Advertisement Welcome to Slashdot Science News Technology Star Wars Prequels The Internet faq code awards slashNET older stuff rob's page submit story book reviews user account ask slashdot advertising supporters past polls features about jobs BSI Review:Handbook of Applied Cryptography Encryption Posted by Hemos on Wednesday November 04, @08:51AM from the just-the-facts-ma'am dept. Giving some actual theory to the whole cryptography discussion, Ian S. Nelson's review of Handbook of Applied Cryptography takes a look at this veritable tome of information. This isn't a book for those of you trying to figure out exactly what the NSA actually does; this is for the real meat and numbers behind it all. Click below for more info. REVIEW: Handbook of Applied Cryptography Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone CRC Press (ISBN 0-8493-8523-7) Nutshell Review: Required reading for any cryptography freak. Rating: 9/10 The Scenario CRC Press has been building a series of books on discrete mathematics and its applications. Doug Stinson wrote the theory book on cryptography (Cryptography: Theory and Practice (ISBN: 0-8493-8521-0, if you don't like this book you'll vomit when you see the Stinson book) and this is the application book on cryptography. It's close to 800 pages chocked full of information. I must confess that I'm a cryptography freak and I'm a little sick of the constant political discussions and lack of tech talk, this book is all tech and might even be a little much if you're not into math. It's a wonderful companion to the Schneier books (Applied Cryptography 1st or 2nd Edition A.K.A. "the crypto bible") if you're into the nitty gritty details of cryptography. What's Bad? I really like this book and I can't find a lot that I don't like about it... but I think in places the math gets a little thick. I have a degree in math and I find myself returning to the math overview section more often than I'd like to admit. If you're not familiar with discrete math and combinatorics then this book probably isn't for you. If you enjoy that stuff, then this will be a piece of cake. If you're looking to build your crypto book library up I'd highly recommend this book before you get some of the more hard-core books. Something else I feel is lacking is cryptanalysis on ciphers. They discuss attacks on various protocols and hashes but actual attacks on ciphers are glossed over. As a companion to Cryptography: Theory and Practice, which covers cryptanalysis in more detail, it is understandable to leave that material out of this book but I think they could discuss it a little more than they do without going into specifics. The no-nonsense style can be a little dry at times, there aren't a lot of jokes or anecdotes to lighten things up in this book. What's Good? Cipher isn't spelled with a 'y' anywhere in this book. It's not filled with a lot of opinion or rumor. It doesn't hardly bring up ITAR, key escrow, or the NSA's mystical superpowers. This book is about cryptographic techniques and a listing of patents is about as political or opinionated as it gets. It is kind of like a textbook without the problems at the end of each chapter. It is written in an outline format with subitems of "Definition", "Fact", "Notes", "Example", and "Algorithm." Each subitem is followed by a few short but concise paragraphs of explanation. Plenty of charts and figures fill the pages and everything is explained well. While it lacks source code, there is certainly enough information for you to implement any of the ciphers, hashes, or protocols covered. It even includes some test vectors for a lot of the algorithms. So What's In It For Me? If you want to learn about cryptography, not the politics but the actual technology, then this is a great book to get before you get over your head. It's very readable and while the math can be a little heavy in places it is accessible and useful. It gives you a good flavor of how more advanced papers and books on the subject are and it avoids the nonacademic discussions surrounding cryptography. To pick this book up, head over to Amazon and help Slashdot out. Table of Contents 1. Overview of Cryptography 1. Introduction 2. Information Security and Cryptography 3. Background on Functions 4. Basic Terminology and Concepts 5. Symmetric-key Encryption 6. Digital Signatures 7. Authentication and Identification 8. Public-key Cryptography 9. Hash Functions 10. Protocols and mechanisms 11. Key establishment, management, and certification 12. Pseudorandom numbers and sequences 13. Classes of attacks and security models 14. Notes and further references 2. Mathematical Background 1. Probability theory 2. Information theory 3. Complexity theory 4. Number theory 5. Abstract algebra 6. Finite fields 7. Notes and further references 3. Number-Theoretic Reference Problems 1. Introduction and overview 2. The integer factorization problem 3. The RSA problem 4. The quadratic residuosity problem 5. Computing Square roots in Zn 6. The Discrete logarithm problem 7. The Diffie-Hellman problem 8. Composite moduli 9. Computing individual bits 10. The subset sum problem 11. Factoring polynomials over finite fields 12. Notes and further references 4. Public-Key Parameters 1. Introduction 2. Probabilistic primality tests 3. (True)Primality tests 4. Prime number generation 5. Irreducible polynomials over Zp 6. Generators and elements of high order 7. Notes and further references 5. Pseudorandom Bits and Sequences 1. Introduction 2. Random bit generation 3. Pseudorandom bit generation 4. Statistical tests 5. Cryptographically secure pseudorandom bit generation 6. Notes and further references 6. Stream Ciphers 1. Introduction 2. Feedback shift registers 3. Stream ciphers based on LFSRs 4. Other stream ciphers 5. Notes and further references 7. Block Ciphers 1. Introduction 2. Background and general concepts 3. Classical ciphers and historical development 4. DES 5. FEAL 6. IDEA 7. SAFER, RC5, and other block ciphers 8. Notes and further references 8. Public-Key Encryption 1. Introduction 2. RSA public-key encryption 3. Rabin public-key encryption 4. ElGamal public-key encryption 5. McElliece public-key encryption 6. Knapsack public-key encryption 7. Probabilistic public-key encryption 8. Notes and further references 9. Hash Functions and Data Integrity 1. Introduction 2. Classification and framework 3. Basic constructions and general results 4. Unkeyed hash functions (MDCs) 5. Keyed hash functions (MACs) 6. Data integrity and message authentication 7. Advanced attacks on hash functions 8. Notes and further references 10. Identification and Entity Authentication 1. Introduction 2. Passwords (weak authentication) 3. Challenge-response identification (strong authentication) 4. Customized zero-knowledge identification protocols 5. Attacks on identification protocols 6. Notes and further references 11. Digital Signatures 1. Introduction 2. A framework for digital signature mechanisms 3. RSA and related signature schemes 4. Fiat-Shamir signature schemes 5. The DSA and related signature schemes 6. One-time digital signatures 7. Other signatures schemes 8. Signatures with additional functionality 9. Notes and further references 12. Key Establishment Protocols 1. Introduction 2. Classification and framework 3. Key transport based on symmetric encryption 4. Key agreement based on symmetric techniques 5. Key transport based on public-key encryption 6. Key agreement based on asymmetric techniques 7. Secret Sharing 8. Conference Keying 9. Analysis of key establishment protocols 10. Notes and further references 13. Key Management Techniques 1. Introduction 2. Background and basic concepts 3. Techniques for distributing confidential keys 4. Techniques for distributing public keys 5. Techniques for controlling key usage 6. Key management involving multiple domains 7. Key life cycle issues 8. Advanced trusted third party services 9. Notes and further references 14. Efficient Implementation 1. Introduction 2. Multiple-precision integer arithmetic 3. Multiple-precision modular arithmetic 4. Greatest common divisor algorithms 5. Chinese remainder theorem for integers 6. Exponentiation 7. Exponent recoding 8. Notes and further references 15. Patents and Standards 1. Introduction 2. Patents on cryptographic techniques 3. Cryptographic standards 4. Notes and further references 16. Appendix A: Bibligraphy of Papers from Selected Cryptographic Forums 1. Asiacrypt/Auscrypt Proceedings 2. Crypto Proceedings 3. Eurocrypt Proceedings 4. Fast Software Encryption Proceedings 5. Journal of Cryptology papers < The demise of Crack.com | Reply | Flattened | 50 Gb drives from Seagate > Related Links Slashdot Cryptography: Theory and Practice book Amazon Ian S. Nelson's NSA More on Encryption Also by Hemos [INLINE] Amazon Info The books here are brought to us in Partnership with Amazon.com. If you follow the links around here, and eventually buy a book, we get a percentage of the cost! Want books about any of these things? Perl, Linux, Unix, Gardening, CGI, Java? Still not finding what you're looking for? Visit Amazon.com from this link, and we still get some credit. Or you could even Search Amazon using this convenient form: ____________________ ______ [INLINE] The Fine Print: The following comments are owned by whoever posted them. Slashdot is not responsible for what they say. < Down One | This Page's Threshold: 0 | Up One > (Warning:this stuff is extremely beta right now) Amazon.com confuses "Applied Cryptography" with "H by Anonymous Coward on Wednesday November 04, @09:09AM For those of you who order the Handbook of Applied Cryptography, don't be suprised if amazon sends you Bruce Schneiers "Applied Cryptography" instead.....its happened to me and another person I know.. [ Reply to this ] politics / history is relevant (Score:1) by harshaw on Wednesday November 04, @10:00AM (User Info) On of the great things about Schneier's Applied Cryptography was how he intertwined the mathematics with the political ramifications of the particular crypto algorithm. I think the study of Crypto needs to be tightly coupled with an understanding of the societal / political issues around it. For instance, you can't simply implement 128 bit RC5 in your product and ship it of to Iraq without having RSA (for patent violations) and the NSA (for the obvious reasons) come down on your head. IMO, Crypto is a VERY tough subject and requires an intense amount of study to understand the math. If the text you are studying is dry and lacking wit or humor, it makes the job even harder :( [ Reply to this ] * politics / history is relevant by Anonymous Coward on Wednesday November 04, @11:57AM Loved it! I laughed! I cried! (Score:1) by bobse on Wednesday November 04, @11:14AM (User Info) What I liked was the way that each algorithm was reviewed in a very consistent manner. Most algorithms were described not just with words and mathematics (which is good), but also with pseudocode (which is great if you are actually trying to implement this stuff). The consistent, itemized format also allows you to compare the strengths/weaknesses of different algorithms yourself, instead of relying on someone else to do it for you. Very cool. 9.5/10 [ Reply to this ] Price Check (Score:1) by Ralph Bearpark on Wednesday November 04, @12:15PM (User Info) As an onging service to /. readers ... Amazon = $84.95 BarnesAndNoble = $109.50 (HAHAHAHA!) Shopping books = $71.96 Spree books = $67.99 (Is it my imagination, or is /. reviewing increasingly expensive, non-Amazon-discounted books? Surely not. :-)) Regards, Ralph. [ Reply to this ] * Price Check by Anonymous Coward on Wednesday November 04, @01:12PM The Fine Print: The following comments are owned by whoever posted them. Slashdot is not responsible for what they say. < Down One | This Page's Threshold: 0 | Up One > (Warning:this stuff is extremely beta right now) ____________________ ______ All newspaper editorial writers ever do is come down from the hills after the battle is over and shoot the wounded. All trademarks and copyrights on this page are owned by their respective companies. Comments are owned by the Poster. The Rest © 1998 Rob Malda. [ home | awards | supporters | rob's homepage | contribute story | older articles | advertising | past polls | about | faq | BSI ]
participants (1)
-
Jim Choate