Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "PGP & GPG: Email for the Practical Paranoid", Michael

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "PGP & GPG: Email for the Practical Paranoid", Michael W. Lucas
Date: Mon, 09 Oct 2006 10:33:22 -0800 
BKPGPGPG.RVW   20060823

"PGP & GPG: Email for the Practical Paranoid", Michael W. Lucas, 2006,
1-59327-071-2, U$24.95/C$32.95
%A   Michael W. Lucas mwlucas@blackhelicopters.org
%C   555 De Haro Street, Suite 250, San Francisco, CA   94107
%D   2006
%G   1-59327-071-2
%I   No Starch Press
%O   U$24.95/C$32.95 415-863-9900 fax 415-863-9950 info@nostarch.com
%O  http://www.amazon.com/exec/obidos/ASIN/1593270712/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1593270712/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1593270712/robsladesin03-20
%O   Audience n- Tech 1 Writing 2 (see revfaq.htm for explanation)
%P   196 p.
%T   "PGP & GPG: Email for the Practical Paranoid"

The introduction states that while the book does cover foundational
encryption concepts, it is primarily intended to explain the
appropriate use of the PGP (Pretty Good Privacy) and GPG tools.  This
preamble also provides a history and description of PGP, OpenPGP, and
GnuPG.  The rudimentary outline is good, but does have some errors: an
ITAR (International Traffic in Arms Regulations) offence would be a
criminal (rather than civil) matter so the US government never did
launch a lawsuit against software author Phil Zimmermann (although
other lawsuits were launched surrounding the program), and the program
was produced before the book of the source code was published.  (Lucas
also retails the myth that the NSA has a secret computer that can
crack the strongest of encryption algorithms: to those who truly do
understand encryption technology the suggestion is patently absurd.)

Chapter one outlines the basics of cryptography, but adds more errors:
for example, a code doesn't relate to concealment, and substitution is
not the only form of ciphering.  While the explanations are sometimes
far from clear, generally the ideas are presented reasonably, although
in a simplistic manner.  (Here and at other places in the book, Lucas
attempts to inject the occasional note of levity.  As with similar
attempts by other authors, these jokes will not help the reader  to
understand or remember of the material.  However, at least Lucas keeps
the quips to a minimum, and they aren't too annoying.)  Elementary
components of OpenPGP are related in chapter two.  Installation
instructions for PGP Desktop are provided in chapter three, along with
additional suggestions and information about locations for keys. 
These are useful for those with an intermediate or advanced level of
familiarity with Windows, but there is insufficient detail or
explanation provided for novice users, who appear to be the most
appropriate target audience for thia book.  Chapter four deals with
the installation of GnuPG and the Windows Privacy Tray (WinPT)
graphical front end, and more details are provided for this form,
although the definition is still weak.  Specific operations and
activities regarding the building and use of the Web of Trust are
outlined in chapter five, but the implications and underlying concepts
are not explained well even though some of the more esoteric
ramifications are mentioned.  Key management dialogue boxes are
described for PGP in chapter six, and GnuPG in seven.  Chapter eight
is an introduction to the idea of (and some of the problems with)
using OpenPGP with email.  Various settings for PGP and email are in
chapter nine.  Installation of plugins for GnuPG and the Outlook,
Outlook Express, and Thunderbird mailers is described in chapter ten. 
Various warnings about using PGP and GnuPG are sounded in chapter
eleven.  Most are reasonable, but some betray a lack of background
(SHA-1 is more susceptible to the birthday attack than to forgery).

This could be a helpful guide if you are new to encryption and wish to
install and use PGP Desktop or GnuPG.  However, note that the
background information is limited, and sometimes inaccurate.  For most
users this will not be an issue.  More importantly, beyond the basic
operations of the programs there is little in the way of advice on the
finer points of "appropriate" use of encryption services.  A handy
guide to obtaining and installing the software, but, beyond that, you
are pretty much on your own.

copyright Robert M. Slade, 2006   BKPGPGPG.RVW   20060823


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
Reading is to the mind what exercise is to the body.
                                                    - Joseph Addison
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "PGP & GPG: Email for the Practical Paranoid", Michael W. Lucas, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "A Primer for Disaster Recovery Planning in an IT Environment", Charlotte J. Hiatt, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] Testking/Transcender, anirudh kumar
Previous by Thread:  [CISSP-D] REVIEW: "A Primer for Disaster Recovery Planning in an IT Environment", Charlotte J. Hiatt, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] Testking/Transcender, anirudh kumar
Indexes:  [Date] [Thread] [Top] [All Lists]