Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Cryptography and Public Key Infrastructure on the Int

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Cryptography and Public Key Infrastructure on the Internet", Klaus Schmeh
Date: Thu, 23 Feb 2006 07:59:26 -0800 
BKCPKIOI.RVW   20051201

"Cryptography and Public Key Infrastructure on the Internet", Klaus
Schmeh, 2003, 0-470-84745-X, U$50.00/UK#34.95
%A   Klaus Schmeh
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2003
%G   0-470-84745-X
%I   John Wiley & Sons, Inc.
%O   U$50.00/UK#34.95 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/047084745X/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/047084745X/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/047084745X/robsladesin03-20
%O   Audience i- Tech 1 Writing 1 (see revfaq.htm for explanation)
%P   472 p.
%T   "Cryptography and Public Key Infrastructure on the Internet"

Part one is supposed to address the question of why you would want to
use cryptography on the Internet.  Chapter one is really a general
introduction or preface to the book.  Chapter two tells us that
cryptography is important for security.  The ability to sniff various
types of communications channels is mentioned in chapter three.

Part two introduces the basic principles of cryptography.  Chapter
four outlines basic cryptographic operations, but only in the sense of
listing the basic terms: the explanations are very limited.  Some
details of the internal operations of DES (Data Encryption Standard),
IDEA (International Data Encryption Algorithm), and AES (Advanced
Encryption Standard) are presented in chapter five, but not in a way
that provides a full understanding of the systems.  Chapter six looks
at some of the math involved in asymmetric algorithms and describes
the Diffie-Hellman and RSA algorithms, but not how they work in
practice.  Chapter seven says that digital signatures work, but not
how.  Hash functions are reviewed in chapter eight.  Pseudo-random
number generators and stream ciphers are the topic of chapter nine.

Part three ostensibly moves to advanced cryptography.  But the topics
are ill-chosen and oddly grouped: chapter ten lists standards and
standards bodies, eleven looks at DES modes and RSA data transforms,
twelve outlines both communications protocols and attacks on
cryptography.  Authentication is covered in a reasonable manner in
chapter thirteen, while a great deal of the math (and very little
explanation) of elliptic curve cryptography (ECC) is given in
fourteen, and fifteen deals with cryptographic hardware, software, and
interfaces.

Part four turns to public key infrastructures (PKI).  Chapters sixteen
and seventeen outline the elements of a PKI.  Certificates and
certificate servers are covered in eighteen and nineteen,
respectively.  Chapter twenty reviews practical aspects.

Part five addresses cryptographic protocols for the Internet.  Chapter
twenty-one looks at the OSI (Open Systems Interconnection) layered
model, with twenty-two examining protocols for layer 2, twenty-three
for 3 (limited to IPSec), twenty-four for 4, and twenty-five, -six, -
seven, and -eight for layer 7.  (Only fair, since the TCP/IP
application layer subsumes the OSI session, presentation, and
application.)

Part six covers more about cryptography, and is probably the best
section of the book.  Chapter twenty-nine deals with political aspects
of cryptography, such as export restrictions.  People, companies, and
organizations are listed in chapter thirty.  References and resources
are in chapter thirty-one, for those who want to study the topic
further.  Chapter thirty-two finishes off with flops, myths, and snake
oil.

The writing is ragged, the structure often odd, and the technical
level very inconsistent.  Material seems to have been added with no
particular purpose in mind.  The chapter on random numbers starts out
with a mention of three movies, two of which have tenuous connections
to cryptography, none of which deals with the concept of randomness. 
Technical details are thrown into the text without either fully
explaining the technology under discussion, or being necessary for
further topics.  The result is a grab bag of indiscriminate facts that
do not furnish the reader with a full understanding of the topics.

copyright Robert M. Slade, 2005   BKCPKIOI.RVW   20051201


======================
rslade@computercrime.org  slade@victoria.tc.ca  rslade@sun.soci.niu.edu
It is the test of a good religion whether you can joke about it.
                                                  - G. K. Chesterton
Where does the idea come from that if what we are doing is fun,
it can't be God's will?  The God who made giraffes has a sense of
humor.  Make no mistake about that.             - Catherine Marshall


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Cryptography and Public Key Infrastructure on the Internet", Klaus Schmeh, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "Network Security Fundamentals", Gert De Laet/Gert Schauwers, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] CISSP skills transfer; beyond the certification game, Mohammed Thiab
Previous by Thread:  [CISSP-D] REVIEW: "Network Security Fundamentals", Gert De Laet/Gert Schauwers, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] CISSP skills transfer; beyond the certification game, Mohammed Thiab
Indexes:  [Date] [Thread] [Top] [All Lists]