Автор: Kamran Khan, Bill Cox
Издательство: Manning Publications
Год: 2024
Страниц: 262
Язык: английский
Формат: pdf (true)
Размер: 16.6 MB
Learn how the good guys implement cryptography and how the bad guys exploit it.
In Hacking Cryptography you’ll find unique guidance for creating strong cryptography that can withstand attempts to exploit it including:
DUAL_EC_DRBG random number generator using Go’s elliptic curve library
Exploiting the RC4 stream cipher, as used in WEP
Block ciphers for padding oracle attacks and manipulation of initialization-vectors
Exploiting hash functions by using extension and rainbow table attacks
Implementing RSA key generation using the Miller-Rabin primality test and exploiting it using the Weiner attack
Exploiting PKCS1.5 padding by using Bleichenbacher's chosen-ciphertext attack
Implementing Diffie-Hellman Key Exchange and breaking it using a MITM parameter injection attack
Theoretically strong cryptography often becomes vulnerable to exploitation as soon as it’s built into real applications and networks. Hacking Cryptography details dozens of practical cryptographic implementations and then breaks down the flaws that adversaries use to exploit them. You’ll learn just what it takes to write cryptographically secure code, build an intuition for spotting potential vulnerabilities, and master techniques to avoid the pitfalls that leave your systems at risk.
Cryptography has recently been thrust into the limelight thanks to crypto currencies, but it has been around for far longer than that. It protects everything we do in the digital world and is the last and most reliable line of defense for our data. Despite its significance and success, cryptography is anything but infallible. While the theoretical foundations of this field of knowledge are pretty sturdy, the practical applications seem almost doomed to eventually run afoul of one implementation mistake or another.
A good understanding of how physical locks work can be obtained by learning how to pick locks. That’s essentially what this book is about. While there are many books that explain how cryptography is implemented (akin to how locks are made), this book builds an understanding of cryptography by looking at how cryptographic locks are usually picked.
We hope that this book will expand the general understanding & discourse surrounding cryptographic engineering. We look forward to hearing your thoughts on things that can be improved. The MEAP is somewhat of a unique thing in the publishing industry and your feedback is exactly the proverbial gold that it is trying to mine. It is an exciting prospect to be able to improve your book based on actual reader feedback while you’re still writing it, and we heartily appreciate the opportunity for doing so.
about the technology
Everything we do in the digital world is protected by cryptography. It is the final and most reliable defense of our data, and it is often impossible to break in its pure mathematical form. Unfortunately, life is different outside the lab. Implementing cryptography in code and hardware is never perfect, and any crack is an invitation for a would-be attacker’s exploitation.
about the book
Hacking Cryptography builds your understanding of cryptography by revealing the “lockpicks” that bad actors use to exploit security protocols, firewalls, and other cryptography-based protection schemes. The book dives deep into each cryptographic exploit, explaining complex concepts in detail through real-world analogies, code annotations, and pseudo-code. You’ll explore historical examples where popular cryptography has failed, such as the breaking of the WEP protocol, and see what impact those failures have had on modern cryptography.
search inside this book
about the reader
For software and security engineers. No advanced mathematical knowledge required. Examples in Go.
about the authors
Kamran Khan is a software engineer with more than a decade of experience in the security industry. He currently works as a Software Engineering Architect at Salesforce, and his previous roles have included Google and Microsoft. He has worked in a variety of areas related to security engineering, including large-scale distributed services, embedded devices intended for multi-factor authentication, and cryptographically verifiable elections.
Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google and loves teaching engineers the fundamentals of writing secure code.
Скачать Hacking Cryptography (MEAP V09)