Overview
Written by an expert in cryptography, and backed by the leading professional cryptographic organization, this book tackles the key cryptographic issues with a special focus on current technical problems. Integrating the rich history of classical cryptography with modern public key cryptosystems, this guide is a authoritative source of information on processes, products, management, implementation, and product certification. For anyone who has ever been fascinated by "secret codes", but expecially for information technology workers and managers directly concerned with secure computing.Editorials
Jack J. Woehr
The International Computer Security Associations' ICSA Guide to Cryptography, by Randall Nichols, is the production of a collaboration of scholars and industry players. This is not yer cypherpunk manifesto here. The tone of the book is set in the introduction:
...One of the most powerful techniques for combating terrorists, drug lords and criminals is interception of conversations and messages revealing their conspiracies and plans. Our government officials responsible for national security and law enforcement are justifiably concerned that widespread use of encryption will hamper or eliminate their ability to use interception of criminal messages in protecting public safety...
Proponents of individual privacy have little sympathy for the government's position and oppose requiring the use of technologies that permit law enforcement or national security officers access, even if controlled by court orders, to encrypted information...
The freighted diction is unsubtle. The introduction is actually a joint effort of Daniel J. Ryan, Corporate Vice President of Science Applications International Corporation and Julie J. C. H. Ryan, who is President of Julie Ryan, Inc., a state of affairs, we might note in passing, which seems to us eminently practical.
Tendentiousness aside, ICSA Guide is a haunting read that might have been titled, Late Learner's Quick (<800 page) Intro to Cryptanalysis, piquing the interest of those who in youth yawned at these puzzles and the exploits of the nerds who solve them, but who now find cryptography and secure computing inextricably enmeshed.
These authors love their crypto and teach it like it should be taught. The evolution of cryptography reads like runes cast in the bones of conspiracies past. In ICSA Guide to Cryptography, there's a lot of dry math to deliver. Somehow the authors manage to keep the taste of adventure alive, employing it to teach the fundamental lesson that the causes of cryptography are inseparable from its practice. In a particularly vivid passage, conflicting system design aims are examined in the light of military history ranging from Axis penetration in North Africa to the "raison d'etre of the NSA," that of reading Third World mail.
ICSA Guide to Cryptography covers not only the history and mathematics of cryptography, but also its practice and application. Internet encoding, DES, RSA, PGP, Smartcards, and e-commerce all receive treatment. Chapter 13, "Implementation Mistakes" broaches game theory in an exposition of the role of the cryptographer in a transaction system.
Irony lurks not far below the surface. How secure is secure? How fast do you have to run to stay in one place? How much to spend on cryptography when the majority of system compromises are caused by installation error or human indiscretion?
For those who like their double espresso of technical reading served with a dollop of derring-do
The chosen plain text attack needs only cunning to produce a compromise--cunning is unlimited. The famous World War II battle of Midway ruse of reporting the breakdown of the freshwater distillation plant to confirm "AF" as the coordinates of Midway's location on the Japanese CHI-HE system is a good example...
or to those yawning over Java DCOM-CORBA Bridging UML Design Patterns for Microsoft Certified Ratchet Winders we can recommend this exciting opus with a high degree of surety.
The CD-ROM accompanying the book is all advertising. At least, that's what it appears to be...wait, is there a pattern in the file names? Maybe if I open the raw disc blocks in a binary editor...Apply a few obvious brute-force attacks...There! Got it! Hmmm, "If you can read this, please apply to..."
β Electronic Review of Computer Books