I have unsubscribed from this mailing list. Please remove my name from your personal address lists. Thanks. ahg3 ---------- From: Patrick Horgan[SMTP:patrick@Verity.COM] Sent: Tuesday, October 24, 1995 2:21 PM To: sandoval Cc: cypherpunks Subject: Re: textbooks I'm Cc:ing this to cypherpunks since I've gotten a lot of requests for this information.
From: sandoval@cic.teleco.ulpgc.es (Juan Domingo Sandoval Gonzalez)
Dear Patrick, Thanks for yor info about "Network Security Private Communication in a PUBLIC World" by Kaufman, Perlman and Speciner. To buy it I need to know Who published it. Do you know the Editor house?
"Network Security - PRIVATE Communication in a PUBLIC World", 1995, Prentice Hall PTR, ISBN 0-13-061466-1, by Charlie Kaufman, Radia Perlman, and Mike Speciner. This book is amazing. It explains hard concepts in ways that make them seem obvious. I can't state this too emphatically. The style of the book is conversational, approachable and a fun read, while at the same time maintaining technical exactness to the point that you can implement algorithms from the discussions in this book, (and understand how they work.) 17.6.2 Coping with Export Controls is very interesting, detailing the weird hoops that Lotus jumped through to retain as much security as possible while still meeting export requirements. The authors make the point that what happens to you when you go through this process is almost random depending on the times as well as the individual person you deal with. The ANS.1 section is blunt about the space problems, and indeed much of the book is refreshingly blunt about the stupidities involved in a lot of this stuff. The quick proof of why the initial and final permutations add nothing to the security of DES is presented in an informal and quite obvious sidebar. The comment is made that by the same argument the permutation of the key in the generating of per-round keys also adds nothing to security. It also includes homework and would be a wonderful textbook. Here's an abbreviated version of the TOC. Note that the real index is much richer than this. I've given the complete version of section 3.3 to illustrate. All typos are mine. I think we can no longer refer to Bruce's book as the Bible, but must refer to the two books as the Scriptures;) Could someone refer me to some good crypto oriented math books? Preferably something as readable as this:) Chapter 1 Introduction 1.1 Roadmap to the book 1.2 What type of book is this 1.3 Terminology 1.4 Notation 1.5 Primer on Networking 1.6 Tempest 1.7 Firewalls/Security Gateways 1.8 Key Escrow for Law Enforcement 1.9 Key Escrow for Careless Users 1.10 Viruses, Worms, Trojan Horses 1.11 The Military Model of Security 1.12 Legal Issues Chapter 2 Introduction to Cryptography 2.1 What is Cryptography 2.2 Breaking an Encryption Scheme 2.3 Types of Cryptographic Functions 2.4 Secret Key Cryptography 2.5 Public Key Cryptography 2.6 Hash Alogorithms 2.7 Homework Chapter 3 Secret Key Cryptography 3.1 Introduction 3.2 Generic Block Encryption 3.3 Data Encryption Standard (DES) 3.3.1 DES Overview 3.3.2 The Permutations of the Data 3.3.3 Generating the Per-Round Keys 3.3.4 A DES Round 3.3.5 The Mangler Function 3.3.6 Weak and Semi-Weak Keys 3.3.7 What's So Special About DES? 3.4 International Data Encryption Algorithm (IDEA) 3.5 Using Secret Key Cryptography in Protocols 3.6 Encrypting a Large Message 3.7 Generating MICs 3.8 Multiple Encryption DES 3.9 Homework Chapter 4 Hashes and Message Digests 4.1 Introduction 4.2 Nifty Things to Do with a Hash 4.3 MD2 4.4 MD4 4.5 MD5 4.6 SHS 4.7 Homework Chapter 5 Public Key Algorithms 5.1 Introduction 5.2 Modular Arithmatic 5.3 RSA 5.4 Diffie-Hellman 5.5 Digital Signature Standard (DSS) 5.6 Zero Knowledge Proof Systems 5.7 Homework Problems Chapter 6 Number Theory 6.1 Introduction 6.2 Modular Arithmatic 6.3 Primes 6.4 Euclid's Algorithm 6.5 Chinese Remainder Theorem 6.6 Zn* 6.7 Euler's Totient Function 6.8 Euler's Theorem 6.9 Homework Problems Chapter 7 Authentication Problems 7.1 Password-Based Authentication 7.2 Address-Based Authentication 7.3 Cryptographic Authentication Protocols 7.4 Who is Being Authenticated 7.5 Passwords as Cryptographic Keys 7.6 Eavesdropping and Server Database Reading 7.7 Trusted Intermediaries 7.8 Session Key Establishment 7.9 Authorization 7.10 Delegation 7.11 Homework Chapter 8 Authentication of People 8.1 Passwords 8.2 On-Line Password Guessing 8.3 Off-Line Password Guessing 8.4 How Big Should a Secret Be? 8.5 Eavesdropping 8.6 Passwords and Careless Users 8.7 Initial Password Distribution 8.8 Authentication Tokens 8.9 Physical Access 8.10 Biometrics 8.11 Homework Chapter 9 Security Handshake Pitfalls 9.1 Login Only 9.2 Mutual Authentication 9.3 Integrity/Encryption for Data 9.4 Mediated Authentication (with KDC) 9.5 Bellovin-Merritt 9.6 Network Login and Password Guessing 9.7 Nonce Types 9.8 Picking Random Numbers 9.9 X.509 Problem 9.10 Performance Considerations 9.11 Authentication Protocol Checklist 9.12 Homework Chapter 10 Kerberos V4 10.1 Introduction 10.2 Tickets and Ticket-Granting Tickets 10.3 Configuration 10.4 Logging Into the Network 10.5 Replicated KDCs 10.6 Realms 10.7 Interrealm Authentication 10.8 Key Version Numbers 10.9 Encryption for Privacy and Integrity 10.10 Encryption for Integrity Only 10.11 Network Layer Addresses in Tickets 10.12 Message Formats 10.13 Homework Chapter 11 Kerberos V5 11.1 ASN.1 11.2 Names 11.3 Delegation of Rights 11.4 Ticket Lifetimes 11.5 Key Versions 11.6 Making Master Keys in Different Realms Different 11.7 Optimizations 11.8 Cryptographic Algorithms 11.9 Hierarchy of Realms 11.10 Evading Password-Guessing Attacks 11.11 Key Inside Authenticator 11.12 Double TGT Authentication 11.13 KDC Database 11.14 Kerberos V5 Messages 11.15 Homework Chapter 12 Electronic Mail Security 12.1 Distribution Lists 12.2 Store and Forward 12.3 Security Services for Electronic Mail 12.4 Establishing Keys 12.5 Privacy 12.6 Authentication of the Source 12.7 Message Integrity 12.8 Non-Repudiation 12.9 Proof of Submission 12.10 Proof of Delivery 12.11 Message Flow Confidentiality 12.12 Anonymity 12.13 Containment 12.14 Annoying Text Format Issues 12.15 Names and Addresses 12.16 Old Messages 12.17 Homework Chapter 13 Privacy Enhanced Mail (PEM) 13.1 Introduction 13.2 Establishing Keys 13.3 Some PEM History 13.4 Certificate Hierarchy 13.5 Certificate Revocation Lists (CRLs) 13.6 X.509 Certificates and CRLs 13.7 Reformatting Data to Get Through Mailers 13.8 General Structure of a PEM Message 13.9 Encryption 13.10 Source Authentication and Integrity Protection 13.11 Multiple Recipients 13.12 Bracketing PEM Messages 13.13 Remote Distribution List Exploders 13.14 Forwarding and Enclosures 13.15 Canonicalization 13.16 Unprotected Information 13.17 Message Formats 13.18 DES-CBC as MIC Doesn't Work 13.19 Homework Chapter 14 PGP (Pretty Good Privacy) 14.1 Introduction 14.2 Overview 14.3 Key Distribution 14.4 Efficient Encoding 14.5 Certificate and Key Revocation 14.6 Signature Types 14.7 Your Private Key 14.8 Key Rings 14.9 Anomalies 14.10 Object Formats Chapter 15 X.400 15.1 Overview of X.400 15.2 Security Functions Possible with X.400 15.3 Structure of an X.400 Message Chapter 16 A Comparison of PEM, PGP, and X.400 16.1 Introduction 16.2 Certificate Hierarchy 16.3 Certificate Distribution 16.4 Encryption 16.5 Encoding of Transmitted Messages 16.6 Cryptographic Algorithms Supported 16.7 Recipients with Multiple Keys 16.8 Mail-Intermediary-Provided Functions Chapter 17 More Security Systems 17.1 NetWare V3 17.2 NetWare V4 17.3 KryptoKnight 17.4 SNMP 17.5 DASS/SPX 17.6 Lotus Notes Security 17.7 DCE Security 17.8 Microsoft Security 17.9 Network Denial of Service 17.10 Clipper 17.11 Homework Bibliography Glossary Index _______________________________________________________________________ / These opinions are mine, and not Verity's (except by coincidence;). \ | (\ | | Patrick J. Horgan Verity Inc. \\ Have | | patrick@verity.com 1550 Plymouth Street \\ _ Sword | | Phone : (415)960-7600 Mountain View \\/ Will | | FAX : (415)960-7750 California 94303 _/\\ Travel | \___________________________________________________________\)__________ /