Computer Security - REVIEW: "Cryptography and E-Commerce", Jon C. Graff

11-28-2003, 03:51 PM

BKCRECOM.RVW 20031019

"Cryptography and E-Commerce", Jon C. Graff, 2001, 0-471-40574-4,
U$29.99/C$46.50
%A Jon C. Graff
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%D 2001
%G 0-471-40574-4
%I John Wiley & Sons, Inc.
%O U$29.99/C$46.50 416-236-4433 fax: 416-236-4448
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%P 222 p.
%T "Cryptography and E-Commerce"

The introduction states that the author has set out to write an
"accessible, easily understood, and entertaining" guide to modern
cryptography.

Part one is a presentation of current cryptography. Chapter one opens
with symmetric key concepts, but states that DES (Data Encryption
Standard) is safe for the present (DES had been broken at least twice
by the time the book was written). The basic ideas are presented, but
the metaphors and illustrations used may confuse, rather than explain,
the issues. The same is true for integrity protection (hashes and
digests) in chapter two, and with key management, Kerberos, asymmetric
(public key) cryptography, certificates (using only a hierarchical
structure), certificate extensions and attributes, and US export
restrictions, in the succeeding chapters. The section finishes with a
one page "chapter" of concluding remarks.

Part two, consisting of chapter ten, is a tutorial on the underlying
mathematics of asymmetric cryptography. As with the basics of
cryptography presented earlier, using pictures and stories does not
seem to help matters, particularly since the math is not correct. (In
explaining RSA on page 127, 3 x 11 does *not* equal 44, and a
previously undefined function appears partway through the process.)

Part three contains case studies of architectures proposed by the
author. Chapter eleven utilizes Kerberos, but the most interesting
parts involve the use of hardware cards. Chapter twelve is an outline
of a fairly generic PKI (Public Key Infrastructure).

Overall, the explanations of cryptographic concepts are not bad, but
they are not particularly accessible or easily understood, and there
are certainly clearer and more complete books that make fewer
mistakes, even the simpler ones, such as "Cryptography Decrypted" by
H. X. Mel and Doris Baker (cf. BKCRPDEC.RVW), or "Internet
Cryptography" by Richard E. Smith (cf. BKINTCRP.RVW). The
entertainment value of the pictures and stories is minimal, and, as
noted, the graphics and personal names are unlikely to assist the
reader in understanding the fundamental theory.

copyright Robert M. Slade, 2003 BKCRECOM.RVW 20031019

--
======================

"If you do buy a computer, don't turn it on." - Richards' 2nd Law
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
or mirror http://sun.soci.niu.edu/~rslade/
CISSP refs: [Base URL]mnbksccd.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
Security Educ.: http://groups.yahoo.com/group/comseced/
Review mailing list: send mail to techbooks-

Rob Slade, doting grandpa of Ryan and Trevor

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
TheDigitalReview: DO YOU BELIEVE IN MIRACLES? - DVD REVIEW	Mike McGee	DVD Video	0	02-09-2004 08:15 PM
TheDigitalReview: BABE SPECIAL EDITION - DVD REVIEW (User Review)	Mike McGee	DVD Video	0	12-04-2003 04:52 AM
TheDigitalReview: HUD - DVD REVIEW	Mike McGee	DVD Video	0	11-22-2003 10:34 AM
TheDigitalReview: THE JAMIE KENNEDY EXPERIMENT - COMPLETE FIRST SEASON - DVD REVIEW	Mike McGee	DVD Video	0	11-21-2003 12:07 PM
TheDigitalReview: WINGED MIGRATION - DVD REVIEW	Mike McGee	DVD Video	0	11-16-2003 09:52 AM

11-28-2003, 03:51 PM	#1
	REVIEW: "Cryptography and E-Commerce", Jon C. Graff BKCRECOM.RVW 20031019 "Cryptography and E-Commerce", Jon C. Graff, 2001, 0-471-40574-4, U$29.99/C$46.50 %A Jon C. Graff %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2001 %G 0-471-40574-4 %I John Wiley & Sons, Inc. %O U$29.99/C$46.50 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/AS...bsladesinterne http://www.amazon.co.uk/exec/obidos/...bsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20 %P 222 p. %T "Cryptography and E-Commerce" The introduction states that the author has set out to write an "accessible, easily understood, and entertaining" guide to modern cryptography. Part one is a presentation of current cryptography. Chapter one opens with symmetric key concepts, but states that DES (Data Encryption Standard) is safe for the present (DES had been broken at least twice by the time the book was written). The basic ideas are presented, but the metaphors and illustrations used may confuse, rather than explain, the issues. The same is true for integrity protection (hashes and digests) in chapter two, and with key management, Kerberos, asymmetric (public key) cryptography, certificates (using only a hierarchical structure), certificate extensions and attributes, and US export restrictions, in the succeeding chapters. The section finishes with a one page "chapter" of concluding remarks. Part two, consisting of chapter ten, is a tutorial on the underlying mathematics of asymmetric cryptography. As with the basics of cryptography presented earlier, using pictures and stories does not seem to help matters, particularly since the math is not correct. (In explaining RSA on page 127, 3 x 11 does not equal 44, and a previously undefined function appears partway through the process.) Part three contains case studies of architectures proposed by the author. Chapter eleven utilizes Kerberos, but the most interesting parts involve the use of hardware cards. Chapter twelve is an outline of a fairly generic PKI (Public Key Infrastructure). Overall, the explanations of cryptographic concepts are not bad, but they are not particularly accessible or easily understood, and there are certainly clearer and more complete books that make fewer mistakes, even the simpler ones, such as "Cryptography Decrypted" by H. X. Mel and Doris Baker (cf. BKCRPDEC.RVW), or "Internet Cryptography" by Richard E. Smith (cf. BKINTCRP.RVW). The entertainment value of the pictures and stories is minimal, and, as noted, the graphics and personal names are unlikely to assist the reader in understanding the fundamental theory. copyright Robert M. Slade, 2003 BKCRECOM.RVW 20031019 -- ====================== "If you do buy a computer, don't turn it on." - Richards' 2nd Law ============= for back issues: [Base URL] site http://victoria.tc.ca/techrev/ or mirror http://sun.soci.niu.edu/~rslade/ CISSP refs: [Base URL]mnbksccd.htm Security Dict.: [Base URL]secgloss.htm Security Educ.: [Base URL]comseced.htm Book reviews: [Base URL]mnbk.htm [Base URL]review.htm Partial/recent: http://groups.yahoo.com/group/techbooks/ Security Educ.: http://groups.yahoo.com/group/comseced/ Review mailing list: send mail to techbooks- Rob Slade, doting grandpa of Ryan and Trevor