Cryptography", Richard E. Smith, 1997, 0-201-92480-3,
%A Richard E. Smith firstname.lastname@example.org
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%I Addison-Wesley Publishing Co.
%O U$29.95/C$44.95 416-447-5101 fax: 416-443-0948 email@example.com
%P 356 p.
%T "Internet Cryptography"
to the preface, this book is aimed at non-specialists
need to know just enough about cryptography to make informed
decisions. As an example, Smith suggests systems administrators
managers who, while not formally charged with security,
still have to
use cryptographic techniques to secure their networks
one is an introduction, contrasting what we want; secure
communications; with the environment we have to work
in; a wide open
Internet. The text also looks at the balance that must
between convenience and requirements. Encryption basics,
two, presents the concepts of symmetric cryptography,
use, and choice.
There is a clear explanation of the ideas without overwhelming
technical details. (It is interesting to note how quickly
cryptographic technology changes: SKIPJACK and ITAR were
important when the book was written, and are now basically
irrelevant.) Some random thoughts on network implementation
encryption are given in chapter three. Managing secret
chapter four, provides good conceptual coverage of generation
management, although the discussion of the problems of
key escrow is
weak. Because of the requirements for technical details
discussing protocols, chapter five, on IPSec, is different
material in the book. It also includes a brief mention
protocols. Chapter six discusses the use of IPSec in
networks, while seven examines IPSec in terms of remote
Chapter eight looks at IPSec in relation to firewalls,
but it is difficult to see how this would be used in an actual
nine reviews public key encryption and SSL (Secure
Layer). The basic concepts of asymmetric cryptography
well, but may be unconvincing due to the lack of mathematical
and details. While there is an introduction to the related
digital signatures, SSL is really only barely mentioned.
Web transaction security, in chapter ten, provides practical
of the technologies discussed. The same is true of email,
eleven, but digital signatures get a bit more explanation.
twelve builds on the signature concept to introduce PKI
fundamentals are written clearly and well, and are
for managers and users. Despite the lack of detail, the
text may even
be suitable for some security professionals who need
background without needing to work with the technology
work is easy to read, although the idiosyncratic structure
confusing, and the value of some chapters questionable.
copyright Robert M. Slade, 2002 BKINTCRP.RVW 20021215