Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] REVIEW: "Cryptography for Developers", Tom St. Denis

from [Rob, grandpa of Ryan, Trevor, Devon & Hannah] Network Security [Permanent Link]
Subject: [CISSP-D] REVIEW: "Cryptography for Developers", Tom St. Denis
Date: Fri, 16 Mar 2007 10:23:34 -0800 
BKCRPTDV.RVW   20070114

"Cryptography for Developers", Tom St. Denis, 2007, 1-59749-104-7,
U$59.95/C$77.95
%A   Tom St. Denis
%C   800 Hingham Street, Rockland, MA   02370
%D   2007
%G   1-59749-104-7 978-1-59749-104-4
%I   Syngress Media, Inc.
%O   U$59.95/C$77.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O  http://www.amazon.com/exec/obidos/ASIN/1597491047/robsladesinterne
  http://www.amazon.co.uk/exec/obidos/ASIN/1597491047/robsladesinte-21
%O   http://www.amazon.ca/exec/obidos/ASIN/1597491047/robsladesin03-20
%O   Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P   423 p.
%T   "Cryptography for Developers"

Chapter one is a poor explanation of some cryptographic concepts. 
Sample code for various ASN.1 standard data types and representations
(those useful for cryptographic work) are given in chapter two.  The
review of random numbers that is provided in chapter three is
excellent, with discussion of sources of entropy, basic designs for
random and pseudorandom systems, coding samples, and pointers to
concerns and areas of weakness in related systems.  Chapter four, on
the Advanced Encryption Standard (AES), is weak on theoretical
outlines, but describes the algorithm and processes, as well as noting
programming code, optimizations, and the weaknesses (primarily against
side channel attacks) that such performance measures create.  There is
also a review of two of the five modes of block cipher operations. 
Hash functions, and an extensive discussion of the birthday paradox,
are in chapter five. There are coding details of SHA-1 (Secure Hash
Algorithm), SHA-256, and SHA-512, as well as PKCS (Public Key
Cryptographic Standard) #5.  More secure message authentication codes
(MAC); CMAC (Cipher Message Authentication Code) and HMAC (it actually
isn't an acronym, despite what the book says) are in chapter six. 
Implementing applications which both encrypt and provide
authentication is described in chapter seven.  Chapter eight examines
operations with very large numbers, vital for most asymmetric
cryptography (which is briefly outlined in chapter nine).

The text is written in a pseudo-intellectual manner that may sometimes
annoy the reader with its emphasis on erudite and esoteric trivia. 
The attempt at folksy humour does not contribute to either an
understanding of the material or the readability of the content.  The
explanations of basic concepts are weak, and often wrong or
misleading.  There are a great many typographical errors in the text
of the manuscript, which does not inspire confidence in the accuracy
of the sample code.  There are a number of useful points in the book,
but they are buried in a lot of sloppy work.

copyright Robert M. Slade, 2007   BKCRPTDV.RVW   20070114


======================  (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca     slade@victoria.tc.ca     rslade@computercrime.org
There is nothing in this world constant but inconstancy.     - Swift
Dictionary of Information Security  www.syngress.com/catalog/?pid=4150
http://victoria.tc.ca/techrev/rms.htm


------------------------ Yahoo! Groups Sponsor --------------------~--> 
Something is new at Yahoo! Groups.  Check out the enhanced email design.
http://us.click.yahoo.com/kOt0.A/gOaOAA/yQLSAA/kgFolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/CISSP-Discuss/join
    (Yahoo! ID required)

<*> To change settings via email:
    mailto:CISSP-Discuss-digest@yahoogroups.com 
    mailto:CISSP-Discuss-fullfeatured@yahoogroups.com

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] REVIEW: "Cryptography for Developers", Tom St. Denis, Rob, grandpa of Ryan, Trevor, Devon & Hannah <=
Previous by Date:  [CISSP-D] REVIEW: "CD and DVD Forensics", Paul Crowley, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  [CISSP-D] REVIEW: "Manager's Guide to Compliance", Anthony Tarantino, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  [CISSP-D] REVIEW: "CD and DVD Forensics", Paul Crowley, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Thread:  [CISSP-D] REVIEW: "Manager's Guide to Compliance", Anthony Tarantino, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]