REVIEW: "Cryptography for Developers", Tom St. Denis
- BKCRPTDV.RVW 20070114
"Cryptography for Developers", Tom St. Denis, 2007, 1-59749-104-7,
%A Tom St. Denis
%C 800 Hingham Street, Rockland, MA 02370
%G 1-59749-104-7 978-1-59749-104-4
%I Syngress Media, Inc.
%O U$59.95/C$77.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 423 p.
%T "Cryptography for Developers"
Chapter one is a poor explanation of some cryptographic concepts.
Sample code for various ASN.1 standard data types and representations
(those useful for cryptographic work) are given in chapter two. The
review of random numbers that is provided in chapter three is
excellent, with discussion of sources of entropy, basic designs for
random and pseudorandom systems, coding samples, and pointers to
concerns and areas of weakness in related systems. Chapter four, on
the Advanced Encryption Standard (AES), is weak on theoretical
outlines, but describes the algorithm and processes, as well as noting
programming code, optimizations, and the weaknesses (primarily against
side channel attacks) that such performance measures create. There is
also a review of two of the five modes of block cipher operations.
Hash functions, and an extensive discussion of the birthday paradox,
are in chapter five. There are coding details of SHA-1 (Secure Hash
Algorithm), SHA-256, and SHA-512, as well as PKCS (Public Key
Cryptographic Standard) #5. More secure message authentication codes
(MAC); CMAC (Cipher Message Authentication Code) and HMAC (it actually
isn't an acronym, despite what the book says) are in chapter six.
Implementing applications which both encrypt and provide
authentication is described in chapter seven. Chapter eight examines
operations with very large numbers, vital for most asymmetric
cryptography (which is briefly outlined in chapter nine).
The text is written in a pseudo-intellectual manner that may sometimes
annoy the reader with its emphasis on erudite and esoteric trivia.
The attempt at folksy humour does not contribute to either an
understanding of the material or the readability of the content. The
explanations of basic concepts are weak, and often wrong or
misleading. There are a great many typographical errors in the text
of the manuscript, which does not inspire confidence in the accuracy
of the sample code. There are a number of useful points in the book,
but they are buried in a lot of sloppy work.
copyright Robert M. Slade, 2007 BKCRPTDV.RVW 20070114
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
There is nothing in this world constant but inconstancy. - Swift
Dictionary of Information Security www.syngress.com/catalog/?pid=4150