From: patrick@Verity.COM (Patrick Horgan)
To: sandoval@cic.teleco.ulpgc.es
Message Hash: 1f7489bb9a37456dbe7e071ea15df700299c8f64e8b9ebbe9442e0d481bc9257
Message ID: <9510242121.AA07455@cantina.verity.com>
Reply To: N/A
UTC Datetime: 1995-10-24 21:25:37 UTC
Raw Date: Tue, 24 Oct 95 14:25:37 PDT
From: patrick@Verity.COM (Patrick Horgan)
Date: Tue, 24 Oct 95 14:25:37 PDT
To: sandoval@cic.teleco.ulpgc.es
Subject: Re: textbooks
Message-ID: <9510242121.AA07455@cantina.verity.com>
MIME-Version: 1.0
Content-Type: text/plain
I'm Cc:ing this to cypherpunks since I've gotten a lot of requests for this
information.
> From: sandoval@cic.teleco.ulpgc.es (Juan Domingo Sandoval Gonzalez)
>
> Dear Patrick,
> Thanks for yor info about "Network Security Private Communication
> in a PUBLIC World" by Kaufman, Perlman and Speciner.
> To buy it I need to know Who published it.
> Do you know the Editor house?
>
"Network Security - PRIVATE Communication in a PUBLIC World", 1995, Prentice
Hall PTR, ISBN 0-13-061466-1, by Charlie Kaufman, Radia Perlman, and Mike
Speciner.
This book is amazing. It explains hard concepts in ways that make them
seem obvious. I can't state this too emphatically. The style of the
book is conversational, approachable and a fun read, while at the same
time maintaining technical exactness to the point that you can implement
algorithms from the discussions in this book, (and understand how they
work.)
17.6.2 Coping with Export Controls is very interesting, detailing the weird
hoops that Lotus jumped through to retain as much security as possible while
still meeting export requirements. The authors make the point that what
happens to you when you go through this process is almost random depending
on the times as well as the individual person you deal with.
The ANS.1 section is blunt about the space problems, and indeed much of the
book is refreshingly blunt about the stupidities involved in a lot of this
stuff.
The quick proof of why the initial and final permutations add nothing to
the security of DES is presented in an informal and quite obvious sidebar.
The comment is made that by the same argument the permutation of the key
in the generating of per-round keys also adds nothing to security.
It also includes homework and would be a wonderful textbook.
Here's an abbreviated version of the TOC. Note that the real index is much
richer than this. I've given the complete version of section 3.3 to
illustrate. All typos are mine. I think we can no longer refer to Bruce's
book as the Bible, but must refer to the two books as the Scriptures;)
Could someone refer me to some good crypto oriented math books? Preferably
something as readable as this:)
Chapter 1 Introduction
1.1 Roadmap to the book
1.2 What type of book is this
1.3 Terminology
1.4 Notation
1.5 Primer on Networking
1.6 Tempest
1.7 Firewalls/Security Gateways
1.8 Key Escrow for Law Enforcement
1.9 Key Escrow for Careless Users
1.10 Viruses, Worms, Trojan Horses
1.11 The Military Model of Security
1.12 Legal Issues
Chapter 2 Introduction to Cryptography
2.1 What is Cryptography
2.2 Breaking an Encryption Scheme
2.3 Types of Cryptographic Functions
2.4 Secret Key Cryptography
2.5 Public Key Cryptography
2.6 Hash Alogorithms
2.7 Homework
Chapter 3 Secret Key Cryptography
3.1 Introduction
3.2 Generic Block Encryption
3.3 Data Encryption Standard (DES)
3.3.1 DES Overview
3.3.2 The Permutations of the Data
3.3.3 Generating the Per-Round Keys
3.3.4 A DES Round
3.3.5 The Mangler Function
3.3.6 Weak and Semi-Weak Keys
3.3.7 What's So Special About DES?
3.4 International Data Encryption Algorithm (IDEA)
3.5 Using Secret Key Cryptography in Protocols
3.6 Encrypting a Large Message
3.7 Generating MICs
3.8 Multiple Encryption DES
3.9 Homework
Chapter 4 Hashes and Message Digests
4.1 Introduction
4.2 Nifty Things to Do with a Hash
4.3 MD2
4.4 MD4
4.5 MD5
4.6 SHS
4.7 Homework
Chapter 5 Public Key Algorithms
5.1 Introduction
5.2 Modular Arithmatic
5.3 RSA
5.4 Diffie-Hellman
5.5 Digital Signature Standard (DSS)
5.6 Zero Knowledge Proof Systems
5.7 Homework Problems
Chapter 6 Number Theory
6.1 Introduction
6.2 Modular Arithmatic
6.3 Primes
6.4 Euclid's Algorithm
6.5 Chinese Remainder Theorem
6.6 Zn*
6.7 Euler's Totient Function
6.8 Euler's Theorem
6.9 Homework Problems
Chapter 7 Authentication Problems
7.1 Password-Based Authentication
7.2 Address-Based Authentication
7.3 Cryptographic Authentication Protocols
7.4 Who is Being Authenticated
7.5 Passwords as Cryptographic Keys
7.6 Eavesdropping and Server Database Reading
7.7 Trusted Intermediaries
7.8 Session Key Establishment
7.9 Authorization
7.10 Delegation
7.11 Homework
Chapter 8 Authentication of People
8.1 Passwords
8.2 On-Line Password Guessing
8.3 Off-Line Password Guessing
8.4 How Big Should a Secret Be?
8.5 Eavesdropping
8.6 Passwords and Careless Users
8.7 Initial Password Distribution
8.8 Authentication Tokens
8.9 Physical Access
8.10 Biometrics
8.11 Homework
Chapter 9 Security Handshake Pitfalls
9.1 Login Only
9.2 Mutual Authentication
9.3 Integrity/Encryption for Data
9.4 Mediated Authentication (with KDC)
9.5 Bellovin-Merritt
9.6 Network Login and Password Guessing
9.7 Nonce Types
9.8 Picking Random Numbers
9.9 X.509 Problem
9.10 Performance Considerations
9.11 Authentication Protocol Checklist
9.12 Homework
Chapter 10 Kerberos V4
10.1 Introduction
10.2 Tickets and Ticket-Granting Tickets
10.3 Configuration
10.4 Logging Into the Network
10.5 Replicated KDCs
10.6 Realms
10.7 Interrealm Authentication
10.8 Key Version Numbers
10.9 Encryption for Privacy and Integrity
10.10 Encryption for Integrity Only
10.11 Network Layer Addresses in Tickets
10.12 Message Formats
10.13 Homework
Chapter 11 Kerberos V5
11.1 ASN.1
11.2 Names
11.3 Delegation of Rights
11.4 Ticket Lifetimes
11.5 Key Versions
11.6 Making Master Keys in Different Realms Different
11.7 Optimizations
11.8 Cryptographic Algorithms
11.9 Hierarchy of Realms
11.10 Evading Password-Guessing Attacks
11.11 Key Inside Authenticator
11.12 Double TGT Authentication
11.13 KDC Database
11.14 Kerberos V5 Messages
11.15 Homework
Chapter 12 Electronic Mail Security
12.1 Distribution Lists
12.2 Store and Forward
12.3 Security Services for Electronic Mail
12.4 Establishing Keys
12.5 Privacy
12.6 Authentication of the Source
12.7 Message Integrity
12.8 Non-Repudiation
12.9 Proof of Submission
12.10 Proof of Delivery
12.11 Message Flow Confidentiality
12.12 Anonymity
12.13 Containment
12.14 Annoying Text Format Issues
12.15 Names and Addresses
12.16 Old Messages
12.17 Homework
Chapter 13 Privacy Enhanced Mail (PEM)
13.1 Introduction
13.2 Establishing Keys
13.3 Some PEM History
13.4 Certificate Hierarchy
13.5 Certificate Revocation Lists (CRLs)
13.6 X.509 Certificates and CRLs
13.7 Reformatting Data to Get Through Mailers
13.8 General Structure of a PEM Message
13.9 Encryption
13.10 Source Authentication and Integrity Protection
13.11 Multiple Recipients
13.12 Bracketing PEM Messages
13.13 Remote Distribution List Exploders
13.14 Forwarding and Enclosures
13.15 Canonicalization
13.16 Unprotected Information
13.17 Message Formats
13.18 DES-CBC as MIC Doesn't Work
13.19 Homework
Chapter 14 PGP (Pretty Good Privacy)
14.1 Introduction
14.2 Overview
14.3 Key Distribution
14.4 Efficient Encoding
14.5 Certificate and Key Revocation
14.6 Signature Types
14.7 Your Private Key
14.8 Key Rings
14.9 Anomalies
14.10 Object Formats
Chapter 15 X.400
15.1 Overview of X.400
15.2 Security Functions Possible with X.400
15.3 Structure of an X.400 Message
Chapter 16 A Comparison of PEM, PGP, and X.400
16.1 Introduction
16.2 Certificate Hierarchy
16.3 Certificate Distribution
16.4 Encryption
16.5 Encoding of Transmitted Messages
16.6 Cryptographic Algorithms Supported
16.7 Recipients with Multiple Keys
16.8 Mail-Intermediary-Provided Functions
Chapter 17 More Security Systems
17.1 NetWare V3
17.2 NetWare V4
17.3 KryptoKnight
17.4 SNMP
17.5 DASS/SPX
17.6 Lotus Notes Security
17.7 DCE Security
17.8 Microsoft Security
17.9 Network Denial of Service
17.10 Clipper
17.11 Homework
Bibliography
Glossary
Index
_______________________________________________________________________
/ These opinions are mine, and not Verity's (except by coincidence;). \
| (\ |
| Patrick J. Horgan Verity Inc. \\ Have |
| patrick@verity.com 1550 Plymouth Street \\ _ Sword |
| Phone : (415)960-7600 Mountain View \\/ Will |
| FAX : (415)960-7750 California 94303 _/\\ Travel |
\___________________________________________________________\)__________/
Return to October 1995
Return to “patrick@Verity.COM (Patrick Horgan)”