|Crypto 101 - A Free Ebook|
|Written by Nikos Vaggalis|
|Friday, 08 July 2016|
Who said that quality comes always at cost? Crypto 101 is proof that there are exceptions to this rule. It is a free guide to the science of cryptography, that, in everyday language, addresses every software developer's need in correctly incorporating and applying cryptographic elements into the building of their software.
Cryptography is a necessary evil that one way or another becomes an integral part of a developer's daily activity. Despite compacting crypto algorithmic implementations into modules, libraries or functions, that make knowledge in maths unnecessary in order to use them, their effective handling still requires a lot of effort.
Block vs Stream chiphers, Encrypting vs Signing, Symmetric vs Asymmetric encryption, are just some of the aspects you ought to understand, otherwise you're not only running the risk of degraded performance, but also the risk of causing the exact opposite of what cryptography was invented to safeguard, that is, confidentiality, authenticity and integrity.
Therefore every developer out there should at the very least have a grasp on the basics: what cryptography is, what it aims at, how to make the correct choice and application of the algorithms, as well as how the components work and interoperate.
You would think that such an essential educational service would come at a cost, but that's not always the case. Fortunately there are also free, reliable and quality solutions out there, like the Crypto 101 book.
Crypto 101 is a comprehensive and easy to follow guide to the world of cryptography, a conception of Laurens Van Houtven (lvh), principal engineer at Rackspace Managed Security where he works on information security, cryptography and distributed systems. He has
Glimpsing through the index, it looks as though his book has everything covered:
Exclusive or/XOR, looks at this pillar of cryptography
"You can apply XOR in any order: a ⊕ b = b ⊕ a, no matter what values a and b are."
and practical perspectives :
"Python, for example, provides the ^ (caret) operator that performs bitwise XOR on integers. It does this by first expressing those two integers in binary4 , and then performing XOR on their respective bits.Hence the name, bitwise XOR."
Block ciphers, investigates the notions of the plaintext and ciphertext, while the first references on symmetric-key encryption, AES, DES and 3DES, make their appearance. They're followed with deep technical details of the algorithm's inner workings ( SubBytes ,ShiftRows
Stream ciphers is a chapter that highlights the 'building up' style that the author adopts; isolating and deconstructing a topic for demonstrating how it works and what sort of issues it faces, and then builds upon it by presenting its better successor that holds the solutions to those issues.
That is the exact case when explaining the EBC mode and the ways it can be attacked, such as the oracle attack in which an attacker can decrypt messages given access to the encryption oracle, a problem that was subsequently addressed by shifting to the CBC mode, something that subsequently lead to the CBC padding attacks, which subsequently lead to....you get the drift.
Key exchange uses the classic of Alice and Bob trying to figure out a a way of securely exchanging messages over an untrusted network.
The rest of the chapters then look at Public-key encryption and the components that need to cooperate in order to maintain the secret message's confidentiality, integrity and authenticity.
Therefore on the way to the Key derivation functions and secure password storage, it goes from Hash functions to
"Just like encryption, authentication comes in both private-key (symmetric) and public-key (asymmetric) forms. Symmetric authentication schemes are typically called message authentication codes, while the public-key equivalent is typically called a signature."
"Note that we say ”message” here instead of ”plaintext” or ”ciphertext”. This ambiguity is intentional. In this book we’re mostly interested in MACs as a way to achieve authenticated encryption, so the message will always be a ciphertext. That said, there’s nothing wrong with a MAC being applied to a plaintext message."
I'm quoting those two paragraphs as representatives of the level of scrutiny the material has undergone, the simple language employed, and the effective way of conveying the concepts.
The book then ends with examples of complete cryptosystems,
Summing up, it's not just a good book, it's a great book.
I would certainly recommend the option of crowd funding the book so the author gets supported into adding more material in a timely fashion, along the lines of Help Kickstart First Ever PerlDancer Book. What do you think?
or email your comment to: firstname.lastname@example.org
|Last Updated ( Friday, 08 July 2016 )|