This free Computer Ebooks and tutorial download site provides free e-books in Core JAVA, J2EE, Advanced, J2ME, JSP Ebooks and Tutorial, CCIE, CCNA, CCIP, CCNP, CCDP, CCSP Ebooks and Tutorial & Ebook references, Basic Electronics, Computer Hardware, Microprocessor, System programming, Oracle, Mysql, Ms sql, sybase, db2 Ebooks and Tutorial, Networking Ebooks and Tutorials, Data Structure and Algorithms Ebooks and Tutorial, CSS, HTML, Javascript, CGI,cisco,php,SAP.

Thursday, June 7, 2007

RSA Security's Official Guide to Cryptography

RSA Security's Official Guide to Cryptography

By Steve Burnett and Stephen Paine; published by Osborne/McGraw-Hill's RSA Press, 877/RSA-4900 (phone); (Web); 419 pages plus a CD-ROM; $59.99.

In old nautical maps, cartographers would sometimes write "Beyond here there be dragons" at the edge of the known world. Those warnings were enough to scare off many a navigator. Of the few who disregarded them, some perished and others found great riches. In a sense, the same is true of this book, though it deals with the arcane world of cryptography, not cartography. The first five chapters represent the safe world, a concise yet understandable overview of cryptography. Beyond this beginning though, there be, if not monsters, certainly monstrous challenges. But readers who stick with the text will find some richly rewarding knowledge.

After studying the book's first portion, a careful reader will be able to explain symmetric ciphers, public-key cryptography, message digests, digital signatures, and key distribution problems in general terms. He or she will be on the way to more intelligent decisions regarding encryption purchases.

The authors don't shy away from discussing the criteria necessary to judge cryptographic products. They observe, importantly, that good cryptography requires public testing and feedback. Proprietary or "secret" algorithms should be shunned, they maintain, because they will be discovered and broken.

Chapters six through ten begin with a technical discussion of public-key infrastructure that concentrates on the formatting of public-key certificates and the different trust models used to implement them. What's missing from this discussion is criticism of PKI technology. PKI's security often depends on how well the certifying authority checks the identity of the party being granted the certificate. What happens if the authority is not rigorous in its investigation?

Remaining chapters cover network implementations, as well as application-layer software, such as SET for commercial transactions and S/MIME for secure e-mail. Most of the material goes beyond the job description of the typical security manager, but the information is valuable for those with a need for in-depth analysis. Unfortunately for the general practitioner, there are no checklists to help institute secure cryptographic applications. The concepts presented do not coalesce into a detailed action plan.

Surprisingly, given the number of technical terms used, the book lacks a glossary. An accompanying CD-ROM contains many technical articles on cryptography, which are fine resources for cryptographers but forbidding to security generalists.

Again, the security generalist may prefer to stay within the first few chapters--his or her own recognizable world. Braver readers and specialists will generally be rewarded if they venture on from there.

BigDownload link :

Digg this

No comments: