|
 |
|
 |
 |
Cryptography for Developers
|
by Tom St Denis
Sales Rank: 928771
|
List Price: $59.95
$52.90
At Amazon
|
|
Paperback: 400 pages
Publisher: Syngress November 27, 2006
Language: English
ISBN-10: 1597491047
ISBN-13: 978-1597491044
Product Dimensions:
8.7 x 6.8 x 1.3 inches
Shipping Weight: 1.4 pounds
Product Description
Developers tasked with security problems are often not cryptographers themselves. They are bright people who, with careful guidance, can implement secure cryptosystems. This book will guide developers in their journey towards solving cryptographic problems. If you have ever asked yourself "just how do I setup AES?" then this text is for you.
ASN.1 Encoding The chapter on ASN.1 encoding delivers a treatment of the Abstract Syntax Notation One (ASN.1) encoding rules for data elements such as strings, binary strings, integers, dates and times, and sets and sequences. Random Number Generation This chapter discusses the design and construction of standard random number generators (RNGs) such as those specified by NIST. Advanced Encryption Standard This chapter discusses the AES block cipher design, implementation trade-offs, side channel hazards, and modes of use. It concentrates on the key design elements important to implementers and how to exploit them in various trade-off conditions. Hash Functions This chapter discusses collision resistance, provides examples of exploits, and concludes with known incorrect usage patterns. Message Authentication Code Algorithms This chapter discusses the HMAC and CMAC Message Authentication Code (MAC) algorithms, which are constructed from hash and cipher functions. Encrypt and Authenticate Modes This chapter discusses the IEEE and NIST encrypt and authenticate modes GCM and CCM. Both modes introduce new concepts to cryptographic functions. Focus is given to the concept of replay attacks, and initialization techniques are explored in depth. Large Integer Arithmetic This chapter discusses the techniques behind manipulating large integers such as those used in public key algorithms. Public Key Algorithms This chapter introduces public key cryptography, including the RSA algorithm and its related PKCS #1 padding schemes. It also introduces new math in the form of various elliptic curve point multipliers.
About The Author
Tom St Denis is the author of the industry standard LibTom series of projects. Tom is a senior software developer and cryptographer for the Advanced Micro Devices Corporation. He has been engaged in various international development contracts and speaking engagements since 2004. He is at work on his next book, Cryptography for Developers.
Customer Reviews & Comments
A lot of people who have read "Applied Cryptography" by BRuce Schneier are themselves not cryptographers or developing cryptographic software. In fact, very few people actually develop cryptographic software because it's tough to get right and most crypto libraries provide everything you need. However, for those that wish to enter the field, it can be daunting to learn. If you'd like to be one of those few, Tom St Denis' "Cryptography for Developers" may be for you. The book's writing is clear and focused, not surprising given that the author has written before. St Denis makes a good choice to focus on new material for this book, specifically pointing you at other books for a background in cryptography and "bignum" math (very, very large numbers, which require atypical methods to manipulate). If you're a C code developer, you'll get the material very well. If you're C isn't very strong, or you need the code for another language, you'll probably have some difficulty in making use of it (depending on how skilled you are with C). However, the code is clear and well annotated, so you can make pretty good sense of it pretty quickly. Chapter 2 starts off with a bang and covers ASN.1 encoding. This is not a very common topic, so this is one of the only places you may find this sort of thing covered well. Right away you can see what you're in for: very clear background info, good use of illustrations, well written code with lots of annotations, and very sharp focus. Chapter 3 covers random numbers (specifically RNGs and PRNGs). While you'll want to complement this with something like the CRC Applied Crypto chapters on random numbers, you'll get a pretty good idea of how to gather and make use of random numbers. One probem I noticed here was that notes that Yarrow and Fortuna are RNGs but later (and, I believe, correctly) states that they are PRNG algorithms. Overall, though, a good treatment of the topic and a discussion of where to use random numbers, how to test them, the limits of the tests, and what pitfalls to watch out for. Chapter 4 is really one of the meaty chapters and covers AES very in depth. Many of the concepts covered here are reused in other chapters, so make sure you get this one under your belt. Chapters 5 and 6 cover hash functions and message authentication code algorithms, respectively. Again, great treatment of a limited subset of the algorithms out there and very good discussions about the myths, truths, and appropriate uses of the algorithms. Very good, useful insights all around. Chapter 7 covers encryption and authentication modes, providing you with code that starts to really put it all together. Chapter 8 covers large integer arithmatic, but also states that it's no replacement for St Denis' other book on BigNum math. Another very useful topic covered here somewhat looks at optimizations and how to make efficient code. Again, valuable insights that you can apple to other topics. Chapter 9 covers public key algorithms, but sadly doesn't give much code. This is a disappointment and unexpected, given how much code is in the rest of the book. Perhaps it was a length consideration or by design, I don't know. I'm not a cryptographer, so I can't attest to the veracity of the code. I didn't spot any obvious errors in the code design or use, however. Finally, this book wont replace Applied Crypto (either the Schneier or the CRC tomes), you'll want to use this book in tandem with those volumes. So few algorithms are covered that you'll really want to have studied those first before you can make full use of this volume. Finally, one other thing that's missing is a unified set of links and references. He would have benefitted the reader had he done so, because so much material is covered and referenced. St Denis has produced a clear, focused volume that's well organized. If you want to go from algorithm outlines to implementations, this is the book to work with. The quality of the writing and production is higher than many other Syngress books, and that's much appreciated.
|
Cryptography for Developers
List Price: $59.95
Available from Amazon
Price: $52.90
| |
|
|
|
|
