In this interview, we discuss to Bernhard Esslinger, author of the book, Learning and Experiencing Cryptography with CrypTool and SageMath. We discuss the motivation behind writing the book, the target audience, the most useful aspects of the book, the challenges of writing the book, and advice for other engineers who are considering writing a book.
Bernhard Esslinger worked for SAP in various positions in Germany and the United States until 1998. The German software company produces business software. Bernhard Esslinger headed the development department for all security components of the SAP R/3 system, an information system at that time SAP’s main product line, with which all business-relevant areas of a company could be viewed in context. He was also SAP’s global Chief Information Security Officer (CISO) . From 1998 to 2013 he worked for Deutsche Bank as global head of information security (Head IT Security) in the Corporate Center and as head of the competence center for cryptography. Since 2008 he has been an honorary professor for IT security and cryptology and teaches at Faculty III for economics, business informatics and business law at the University of Siegen. CrypTool has been developed under his leadership since 1998. With CrypTool, many concepts of classic and modern cryptography can be grasped in a playful way, and corresponding methods of cryptanalysis can be understood. The software has been continuously expanded for more than twenty years and is freely available.
1. What was your main motivation behind writing your book?
Throughout my career, I have worked both in industry and at the university. Identifying a gap in teaching and applying cryptography, cryptanalysis, and related protocols for ensuring secure communication and storage motivated the writing of this book. While numerous well-written books cover the theory and historical aspects, we have observed that individuals grasp concepts more effectively when they have the opportunity to apply theory through practical, computer-supported examples. This book bridges the gap by combining theory with real-world, reliable programs, incorporating the latest recommendations from National Institute of Standards and Technology (NIST) and British Standards Institution (BSI).
2. Who is the main target audience for your book and what will they appreciate the most about the book?
The book is aimed to a wide audience, including students and pupils who are beginning to learn about encryption techniques, practitioners, instructors, and self-learners. I believe they will particularly appreciate the guided combination of theory and its specific application, offering the exact place where to try the theory out in various open source (e-learning) programs.
3. What do you see your book being most useful for?
This book, combined with free software, enables readers to deepen their understanding and apply cryptographic knowledge in a personal and professional context. It addresses common pitfalls, such as the confusion between encryption and authentication, and emphasizes the importance of considering privacy beyond algorithm and key length.
4. How did you find the writing of the book? Do you have a specific process or are you quite methodical in your writing approach?
We followed a planned approach for the chapter content, collaborating with experts for different topics. The writing process was straightforward after collecting information, and valuable input from colleagues during reviews enhanced the quality.
5. What challenges did you face when writing the book and how did you overcome them?
While the planned approach worked well, finding the right balance of details without overwhelming readers with mathematics was challenging. Deciding what to include in a vast subject area was a challenge. Maintaining a consistent layout for a 500+ page book presented another difficulty. Even LaTeX (or our knowledge about it) had its problems at some parts – but these obstacles could be overcome with the help of two LaTeX experts.
6. What advice would you give to other engineers who are considering writing a book?
To write a science book, It’s essential to have expertise, effective communication skills, and openness to feedback. Identify aspects and learning methods that are not already covered in existing literature adds unique value to your work.
7. What are you working on next?
- to explore the balance between cryptographic and other security measures for real-life infrastructures,
- to enhance the understanding and didactic explanations of post-quantum algorithms,
- and to research the limits of machine-learning models for cryptanalysis, believing in the untapped potential of artificial intelligence. Early successes in detecting cipher types and finding keys in ciphertext-only attack scenarios motivate our exploration into this exciting field.
Learn more about the book on our websites
More Security and Privacy content here Security and Privacy – Artech House Insider