IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Reviews Forum / Practical Cryptography
Post #108,846
by FuManChu
Picture of FuManChu
7/9/03 12:49:52 PM
Reply
New Practical Cryptography
Bruce Schneier and Neils Ferguson's latest: Practical Cryptography.

I don't have the time for an exhaustive review, here, but I wanted to share a couple of (LRPD-candidate) gems:

1) page 356: "..given the choice between security and downloading a program that will show dancing pigs on the screen, users will chose dancing pigs just about every time."

2) page 382: "WEP wasn't just broken; it was robustly broken."

In all, a brilliant follow-up to Applied Cryptography, central points being that a) good strong crypto is both wonderful and "fiendishly difficult", and b) other attack vectors are much easier to exploit; in other words, it's implementation that bites a lot of applications, not the crypto itself.

Well worth the read; especially if you're in the middle of recommending new secure voting mechanisms that "don't sound too difficult to implement" (ahem).

I'm gonna go build my own theme park! With Blackjack! And hookers! In fact, forget the park!
Post #108,849
by ChrisR
7/9/03 1:03:24 PM
Reply
New Questions?
What's the relation to the Applied Crypt book? Do they cover the same material? Do you need to read Applied first?
Post #108,865
by FuManChu
Picture of FuManChu
7/9/03 1:47:39 PM
Reply
New Relation between Practical and Applied
You don't need to read Applied first. The order in which (and whether) you read them both depends largely on your level of experience in the security industry and your current and perceived future role in it.

I would say, if you are a developer of any sort, you should read Practical Cryptography. It covers implementation concerns which affect everyone from marketing bigwigs to project leads to crypto experts to code jockeys. The math is limited to "what the authors had in high school," and isn't necessary to comprehend in full in order to appreciate the central thrust of the book. But it helps. Word of warning, however (from the authors): the book is a dangerous one, and will be abused more than put to good use. Not much one can do about that in a lazy world.

Applied Cryptography is much more geared to the "security experts" among us, and in particular to those designing cryptographic, as opposed to merely security or other software. For example, Applied delves into the algorithmic details of block ciphers (such as DES), hashes, and key exchange. If you are not actively involved in the creation (which hopefully includes design ;) of cryptographic protocols, skip this one and read Practical instead.

I'm gonna go build my own theme park! With Blackjack! And hookers! In fact, forget the park!
Post #108,858
by a6l6e6x
Picture of a6l6e6x
7/9/03 1:26:30 PM
Reply
New Link to Practical Cryptography
[link|http://www.bookpool.com/.x/ksi3ry4vo4/ss/1?qs=Practical+Cryptography&Go.x=9&Go.y=9&Go=Go|Practical Cryptography]. The table of contents can be seen. Note also it's cheaper here than at Amazon where it's $35.
Alex
The tendency to turn human judgements into divine commands makes religion one of the most dangerous forces in the world. -- Georgia Harkness in "Conflicts in Religious Thought" (1929)
     Practical Cryptography - (FuManChu) - (3) - July 9, 2003, 12:49:52 PM EDT
         Questions? - (ChrisR) - (1) - July 9, 2003, 01:03:24 PM EDT
             Relation between Practical and Applied - (FuManChu) - July 9, 2003, 01:47:39 PM EDT
         Link to Practical Cryptography - (a6l6e6x) - July 9, 2003, 01:26:30 PM EDT

What?!? They don't trust you with their knobs?!?
187 ms