Loading ...
Sorry, an error occurred while loading the content.

REVIEW: "Cryptography for Developers", Tom St. Denis

Expand Messages
  • Rob, grandpa of Ryan, Trevor, Devon & Ha
    BKCRPTDV.RVW 20070114 Cryptography for Developers , Tom St. Denis, 2007, 1-59749-104-7, U$59.95/C$77.95 %A Tom St. Denis %C 800 Hingham Street,
    Message 1 of 1 , Mar 16, 2007
      BKCRPTDV.RVW 20070114

      "Cryptography for Developers", Tom St. Denis, 2007, 1-59749-104-7,
      %A Tom St. Denis
      %C 800 Hingham Street, Rockland, MA 02370
      %D 2007
      %G 1-59749-104-7 978-1-59749-104-4
      %I Syngress Media, Inc.
      %O U$59.95/C$77.95 781-681-5151 fax: 781-681-3585 www.syngress.com
      %O http://www.amazon.com/exec/obidos/ASIN/1597491047/robsladesinterne
      %O http://www.amazon.ca/exec/obidos/ASIN/1597491047/robsladesin03-20
      %O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
      %P 423 p.
      %T "Cryptography for Developers"

      Chapter one is a poor explanation of some cryptographic concepts.
      Sample code for various ASN.1 standard data types and representations
      (those useful for cryptographic work) are given in chapter two. The
      review of random numbers that is provided in chapter three is
      excellent, with discussion of sources of entropy, basic designs for
      random and pseudorandom systems, coding samples, and pointers to
      concerns and areas of weakness in related systems. Chapter four, on
      the Advanced Encryption Standard (AES), is weak on theoretical
      outlines, but describes the algorithm and processes, as well as noting
      programming code, optimizations, and the weaknesses (primarily against
      side channel attacks) that such performance measures create. There is
      also a review of two of the five modes of block cipher operations.
      Hash functions, and an extensive discussion of the birthday paradox,
      are in chapter five. There are coding details of SHA-1 (Secure Hash
      Algorithm), SHA-256, and SHA-512, as well as PKCS (Public Key
      Cryptographic Standard) #5. More secure message authentication codes
      (MAC); CMAC (Cipher Message Authentication Code) and HMAC (it actually
      isn't an acronym, despite what the book says) are in chapter six.
      Implementing applications which both encrypt and provide
      authentication is described in chapter seven. Chapter eight examines
      operations with very large numbers, vital for most asymmetric
      cryptography (which is briefly outlined in chapter nine).

      The text is written in a pseudo-intellectual manner that may sometimes
      annoy the reader with its emphasis on erudite and esoteric trivia.
      The attempt at folksy humour does not contribute to either an
      understanding of the material or the readability of the content. The
      explanations of basic concepts are weak, and often wrong or
      misleading. There are a great many typographical errors in the text
      of the manuscript, which does not inspire confidence in the accuracy
      of the sample code. There are a number of useful points in the book,
      but they are buried in a lot of sloppy work.

      copyright Robert M. Slade, 2007 BKCRPTDV.RVW 20070114

      ====================== (quote inserted randomly by Pegasus Mailer)
      rslade@... slade@... rslade@...
      There is nothing in this world constant but inconstancy. - Swift
      Dictionary of Information Security www.syngress.com/catalog/?pid=4150
    Your message has been successfully submitted and would be delivered to recipients shortly.