The
book seems to be rather ambitious, since the preface
says that it
is addressed to any (and therefore all) audience(s),
without any
limitation on the stated purpose. In general, it is an
attempt to
portray the basic concepts of cryptography, without getting
too far
into technical details. Many other books have tried to
do the same
thing, and signally failed. Mel and Baker by and large
succeed.
Part
one addressed secret key (symmetric) cryptography.
Chapter one
tries to draw an analogy between locks and encryption,
although the
relation is strained at best. Substitution, frequency
analysis, and
polyalphabetic ciphers are covered in chapter two. Chapter
three
introduces transposition. The Polybius square is used,
in chapter
four, as an example of the combination of substitution
and
transposition. For those in the know, this leads nicely
into the
discussion of DES (Data Encryption Standard), in chapter
five,
although the neat segue would be lost on most readers,
since the
details of DES are not given. The history of cryptography
appears
rather abruptly in chapter six. Chapter seven covers
the attempts to
use cryptographic methods for confidentiality, integrity,
authentication, and non-repudiation, and shows that the
last point is
not possible with purely symmetric cryptography. A simplistic
examination of key exchange is given in chapter eight.
Part
two deals with public key (asymmetric) encryption.
Chapter nine
is a confusing introduction using the Merkle puzzle space
(with some
mention of Diffie-Hellman) as the example. A simplistic
review of
public key encryption is in chapter ten. Math tricks,
in chapter
eleven, seems pointless as it begins, but the development
to the
examples of modular inverses do provide both a basic
form of
asymmetric cryptography, and a demonstration of the mathematical
concepts underlying more advanced cryptographic algorithms.
Chapter
twelve introduces authentication and digital signatures,
with hashes
and message digests in chapter thirteen, and a discussion
of digest
assurances (reviewing collisions and encrypted message
authentication
codes) in fourteen. A comparison of cryptographic strength
and speed
(between symmetric and asymmetric systems) is in chapter
fifteen.
Part
three covers the distribution of public keys, and introduces
some
of the concepts of PKI (Public Key Infrastructure). Chapter
sixteen
deals with certificates. The title of chapter seventeen
relates to
the X.509 certificate structure, but the topics covered
mostly concern
hierarchical certificate authorities. PGP (Pretty Good
Privacy) and
the "Web of Trust" model are explained in chapter
eighteen.
Part
four looks at real world systems and actual applications.
Chapter nineteen explains email security, but in a
generic
fashion.
SSL (Secure Sockets Layer) is clearly described in chapter
twenty,
but, given the lack of detail in the rest of the book,
the technical
material is rather odd. IPSec, in chapter twenty one,
is presented in
a confused manner. Various problems of, and attacks against,
cryptography are outlined in chapter twenty two. The
final chapter is
a simplistic review of the storage of cryptographic keys
on smart
cards.
This
book does present most of the core concepts in cryptography.
The
text is readable, and, within the limited scope of the
material,
generally accurate. For non-specialists, it is a reasonable
introduction to the topic. This might even include security
professionals who are not directly involved with cryptographic
systems. However, the lack of detail in the explanations
of the
theory is a weakness, since the text would be more convincing
with
more background.
copyright Robert M. Slade, 2002 BKCRPDEC.RVW 20021215
|
