REVIEW: "Cryptography Decrypted", H. X. Mel/Doris Baker
- BKCRPDEC.RVW 20021215
"Cryptography Decrypted", H. X. Mel/Doris Baker, 2001, 0-201-61647-5,
%A H. X. Mel www.hxmel.com
%A Doris Baker
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$29.95/C$44.95 800-822-6339 fax 617-944-7273 bkexpress@...
%P 352 p.
%T "Cryptography Decrypted"
The book seems to be rather ambitious, since the preface says that it
is addressed to any (and therefore all) audience(s), without any
limitation on the stated purpose. In general, it is an attempt to
portray the basic concepts of cryptography, without getting too far
into technical details. Many other books have tried to do the same
thing, and signally failed. Mel and Baker by and large succeed.
Part one addressed secret key (symmetric) cryptography. Chapter one
tries to draw an analogy between locks and encryption, although the
relation is strained at best. Substitution, frequency analysis, and
polyalphabetic ciphers are covered in chapter two. Chapter three
introduces transposition. The Polybius square is used, in chapter
four, as an example of the combination of substitution and
transposition. For those in the know, this leads nicely into the
discussion of DES (Data Encryption Standard), in chapter five,
although the neat segue would be lost on most readers, since the
details of DES are not given. The history of cryptography appears
rather abruptly in chapter six. Chapter seven covers the attempts to
use cryptographic methods for confidentiality, integrity,
authentication, and non-repudiation, and shows that the last point is
not possible with purely symmetric cryptography. A simplistic
examination of key exchange is given in chapter eight.
Part two deals with public key (asymmetric) encryption. Chapter nine
is a confusing introduction using the Merkle puzzle space (with some
mention of Diffie-Hellman) as the example. A simplistic review of
public key encryption is in chapter ten. Math tricks, in chapter
eleven, seems pointless as it begins, but the development to the
examples of modular inverses do provide both a basic form of
asymmetric cryptography, and a demonstration of the mathematical
concepts underlying more advanced cryptographic algorithms. Chapter
twelve introduces authentication and digital signatures, with hashes
and message digests in chapter thirteen, and a discussion of digest
assurances (reviewing collisions and encrypted message authentication
codes) in fourteen. A comparison of cryptographic strength and speed
(between symmetric and asymmetric systems) is in chapter fifteen.
Part three covers the distribution of public keys, and introduces some
of the concepts of PKI (Public Key Infrastructure). Chapter sixteen
deals with certificates. The title of chapter seventeen relates to
the X.509 certificate structure, but the topics covered mostly concern
hierarchical certificate authorities. PGP (Pretty Good Privacy) and
the "Web of Trust" model are explained in chapter eighteen.
Part four looks at real world systems and actual applications.
Chapter nineteen explains email security, but in a generic fashion.
SSL (Secure Sockets Layer) is clearly described in chapter twenty,
but, given the lack of detail in the rest of the book, the technical
material is rather odd. IPSec, in chapter twenty one, is presented in
a confused manner. Various problems of, and attacks against,
cryptography are outlined in chapter twenty two. The final chapter is
a simplistic review of the storage of cryptographic keys on smart
This book does present most of the core concepts in cryptography. The
text is readable, and, within the limited scope of the material,
generally accurate. For non-specialists, it is a reasonable
introduction to the topic. This might even include security
professionals who are not directly involved with cryptographic
systems. However, the lack of detail in the explanations of the
theory is a weakness, since the text would be more convincing with
copyright Robert M. Slade, 2002 BKCRPDEC.RVW 20021215
rslade@... rslade@... slade@... p1@...
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
February 10, 2003 February 14, 2003 St. Louis, MO
March 31, 2003 April 4, 2003 Indianapolis, IN