Product Description

Customer Reviews (10)

Good selection of topics, but...
an inconsistent level of explanation. The author does not seem to have a definite idea of what is to be assumed, so his explanations are a bit patchy. In some places, he goes into a lot of detail on the calculational techniques; but in others, his presentation is fuzzy even on the concepts.

I suspect that this book has most to offer on the practical implementation issues, which are highlighted in the title; but it is not sufficient as a stand-alone presentation even on the implementation, not to speak of the conceptual structure & approach, of Elliptic Curve Cryptography. Maybe the author enjoys mathematics, but he's clearly not a mathematician.

This book would best serve as a guide to practical implementation for someone who has already developed a good idea of how ECC is supposed to work.

Implementing Elliptic Curve
There is a very good description on various codes on BIG INTEGER arithmatic. It is very helpful for the developers . The Book also gives a very good description of the various types of algorithms used in ECC.

Lack of clarity.Hard to read and follow.
Unfortunately the book is written without clarity. The author needs to write better to communicate with his reader more clearly.

Good for engineers, as the title says
The book allowed me to gain fair understanding of ECC principles in a matter of hours. It would be difficult to understand without having taken a previous course in cryptography, but if you already have some idea of numbers theory, and you need to get a quick feel of ECC this would be a good place to start. The continued focus on implementation is important to me (being someone who would eventually have to do it). I would add a summary to each section, describing what EXACTLY needs to be done for each operation - less words, more math.

Full of good, helpful information
This book is the first I have read on elliptic curves that actually attempts to explain just how they are used in cryptography from a practical standpoint. It does not attempt to prove the many interesting properties of elliptic curves but instead concentrates on the computer code that one might use to put in place an elliptic curve cryptosystem. The code the author admits could be done in many other ways, but the one he chose I think does its job in instructing the reader just how to implement elliptic curves in cryptography. Indeed, his implementation of large integer math routines is very clear and points out the difference in using a (high level) language like C versus doing the same in Assembly. The only minus to the book from a didactic standpoint are the subroutine schematics that permeate the book. These could have been omitted without any serious damage to understanding what is going on.Readers who need a more rigorous introduction to the mathematics can go to the (immense) literature on elliptic curves. A fine book, and definitely worth reading to gain a practial understanding of elliptic curve cryptosystems. ... Read more

Product Description
Protocols for authentication and key establishment are the foundation for security of communications. The range and diversity of these protocols is immense, while the properties and vulnerabilities of different protocols can vary greatly.
This is the first comprehensive and integrated treatment of these protocols. It allows researchers and practitioners to quickly access a protocol for their needs and become aware of existing protocols which have been broken in the literature.
As well as a clear and uniform presentation of the protocols this book includes a description of all the main attack types and classifies most protocols in terms of their properties and resource requirements. It also includes tutorial material suitable for graduate students. ... Read more

Customer Reviews (1)

A role of a menu: "Have I checked this sort of attack?"
Working in industry and having served the research community reviewing cryptographic protocols for years, I have been privileged to witness a fact: designing cryptographic protocols is a no-ending job. This is an inevitable result of the fact that our society is now entering the information era for which new and diversified applicational or functional requirements for secure communications are endless. So, increasingly more new protocols will yet be invented. For a piece of supporting evidence, International Security Protocols Workshop, an annual in Cambridge University specialising in security protocols, has been 12 years. The increasing demand for new protocols has not only been responded by a large number of new research proposals authored by professional cryptographers and information security researchers, but also encouraged many security engineers in hi-tech companies to join the trade of protocol design. Notice that the population of the latter group will grow despite of the fact that the notorious difficulty of making security protocols correct has made the former group of people to litter the area with numerous flawed protocols.

The book of Boyd and Mathuria is a responsible work facing the above conflicting phenomenon. It begins with a tutorial introduction to authentication and key establishment protocols which is easily accessible by any one who wants to take up the challenging job of protocol design (it actually targets people in the second group above). It then takes an exhaustive approach to document past proposals with analysis and error demonstration. In addition, it also explains methodologies and principles for making protocols correct. Finally, it includes important standards which are vital leads to follow. So, whether you are a seasoned information security professional or an engineer aiming to become a good protocol designer, this book will help you greatly. It is worthy having a copy even for the purpose of a complete menu for protocol designers: "have I checked this sort of attack?" ... Read more

Product Description

Product Description
A textbook for beginners in security.In this new first edition, well-known author Behrouz Forouzan uses his accessible writing style and visual approach to simplify the difficult concepts of cryptography and network security. This edition also provides a website that includes Powerpoint files as well as instructor and students solutions manuals.Forouzan presents difficult security topics from the ground up.A gentle introduction to the fundamentals of number theory is provided in the opening chapters, paving the way for the student to move on to more complex security and cryptography topics.Difficult math concepts are organized in appendices at the end of each chapter so that students can first learn the principles, then apply the technical background.Hundreds of examples, as well as fully coded programs, round out a practical, hands-on approach which encourages students to test the material they are learning. ... Read more

Customer Reviews (2)

Good resource
This book provides a nice look into cryptography and network security. I was already familiar with both concepts and this helped me to expand my knowledge.

A Great Cryptography Textbook
I teach an introductory cryptography class at the University of Denver.I have been seeking a good text for six years, but I have been disappointed with all that I have tried.Forouzan's book is the answer to my dreams.

It is neither over-simplified nor overly rigorous.Theorem proofs are saved for an appendix, so students don't get bogged down in the math before they have had a chance to assimilate the cryptographic concepts.Copious illustrations help with the most complex topics.Practice problems provide an opportunity for students to test their mastery and for the instructor to measure their progress.

The primary focus of the text is network security - specifically, e-mail, SSL and IPsec.(Esoteric protocols such as secure elections and digital cash are not discussed at all.)This text, in essence, is an elaboration of the final part of Forouzan's TCP/IP text.As such, it is extremely useful to those who are looking for skills that are immediately applicable to the work environment. ... Read more

Product Description
The purpose of this book is to introduce the reader to arithmetic topics, both ancient and modern, that have been at the center of interest in applications of number theory, particularly in cryptography. No background in algebra or number theory is assumed, and the book begins with a discussion of the basic number theory that is needed. The approach taken is algorithmic, emphasizing estimates of the efficiency of the techniques that arise from the theory.A special feature is the inclusion of recent application of the theory of elliptic curves. Extensive exercises and careful answers have been included in all of the chapters. Because number theory and cryptography are fast-moving fields, this new edition contains substantial revisions and updated references. ... Read more

Customer Reviews (14)

Koblitz'sCourse in Number Theory and Cryptography
This book is a real gem - very clearly written and covering the subject matter concisely but comprehensively.Particularly welcome are the exercises which are ingenious and extend the subject matter rather than just test knowledge of the chapter.It is extremely helpful too (and rare in a graduate text book) that solutions to all of the problems are provided at the back of the book.Exceptionally, and again very helpfully, there seem to be zero errors/typos in the text.

Strongly recommended as the best introduction to this fascinating and important field

Essential for your secrets
How Neal Koblitz manages to squeeze the amount of material he presents into this slim volume is a miracle of nature. It even includes what most authors of graduate works leave out as a matter of course: answers to exercises. More amazing still is that far from being terse and unreadable the text is a delight.

My advice to anyone interested in this field is to have this book by their side at all times. Then if the need arises to find out what makes an algorithm tick or to refresh one's mind about a well known concept it's just the flick of a page away.

Pleasant introduction to cryptography
Chapters 1 and 2 give some elementary background material on number theory and finite fields. Chapter 3 discusses some old and naive cryptosystems. Chapter 4 discusses public key cryptosystems. In the RSA system, the receiver chooses two large primes p,q and makes public their product pq=n and some integer e relatively prime to phi(n). The sender then sends his message to the power e reduced mod n. To invert this operation one must know phi(n), i.e. one must know the factorisation n=pq. Since factoring big numbers is hard, only the intended receiver will be able to decipher the message instantly. RSA thus uses the fact that multiplying is easy but inverting it is hard; similarly, one can employ other such "trapdoor functions", such as exponentiation in Z/nZ, to create other public key cryptosystems. In chapter 5 we look at various algorithms and tricks for factorisation and primality testing. As for the cryptosystems, classical number theory that is hundreds of years old still provides the best tools (modulo arithmetic, quadratic residues, continued fractions, etc.), and in chapter 6 we see how another classical theory--elliptic curves--also proves to be fruitful in cryptography. The points of an elliptic curve over a finite field form a finite group, which we can use as the basis for new cryptosystems, analogous to how we made cryptosystems out of Z/nZ for instance. And starting with an integer and constructing corresponding finite field elliptic curves we can employ these groups and elliptic curve techniques to give improved algorithms for primality testing and factorisation.

Outstanding presentations
This book is an outstanding introduction to cryptographic techniques and algorithms Although it's labelled as a "graduate text in mathematics", most of it should be accessible to anyone who knows a little linear algebra. For readers just interested in the how-to of the algorithms, not even that is needed. Koblitz does a thorough job of leading up to each algorithm and proving its formal properties. He also presents the algorithms themselves, unencumbered by denser material of interest to mathematicians.

The book covers a variety of topics - public-key encryption, primality testing, factoring, and cryptographic protocols. It introduces zero-knowledge proofs and blind transfer, techniques that offer real hope of personal privacy in a world where data transfer is mandatory. I was a little disappointed by the chapters on elliptic cryptography, however. I hoped that Koblitz would bring is explanatory powers to bear on the algorithms. Somehow, I never quite connected with his descriptions of elliptic curves - perhaps I'm just thick, or perhaps a bit more introductory material would have helped.

The rest of the book is a very fine example of clear, readable math writing. Its clarity its range of topics earn it a place with anyone interested in cryptography, factoring, and prime numbers.

Excellent book for self study
This is an excellent book fot those, who are interested in the theoretical background of cryptography. It was also my first book in number theory, and I had no trouble following most of the text ( except the chapter on Elliptic curves, which -as I realize now- IS difficult)

Highly recommendable! A pleasant surprise is, that there are virtually no typos. ... Read more

Product Description
Continuing a bestselling tradition, An Introduction to Cryptography, Second Edition provides a solid foundation in cryptographic concepts that features all of the requisite background material on number theory and algorithmic complexity as well as a historical look at the field.

With numerous additions and restructured material, this edition presents the ideas behind cryptography and the applications of the subject. The first chapter provides a thorough treatment of the mathematics necessary to understand cryptography, including number theory and complexity, while the second chapter discusses cryptographic fundamentals, such as ciphers, linear feedback shift registers, modes of operation, and attacks. The next several chapters discuss DES, AES, public-key cryptography, primality testing, and various factoring methods, from classical to elliptical curves. The final chapters are comprised of issues pertaining to the Internet, such as pretty good privacy (PGP), protocol layers, firewalls, and cookies, as well as applications, including login and network security, viruses, smart cards, and biometrics. The book concludes with appendices on mathematical data, computer arithmetic, the Rijndael S-Box, knapsack ciphers, the Silver-Pohlig-Hellman algorithm, the SHA-1 algorithm, radix-64 encoding, and quantum cryptography.

New to the Second Edition:

Customer Reviews (5)

daunting
This is a textbook designed for a one semester undergraduate course in cryptography.This makes it seem a little tamer than what it is.Crypto buffs will enjoy it, and there is little here than is not in some other advanced texts.What is of value is a section on RIJNDAEL, the new advanced encryption standard.
Useful as a starting point but not as easy to follow as some other texts.You better like this stuff already or you shouldn't dive into this book.

This is very excellent book!!!I love this book.
If you really want to learn cryptology, this is the book.
If you just want to know the superficial concept of it, then,
this is not the book for you.
Mathematics used in this book is very concise and clear.
This book also has the complete answers for many exercise
problems (not just short answer). The answers for exercise
problems are well written with the full explanations. Well done!! I really enjoy reading this book.

love the book
Only those who fear learningeven some moderate math in order to learn
the crypto data will not like this book. The payoff is big time with
historical bios of people to fill in the background, symmetric-key and
public-key cryptosystems covered in full, and the facts on primality
testing and factoring to gear up for the advanced topics which are
superb. We even get to learn about quantum crypto. This book just makes me
want to learn more about the subject. I'd recommend it to all but those
who think you can learn crypto without math and who are only interested
in learning how to cryptanalyze algorithms. For them there are many
otherwise useless books out there. This is for those who really want to
learn about crypto and enjoy it in the process!

enjoy and learn
Readers should not be turned away from this book due to the rigorous mathematical content. If one learns the mathematical background (well developed in the text), then understanding of the cryptographic material becomes easier. Readers who only want "plain English' instead of mathematics betray their aversion to mathematics and point to the problem today with trying to teach cryptography. It cannot be effectively done without a rigorous mathematical background. This book does that and much more. Check out the biographical data in the text as well numerous other features.

Very confusing book
I had to use this book for cryptography class, and would not recommend it to anyone.The book was very math intensive, which I wouldn't mind if it weren't for the fact that there are no explanations in plain english to follow the math.This book is basically just a bunch of theorems and proofs.Also, there is no cryptanalysis of any of the algorithms included.There are much better books out there, I don't know why anyone would want to get this one. ... Read more

Product Description

In this volume one finds basic techniques from algebra and number theory (e.g. congruences, unique factorization domains, finite fields, quadratic residues, primality tests, continued fractions, etc.) which in recent years have proven to be extremely useful for applications to cryptography and coding theory. Both cryptography and codes have crucial applications in our daily lives, and they are described here, while the complexity problems that arise in implementing the related numerical algorithms are also taken into due account. Cryptography has been developed in great detail, both in its classical and more recent aspects. In particular public key cryptography is extensively discussed, the use of algebraic geometry, specifically of elliptic curves over finite fields, is illustrated, and a final chapter is devoted to quantum cryptography, which is the new frontier of the field. Coding theory is not discussed in full; however a chapter, sufficient for a good introduction to the subject, has been devoted to linear codes. Each chapter ends with several complements and with an extensive list of exercises, the solutions to most of which are included in the last chapter.

Though the book contains advanced material, such as cryptography on elliptic curves, Goppa codes using algebraic curves over finite fields, and the recent AKS polynomial primality test, the authors' objective has been to keep the exposition as self-contained and elementary as possible. Therefore the book will be useful to students and researchers, both in theoretical (e.g. mathematicians) and in applied sciences (e.g. physicists, engineers, computer scientists, etc.) seeking a friendly introduction to the important subjects treated here. The book will also be useful for teachers who intend to give courses on these topics.

Product Description
Whether you’re new to the field or looking to broaden your knowledge of contemporary cryptography, this comprehensive resource puts all aspects of this important topic into perspective. Delivering an accurate introduction to the current state-of-the-art in modern cryptography, the book offers you a practical understanding of essential tools and applications to help you with your daily work. You also find complete coverage of the underpinnings and basic principles of cryptography to help you fully master the material.

From mathematical fundamentals and an overview of cryptographic systems… to details on unkeyed, secret key, and public key cryptosystems, this authoritative reference gives you solid working knowledge of the latest and most critical concepts, techniques, and systems in contemporary cryptography. Additionally, the book is supported with over 200 equations, more than 60 illustrations, and numerous time-saving URLs that connect you to Web sites with related information. ... Read more

Customer Reviews (2)

CRYPTOGRAPY: THE GREAT ENABLER
Cryptography has become an enabling technology to secure the information infrastructures that are being built, using, and counting on in daily life. Author Rolf Oppliger has done an outstanding job of writing this book in a comprehensive and tutorial nature.

Oppliger begins this book by introducing contemporary cryptography at a high level of abstraction. Next, the author briefly introduces and provides some preliminary definitions for the most important representatives of these classes. In addition, the author discusses the aspects of discrete mathematics that are relevant for contemporary cryptography. He also introduces and presents an overview of the basic principles of probability theory as far as they are relevant for information theory and contemporary cryptography. Then, he continues with a brief discussion of the basic principles and results of information theory. The author then discusses the fundamentals and results for complexity theory. Next, he elaborates on one-way functions; cryptographic hash functions; random bit generators; symmetric encryption systems; MACs and systems to compute and verify MACs; and, pseudorandom bit generators (PRBGs). Next, he thoroughly introduces pseudorandom functions, and discusses the constructions on the random oracle model. The author then elaborates on symmetric encryption systems; digital signatures and DSSs; cryptographic protocols that two entities can use to establish a shared secret key; and, entity authentication in general, and authentication protocols that implement a proof by knowledge in particular. Next, he addresses secure multiparty computation (MPC). Then, he elaborates on the key management process. The author then discusses and puts into perspective many cryptographic systems in use today. Finally, he looks at the future of contemporary cryptography.

With the preceding in mind, the author has done an excellent job of showing you how to implement and market some of the cryptographic techniques or systems addressed in this book. Nevertheless, the author cautions the reader that "you must be very cautious and note that the entire field of cryptography is tied up in patents and corresponding patent claims. Consequently, you must make sure that you have an appropriate license or a good lawyer or both."

Mix of Theory and Implementation
Cryptography has become one of the basic enabling technologies of the internet as we know it today. Without the ability to transport such private information as credit card information, none of the commerce oriented sites from Amazon or EBay, none of the porn sites could exist. The net simply wouldn't be as we know it today.

Much of the stories that we know of cryptology have to do with the breaking of the German Enigma or the Japanese codes from World War II. These codes would be trivial to break today. Faster more powerful computers, significant advances in the mathematical theory and techniques have made today's cryptography an entirely different animal.

Dr. Oppliger's book draws a balance between the computer scientist approach who is looking to implement a secure communications protocol, and the mathematician who is interested in the theoretical concepts. This book does not presume to cover any of the many (sometimes conflicting) patent claims, nor the terribly confusing export regulations that are changing even faster than the cryptologic techniques.

This is the state of the art in cryptography today at the conceptual level. ... Read more

Product Description
Introduction to Cryptography with Java Applets covers themathematical basis of cryptography and cryptanalysis, like lineardiophantine equations, linear congruences, systems of linearcongruences, quadratic congruences, and exponential congruences. Thechapters present theorems and proofs, and many mathematical examples.

Cryptography with Java Applets also covers programming ciphers, andcryptanalytic attacks on ciphers. In addition, many other types ofcryptographic applications, like digest functions, shadows, databaseencryption, message signing, establishing keys, large integerarithmetic, pseudo-random bit generation, and authentication. Theauthor has developed various Java crypto classes to perform thesefunctions, and many programming exercises are assigned to thereader. The reader should be someone with a basic working knowledge ofJava, but having no knowledge of number theory or cryptography. ... Read more

Product Description
The only guide for software developers who must learn and implement cryptography safely and cost effectively.

The book begins with a chapter that introduces the subject of cryptography to the reader. The second chapter discusses how to implement large integer arithmetic as required by RSA and ECC public key algorithms The subsequent chapters discuss the implementation of symmetric ciphers, one-way hashes, message authentication codes, combined authentication and encryption modes, public key cryptography and finally portable coding practices. Each chapter includes in-depth discussion on memory/size/speed performance trade-offs as well as what cryptographic problems are solved with the specific topics at hand.

* The author is the developer of the industry standard cryptographic suite of tools called LibTom
* A regular expert speaker at industry conferences and events on this development
* The book has a companion Web site with over 300-pages of text on implementing multiple precision arithmetic ... Read more

Customer Reviews (5)

It's lacking in implementation
I picked up this book with the hopes of being able to understand the algorithms behind commonly used cryptography. Sadly this book alone is *not* enough, you will need other sources if you plan to understand the details.

WHAT THIS BOOK DOES CORRECTLY
- Gives very decent explanations of the concepts at a high level (and semi low level)
- Uses lots of "why would you want/need to do this" type of examples

WHAT THIS BOOK FAILS AT
- You will *see* source code snippets throughout the text. But alas they are just that. Why not provide complete code!?!?! Luckily you can download other peoples source code but it won't *sync up* with the snippets of the authors or align with his explanations.
- At first glance it *seems* like all the info is given, but it is not. Example, for the RSA key generation in Ch.9, he explains how to generate the public modulus, private exponent and so on, but *not* how to generate the public exponent. How completely USELESS IS THAT? It's like giving somebody a car without wheels. Again,you can find this by searching the web (but you shouldn't have to)

So it is a strange book to read in that *it seems* like it's leading you down the correct hallway, only to find the door locked at the end. For a book on cryptography (secrets/encryption) it's ironic that some important and basic information is left out.

So this book is a pretty good start, but it's not the final book you will buy (but it could have been).

What this book needs to do to be better is simple
** List complete source code at the end of the book (or online) that syncs up with the chapters explanations, in the manner that there should be a single file called "md5.c" or "md5.pl" (i.e. perl) that is very wordy and has comments like "here we are exponentiating the message" as mentioned in section blah of chapter blah. The program(s) should be simply called like "md5 input.txt output.hex". Done and done!

I also think a chapter should be devoted to openssl, how to use it to generate keys and certificates. AND I'm talking about the actual commands from start to finish.

So to sum up this book in a single word: INCOMPLETE.

learning the cryptography
This book is really good for who want to learn cryptography is ease to understand and there is the source code inside so you can understand how to implement it a crypto alghorithm i suggest this book for everyone want to lern how the crpto algo are working .

Good Software Cryptography Book
With 'Cryptography for Developers' by Tom St Denis I am not even going to try and pretend that I am an expert in this field.Written with software developers in mind, this book is a complex look at how software cryptography algorithms are designed and developed.With 400 pages of material contained within and a solid look at the source content, this is a great book for a niche field/market.If you are interested in software cryptography or do it for a job, you will no doubt find this to be a fascinating read.

**** RECOMMENDED

An excellent survey recommended for any college-level computer library.
Cryptography for Developers deserves ongoing recommendation as a basic text - the only one written for software developers - probing the foundations of cryptography. Here are details covering message authentication codes, encryption models, public key cryptography, and more that discuss and provide examples of cryptographic goals and security measures. Any software developer serious about security must have this.

Well written, targets the saavy developer
A lot of people who have read "Applied Cryptography" by BRuce Schneier are themselves not cryptographers or developing cryptographic software. In fact, very few people actually develop cryptographic software because it's tough to get right and most crypto libraries provide everything you need. However, for those that wish to enter the field, it can be daunting to learn. If you'd like to be one of those few, Tom St Denis' "Cryptography for Developers" may be for you.

The book's writing is clear and focused, not surprising given that the author has written before. St Denis makes a good choice to focus on new material for this book, specifically pointing you at other books for a background in cryptography and "bignum" math (very, very large numbers, which require atypical methods to manipulate).

If you're a C code developer, you'll get the material very well. If you're C isn't very strong, or you need the code for another language, you'll probably have some difficulty in making use of it (depending on how skilled you are with C). However, the code is clear and well annotated, so you can make pretty good sense of it pretty quickly.

Chapter 2 starts off with a bang and covers ASN.1 encoding. This is not a very common topic, so this is one of the only places you may find this sort of thing covered well. Right away you can see what you're in for: very clear background info, good use of illustrations, well written code with lots of annotations, and very sharp focus.

Chapter 3 covers random numbers (specifically RNGs and PRNGs). While you'll want to complement this with something like the CRC Applied Crypto chapters on random numbers, you'll get a pretty good idea of how to gather and make use of random numbers. One probem I noticed here was that notes that Yarrow and Fortuna are RNGs but later (and, I believe, correctly) states that they are PRNG algorithms. Overall, though, a good treatment of the topic and a discussion of where to use random numbers, how to test them, the limits of the tests, and what pitfalls to watch out for.

Chapter 4 is really one of the meaty chapters and covers AES very in depth. Many of the concepts covered here are reused in other chapters, so make sure you get this one under your belt.

Chapters 5 and 6 cover hash functions and message authentication code algorithms, respectively. Again, great treatment of a limited subset of the algorithms out there and very good discussions about the myths, truths, and appropriate uses of the algorithms. Very good, useful insights all around.

Chapter 7 covers encryption and authentication modes, providing you with code that starts to really put it all together.

Chapter 8 covers large integer arithmatic, but also states that it's no replacement for St Denis' other book on BigNum math. Another very useful topic covered here somewhat looks at optimizations and how to make efficient code. Again, valuable insights that you can apple to other topics.

Chapter 9 covers public key algorithms, but sadly doesn't give much code. This is a disappointment and unexpected, given how much code is in the rest of the book. Perhaps it was a length consideration or by design, I don't know.

I'm not a cryptographer, so I can't attest to the veracity of the code. I didn't spot any obvious errors in the code design or use, however. Finally, this book wont replace Applied Crypto (either the Schneier or the CRC tomes), you'll want to use this book in tandem with those volumes. So few algorithms are covered that you'll really want to have studied those first before you can make full use of this volume.

Finally, one other thing that's missing is a unified set of links and references. He would have benefitted the reader had he done so, because so much material is covered and referenced.

St Denis has produced a clear, focused volume that's well organized. If you want to go from algorithm outlines to implementations, this is the book to work with. The quality of the writing and production is higher than many other Syngress books, and that's much appreciated. ... Read more

Product Description
Part of the Integrated .NET Series, this book provides a practical and comprehensive treatment on implementing both cryptography and security features on the .NET platform - using the C# and VB .NET programming languages. It provides focused and detailed code examples that demonstrate the most important concepts, with commentary on how the code examples work. The book also provides a substantial mathematical and theoretical background on the underlying cryptographic concepts. After reading this book and experimenting with the provided example programs, the reader should have a good understanding of the major cryptographic algorithms and standard cryptographic programming techniques. Readers should also gain a solid understanding of how .NET security works and how to implement user-based and code access security in their own .NET programs. ... Read more

Customer Reviews (2)

Excellent overview of .NET security
Too many books on the topic simply overload the reader with details.This book follows a simple progression in each chapter that makes it easy to read and understand.Ditto with the examples which are written with the same clarity.

Book Review : .NET Security and Cryptography
Well I can't stop writing a review on this book even thought I read only few chapters. The book that I am currently reading is incidently the World's first book on ".NET Secuirty". I am very glad to know that this book may go as a de-facto for students who want to learn .net from security perspective which can lead to a very good programming world of .NET in future as well. As a Microsoft MVP, I had got a chance to observe the community and students around in close, and I got to found one interesting thing amongst students. That is nothing but an intution to break or hack the software. So I learnt that only students can think about security right from the first line of thier code. Since the student community is slowly moving towards .NET development, there is a very strong need of these kind of books to make them write secure code right from the beginning.

The recent initiatives on Trustworthy computing from Microsoft are also very welcome in this perspective. This could help most of the developer to think twice before they write some code which interacts with public systems like internet.

The current book that I am reading (well..to improve my skills in writing secure code ;-)) is "The .NET Security and Cryptography" by Mr. Gnana Arun Ganesh and Peter Thorsteinson. I found this book as very different to read because, right from the first chapter, it made me think like a hacker which is very unlikely of my mindset as a developer. But as this book's preface denotes an old proverb "Think like a fish, if you wanna catch it", the authors of this book tried thier level best to implement the same wherever it is possible. Thanks Guys.

The coolest part of this book is it's practical approach towards the problems in security. You will find detailed explanations and code examples or graphical representations whereever you need of them. This approach gives a relief to the code-N-test developers. Most of the topics are covered with code and graphical representation just as it was taught by some professor in any university.

On .NET lines, this book covers ASP.NET security and web services security, the topics every developer looks for..along with Cryptography lessons from .NET perspective. There is a whole chapter dedicated for "Code Access Security" which made me feel the "Value for Money" and satisfaction as a developer.

The authors of this book has taken one more care at the end of the book. This books ends with a sneak overview of Web services to ensure thier focus towards next generation development platforms and the need of mentioning that. My overall rating is : Gold..Just go and grab one. ... Read more

Product Description
"This is essential reading for anyone who needs to understand Microsoft's CryptoAPI,its strengths and its limitations."-Bruce Schneier, author of Applied Cryptography and CTO of Counterpane Internet Security, Inc.

With billions of dollars at stake,e-businesses must take the necessary steps to ensure privacy and protection for customer data. Microsoft's CryptoAPI provides Visual Basic programmers with strong cryptography to keep this data safe, but its internals have been a mystery until now. This book guides you through the process of accessing the powerful but tricky routines of Microsoft's cryptographic libraries. You'll find an in-depth introduction to modern cryptography and learn how to build cryptographic "modules" (COM objects) that can be used by any Visual Basic program. Best of all, the source code is included under an Open Source license so that you are free to use, modify, and distribute it, even commercially, without paying any fees. You can help enhance the code as part of the Open Source community. Providing much-needed insight on Microsoft's cryptography, this book will help you:
* Learn how modern cryptography works
* Find out how the Base Functions of the CryptoAPI work
* Discover how to call the API from Visual Basic
* Uncover deep Visual Basic tricks to write a powerful error handler
* Learn how to write the WCCO (Wiley CryptoAPI COM Objects) COM wrappers for the CryptoAPI
* Utilize several quality assurance tests for the WCCO

The CD-ROM includes:
* WCCO 1.0 Source Code and its Wiley Open Source License
* WCCO 1.Amazon.com Review
The Microsoft CryptoAPI can provide "strong," unbreakable encryption on the Windows platform. If you're a Visual Basic (VB) programmer, Richard Bondi's Cryptography for Visual Basic can put this powerful set of APIs within your reach. This title will serve as both an introduction to cryptography and a how-to with CryptoAPI by using the author's prebuilt library of COM objects.

The early part of this book tries hard to put the elements of today's public key encryption standards (like RSA) within the grasp of the VB programmer. You'll learn the basics of random-number generation, ciphers, keys, and the "protocols" behind today's encryption standards. Inevitably, these are written by using shorthand, such as, "Alice wants to send Bob a message." The author manages to make essential concepts in cryptography rather clear.

The next section here lays the foundation for working with the Microsoft CryptoAPI by presenting a number of useful strategies for passing (and returning) values to and from C from within VB, along with techniques for error handling and improved performance.

The heart of this text is the author's custom library of COM objects that "wrap" the underlying Microsoft CryptoAPI C calls for use from within VB. Subsequent chapters look at various areas of the CryptoAPI and the resulting COM objects. The author covers not only the assumptions and strategies of working with the CryptoAPI, but also the design choices that are made in his library. For those who are in a rush, the book provides sample code on how to use this library in your own VB applications in an appendix.

Today, security is a concern in any enterprise, so Cryptography for Visual Basic fills a useful niche. It explains the basics of encryption technologies, shows off how it's done on the Windows platform with the Microsoft CryptoAPI, and also makes it possible to call these APIs from within VB. If you have wondered how cryptography works, or how it's implemented in Windows, this tutorial can put you on the right track. --Richard Dragan

Topics covered:

Introduction to cryptography Ciphers Random-number generators (RNGs) One-pad ciphers Public-key cryptography Symmetric and asymmetric ciphers Overview of the Microsoft CryptoAPI Techniques for parameter passing from VB to Win32 C APIs VB string handling tips Bitwise logic Performance tips Error handling Wiley CryptoAPI COM Objects (WCCO) (the author's custom VB COM object library for the CryptoAPI) CryptoAPI providers and containers Key and key-pair objects Hashing and signing Encryption and message texts Key management and data security Public law and cryptography Sample code for using the WCCO library

... Read more

Customer Reviews (9)

4 1/2 stars
The chore of every VB programming author is to simplify things so that the dullards can grasp it. He knows this and has succeeded wonderfully. If you want to get your brain around cryptology in a VB sort of way this is the book.

Bondi gets 4 1/2 stars, not five, and put a red flag up, for including the 'Regasaurus' program in the CD and touting it up in the book. The program raises a 'Type Mismatch' error as soon as you click the 'Start' button. I went to Bondi's website to download the latest version and the error is still there. Three years since the book has been published.

Microsoft has released their own CryptoAPI wrapper (Capicom) so you might want to investigate it before you make a big committment to the WCCO objects. But you will need this book in either case.

Sample codes doen't work
This book introduced the Wrapper WCCO and code sample of how to use this wrapper (in Appendix). However, when one run the sample code, he will get a lot of error messages. The code is simply not work.

Excelente
Recomiendo este libro a aquellas personas que están intesadas en la implantacón de soluciones basadas en criptografia pero que no quieren involucrarse en la teoria que sustentan dichas API.Si bien el libro está orientado a soluciones basadas en Visual Basic, éstas pueden ser implantadas con otros lenguajes de programcaión basados en WINTEL tales como Power Builder, C++ Builder y otros.

Buy this book if you need rapid results
Credit where it's due - this is a great book for those who need to use cryptography in their VB programs.I started off reading the only other book available on the subject, and got bogged down in loads and loads of details very quickly.The other book focuses too much on the rather cryptic (!) Win32 Crypto API too early and in too great a detail.The Win32 Crypto API is large, messy and counter-intuitive to put it mildly. On the plus side, the other book does seem to cover a bit more, and in some areas in quite a bit more depth, but I would say that Bondi's book is definitely the easier to read and understand of the two.Also, rather than having to build up an object model as you read through the book (and having to type the relevant parts that you need as you go), Bondi's book comes with a very complete - and understandable - object model on CD that shields you from the horrible Crypto API underneath. The idea of cryptography seems quite straightforward at first, but if you need convincing about the need to abstract away all this mess into a nice clean object hierarchy, then take a look at the one that comes with Bondi's book - there's a ton of code in there and most of it is the kind of stuff you couldn't write without a really in-depth knowledge of the Win32 Crypto API.This is what wrappers are for, and Bondi's makes a great job of making the whole mess useable!!! Microsoft could have made the API much easier, especially for those who only want to use a fraction of the services it provides.Unfortunately, Microsoft made the API as something that you can only realistically use via a decent object model, like the one that comes with Bondi's book. The other book stands as a great reference for those who need to go further, but for those who want to understand what the hell's going on and do things quickly without spending ages becoming a guru before you can do anything, Bondi's book is the book of choice. In short, the Win32 Crypto API is a nasty mess.If you are in a position to do so then buy both and read Bondi's book first.But if you are looking to buy just one book, defininitely get this one.

Second to none!
This book was, to put it simply...excellent.The author, Richard Bondi, was very responsive on his bulletin board to any and all questions.The included code was very thorough (only certain aspects of the CryptoAPI were detailed, so review the table of contents first), masterful, and well thought out.The only thing lacking was perhaps more details on implementation, such as key management.Other books, such as Bruce Schneier's "Applied Cryptography" (1996) might be a good supplement to delve into details that this book didn't traverse.My company is currently implementing the code from the book (as is!) in an enterprise-wide application.It's that good! ... Read more

Product Description
In the transmission of information storage, preventing noise and/or eavesdropping is essential. This undergraduate introduction to quantum computing focuses on error correction and cryptography, providing a context in which ideas about mathematics, computer science and physics meet together. By covering such topics as the Shor quantum factoring algorithms, this text informs the reader about current thinking in quantum information theory, as well as encouraging an appreciation of the connections between mathematics and science. Unique to this text is its consideration of possible quantum physics impacts: (i) a quantum computer, if built, could crack the public-key cryptosystems; and (ii) quantum cryptography promises to provide an alternative to public-key cryptosystems, basing its security on the laws of physics rather than on computational complexity. This is the first text to cover error correction and cryptography at the undergraduate level. No prior knowledge of quantum mechanics is assumed, but students should have some knowledge of linear algebra, vectors and matrices. ... Read more

Product Description
This book provides an exhaustive survey of the most recentachievements in the theory and applications of finite fields and inmany related areas such as algebraic number theory, theoreticalcomputer science, coding theory and cryptography. Topics treatedinclude polynomial factorization over finite fields, the finding anddistribution of irreducible primitive and other special polynomials,constructing special bases of extensions of finite fields, curves andexponential sums, and linear recurrent sequences. Besides a generaloverview of the area, its results and methods, it suggests a number ofinteresting research problems of various levels of difficulty. Thevolume concludes with an impressive bibliographical section containingmore than 2300 references.
Audience: This work will be of interest to graduate students andresearchers in field theory and polynomials, number theory, symboliccomputation, symbolic/algebraic manipulation, and coding theory. ... Read more

Product Description
A textbook covering the essentials in coding theory and cryptography. Places emphasis on construction, encoding and decoding of specific code families in order to give students with only a basic mathematical background an understanding of the material. ... Read more

Customer Reviews (1)

Helpful if you already know what you're doing
As textbooks go, this one isn't especially helpful. It serves as a useful reference or complement to a lecture, but it provides the bare bones of relevant material. I've had worse texts, but not many. ... Read more

Product Description
Foundations of Cryptography surveys the main paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. The author starts by presenting some of the central tools; that is, computational difficulty (in the form of one-way functions), pseudorandomness, and zero-knowledge proofs. Based on these tools, the emphasis is shifted to the treatment of basic applications such as encryption and signature schemes as well as the design of general secure cryptographic protocols.The author has created a unique overview that includes well over 100 references. The accent is on the clarification of fundamental concepts and on demonstrating the feasibility of solving several central cryptographic problems. Foundations of Cryptography is an invaluable resource for all students, researchers and practitioners interested in the foundations that underpin modern cryptography. ... Read more

Product Description
Protect Your Enterprise Data with Rock-Solid Database EncryptionIf hackers compromise your critical information, the results can be catastrophic. You're under unprecedented pressure--from your customers, your partners, your stockholders, and now, the government--to keep your data secure. But what if hackers evade your sophisticated security mechanisms? When all else fails, you have one last powerful line of defense: database cryptography. In this book, a leading crypto expert at Symantec demonstrates exactly how to use encryption with your own enterprise databases and applications. Kevin Kenan presents a start-to-finish blueprint and execution plan for designing and building--or selecting and integrating--a complete database cryptosystem. Kenan systematically shows how to eliminate weaknesses, overcome pitfalls, and defend against attacks that can compromise data even if it's been protected by strong encryption. This book's 3,000 lines of downloadable code examples let you explore every component of a live database cryptosystem, including key vaults and managers, manifests, engines, and providers.This book's coverage includes * Understanding your legal obligations to protect data * Constructing a realistic database security threat model and ensuring that you address critical threats * Designing robust database cryptographic infrastructure around today's most effective security patterns * Hardening your database security requirements* Classifying the sensitivity of your data * Writing database applications that interact securely with your cryptosystem * Avoiding the common vulnerabilities that compromise database applications * Managing cryptographic projects in your enterprise database environment * Testing, deploying, defending, and decommissioning secure database applicationsCryptography in the Database is an indispensable resource for every professional who must protect enterprise data: database architects, administrators, and developers; system and security analysts; and many others.A(c) Copyright Pearson Education. All rights reserved. ... Read more

Customer Reviews (7)

It's a good book, but...
I purchased the book in attempt to figure out a "best practice" way to encrypt information in a web-facing business database.

I think the book delivered a best-practice approach, but I didn't find it as useful as I'd hoped despite learning a lot both theoretically and practically.

There are a number of caveats I wish I'd known about this book, in rough order of importance:

1) If you aren't using HSM hardware to store the keys, this book's practical usefulness appears to decline a fair bit, a point the author seems to acknowledge.Your key information ends up stored in databases or systems which themselves can be compromised.There's a lot of machinery to encrypt the keys and replace them over time, but fundamentally you are just raising barriers with this approach, not really securing anything (as far as I can tell).It seemed like a lot of implementation complexity for a mild amount of obscurity, as far as I was concerned (since the book is published!)If, say, you have a webserver connecting to a database and your webserver is compromised, and the attacker can get to your database, the encryption here will slow, but not stop them.If only the database or its backup is compromised though, his stuff is great; it'd be hard to recover the data.But that's not the threat model I think most web-facing database companies are concerned about; there the webserver gets compromised first.In a webserver+database-noHSM model, I'm not sure all the obscurity his system provides is worth the implementation complexity-- a simpler alternative approach that provides most of the benefits would have been helpful.

2) The book's approach does not describe/give-code-for any practices or infrastructure in which one might store (or migrate) some information (e.g. credit cards) offline in an attempt to secure it, placing the information online only temporarily (e.g. when doing recurring billing, sending email blasts with personal information, etc).

3) The book does not cover any asymmetric encryption techniques, dismissing them early on since they "aren't necessary for solving the problems in which we're interested".Maybe I'm missing something, but it would seem to me that if the usage/data-retrieval model for one's application allowed use of offline private keys (or a password to unencrypt an private key) entered at the time of data retrieval, data in the database could be stored write-only by an application (using a public key stored in a database) and delivered read-only only-to-an-authorized-user without ever storing the key information necessary for read-able retrieval in any online database.(This assumes the information never needs to be read by the application without the user present.)

4) The Java code is fairly helpful but, as the author notes, it's a prototype and you will need to add alerting and exception handling for any production system.

All this doesn't make the book "bad"; it's a very good primer on symmetrically encrypting information in a database and managing the entire security process surrounding that.I concur with the other good reviews here; it probably is a 4-5 star book for most people.But I found myself just hoping for something simpler (given the assumption of no HSM) and/or more secure (when facing different usage constraints) than what I was left with.

Good for developers
To be honest, when picking up this book, I was not interested in implementation details and internals of database cryptography (part II), but more in enabling database security by means of encryption (part I). Therefore, I was coming more from the user vs developer perspective. I was even less interested in managing the database cryptographic project.

As a result, I enjoyed the part I on database security with motivations, attacks against databases, threat models and a primer on securing databases with cryptography. If you are "doing security" read partI, if you are implementing database encryption or record hashing - read the rest of the book.

Dr Anton Chuvakin, GCIA, GCIH, GCFA is a recognized security expert and book author. A frequent conference speaker, he also participates in various security industry initiatives and standard organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and the upcoming "Hacker's Challenge 3". He also published numerous papers on a broad range of security subjects. In his spare time he maintains his security portal http://www.info-secure.org and a blog at http://chuvakin.blogspot.com

A little more like "Cryptography Alongside The Database"
I kind of went in expecting this to be some form of "marketing spiel" for someone's embedding of crypto tools into one or another DBMS.I was pleasantly surprised, instead, to see that this was much more an "analytical" work; something of an account of some of the practices at Symantec.

What is particularly laudable is that they start not by explaining crypto technologies, but rather motivating things by enumerating a threat model.Sensitive data needs to be protected from various sorts of attacks that can come from outsiders as well as insiders, the latter requiring *much* more care as they may legitimately need to have access.

The assumption (which seems entirely valid) is that crypto keys need to be particularly carefully managed as a *very* tightly restricted database of their own.

The examples quite conspicuously *don't* involve cryptography taking place inside the database; that practice is one that would necessarily be equivalent to giving all of the keys to the DBAs and/or system administrators, as they control database engine deployment.Instead, crypto activity takes place outside the database; secure applications require a particularly secured portion of the application infrastructure.

The one place that they get a bit "hand-wavy" is in proposing that Hardware Security Modules are the only really forcible way to achieve strong security.I tend to agree with that doctrine; I suspect they intentionally glossed over it in that their approach of using standard Java libraries for all of their examples did not admit the ability to use HSMs.Implementing an HSM requires going to a great deal of trouble, and that feels like it ought to be a subsequent project for another book.

In view of emerging sorts of privacy legislation that mandate keeping data secure, this looks like one of the books that anyone storing sensitive information should read and heed...

Excellent book on database security
Noted security guru Marcus Ranum has observed that "these days, with the kind of plug-ins that come in your typical browser, combined with all the bizarre undocumented protocols used by new Internet applications; makes it highly unlikely that a firewall is doing anything more complex than a thin layer of policy atop routing. As such, the applications behind the firewall are now more critical to security than the firewall itself. Which should scare the holey moley out of you."

Taking Ranum's observation to the next level, it is not only the applications that need to be secured, but databases also. The theme of Cryptography in the Database - The Last Line of Defense is that databases, being the main repository for critical consumer and business data, are often not given the adequate level of security that they deserve.

Large databases often contain terabytes of data. This data often contains R&D, client, customer data and more, that if compromised, could wreak havoc on an organization; both from a public relations perspective, in addition to a regulatory perspective. In a large customer driven organization, a database breach can wreak havoc on tens of thousands of customer records. With all of that, companies will spend large amounts of money on the security appliance of the month, but often let their databases sit unprotected.

Cryptography in the Database is a valuable book in that it shows how a formal methodology is required to adequately protect large corporate databases. The emphasis of the book is on designing and integrating a cryptosystem into the database to protect it against the various threats that are specifically launched against corporate database systems.

The books 4 parts contain 21 chapters. Part one is brief overview of the need for database security, along with related threats to database, and also covers the basic concepts of cryptography and encryption.

Part two provides a comprehensive synopsis on the cryptographic infrastructure necessary to secure corporate databases. Chapter 3 goes into details on how to set up an effective key management scheme. Such a scheme is crucial as the author notes that all it takes is the loss of a single 128-bit key, and gigabytes of data can become inaccessible.

Part two also creates a sample cryptographic architecture that is flexible and modular so that it is easily adaptable to various situations. The author notes that such systems can be difficult to manage if they become overly complex, and the challenge is to find the right balance between security and complexity on one side, and usability on the other. Creating an effective cryptographic database infrastructure. is not an elementary task given the different requirements of security and functionality.

Chapter 3 details the various entities that go into a complete cryptographic architecture, including the cryptographic engine, and the various controls around the crypto keys. The chapter provides a good overview of the key life cycle. Historically, controls around the key life cycle are crucial. One of the ways the Allies were able to break the German Enigma cipher machine during World War II was that the German's reused their crypto keys, which obviates much of the security that cryptography can provide. Had the German's not done that, the outcome of the war may have been dramatically different.

Part 3 details the issues that need to go into the entire cryptography project. Kenan notes that for security to be effective, it must be dealt with at the commencement of a project and must permeate the overall design and seep into every line of code. Also, in the long term, developing a culture of security depends on looking at security as an opportunity to provide extra value. Where security fails is when it is viewed merely as a series of checklists that are meant to get in the way.

Chapter 9 shows how data flow diagrams can be used by a database analyst to better understand how a system works. These data flow diagrams are valuable as that they show the various inputs into the system and where potential failures can crop up.

Part 4 provides various Java code examples of the cryptographic infrastructure that were detailed in the previous 12 chapters. The example code is meant to show how to implement the primary functionality of the various components that the book describes.

One of the popular terms in security today is data at rest, which refers to all data in storage. Businesses, government agencies, and others need to deal with attacks on data at rest, which more often then not will be found on databases.

After reading Cryptography in the Database, the reader can understand why database cryptography must be implemented in a methodological fashion, since incorrectly implemented cryptography can often be worse than no cryptography at all. With that, database administrators, architects and others who have input into the design of database security are highly advised to read Cryptography in the Database.

Databases are far too critical to an organization to be left unsecured, or incorrectly secured. The database is indeed the last line of defense in an organization. Books such as this are thusly vital to ensure that the last line of defense is not easily breached.

An Excellent Reference for Database Security and Encryption
When I pick up a Symantec Press book, I will either love them or dislike them.I never have mixed emotions about them.This book I love.His book should be titled, Database Security. While the primary focus is on encryption, the author dives into several topics I wish some of my past DBAs had known.

The book is divided into four major parts: Database Security, A Crpytographic Infrastructure, The Cryptographic project, and Example Code.I however would calssify the book into two major parts.The first part is reading and understanding some fundamentals that are very important.Throughout this first part, there are many graphical presentations to help the reader understand, in a graphical way, what the author is discussing.This is most visible in the third chapter entitled An overview of Cryptographic Infrastructure.

The second part of the book is actual code written in Java, and designed for plain SQL, the author does confirm that all examples work in MYSQL.The examples give common scenarios such as consumer input.Consumer input requires first name, last name, credit card information, the verification code and other fields.This example discusses and demonstrates a best practice model around that code.

Given the two parts above, this book is solid, and I would have recommended it.However, the author went a step further, and included information on security surrounding the database, penetration testing and methodologies for databases, architecture and design best practices, and so many other important points.This makes this book valuable to anyone working with databases.

The section breakdown is as follows:
* Database Security - Common Attacks Against Databases; Laws and Regulations; and Cryptography
* Cryptographic Infrastructure - Introduction to Keys, and Their Management; Engines and Algorithms; and Vaults, Manifests and Managers
* The Cryptographic Project - Outlines the Security Culture; Hardening, Classifications, and Policies; Securing Design; Securing Development; and Testing
* Example Code - Key Vaults; Manifest; Key Managers; Engines; Receipts and the Provider; The Consumer; Exceptions; and the System at Work.

Overall this book is geared to medium level technicians for best practices and coding examples.Although anyone working with databases in general could find something useful in this book, even if its design, architecture and implementation best practices.
... Read more

Product Description
A clear and easy guide on how to use cryptography to secure e-commerce transactions
To be on the cutting edge of e-commerce, you need to understand how to best utilize cryptography to offer secure services for your customers over the Internet. But if you reach for most of the available books on the subject, you'll find that they are far too technical for most business needs. If you need a quick and lucid managerial summary to help you develop effective e-commerce strategies, this is the book for you.
Geared to nontechnical managers who would like to explore the underlying concepts of modern cryptography, this book features an easily accessible, logical explanation of how cryptography works to solve real-world e-commerce problems, a tutorial on the underlying mathematics, and two case studies of PKI cryptographic architectures, showing how Kerberos and PKC can be wedded to protect a company's intranet and how a full-blown working PKI provides security to a company's Internet communications.
Divided into three major parts tailored to readers' needs-Introduction to Modern Cryptography, Tutorial on the Mathematics of Cryptography, and case studies-the book covers:
How symmetrical key cryptography ensures confidentiality of messages
How cryptography lets you detect whether a message has been modified in transit
Why the distribution of cryptographic keys is important and difficult
The nuts and bolts of Kerberos-a major component of Microsoft's Windows 2000 security solution
How Public Key Cryptography ensures security between people who share no prior secret information
Digital signatures on electronic contracts and the concept of non-repudiation
How digital certificates ensure positive identification of individuals ... Read more

Customer Reviews (10)

Excellent introduction to cryptography
This concise book is very helpful for people who would like to know cryptography. The book uses a lot of diagrams to make complicate concepts easy to understand. One improvement the author may want to do is to fix the errors in the book.

Excellent introduction to symmetric and PKC cryptography
The basics of the usage of symmetric and asymmetric cryptography are explained here step by step in a precise way visualized by clear drawings of a sender, (evil) observer and recipient. Starting with the simplest case and showing what's faulty about it, the author develops an understanding of why it needs message digestion, public and private keys and either Kerberos or a certification authority.

A small part of the book is reserved for some mathematical expostions which do not go very far. Two case studies, one awkward, one profound, round off the book.

The term e-commerce in the title is somewhat misleading. The book deals rather with B2B, the other subcategory of e-business.

A possible audience for the book are people like me, who are supposed to know what excatly a digital signature is and therfore cannot really ask someone.

I understand cryptography now!
It usually takes me a while to understand new things, this book was very informative and easy to understand.I now understand cryptography!Read this book!

Gentle introduction to cryptography and its applications
The goal of this book is to provide an introduction to the basic concepts of cryptography to non-technical people, and to illustrate how cryptography can be applied in e-commerce applications. The author has succeeded admirably in this endeavor.

The first part of the book provides a gentle introduction to symmetric-key encryption and authentication, public-key cryptography, key managements and PKI. The detailed explanations are accompanied with intuitive figures. For the most part, the mathematical intricacies are omitted from the main chapters thus enabling the reading to grasp the important concepts without getting bogged down with technical details. For those interested in the underlying mathematics, the second part of the book provides a tutorial to some of the mathematics. Finally, the third part of the book describes two crytographic architectures designed by the author.

I highly recommend this book to the people with nontechnical backgrounds who are interested in learning how cryptography can be used to secure their applications. Once the basic concepts are understood, the reader can then proceed to one of the many available technical books on cryptography.

Gentle introduction to cryptography and its applications
The goal of this book is to provide an introduction to the basic concepts of cryptography to non-technical people, and to illustrate how cryptography can be applied in e-commerce applications. The author has succeeded admirably in this endeavor.

The first part of the book provides a gentle introduction to symmetric-key encryption and authentication, public-key cryptography, key managements and PKI. The detailed explanations are accompanied with intuitive figures. For the most part, the mathematical intricacies are omitted from the main chapters thus enabling the reading to grasp the important concepts without getting bogged down with technical details. For those interested in the underlying mathematics, the second part of the book provides a tutorial to some of the mathematics. Finally, the third part of the book describes two crytographic architectures designed by the author.

I highly recommend this book to the people with nontechnical backgrounds who are interested in learning how cryptography can be used to secure their applications. Once the basic concepts are understood, the reader can then proceed to one of the many available technical books on cryptography. ... Read more

Product Description
Hands-on, practical guide to implementing SSL and TLS protocols for Internet security

If you are a network professional who knows C programming, this practical book is for you.  Focused on how to implement Secure Socket Layer (SSL) and Transport Layer Security (TLS), this book guides you through all necessary steps, whether or not you have a working knowledge of cryptography. The book covers SSLv2, TLS 1.0, and TLS 1.2, including implementations of the relevant cryptographic protocols, secure hashing, certificate parsing, certificate generation, and more. 

• Shows network professionals how to implement SSL and TLS using cryptography and PKI
• Provides specific techniques and strategies, even if you have no prior knowledge of cryptography
• Covers HTTP, HTTPS, and HTTP proxy support (including how HTTP proxies interact with SSL); symmetric cryptography, including DES, 3DES, AES and RC4, along with CBC, OFB, COUNTER and AEAD
• Delves into public-key cryptography including RSA, Diffie-Hellman key exchange, and Elliptic-curve cryptography
• Takes you through digital signature algorithms including RSA, DSA, ECDSA, SHA-1, MD5, and HMAC
• Includes additional topics, such as X.509 certificates, ASN.1, and more

Set up and launch a working implementation of SSL with this practical guide. ... Read more

Product Description

The Handbook of Financial Cryptography and Security elucidates the theory and techniques of cryptography and illustrates how to establish and maintain security under the framework of financial cryptography. It applies various cryptographic techniques to auctions, electronic voting, micropayment systems, digital rights, financial portfolios, routing networks, and more.

In the first part, the book examines blind signatures and other important cryptographic techniques with respect to digital cash/e-cash. It also looks at the role of cryptography in auctions and voting, describes properties that can be required of systems implementing value exchange, and presents methods by which selected receivers can decrypt signals sent out to everyone.

The second section begins with a discussion on lowering transaction costs of settling payments so that commerce can occur at the sub-penny level. The book then addresses the challenge of a system solution for the protection of intellectual property, before presenting an application of cryptography to financial exchanges and markets.

Exploring financial cryptography in the real world, the third part discusses the often-complex issues of phishing, privacy and anonymity, and protecting the identity of objects and users.

With a focus on human factors, the final section considers whether systems will elicit or encourage the desired behavior of the participants of the system. It also explains how the law and regulations impact financial cryptography.

In the real world, smart and adaptive adversaries employ all types of means to circumvent inconvenient security restraints. This useful handbook provides answers to general questions about the field of financial cryptography as well as solutions to specific real-world security problems.