REVIEW: "Cryptography Decrypted", H. X. Mel/Doris Baker

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKCRPDEC.RVW   20021215

"Cryptography Decrypted", H. X. Mel/Doris Baker, 2001, 0-201-61647-5,
U$29.95/C$44.95
%A   H. X. Mel www.hxmel.com
%A   Doris Baker
%C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
%D   2001
%G   0-201-61647-5
%I   Addison-Wesley Publishing Co.
%O   U$29.95/C$44.95 800-822-6339 fax 617-944-7273 bkexpress () aw com
%O  http://www.amazon.com/exec/obidos/ASIN/0201616475/robsladesinterne
%P   352 p.
%T   "Cryptography Decrypted"

The book seems to be rather ambitious, since the preface says that it
is addressed to any (and therefore all) audience(s), without any
limitation on the stated purpose.  In general, it is an attempt to
portray the basic concepts of cryptography, without getting too far
into technical details.  Many other books have tried to do the same
thing, and signally failed.  Mel and Baker by and large succeed.

Part one addressed secret key (symmetric) cryptography.  Chapter one
tries to draw an analogy between locks and encryption, although the
relation is strained at best.  Substitution, frequency analysis, and
polyalphabetic ciphers are covered in chapter two.  Chapter three
introduces transposition.  The Polybius square is used, in chapter
four, as an example of the combination of substitution and
transposition.  For those in the know, this leads nicely into the
discussion of DES (Data Encryption Standard), in chapter five,
although the neat segue would be lost on most readers, since the
details of DES are not given.  The history of cryptography appears
rather abruptly in chapter six.  Chapter seven covers the attempts to
use cryptographic methods for confidentiality, integrity,
authentication, and non-repudiation, and shows that the last point is
not possible with purely symmetric cryptography.  A simplistic
examination of key exchange is given in chapter eight.

Part two deals with public key (asymmetric) encryption.  Chapter nine
is a confusing introduction using the Merkle puzzle space (with some
mention of Diffie-Hellman) as the example.  A simplistic review of
public key encryption is in chapter ten.  Math tricks, in chapter
eleven, seems pointless as it begins, but the development to the
examples of modular inverses do provide both a basic form of
asymmetric cryptography, and a demonstration of the mathematical
concepts underlying more advanced cryptographic algorithms.  Chapter
twelve introduces authentication and digital signatures, with hashes
and message digests in chapter thirteen, and a discussion of digest
assurances (reviewing collisions and encrypted message authentication
codes) in fourteen.  A comparison of cryptographic strength and speed
(between symmetric and asymmetric systems) is in chapter fifteen.

Part three covers the distribution of public keys, and introduces some
of the concepts of PKI (Public Key Infrastructure).  Chapter sixteen
deals with certificates.  The title of chapter seventeen relates to
the X.509 certificate structure, but the topics covered mostly concern
hierarchical certificate authorities.  PGP (Pretty Good Privacy) and
the "Web of Trust" model are explained in chapter eighteen.

Part four looks at real world systems and actual applications. 
Chapter nineteen explains email security, but in a generic fashion. 
SSL (Secure Sockets Layer) is clearly described in chapter twenty,
but, given the lack of detail in the rest of the book, the technical
material is rather odd.  IPSec, in chapter twenty one, is presented in
a confused manner.  Various problems of, and attacks against,
cryptography are outlined in chapter twenty two.  The final chapter is
a simplistic review of the storage of cryptographic keys on smart
cards.

This book does present most of the core concepts in cryptography.  The
text is readable, and, within the limited scope of the material,
generally accurate.  For non-specialists, it is a reasonable
introduction to the topic.  This might even include security
professionals who are not directly involved with cryptographic
systems.  However, the lack of detail in the explanations of the
theory is a weakness, since the text would be more convincing with
more background.

copyright Robert M. Slade, 2002   BKCRPDEC.RVW   20021215

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.