Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Modern Cryptography: Theory and Practice", Wenbo Mao

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKMDNCRP.RVW 20041207 Modern Cryptography: Theory and Practice , Wenbo Mao, 2004, 0-13-066943-1, U$54.99/C$82.99 %A Wenbo Mao %C One Lake St., Upper
    Message 1 of 1 , Jan 31 8:04 AM
      BKMDNCRP.RVW 20041207

      "Modern Cryptography: Theory and Practice", Wenbo Mao, 2004,
      0-13-066943-1, U$54.99/C$82.99
      %A Wenbo Mao
      %C One Lake St., Upper Saddle River, NJ 07458
      %D 2004
      %G 0-13-066943-1
      %I Prentice Hall
      %O U$54.99/C$82.99 +1-201-236-7139 fax: +1-201-236-7131
      %O http://www.amazon.com/exec/obidos/ASIN/0130669431/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/0130669431/robsladesin03-20
      %O tl s rl 1 tc 3 ta 3 tv 0 wq 1
      %P 707 p.
      %T "Modern Cryptography: Theory and Practice"

      A "Short Description of the Book" states that it is intended to
      address the issue of whether various crypto algorithms are
      "practical," as opposed to just theoretically strong. This seems odd,
      since no algorithm is ready for implementation as such: it must be
      made part of a full system, and most problems with cryptography come
      in the implementation. The preface doesn't make things much clearer:
      it reiterates a "fit-for-application" mantra, but doesn't say clearly,
      at any point, why existing algorithms are not appropriate for use.
      The preface also suggests that this book is for advanced study in
      cryptography, although it states that security engineers and
      administrators, with special responsibility for developing or
      implementing cryptography, are also in the target audience.

      Part one is an introduction, consisting of two chapters. Chapter one
      outlines the idea of the first "protocol" of the book: a "fair coin
      toss" over the telephone, grounding the book firmly in the camp of
      cryptography for the purpose of secure communications. The remainder
      of the chapter points out all the requirements to make such an
      unbiased selector work, acting as a kind of sales pitch or "come on"
      to make you want to read the rest of the book. The promotion is
      slightly flawed by the fact that there is very little practical detail
      in the material (it takes a lot of work on the part of the reader to
      figure out that, yes, this system might work), excessive verbiage, and
      poor explanations. The stated "objectives" of the chapter, given at
      the end, say that you should have a "fundamental understanding of
      cryptography": this is true only in the most limited sense. Chapter
      two slowly builds a kind of pseudo-Kerberos system.

      Part two covers mathematical foundations. Chapter three deals with
      probability and information theory, four with Turing Machines and the
      notion of computational complexity, five with the algebraic
      foundations behind the use of prime numbers and elliptic curves for
      cryptography, and various number theory topics are touched on in
      chapter six.

      Part three addresses basic cryptographic techniques. Chapter seven
      deals with basic symmetric encryption techniques, touching on
      substitution and transposition, as well as reviewing the operations of
      DES (Data Encryption Standard) and AES (Advanced Encryption Standard).
      The insistence on converting all operations, and giving all
      explanations, in symbolic logic does not seem to have any utility,
      does not provide any clarity, and makes the material much more
      difficult than it could be. Asymmetric techniques, and attacks
      against them, are outlined in chapter eight. Finding individual bits
      of the message, a process examined in chapter nine, can, over time,
      result in an attack on the message or key as a whole. Chapter ten
      looks at data integrity, hashes, and digital signatures.

      Part four deals with authentication. Chapter eleven reviews various
      conceptual protocols, pointing out (for example) that there is a
      serious problem of key storage for challenge/response systems. A
      variety of real applications are considered in chapter twelve, and
      warnings issued about each. Issues of authentication specific to
      asymmetric systems are covered in chapter thirteen.

      Part five looks at formal approaches to the establishment of security.
      There is more asymmetric cryptographic theory in chapter fourteen.
      Chapter fifteen examines a number of provably secure asymmetric
      cryptosystems, while sixteen does the same for digital signatures.
      Formal methods of authentication protocol analysis are given in
      chapter seventeen.

      Part six discusses abstract cryptographic protocols. Chapter eighteen
      reviews a number of zero knowledge protocols, which provide the basis
      for authentication where the principals are not previously known to
      each other. The coin flipping protocol, initiated in chapter one, is
      revisited in chapter nineteen. Chapter twenty wraps up with a summary
      of the author's intentions for the book.

      The book is certainly for advanced study, but it is hardly suitable
      for security administrators, professionals, or even engineers. The
      mathematical material is quite demanding, and is seldom explained (as
      opposed to the clear explanations of the implications of the math that
      is given in, for example, "Applied Cryptography" [cf. BKAPCRYP.RVW],
      or even the equally advanced but much more comprehensible "Algebraic
      Aspects of Cryptography" [cf. BKALASCR.RVW]). However, there are
      points in the material that could be useful for practical
      cryptographic systems, provided one is dealing primarily with
      authentication of communications, and the possibility of physical
      access is ignored. The text would have been much more useful if the
      author could have been induced to provide some of the basic
      explanations in English, rather than leaving the reader to work out
      the math.

      copyright Robert M. Slade, 2004 BKMDNCRP.RVW 20041207

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      Security is difficult, President. Anyone who says differently is
      selling something. - The Paranoid Guide
      http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
    Your message has been successfully submitted and would be delivered to recipients shortly.