BKCRPDEC.RVW 20021215 "Cryptography Decrypted", H. X. Mel/Doris Baker, 2001, 0-201-61647-5, U$29.95/C$44.95 %A H. X. Mel www.hxmel.com %A Doris Baker %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2001 %G 0-201-61647-5 %I Addison-Wesley Publishing Co. %O U$29.95/C$44.95 800-822-6339 fax 617-944-7273 bkexpress@aw.com %O http://www.amazon.com/exec/obidos/ASIN/0201616475/robsladesinterne %P 352 p. %T "Cryptography Decrypted" The book seems to be rather ambitious, since the preface says that it is addressed to any (and therefore all) audience(s), without any limitation on the stated purpose. Part one addressed secret key (symmetric) cryptography. Chapter one tries to draw an analogy between locks and encryption, although the relation is strained at best. Substitution, frequency analysis, and polyalphabetic ciphers are covered in chapter two. Chapter three introduces transposition. The Polybius square is used, in chapter four, as an example of the combination of substitution and transposition. For those in the know, this leads nicely into the discussion of DES (Data Encryption Standard), in chapter five, although the neat segue would be lost on most readers, since the details of DES are not given. The history of cryptography appears rather abruptly in chapter six. Chapter seven covers the attempts to use cryptographic methods for confidentiality, integrity, authentication, and non-repudiation, and shows that the last point is not possible with purely symmetric cryptography. A simplistic examination of key exchange is given in chapter eight. Part two deals with public key (asymmetric) encryption. Chapter nine is a confusing introduction using the Merkle puzzle space (with some mention of Diffie-Hellman) as the example. A simplistic review of public key encryption is in chapter ten. Math tricks, in chapter eleven, seems pointless as it begins, but the development to the examples of modular inverses do provide both a basic form of asymmetric cryptography, and a demonstration of the mathematical concepts underlying more advanced cryptographic algorithms. Chapter twelve introduces authentication and digital signatures, with hashes and message digests in chapter thirteen, and a discussion of digest assurances (reviewing collisions and encrypted message authentication codes) in fourteen. A comparison of cryptographic strength and speed (between symmetric and asymmetric systems) is in chapter fifteen. Part three covers the distribution of public keys, and introduces some of the concepts of PKI (Public Key Infrastructure). Chapter sixteen deals with certificates. The title of chapter seventeen relates to the X.509 certificate structure, but the topics covered mostly concern hierarchical certificate authorities. PGP (Pretty Good Privacy) and the "Web of Trust" model are explained in chapter eighteen. Part four looks at real world systems and actual applications. Chapter nineteen explains email security, but in a generic fashion. SSL (Secure Sockets Layer) is clearly described in chapter twenty, but, given the lack of detail in the rest of the book, the technical material is rather odd. IPSec, in chapter twenty one, is presented in a confused manner. Various problems of, and attacks against, cryptography are outlined in chapter twenty two. The final chapter is a simplistic review of the storage of cryptographic keys on smart cards. This book does present most of the core concepts in cryptography. The text is readable, and, within the limited scope of the material, generally accurate. For non-specialists, it is a reasonable introduction to the topic. This might even include security professionals who are not directly involved with cryptographic systems. However, the lack of detail in the explanations of the theory is a weakness, since the text would be more convincing with more background. copyright Robert M. Slade, 2002 BKCRPDEC.RVW 20021215