http://www.slashdot.org/books/98/11/04/0851244.shtml
Review: Handbook of Applied Cryptography
Posted by Hemos on Wednesday November 04, @08:51AM
Giving some actual theory to the whole cryptography discussion, Ian S.
Nelson's review of Handbook of Applied Cryptography takes a look at this
veritable tome of information. This isn't a book for those of you trying
to figure out exactly what the NSA actually does; this is for the real
meat and numbers behind it all. Click below for more info.
REVIEW: Handbook of Applied
Cryptography
Alfred J. Menezes,
Paul C. van Oorschot,
Scott A. Vanstone
CRC Press (ISBN
0-8493-8523-7)
Required reading for any cryptography freak.
ReviewRating: 9/10
The Scenario
CRC Press has been building a series of books on discrete mathematics and
its applications. Doug Stinson wrote the theory book on cryptography
(Cryptography: Theory and Practice (ISBN: 0-8493-8521-0, if you don't like
this book you'll vomit when you see the Stinson book) and this is the
application book on cryptography. It's close to 800 pages chocked full of
information.
I must confess that I'm a cryptography freak and I'm a little sick of the
constant political discussions and lack of tech talk, this book is all
tech and might even be a little much if you're not into math. It's a
wonderful companion to the Schneier books (Applied Cryptography 1st or 2nd
Edition A.K.A. "the crypto bible") if you're into the nitty gritty details
of cryptography.
What's Bad?
I really like this book and I can't find a lot that I don't like about
it... but I think in places the math gets a little thick. I have a degree
in math and I find myself returning to the math overview section more
often than I'd like to admit. If you're not familiar with discrete math
and combinatorics then this book probably isn't for you. If you enjoy that
stuff, then this will be a piece of cake. If you're looking to build your
crypto book library up I'd highly recommend this book before you get some
of the more hard-core books.
Something else I feel is lacking is cryptanalysis on ciphers. They discuss
attacks on various protocols and hashes but actual attacks on ciphers are
glossed over. As a companion to Cryptography: Theory and Practice, which
covers cryptanalysis in more detail, it is understandable to leave that
material out of this book but I think they could discuss it a little more
than they do without going into specifics.
The no-nonsense style can be a little dry at times, there aren't a lot of
jokes or anecdotes to lighten things up in this book.
What's Good?
Cipher isn't spelled with a 'y' anywhere in this book. It's not filled
with a lot of opinion or rumor. It doesn't hardly bring up ITAR, key
escrow, or the NSA's mystical superpowers. This book is about
cryptographic techniques and a listing of patents is about as political or
opinionated as it gets.
It is kind of like a textbook without the problems at the end of each
chapter. It is written in an outline format with subitems of "Definition",
"Fact", "Notes", "Example", and "Algorithm." Each subitem is followed by a
few short but concise paragraphs of explanation.
Plenty of charts and figures fill the pages and everything is explained
well. While it lacks source code, there is certainly enough information
for you to implement any of the ciphers, hashes, or protocols covered. It
even includes some test vectors for a lot of the algorithms.
So What's In It For Me?
If you want to learn about cryptography, not the politics but the actual
technology, then this is a great book to get before you get over your
head. It's very readable and while the math can be a little heavy in
places it is accessible and useful. It gives you a good flavor of how more
advanced papers and books on the subject are and it avoids the nonacademic
discussions surrounding cryptography.
To pick this book up, head over to Amazon and help Slashdot out.
Table of Contents
1. Overview of Cryptography
1. Introduction
2. Information Security and
Cryptography
3. Background on Functions
4. Basic Terminology and
Concepts
5. Symmetric-key Encryption
6. Digital Signatures
7. Authentication and
Identification
8. Public-key Cryptography
9. Hash Functions
10. Protocols and mechanisms
11. Key establishment,
management, and
certification
12. Pseudorandom numbers and
sequences
13. Classes of attacks and
security models
14. Notes and further
references
2. Mathematical Background
1. Probability theory
2. Information theory
3. Complexity theory
4. Number theory
5. Abstract algebra
6. Finite fields
7. Notes and further
references
3. Number-Theoretic Reference
Problems
1. Introduction and overview
2. The integer factorization
problem
3. The RSA problem
4. The quadratic residuosity
problem
5. Computing Square roots in
Zn
6. The Discrete logarithm
problem
7. The Diffie-Hellman problem
8. Composite moduli
9. Computing individual bits
10. The subset sum problem
11. Factoring polynomials over
finite fields
12. Notes and further
references
4. Public-Key Parameters
1. Introduction
2. Probabilistic primality
tests
3. (True)Primality tests
4. Prime number generation
5. Irreducible polynomials
over Zp
6. Generators and elements of
high order
7. Notes and further
references
5. Pseudorandom Bits and Sequences
1. Introduction
2. Random bit generation
3. Pseudorandom bit generation
4. Statistical tests
5. Cryptographically secure
pseudorandom bit generation
6. Notes and further
references
6. Stream Ciphers
1. Introduction
2. Feedback shift registers
3. Stream ciphers based on
LFSRs
4. Other stream ciphers
5. Notes and further
references
7. Block Ciphers
1. Introduction
2. Background and general
concepts
3. Classical ciphers and
historical development
4. DES
5. FEAL
6. IDEA
7. SAFER, RC5, and other block
ciphers
8. Notes and further
references
8. Public-Key Encryption
1. Introduction
2. RSA public-key encryption
3. Rabin public-key encryption
4. ElGamal public-key
encryption
5. McElliece public-key
encryption
6. Knapsack public-key
encryption
7. Probabilistic public-key
encryption
8. Notes and further
references
9. Hash Functions and Data
Integrity
1. Introduction
2. Classification and
framework
3. Basic constructions and
general results
4. Unkeyed hash functions
(MDCs)
5. Keyed hash functions (MACs)
6. Data integrity and message
authentication
7. Advanced attacks on hash
functions
8. Notes and further
references
10. Identification and Entity
Authentication
1. Introduction
2. Passwords (weak
authentication)
3. Challenge-response
identification (strong
authentication)
4. Customized zero-knowledge
identification protocols
5. Attacks on identification
protocols
6. Notes and further
references
11. Digital Signatures
1. Introduction
2. A framework for digital
signature mechanisms
3. RSA and related signature
schemes
4. Fiat-Shamir signature
schemes
5. The DSA and related
signature schemes
6. One-time digital signatures
7. Other signatures schemes
8. Signatures with additional
functionality
9. Notes and further
references
12. Key Establishment Protocols
1. Introduction
2. Classification and
framework
3. Key transport based on
symmetric encryption
4. Key agreement based on
symmetric techniques
5. Key transport based on
public-key encryption
6. Key agreement based on
asymmetric techniques
7. Secret Sharing
8. Conference Keying
9. Analysis of key
establishment protocols
10. Notes and further
references
13. Key Management Techniques
1. Introduction
2. Background and basic
concepts
3. Techniques for distributing
confidential keys
4. Techniques for distributing
public keys
5. Techniques for controlling
key usage
6. Key management involving
multiple domains
7. Key life cycle issues
8. Advanced trusted third
party services
9. Notes and further
references
14. Efficient Implementation
1. Introduction
2. Multiple-precision integer
arithmetic
3. Multiple-precision modular
arithmetic
4. Greatest common divisor
algorithms
5. Chinese remainder theorem
for integers
6. Exponentiation
7. Exponent recoding
8. Notes and further
references
15. Patents and Standards
1. Introduction
2. Patents on cryptographic
techniques
3. Cryptographic standards
4. Notes and further
references
16. Appendix A: Bibligraphy of
Papers from Selected
Cryptographic Forums
1. Asiacrypt/Auscrypt
Proceedings
2. Crypto Proceedings
3. Eurocrypt Proceedings
4. Fast Software Encryption
Proceedings
5. Journal of Cryptology
papers
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Wed Nov 4 11:42:43 1998