[ISN] REVIEW: "Cryptography Decrypted", H. X. Mel/Doris Baker

From: InfoSec News (isnat_private)
Date: Thu Jan 23 2003 - 03:24:44 PST

  • Next message: InfoSec News: "[ISN] DOD preps security directions"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    BKCRPDEC.RVW   20021215
    "Cryptography Decrypted", H. X. Mel/Doris Baker, 2001, 0-201-61647-5,
    %A   H. X. Mel www.hxmel.com
    %A   Doris Baker
    %C   P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario  M3C 2T8
    %D   2001
    %G   0-201-61647-5
    %I   Addison-Wesley Publishing Co.
    %O   U$29.95/C$44.95 800-822-6339 fax 617-944-7273 bkexpressat_private
    %O  http://www.amazon.com/exec/obidos/ASIN/0201616475/robsladesinterne
    %P   352 p.
    %T   "Cryptography Decrypted"
    The book seems to be rather ambitious, since the preface says that it
    is addressed to any (and therefore all) audience(s), without any
    limitation on the stated purpose.  In general, it is an attempt to
    portray the basic concepts of cryptography, without getting too far
    into technical details.  Many other books have tried to do the same
    thing, and signally failed.  Mel and Baker by and large succeed.
    Part one addressed secret key (symmetric) cryptography.  Chapter one
    tries to draw an analogy between locks and encryption, although the
    relation is strained at best.  Substitution, frequency analysis, and
    polyalphabetic ciphers are covered in chapter two.  Chapter three
    introduces transposition.  The Polybius square is used, in chapter
    four, as an example of the combination of substitution and
    transposition.  For those in the know, this leads nicely into the
    discussion of DES (Data Encryption Standard), in chapter five,
    although the neat segue would be lost on most readers, since the
    details of DES are not given.  The history of cryptography appears
    rather abruptly in chapter six.  Chapter seven covers the attempts to
    use cryptographic methods for confidentiality, integrity,
    authentication, and non-repudiation, and shows that the last point is
    not possible with purely symmetric cryptography.  A simplistic
    examination of key exchange is given in chapter eight.
    Part two deals with public key (asymmetric) encryption.  Chapter nine
    is a confusing introduction using the Merkle puzzle space (with some
    mention of Diffie-Hellman) as the example.  A simplistic review of
    public key encryption is in chapter ten.  Math tricks, in chapter
    eleven, seems pointless as it begins, but the development to the
    examples of modular inverses do provide both a basic form of
    asymmetric cryptography, and a demonstration of the mathematical
    concepts underlying more advanced cryptographic algorithms.  Chapter
    twelve introduces authentication and digital signatures, with hashes
    and message digests in chapter thirteen, and a discussion of digest
    assurances (reviewing collisions and encrypted message authentication
    codes) in fourteen.  A comparison of cryptographic strength and speed
    (between symmetric and asymmetric systems) is in chapter fifteen.
    Part three covers the distribution of public keys, and introduces some
    of the concepts of PKI (Public Key Infrastructure).  Chapter sixteen
    deals with certificates.  The title of chapter seventeen relates to
    the X.509 certificate structure, but the topics covered mostly concern
    hierarchical certificate authorities.  PGP (Pretty Good Privacy) and
    the "Web of Trust" model are explained in chapter eighteen.
    Part four looks at real world systems and actual applications. 
    Chapter nineteen explains email security, but in a generic fashion. 
    SSL (Secure Sockets Layer) is clearly described in chapter twenty,
    but, given the lack of detail in the rest of the book, the technical
    material is rather odd.  IPSec, in chapter twenty one, is presented in
    a confused manner.  Various problems of, and attacks against,
    cryptography are outlined in chapter twenty two.  The final chapter is
    a simplistic review of the storage of cryptographic keys on smart
    This book does present most of the core concepts in cryptography.  The
    text is readable, and, within the limited scope of the material,
    generally accurate.  For non-specialists, it is a reasonable
    introduction to the topic.  This might even include security
    professionals who are not directly involved with cryptographic
    systems.  However, the lack of detail in the explanations of the
    theory is a weakness, since the text would be more convincing with
    more background.
    copyright Robert M. Slade, 2002   BKCRPDEC.RVW   20021215
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        February 10, 2003   February 14, 2003   St. Louis, MO
        March 31, 2003      April 4, 2003       Indianapolis, IN
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 06:22:05 PST