Loading ...
Sorry, an error occurred while loading the content.

REVIEW: ".NET Security and Cryptography", Peter Thorsteinson/G. Gnana Arun Ganesh

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKNTSCCR.RVW 20030906 .NET Security and Cryptography , Peter Thorsteinson/G. Gnana Arun Ganesh, 2004, 0-13-100851-X, U$49.99/C$75.99 %A Peter Thorsteinson
    Message 1 of 1 , Oct 29, 2003
      BKNTSCCR.RVW 20030906

      ".NET Security and Cryptography", Peter Thorsteinson/G. Gnana Arun
      Ganesh, 2004, 0-13-100851-X, U$49.99/C$75.99
      %A Peter Thorsteinson
      %A G. Gnana Arun Ganesh
      %C One Lake St., Upper Saddle River, NJ 07458
      %D 2004
      %G 0-13-100851-X
      %I Prentice Hall
      %O U$49.99/C$75.99 +1-201-236-7139 fax: +1-201-236-7131
      %O http://www.amazon.com/exec/obidos/ASIN/013100851X/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/013100851X/robsladesin03-20
      %P 466 p.
      %T ".NET Security and Cryptography"

      For an ancient linear/procedural dinosaur like myself, it is
      interesting to see the difference between the prehistoric API
      (Application Programming Interface) library documentation and the
      descriptions of the new object-oriented classes. Older books were
      full of icky things such as usage syntax and required parameters.
      While this work does contain some sample code, generally with comments
      that merely repeat what is obvious from the name of the method, most
      of the material simply consists of mentioning that the methods and
      classes exist. I can only wonder at the marvels of the new age of
      programming, where everything is so "intuitive" that correct coding is
      automatic and inevitable.

      Chapter one states that this book is intended for programmers who are
      interested in the security and cryptographic aspects of .NET, and is
      otherwise a meandering overview of security, with many gaps. The
      material on the fundamentals of cryptography that we are given in
      chapter two consists of a lot of (very old) history and sample code
      for some simplistic (and outdated) ciphers, but has little content on
      the basics of modern cryptography. Most of the text on symmetric
      cryptography, in chapter three, incorporates a listing of .NET
      cryptographic classes and methods in paragraph form. The modes of DES
      (the Data Encryption Standard) are described, but with confusing
      figures, and an odd perspective on the stream modes that seems to
      imply that the modes are only for small pieces of data. Chapter four,
      on asymmetric cryptography, has flip explanations of the theory, but
      an interesting example using the RSA algorithm, rather than the more
      usual Diffie-Hellman. This illustration would be handy for
      instructors teaching about the subject, but non-specialist readers of
      the book may find it confusing, and less than compelling. Hybrid
      symmetric/asymmetric systems are interpreted very awkwardly. The
      development of modification checks from hashes to keyed hashes to
      digital signatures is covered in chapter five, but tersely and poorly.
      Chapter six, on XML, is basically a listing of XML related methods,
      including a nine page printout of almost completely uncommented, and
      entirely unexplained, code. User-based security is apparently a new
      term for the APIs and classes related to good old access control lists
      (ACLs), in chapter seven. Code access security, in chapter eight,
      appears to be a complex expansion of the Authenticode ideas. Chapter
      nine reprises much of the previous material, emphasizing
      authentication (which is not properly defined, and confused with
      identification). Chapter ten relates a great deal of the foregoing to
      the Web.

      Oddly, the text seems to provide ample evidence that the authors
      actually do know the mathematical underpinnings of cryptography: they
      just don't write about it very well. The material provides examples
      found in almost no other books on the subject, such as the RSA
      illustration on pages 109 to 113, the modular arithmetic foundations
      of digital signatures on pages 142-3, and the outline of the DSA
      (Digital Signature Algorithm) on pages 144 to 147. However, you will
      have to be quite competent in mathematical concepts in order to obtain
      any value from this material: the explanations in the text are clumsy
      and do not include sufficient background information to assist non-
      specialist readers.

      While the book is poorly written and most of the content is of little
      use, there are tidbits that may make it worth having. If you are a
      crypto teacher.

      copyright Robert M. Slade, 2003 BKNTSCCR.RVW 20030906

      rslade@... slade@... rslade@...
      Computer Security Day, November 30 http://www.computersecurityday.com/
      victoria.tc.ca/techrev/mnbksc.htm sun.soci.niu.edu/~rslade/secgloss.htm
    Your message has been successfully submitted and would be delivered to recipients shortly.