryption and WiFi security
- Rainbow tables for cracking hashed passwords
- Length extension and padding oracle exploits
About the Reader
For software and security engineers. Examples in Go.
About the Authors
Kamran Khan is a software engineer with more than a decade of experience at Salesforce, Google, and Microsoft. Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google.
Quotes
Provides an indispensable look into the adversary’s playbook, making it essential reading for any cybersecurity professional.
- Chad Yantorno, Salesforce, Inc.
Comprehensive, mathematical deep-dive into all aspects of cryptography. I highly recommend it for advanced practitioners.
- Adrian M. Rossi, BAE
An essential read for anyone serious about understanding and securing cryptographic systems.
- Julien Pohie, Thoughtworks
Examines detailed case studies of flawed cryptographic implementations, helping you avoid similar mistakes.
- Steven Murdoch, University College London
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.