Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition

Amazon.com

Cryptographic techniques have applications far beyond the obvious uses of encoding and decoding information. For Internet developers who need to know about capabilities, such as digital signatures, that depend on cryptographic techniques, there's no better overview than Applied Cryptography, the definitive book on the subject. Bruce Schneier covers general classes of cryptographic protocols and then specific techniques, detailing the inner workings of real-world cryptographic algorithms including the Data Encryption Standard and RSA public-key cryptosystems. The book includes source-code listings and extensive advice on the practical aspects of cryptography implementation, such as the importance of generating truly random numbers and of keeping keys secure.

Book Description

". . .the best introduction to cryptography I've ever seen. . . . The book the National Security Agency wanted never to be published. . . ." -Wired Magazine

". . .monumental . . . fascinating . . . comprehensive . . . the definitive work on cryptography for computer programmers . . ." -Dr. Dobb's Journal

". . .easily ranks as one of the most authoritative in its field." -PC Magazine

". . .the bible of code hackers." -The Millennium Whole Earth Catalog

This new edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography-the technique of enciphering and deciphering messages-to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems.

What's new in the Second Edition?
* New information on the Clipper Chip, including ways to defeat the key escrow mechanism
* New encryption algorithms, including algorithms from the former Soviet Union and South Africa, and the RC4 stream cipher
* The latest protocols for digital signatures, authentication, secure elections, digital cash, and more
* More detailed information on key management and cryptographic implementations

Customer Reviews:

Dated but indespensible.......2007-08-02

Sadly, this book is more than a few years old. That said, it is still the finest single volume introduction to data security in the modern age. For clarity of description, for illustration, and for its success at communicating essential concepts and ideas without resorting entirely to mathematics, it is without peer.

Every so often I look on Amazon and hope that I'll find Schneier has penned a third edition, updating this work with the results of the AES selection process and all the other recent developments in this suddenly fast paced field. Alas, I don't think that's going to happen. But I'm not sure that it would really make any difference -- the field now evolves so swiftly that any detailed, thorough volume would be obsolete by the time it reaches the shelves.

So instead of looking for something more recent, pick up Applied Cryptography. Read it and keep it close at hand as a reference (mine is almost falling apart from years of loving use). Nothing presents the fundamentals as well. If you need to know about a new cipher, a new hash, a new encryption mode or protocol, that's what the Internet is for.

But to really understand the underlying ideas, techniques, challenges, risks, and rewards of cryptography, nothing finer exists.

The unique and original applied cryptography book!.......2007-06-27

This book is extremely complete. It briefly covers the history of cryptography. It describes the political implications of cryptography and finally it shows how cryptography can be used in applications and presents the different cryptographic algorithms.

The algorithm section starts with a number theory primer.Honestly, I have found it a little bit too thin to learn all the needed background to fully understand the algorithms but on the other side, you cannot expect a simple 600 pages book to provide that background in the latest mathematical research number theories. It has at least the merit that it did stimulate my curiosity about number theory when I have read the first edition of this book.

Another point that makes this book interesting is that at the end of each chapter presenting the various algorithms in a given category, you will get Bruce Schneier opinion on which algorithm is the best. Of course, this type of information usually become outdated real fast but it is interesting to follow his thought process and test his predictions as the book grow older.

So, if you are looking for your first cryptography book, it should be this one.

Easy to read, perfect level of detail........2007-06-07

Great Book! The author's style makes this very easy to follow, and he frequently clarifies on topics which are difficult to grasp. Most importantly, he writes from a practical point of view; the material is very grounded and applicable instead of being a math textbook. That being said, he cites over 1600 sources; the book is riddled with leads to sources with more complete coverage for those interested in the fine details. Though I have some programming experience, I don't intend to write any programs; but it is interesting to read the logic in code. It was my goal to learn about modern cryptography and I have achieved that and much more.

Excellent Introduction.......2007-03-12

This book is now in the thirteenth reprinting of it's second edition with more than a hundred thousand copies sold. It is the definitive book on cryptography from the standpoint of a general overview of what sending secret messages is all about. It is not specifically oriented to the developer, but is more general in nature. There is not enough here for the mathematically inclined to seriously research the background of all the various systems.

As such consider this to be an introductory book on cryptography in general with a bit of history, a bit of story telling, an analysis of various cryptographic protocols and systems. There is source code provided for nine common protocols, and an invitation to order a three disk system that has source code for several more algorithms, functions, systems and additional text on various subjects. This disk set can only be sent to US and Canada addresses because of export rules on cryptographic information.

This is the definitive book on the subject. The only complaint I have is that it could stand to be done over in a third edition that would bring it more up to date.

A must-have book for understanding Cryptography........2006-03-11

This book has really shed a lot of light on cryptography for me. I honestly can't put it down--I wish I had paid more attention in my statistics classes so I could be able to apply some of the stuff the author talks about better. I am about half way through the book, and I haven't gotten to the point where it's more of a chore than a pleasure to read it (something I can't about my other technical books).
Glancing through the C source code at the end of the book started me thinking on the code implementation in my efforts - although I used Java althrough my life. I am not much comfortable with the C code because I was hoping for more goodie examples. If you want some practical guidance..you may little bit uncomforatble as well. At the end of the day if you are serious about Cryptography then you really need to get a copy of this.

Average customer rating:

If you write software this book will help you understand cryptography
Biased to Schneier's algorithms
Self contradictory and self lauding
Must be used with Applied Cryptography
this book has no substance

Practical Cryptography
Niels Ferguson , and Bruce Schneier
Manufacturer: Wiley
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books
Similar Items:

ASIN: 0471223573

Book Description

Security is the number one concern for businesses worldwide. The gold standard for attaining security is cryptography because it provides the most reliable tools for storing or transmitting digital information. Written by Niels Ferguson, lead cryptographer for Counterpane, Bruce Schneier's security company, and Bruce Schneier himself, this is the much anticipated follow-up book to Schneier's seminal encyclopedic reference, Applied Cryptography, Second Edition (0-471-11709-9), which has sold more than 150,000 copies.
Niels Ferguson (Amsterdam, Netherlands) is a cryptographic engineer and consultant at Counterpane Internet Security. He has extensive experience in the creation and design of security algorithms, protocols, and multinational security infrastructures. Previously, Ferguson was a cryptographer for DigiCash and CWI. At CWI he developed the first generation of off-line payment protocols. He has published numerous scientific papers.
Bruce Schneier (Minneapolis, MN) is Founder and Chief Technical Officer at Counterpane Internet Security, a managed-security monitoring company. He is also the author of Secrets and Lies: Digital Security in a Networked World (0-471-25311-1).

Customer Reviews:

If you write software this book will help you understand cryptography.......2007-01-15

This book really does explain the practical side of cryptography and writing cryptographic software.

The authors take the readers with them as they design a secure communication system using existing algorithms and standards. You look over the shoulders of two experts in the field as they make decisions (e.g. AES vs. Serpent vs. Twofish) and explain them (e.g. AES is the IBM of algorithms, Serpent is the most secure, and Twofish is fast like AES but without the vulnerabilities).

There is an entire chapter devoted to "Implementation Issues" which includes some of the best information on software design I have ever read. In addition to the cryptography related information, the authors point out some flaws in traditional software development methodology. In fact, this book should be required reading for every computer science student and every practicing software engineer.

If you have had trouble understanding cryptography and cryptographic algorithms in the past, this book will fill in the gaps. The book very well written, which is a rarity in the field of cryptography. If you are a crypto-phile, you can actually read this book for entertainment.

Biased to Schneier's algorithms.......2006-03-11

This can be an annoying book for a serious developer, but I do know Writing a secure cryptosystem is very hard. People should be aware that it is hard, and they are likely to make mistakes. It isn't something that should be attempted lightly. If you are doing some actual work, it's not a good one. The book does not cover sufficient mathematic knowledge, and the edit is bit horrible as well. The authors chose to support their own algorithm shedding less light on AES and even RSA. That really made me stop reading this book.
The author's other book "Applied Cryptography" is still my favorite.

Self contradictory and self lauding.......2005-07-19

From the very first pages, authors emphasize the need for public algorithms and peer review. Yet, the book is full of suggestions that appear first time in the book. They even take time to give fancy names to their new proposals. It is typical to see things like "While writing this chaper we came up with this new random number generator...". Well, the authors could have used some of public scrutiny they are so fond of.

The authors are extremely biased against algorithms designed by others. For example, they bend over backwards to blow some generic weaknesses of AES out of proportions. They even add a scary story of a bored PhD student offhandedly breaking AES. I think this not only unfair but also a bit unethical to direct generic critisism to a design and then pretent it does not apply to their own.

They must be really pissed off when their own algorithm was beaten by AES in the NIST competition.

The book is useful if all you want is a light reading about security and you can manage to read it with a grain of salt.

Must be used with Applied Cryptography.......2004-08-21

As one other reader pointed out this book can be called Applied Cryptography Light. It is true, it gives you more theory and very little math. I did not like this book by itself since I was interested in actual implementation and i wanted to see full algorithms and math. I did end up buying Applied Cryptography and those 2 books combined provide an excellent reference. I was not able to give more than 3 stars since I did not feel i got any knowledge out of this book to be able to apply it in real life except reading: "Cryptography is hard, you might need to hire an expert..." while I want to become an expert myself one day!

this book has no substance.......2003-12-24

The authors spend far too much time preaching that cryptography is only a small (albeit important) part of security. This is not a new revelation. Most cryptographers have known this for a long time. In fact, the only cryptographer I know who believed for many years that cryptography was the entire answer, only to later suddenly realize that this was not the case, is Bruce Schneier himself. (Not coincidentally, his change of opinion coincided with the change in direction his company took from cryptography consulting to managed security monitoring.....)

The book has an extremely condescending tone. It can be summarized as follows: "Cryptography is a very complicated and sophisticated task. Therefore, we will not provide you with any meaningful explanations and details, but only a few tidbits to convince the naive reader that we are very smart and experienced. This should convince you not to attempt to learn more about cryptography, but instead hire us as consultants."

Customer Reviews:

quick reference on PKI.......2007-05-24

This book is just what I needed - a quick tutorial on PKI. It is easy to read and the examples are straight forward. The book is an excellent place to start if you need to get up to speed on cryptography.

One Great Book.......2007-03-26

Being a technical book about a heavy topic I was pleasantly surprised that this book was pretty much "unputdownable". Concepts related to digital certificates, private key/public key cryptography, SSL protocol etc. are lucidly explained and very well presented without for a moment losing track of the overall context. All the chapters are short and sweet and cover everything essential for moving forward with confidence to the next chapter. I would highly recommend reading this book from cover to cover to anyone who is not satisfied with the half-baked knowledge available out there on this subject.

Wonderful book explaining all the secret s of secure communication.......2006-03-04

Cryptography Decrypted is an easy to read and fun book that explains how cryptography has evolved from Caesar's time to now. The author goes over how encryption is used in all areas of communication, and what sequential systems have deveoped to stop hacker attacks along the way. It is detailed but fun to read, and explains how all the enigmatic parts, like Private Keys, Public Keys, Secret Keys, Digital Signatures, SMIME, PGP, RSA, SHA-1 ect. all fit together.
This is an excellent 300 page softback that takes the mystery out of encryption and cryptanalysis. I highly recommend it.
Would love to see H.X. Mel and Doris Baker update it from 2001 to include all that has changed and been added to the present time.

Simply THE BEST!!!.......2006-02-01

This book is phenomenal! I skimmed through countless books on cryptography before I settled on this one. The authors Mel and Baker have the unique ability to make a complex subject like cryptography completely accessible even to the mathematically challenged. This book is a MUST READ! If you work in the IT Security or Network Design field, this book gives you all the background you need to be more effective in your job without having the turgid style of most crypto books. It really does a fantastic job of explaining all the basic building blocks of cryptography as well as suites like SSL and IPSEC in plain everyday language. You will not be disappointed with this book!

Good first book on security.......2005-03-04

Excellent book for people who want to understand in nutshell what security is all about. If you are overwhelmed by several security terms and want to know how things fit in a bigger picture, this is the book for you.

Handbook Of Applied Cryptography (Crc Press Series on Discrete Mathematics and Its Applications)

Average customer rating:

Advanced Crypto for the college mind.
Fantastic traditional reference
A very detailed book, but not for everyone.
Complete and satisfying
Very depthful yet readable

Handbook Of Applied Cryptography (Crc Press Series on Discrete Mathematics and Its Applications)
ALFRED J. MENEZES
Manufacturer: CRC
ProductGroup: Book
Binding: Hardcover

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Reference | Subjects | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Professional | Qualifying Textbooks - Fall 2007 | Stores | Books

Reference | Qualifying Textbooks - Fall 2007 | Stores | Books

Science | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0849385237

Book Description

Cryptography, in particular public-key cryptography, has emerged in the last 20 years as an important discipline that is not only the subject of an enormous amount of research, but provides the foundation for information security in many applications. Standards are emerging to meet the demands for cryptographic protection in most areas of data communications. Public-key cryptographic techniques are now in widespread use, especially in the financial services industry, in the public sector, and by individuals for their personal privacy, such as in electronic mail. This Handbook will serve as a valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography. It is a necessary and timely guide for professionals who practice the art of cryptography. The Handbook of Applied Cryptography provides a treatment that is multifunctional: Â· It serves as an introduction to the more practical aspects of both conventional and public-key cryptography Â· It is a valuable source of the latest techniques and algorithms for the serious practitioner Â· It provides an integrated treatment of the field, while still presenting each major topic as a self-contained unit Â· It provides a mathematical treatment to accompany practical discussions Â· It contains enough abstraction to be a valuable reference for theoreticians while containing enough detail to actually allow implementation of the algorithms discussed Now in its third printing, this is the definitive cryptography reference that the novice as well as experienced developers, designers, researchers, engineers, computer scientists, and mathematicians alike will use.

Customer Reviews:

Advanced Crypto for the college mind........2004-04-26

This very detailed work is not for the light hearted. It's an in depth look at the mathmatics behind cryptography. If you're looking for a book to help you program then look for Applied Cryptography by Bruce the crypto king instead. If you're looking for something to help you learn cryptoanalysis and how to break codes then this is the first step.

Fantastic traditional reference.......2004-01-03

The Chapter 14 - Efficient Implementation - shows several multiple precision algorithms. They are very easy to understand and implement under any microprocessor. It is a very good complement to the book set written by Donald Knuth (The Art of Computer Programming, Volumes 1-3 Boxed Set), another fantastic traditional reference.

A very detailed book, but not for everyone........2003-10-13

This is a fairly strong book on crypto, with heavy detail on the math involved. The upside is that the second chapter is devoted to most of the important mathematical theory you'll need to understand for the rest of the book. The downside? That chapter tries to cover just about the same breadth of information as a semester long course in Number Theory.

If you don't have a ton of mathematical background and are scared of having to take a crash course in number theory, or are looking for a higher level view of things, I'd suggest something more along the lines of Bruce Schneier's 'Applied Cryptography' (ASIN 0471117099). If you have some mathematical background, but want to get into things in detail, this is probably for you.

If you're not sure whether you'll like the book, you should definitely take a look at it. While Amazon currently doesn't have sample pages, if you do a Web Search on "Handbook of Applied Cryptography", you can find Sample Chapters hosted online to give you a good feel for the book's style.

Complete and satisfying.......2003-07-06

This book is a deep detailed analysis of
modern cryptography. It is light on
cryptanalysis.
The mathematical background information
and explanations are complete and clear.
It is very satisfying to be able to read
the prose and implement the ideas in
a computer program with ease.

Very depthful yet readable.......2003-02-22

I read 4 other books before picking this one. It is the most detailed and readable book. Covers all aspect of the Cryptography. Worth the money.

Modern Cryptography: Theory and Practice

Average customer rating:

It's a College TextBook
Good reference, poorly edited
Best of all
Very good book!
Very good book!

Modern Cryptography: Theory and Practice
Wenbo Mao
Manufacturer: Prentice Hall PTR
ProductGroup: Book
Binding: Hardcover

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0130669431

Customer Reviews:

It's a College TextBook.......2004-11-23

It's a pretty good one too, but it's still a college text. The orientation of this book is far more theoretical than practical, complete with abstract mathematical notation that sometimes does more to confuse than to elucidate (although the author, to his credit, includes a glossary of mathematical notation early in the text). Still, the book is complete and up-to-date, covering everything from probability theory and number theory through the latest stuff on PKI, symmetric crypto (including AES), and authentication.

Cryptography is not an easy subject, and this book will take a while to wade through for all but the most mathematically astute readers. Nonetheless, for those wanting a "deep dive" into the theoretical underpinnings of the subject, this is a good book. Security practitioners will likely find Schneier's "Applied Cryptography" an easier, more enjoyable, and equally beneficial read, although it is due for an update.

Good reference, poorly edited.......2004-05-20

What's great about Mao's book is that so many aspects of cryptography are covered in an approachable manner and with many good examples.
What's not so great about Mao's book is that it is chock full of errors. There are many mathematical typos. But what really kills this book for me are the ridiculous number of English mistakes - on average about two or three per page. Most mistakes are simple grammatical mistakes that can be re-parsed by the reader on the fly. However, there are more serious errors that make it very difficult to understand the meaning of significant passages and concepts.
Given Mao's refreshing conversational style it's a real shame that Prentice Hall couldn't come up with some decent editing. Hopefully a second edition will fix this.

Best of all.......2004-03-19

Excellent,the best of all modern treatment on this subject,All in one guide.
Not for beginner.Icluded are many new features as ID based,Pairing,Provable security etc.
Nguyen Quoc Nam

Very good book!.......2004-01-08

Cryptography has been around for a long time but a solid introductory crypto book is hard to find. This is one of the best crypto book I have ever bought. Well worth the investment and I am sure it is a book that I can always go back to if I need to look up something. It has a nice number theory chapter but I wish it could be more in depth(provides more proofs). The chapters on public-key crypto and related crypto.techniques are very well written. This book also covers some nice research result one can only found on some research papers(if one cares to dig). I am very impressed with this book! Not too "dry" nor too "elementary!"

Very good book!.......2004-01-08

Malicious Cryptography: Exposing Cryptovirology

Average customer rating:

A great technical book for advanced users
Excellent!!!
totally rads
Excellent
Heaven's dark side

Malicious Cryptography: Exposing Cryptovirology
Adam Young , and Moti Yung
Manufacturer: Wiley
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

All Amazon Upgrade | Amazon Upgrade | Stores | Books

Computers & Internet | Amazon Upgrade | Stores | Books
Similar Items:

ASIN: 0764549758

Book Description

Hackers have uncovered the dark side of cryptography—that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It’s called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who first identified cryptovirology show you exactly what you’re up against and how to fight back.

They will take you inside the brilliant and devious mind of a hacker—as much an addict as the vacant-eyed denizen of the crackhouse—so you can feel the rush and recognize your opponent’s power. Then, they will arm you for the counterattack.

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

Understand the mechanics of computationally secure information stealing
Learn how non-zero sum Game Theory is used to develop survivable malware
Discover how hackers use public key cryptography to mount extortion attacks
Recognize and combat the danger of kleptographic attacks on smart-card devices
Build a strong arsenal against a cryptovirology attack

Download Description

This book reads like a futuristic fantasy, but be assured, the threat is ominously real. Vigilance is essential, now.

Understand the mechanics of computationally secure information stealing
Learn how non-zero sum Game Theory is used to develop survivable malware
Discover how hackers use public key cryptography to mount extortion attacks
Recognize and combat the danger of kleptographic attacks on smart-card devices
Build a strong arsenal against a cryptovirology attack

Customer Reviews:

A great technical book for advanced users.......2005-04-25

Although "Malicious Cryptography" is most certainly not for beginners, you will enjoy it if you have some background in security and anti-virus research.

Be warned, though: cyber-punk style of this book will probably resonate with some, and irk others.

Excellent!!!.......2005-02-02

Malicious Cryptography: Exposing Cryptovirology is a brilliant book from two leading cryptographers.

This is not for the fainthearted.

If you are looking for an intro to crypto, look elsewhere.

If you want cutting edge info about breaking crypto and making your crypto stronger, this is the book.

totally rads.......2004-07-08

duncan young is truly a gift to the world of cyberphreakery. i once saw him defeat a host of cyborg lemurs with his chainsaw-arm. it was so good. this guy is from the f*ckin future. 'nuff said

Excellent.......2004-05-30

Bypassing computer security systems has sometimes been called an art rather than a science by those who typically do not interact with computing machines at a level that would allow them to appreciate the science behind security attacks. This book does not address the strategies of how to bypass security systems, but instead concentrates on how to use cryptographic methods to corrupt the machines once access has been acquired. Clearly the authors are very excited about the developments in cryptovirology, a relatively young field, that have taken place in the last five years. Their goal though is not to train hackers to break into systems, but rather to coach the reader on how to find vulnerabilities in these systems and then repair them. The subject of cryptovirology is fascinating, especially in the mathematics that is uses, and a thorough knowledge of its power will be required for meeting the challenges of twenty-first century network computing.

After a "motivational chapter" that it meant to shed insight on what it is like to be a hacker, this being done through a collection of short stories, the authors move on to giving a general overview of the field of cryptovirology in chapter 2. The reader gets his first dose of zero-knowledge interactive proofs (ZKIPs), which allow a prover to convince a verifier of a fact without revealing to it why the fact is true. The authors point out that viruses are vulnerable once found, since their rudimentary programming can be then studied and understood. This motivates the introduction of public key cryptography into the payload of the virus, and it is at this point that the field of cryptovirology is born.

Chapter 3 is more of a review of modular arithmetic, entropy generators, and pseudorandom number generators and can be skipped for those readers familiar with these. The authors emphasize the need for effective random number generators and in using multiple sources for entropy generation. They also introduce the very interesting concept of a `mix network', which allows two mutually distrusting parties to communicate securely and anonymously over a network. `Onion routing' is discussed as a method for implementing asynchronous mix networks. Mix networks can be used to hide the propagation history of a worm or virus.

In chapter 4, the authors discuss how to implement anonymous communication and how to launch a cryptotrojan attack that utilizes an anonymous communication channel. There are many applications of anonymous communication, one being E-money, and also, unfortunately, money laundering. The authors describe in fair detail how to conduct criminal operations with mix networks and anonymous money. This same technology though allows freedom of speech in geographical areas that are not sympathetic to it. Electronic voting, so controversial at the present time, is discussed as an activity that is very susceptible to the threat of stegotrojans or government violation of anonymity. Techniques for doing deniable password snatching using cryptovirology, and for countering it using zero-knowledge proofs, are also discussed.

Chapter 5 introduces techniques for preventing the reading of counters when a virus is propagating from one machine to another. Known as `cryptocounters', the authors discuss various techniques for constructing them, such as the ElGamal and Paillier public key cryptosystems.

Private information retrieval (PIR), which allows the secure and private theft of information, is discussed in chapter 6, wherein the authors present a few schemes for performing PIR. These schemes, unfortunately, allow the theft of information without revealing anything about the information sought and without revealing anything about what is taken. The authors also introduce a concept that they call `questionable encryptions', which are algorithms to produce valid encryptions or fake encryptions depending on the inputs. Related to question encryption, and also discussed in this chapter, are `deniable encryptions', which allow the sender to produce fake random choices that result in the true plaintext to be kept secret. Also discussed is the topic of `cryptographic computing', which allows computations with encrypted data without first having to decrypt it. The modular arithmetic used in this chapter is fascinating and well worth the read.

Chapter 7 is by far the most interesting of the entire book, and also the most disconcerting if its strategies are ever realized. The goal of the chapter is to find out to what extent a virus can be constructed whose removal will damage the host machine. This, in the author's opinion, would be a genuine `digital disease', and they discuss various scenarios for bringing it about, which are at present not realized, but could be in the near future. The approach discussed involves game theory, and the authors show how the payload of a virus can survive even after discovery of the virus. They give a very detailed algorithm on how to attack a brokerage firm, including the assumptions that must be satisfied by such an attack. The attack is mounted by deploying a distributed cryptovirus that tries to find three suitable host machines, and the attack consists of three phases, the first involving replication leading to the infection of the three machines, the second involving preparation for the attack, and third involving playing the two-player game. The host machines, to be acceptable for launching the attack, must either be "brokerage" machines, which have sensitive information available to the virus, or "reclusive" machines, which are machines that are not subjected to much scrutiny. The goal of the virus, according to the authors, is to give the malware purchasing power, and not direct monetary gain. The virus may then evolve over time to become a portfolio manager, and may even act as a surrogate for purchasing shares on behalf of the firm or client. Other possibilities for the virus are discussed, and the authors overview the security of the attack and its utility.

I did not read the rest of the chapters in the book, so I will omit their review.

Heaven's dark side.......2004-05-15

For some time now we have been taught that modern cryptography offers an elegant solution to a number of problems. Communicate securely? use a VPN; identify the author of a document? use a digital signature; securely encrypt e-mail? use PKI. But what if the very power behind these solutions can itself be [misinterpreted]? If such is the case, then encryption can be a curse, a digital signature an illusion and the heralded savior an unconquerable nemesis. This is the essence of what this book is about.

To be sure this is not easy reading. It is adult material, meaning that thinking is required. But it could not be otherwise, the material would not allow it. However the reader will be well rewarded for every morsel of math they endeavor to puzzle through. The realization of the potential dark side of modern cryptography is the first step in preparing to defend against it. This book provides that realization.

Book Description

This is THE definitive book on digital signatures, written by RSA insiders, and backed by RSA Security, Inc., the most trusted name in e-security. This expert resource explains the main goals of security--confidentiality, authentication, integrity, and non-repudiation--and gives insight into actual real-world digital signature implementations.

Customer Reviews:

Digital Signatures.......2002-02-23

an excelllent book on digital signatures!!

Cryptography for Visual Basic(r) : A Programmer's Guide to the Microsoft(r) CryptoAPI

Average customer rating:

4 1/2 stars
Sample codes doen't work
Excelente
Buy this book if you need rapid results
Second to none!

Cryptography for Visual Basic(r) : A Programmer's Guide to the Microsoft(r) CryptoAPI
Richard Bondi
Manufacturer: John Wiley & Sons
ProductGroup: Book
Binding: Paperback

General | Computers & Internet | Subjects | Books

Windows Security | Security & Encryption | Computers & Internet | Subjects | Books
Similar Items:

Developing Secure Applications with Visual Basic

ASIN: 0471381896

Amazon.com

The Microsoft CryptoAPI can provide "strong," unbreakable encryption on the Windows platform. If you're a Visual Basic (VB) programmer, Richard Bondi's Cryptography for Visual Basic can put this powerful set of APIs within your reach. This title will serve as both an introduction to cryptography and a how-to with CryptoAPI by using the author's prebuilt library of COM objects.

The early part of this book tries hard to put the elements of today's public key encryption standards (like RSA) within the grasp of the VB programmer. You'll learn the basics of random-number generation, ciphers, keys, and the "protocols" behind today's encryption standards. Inevitably, these are written by using shorthand, such as, "Alice wants to send Bob a message." The author manages to make essential concepts in cryptography rather clear.

The next section here lays the foundation for working with the Microsoft CryptoAPI by presenting a number of useful strategies for passing (and returning) values to and from C from within VB, along with techniques for error handling and improved performance.

The heart of this text is the author's custom library of COM objects that "wrap" the underlying Microsoft CryptoAPI C calls for use from within VB. Subsequent chapters look at various areas of the CryptoAPI and the resulting COM objects. The author covers not only the assumptions and strategies of working with the CryptoAPI, but also the design choices that are made in his library. For those who are in a rush, the book provides sample code on how to use this library in your own VB applications in an appendix.

Today, security is a concern in any enterprise, so Cryptography for Visual Basic fills a useful niche. It explains the basics of encryption technologies, shows off how it's done on the Windows platform with the Microsoft CryptoAPI, and also makes it possible to call these APIs from within VB. If you have wondered how cryptography works, or how it's implemented in Windows, this tutorial can put you on the right track. --Richard Dragan

Topics covered:

Introduction to cryptography
Ciphers
Random-number generators (RNGs)
One-pad ciphers
Public-key cryptography
Symmetric and asymmetric ciphers
Overview of the Microsoft CryptoAPI
Techniques for parameter passing from VB to Win32 C APIs
VB string handling tips
Bitwise logic
Performance tips
Error handling
Wiley CryptoAPI COM Objects (WCCO) (the author's custom VB COM object library for the CryptoAPI)
CryptoAPI providers and containers
Key and key-pair objects
Hashing and signing
Encryption and message texts
Key management and data security
Public law and cryptography
Sample code for using the WCCO library

Book Description

"This is essential reading for anyone who needs to understand Microsoft's CryptoAPI,its strengths and its limitations."-Bruce Schneier, author of Applied Cryptography and CTO of Counterpane Internet Security, Inc.

With billions of dollars at stake,e-businesses must take the necessary steps to ensure privacy and protection for customer data. Microsoft's CryptoAPI provides Visual Basic programmers with strong cryptography to keep this data safe, but its internals have been a mystery until now. This book guides you through the process of accessing the powerful but tricky routines of Microsoft's cryptographic libraries. You'll find an in-depth introduction to modern cryptography and learn how to build cryptographic "modules" (COM objects) that can be used by any Visual Basic program. Best of all, the source code is included under an Open Source license so that you are free to use, modify, and distribute it, even commercially, without paying any fees. You can help enhance the code as part of the Open Source community. Providing much-needed insight on Microsoft's cryptography, this book will help you:
* Learn how modern cryptography works
* Find out how the Base Functions of the CryptoAPI work
* Discover how to call the API from Visual Basic
* Uncover deep Visual Basic tricks to write a powerful error handler
* Learn how to write the WCCO (Wiley CryptoAPI COM Objects) COM wrappers for the CryptoAPI
* Utilize several quality assurance tests for the WCCO

The CD-ROM includes:
* WCCO 1.0 Source Code and its Wiley Open Source License
* WCCO 1.

Customer Reviews:

4 1/2 stars.......2003-11-17

The chore of every VB programming author is to simplify things so that the dullards can grasp it. He knows this and has succeeded wonderfully. If you want to get your brain around cryptology in a VB sort of way this is the book.

Bondi gets 4 1/2 stars, not five, and put a red flag up, for including the 'Regasaurus' program in the CD and touting it up in the book. The program raises a 'Type Mismatch' error as soon as you click the 'Start' button. I went to Bondi's website to download the latest version and the error is still there. Three years since the book has been published.

Microsoft has released their own CryptoAPI wrapper (Capicom) so you might want to investigate it before you make a big committment to the WCCO objects. But you will need this book in either case.

Sample codes doen't work.......2003-10-21

This book introduced the Wrapper WCCO and code sample of how to use this wrapper (in Appendix). However, when one run the sample code, he will get a lot of error messages. The code is simply not work.

Excelente.......2001-10-09

Recomiendo este libro a aquellas personas que están intesadas en la implantacón de soluciones basadas en criptografia pero que no quieren involucrarse en la teoria que sustentan dichas API. Si bien el libro está orientado a soluciones basadas en Visual Basic, éstas pueden ser implantadas con otros lenguajes de programcaión basados en WINTEL tales como Power Builder, C++ Builder y otros.

Buy this book if you need rapid results.......2001-02-06

Credit where it's due - this is a great book for those who need to use cryptography in their VB programs. I started off reading the only other book available on the subject, and got bogged down in loads and loads of details very quickly. The other book focuses too much on the rather cryptic (!) Win32 Crypto API too early and in too great a detail. The Win32 Crypto API is large, messy and counter-intuitive to put it mildly. On the plus side, the other book does seem to cover a bit more, and in some areas in quite a bit more depth, but I would say that Bondi's book is definitely the easier to read and understand of the two. Also, rather than having to build up an object model as you read through the book (and having to type the relevant parts that you need as you go), Bondi's book comes with a very complete - and understandable - object model on CD that shields you from the horrible Crypto API underneath. The idea of cryptography seems quite straightforward at first, but if you need convincing about the need to abstract away all this mess into a nice clean object hierarchy, then take a look at the one that comes with Bondi's book - there's a ton of code in there and most of it is the kind of stuff you couldn't write without a really in-depth knowledge of the Win32 Crypto API. This is what wrappers are for, and Bondi's makes a great job of making the whole mess useable!!! Microsoft could have made the API much easier, especially for those who only want to use a fraction of the services it provides. Unfortunately, Microsoft made the API as something that you can only realistically use via a decent object model, like the one that comes with Bondi's book. The other book stands as a great reference for those who need to go further, but for those who want to understand what the hell's going on and do things quickly without spending ages becoming a guru before you can do anything, Bondi's book is the book of choice. In short, the Win32 Crypto API is a nasty mess. If you are in a position to do so then buy both and read Bondi's book first. But if you are looking to buy just one book, defininitely get this one.

Second to none!.......2001-02-03

This book was, to put it simply...excellent. The author, Richard Bondi, was very responsive on his bulletin board to any and all questions. The included code was very thorough (only certain aspects of the CryptoAPI were detailed, so review the table of contents first), masterful, and well thought out. The only thing lacking was perhaps more details on implementation, such as key management. Other books, such as Bruce Schneier's "Applied Cryptography" (1996) might be a good supplement to delve into details that this book didn't traverse. My company is currently implementing the code from the book (as is!) in an enterprise-wide application. It's that good!

Understanding PKI: Concepts, Standards, and Deployment Considerations, Second Edition

Average customer rating:

Clear explanation for system architects
This book made a better sermon than a technical read
Terrific explanation of PKI
Has value for Technical Architects / Security Analysts
Nearly worthless

Understanding PKI: Concepts, Standards, and Deployment Considerations, Second Edition
Carlisle Adams , and Steve Lloyd
Manufacturer: Addison-Wesley Professional
ProductGroup: Book
Binding: Hardcover

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0672323915

Book Description

This book is a tutorial on, and a guide to the deployment of, Public-Key Infrastructures. It covers a broad range of material related to PKIs, including certification, operational considerations and standardization efforts, as well as deployment issues and considerations. Emphasis is placed on explaining the interrelated fields within the topic area, to assist those who will be responsible for making deployment decisions and architecting a PKI within an organization.

Customer Reviews:

Clear explanation for system architects.......2007-03-16

This book details PKI architecture from a vendor-neutral perspective; perfect if you need to understand how PKI fits into your enterprise system design. I disagree with some of the other reviews that claim this book is for managers. The reviewers making these statements might be code hackers who don't care much about the overall technical structure. It is great for system architects. PKI is an infrastructure, not a programming language.

This book made a better sermon than a technical read.......2006-07-30

I've read many books on PKI and there are not many good ones out there. This one used to be the best among some very awful books, which wasn't saying much. It was excellent on covering the standards of PKI such as they exist, but otherwise said very little about installation, layout, protocols, and design, common problems, and real world solutions. Most of what they said was repeated multiple times throughout the book. Sometimes even on the very next paragraph. They took two/three pages just to say that the top down approach to PKI planning is better than slapping in a service just to support a single product. Stating the obvious didn't win any points with me. They discussed outdated or barely used protocols like SET, and didn't bother getting in depth at all with protocols that are in use like SSL. They discussed Single Sign On like a simple PKI install will solve all our problems, completely missing the outstanding problem of vendor interoperability. Active Directory and PKI are only mentioned in passing with no operational details. Get Klaus Schmeh's book or the Housley book instead.

Terrific explanation of PKI.......2006-01-16

This book does a terrific job of explaining how various applications can use PKI and what PKI requires from an infrastructure stapoint. Part III, Deployment COnsiderations, is exceptionally good at how can PKI can be used from a practical standpoint. Strikes just the right balance between theoretical and practical. Technical detail was totally sufficient for me and included everything up to but not including a discussion of the actual mathematics behind public key encyrption.

Highly recommended!!

Has value for Technical Architects / Security Analysts.......2004-05-08

I think there's some merit to people expecting a more hands on approach in a book like this. But those expectations seems unrealistic. The book is not titled "Implementing PKI," it's called "Understanding PKI."

There is value in a concepts book. For experienced technical professional trying to get a grip on the terminologies and concepts of security and PKI, this book is succinct and touches all the major points.

For those looking for screenshots of people right clicking icons, there's a thousand other books like that! Most of those so called "technical books" are not that technical. It's nice to have a book that's not product specific for a change.

This book does what it intends to do well. There is a need for more technical books but this book is valuable in it's present form. I have given several copies to peers.

I hope this review helps you balance out your opinions before deciding for or against this book.

Nearly worthless.......2003-03-23

I bought this book because of the excellent reviews it got. However upon reading this I can't see any justification for these reviews. First of all it is very high level; I mean appropriate for your manager's, manager's manager maybe. This book is all about fawning over Diffie Hellman and philosophizing about how pki should be used etc. There is no technical information in this book, no code, no flow charts, no diagrams, no data structures. It doesn't even explain how pki is applied, for example to ssl. All the real information in this book could have been condenced to a few pages. I really needed this book to be good and it was not. Look if you want to go to a cocktail party and impress someone with no technical exposure then maybe this is your book. Otherwise there must be better choices.

Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More

Average customer rating:

Good developer reference
a good reference if you've really got to be secure
Great book for anyone using C
A task-oriented reference guide
Bought it for one reason but ended up using it.

Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
John Viega , and Matt Messier
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Network Programming | Networking | Computers & Internet | Subjects | Books

French | Foreign Language Nonfiction | Nonfiction | Subjects | Books

C & C++ | Programming | O'Reilly | By Publisher | Books

General | Programming | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

Nonfiction | French | Foreign Language Books | Specialty Stores | Books

All French Books | French | Foreign Language Books | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0596003943

Book Description

Password sniffing, spoofing, buffer overflows, and denial of service: these are only a few of the attacks on today's computer systems and networks. At the root of this epidemic is poorly written, poorly tested, and insecure code that puts everyone at risk. Clearly, today's developers need help figuring out how to write code that attackers won't be able to exploit. But writing such code is surprisingly difficult. Secure Programming Cookbook for C and C++ is an important new resource for developers serious about writing secure code. It contains a wealth of solutions to problems faced by those who care about the security of their applications. It covers a wide range of topics, including safe initialization, access control, input validation, symmetric and public key cryptography, cryptographic hashes and MACs, authentication and key exchange, PKI, random numbers, and anti-tampering. The rich set of code samples provided in the book's more than 200 recipes will help programmers secure the C and C++ programs they write for both Unix® (including Linux®) and Windows® environments. Readers will learn:

How to avoid common programming errors, such as buffer overflows, race conditions, and format string problems
How to properly SSL-enable applications
How to create secure channels for client-server communication without SSL
How to integrate Public Key Infrastructure (PKI) into applications
Best practices for using cryptography properly
Techniques and strategies for properly validating input to programs
How to launch programs securely
How to use file access mechanisms properly
Techniques for protecting applications from reverse engineering

The book's web site supplements the book by providing a place to post new recipes, including those written in additional languages like Perl, Java, and Python. Monthly prizes will reward the best recipes submitted by readers. Secure Programming Cookbook for C and C++ is destined to become an essential part of any developer's library, a code companion developers will turn to again and again as they seek to protect their systems from attackers and reduce the risks they face in today's dangerous world.

Customer Reviews:

Good developer reference .......2006-03-23

This is a well-written and example oriented book for C/C++ programmers that covers secure programming in all aspects. I had been using this book for last one year now and It helps me as a quick reference and also real source code demonstrating practical approaches that can be incorporated into their software projects.

The book needs a little update but still helps any aspiring C/C++ programmer involved with crypto.

a good reference if you've really got to be secure.......2004-05-13

If you are not sure that you need this book, then you probably don't. But if there is something it the table of contents that you've got to know, and you've got to get it right, then this would be a good book to have. Chapter 12 on Anti-Tampering was a really enjoyable read, though probably a futile task.

Great book for anyone using C.......2003-10-31

This is simply a great book for anyone using C or C++.

These guys literally wrote the book on secure code.

Read it!

A task-oriented reference guide.......2003-10-16

This well-written book covers a lot of topics that I have not read in other books.

Its strengths include:

--Good coverage of cryptography programming
--Task-oriented solutions to specific programming problems
--Easy to navigate "cookbook" style ("with recipes" as the authors call them)

However, some areas of improvement might be:

--Could use more coverage of important subjects (buffer overflows, etc.)
--spends a lot of space on narrower examples (like explaining certain APIs that are documented well online)
--Sometimes jumps into material without much background explanation (which was confusing for me)

It is probably not the first book you should read on the subject. This is more of a recipe guide that is useful if you get stuck on coding a particular topic that happens to be covered. The authors have done a good job of explaining what coverage they do and don't include.

Bought it for one reason but ended up using it........2003-10-16

To be truthful, I bought this book because the "gang" I hang out with is mentioned in the Acknowledgments section of the book. That was the ONLY reason when I sent money to Amazon.Com and purchased it for the dusty collection on my bookshelf.

But, when I got it and chuckled over the Acknowledgements section, I started to mindlessly flip through the book. Mindless page flipping soon turned to semi-conscious scanning. Semi-conscious scanning soon turned to serious reading. I find myself reading the book more and more, jumping back and forth between sections I find interesting and useful.

As a Windows C++ programmer for in-house tools, I do not dwell much on secure programming concepts. Yes, this is very, very bad way to program, so those of you reading this review should not try it at home. This book has shown the errors of my ways, revealed security issues that I have overlooked by accident or on purpose and gave concepts and examples that I can apply in my projects.

This book is one reference that I will be going back over and over again. The authors and editors have done a wonderful job to make the reading flow nice and easy. It is also very well laid out by stating the problem you may encounter, followed by a solution and then detailed discussion section with code samples.

For any C/C++ programmer making software to be used by more than one person, this reference book is a must.

You can still read the Acknowledgments and marvel at my name on there, of course.

Books:

Books Index

Books Home

Recommended Books