BKCRPTDV.RVW 20070114 "Cryptography for Developers", Tom St. Denis, 2007, 1-59749-104-7, U$59.95/C$77.95 %A Tom St. Denis %C 800 Hingham Street, Rockland, MA 02370 %D 2007 %G 1-59749-104-7 978-1-59749-104-4 %I Syngress Media, Inc. %O U$59.95/C$77.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1597491047/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1597491047/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1597491047/robsladesin03-20 %O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation) %P 423 p. %T "Cryptography for Developers" Chapter one is a poor explanation of some cryptographic concepts. Sample code for various ASN.1 standard data types and representations (those useful for cryptographic work) are given in chapter two. The review of random numbers that is provided in chapter three is excellent, with discussion of sources of entropy, basic designs for random and pseudorandom systems, coding samples, and pointers to concerns and areas of weakness in related systems. Chapter four, on the Advanced Encryption Standard (AES), is weak on theoretical outlines, but describes the algorithm and processes, as well as noting programming code, optimizations, and the weaknesses (primarily against side channel attacks) that such performance measures create. There is also a review of two of the five modes of block cipher operations. Hash functions, and an extensive discussion of the birthday paradox, are in chapter five. There are coding details of SHA-1 (Secure Hash Algorithm), SHA-256, and SHA-512, as well as PKCS (Public Key Cryptographic Standard) #5. More secure message authentication codes (MAC); CMAC (Cipher Message Authentication Code) and HMAC (it actually isn't an acronym, despite what the book says) are in chapter six. Implementing applications which both encrypt and provide authentication is described in chapter seven. Chapter eight examines operations with very large numbers, vital for most asymmetric cryptography (which is briefly outlined in chapter nine). The text is written in a pseudo-intellectual manner that may sometimes annoy the reader with its emphasis on erudite and esoteric trivia. The attempt at folksy humour does not contribute to either an understanding of the material or the readability of the content. The explanations of basic concepts are weak, and often wrong or misleading. There are a great many typographical errors in the text of the manuscript, which does not inspire confidence in the accuracy of the sample code. There are a number of useful points in the book, but they are buried in a lot of sloppy work. copyright Robert M. Slade, 2007 BKCRPTDV.RVW 20070114