Cryptography For Dummies

Overview

  • Cryptography is the most effective way to achieve data security and is essential to e-commerce activities such as online shopping, stock trading, and banking
  • This invaluable introduction to the basics of encryption covers everything from the terminology used in the field to specific technologies to the pros and cons of different implementations
  • Discusses specific technologies that incorporate cryptography in ...
See more details below
Paperback
$22.19
BN.com price
(Save 36%)$34.99 List Price
Other sellers (Paperback)
  • All (12) from $5.99   
  • New (6) from $21.81   
  • Used (6) from $5.99   
Sending request ...

Overview

  • Cryptography is the most effective way to achieve data security and is essential to e-commerce activities such as online shopping, stock trading, and banking
  • This invaluable introduction to the basics of encryption covers everything from the terminology used in the field to specific technologies to the pros and cons of different implementations
  • Discusses specific technologies that incorporate cryptography in their design, such as authentication methods, wireless encryption, e-commerce, and smart cards
  • Based entirely on real-world issues and situations, the material provides instructions for already available technologies that readers can put to work immediately
  • Expert author Chey Cobb is retired from the NRO, where she held a Top Secret security clearance, instructed employees of the CIA and NSA on computer security and helped develop the computer security policies used by all U.S. intelligence agencies
Read More Show Less

Editorial Reviews

From Barnes & Noble
The Barnes & Noble Review
If anything needs a For Dummies book, it’s cryptography. And Cryptography for Dummies does exactly what you’re hoping: It thoroughly demystifies crypto, so you can actually use it.

Chey Cobb was chief security officer for a U.S. government secret spy agency -- she knows this stuff. And she explains it in English: how it works, how to tell “strong” crypto from snake oil, how to decide what you need.

Cobb offers easy introductions to setting up public key infrastructure; encrypting email and files; authentication, secure e-commerce, VPNs, and wireless encryption. You’ll find dos and don’ts, principles of “cryptiquette” -- even some product recommendations. Bill Camarda

Bill Camarda is a consultant, writer, and web/multimedia content developer. His 15 books include Special Edition Using Word 2003 and Upgrading & Fixing Networks for Dummies, Second Edition.

From the Publisher
“…a useful guide for anyone bamboozled by encryption…” (PC Utilities, June 2004)

“The reader can dip into it whenever the mood takes them…” (MicroMart, 29th April 2004)

Read More Show Less

Product Details

  • ISBN-13: 9780764541889
  • Publisher: Wiley
  • Publication date: 1/30/2004
  • Series: For Dummies Series
  • Edition number: 1
  • Pages: 336
  • Sales rank: 985,808
  • Product dimensions: 7.50 (w) x 9.25 (h) x 0.71 (d)

Meet the Author

Chey Cobb, CISSP, author of Network Security For Dummies, was Chief Security Officer for a National Reconnaissance Office (NRO) overseas location. She is a nationally recognized computer security expert.

Read More Show Less

Table of Contents

Introduction.

Part I: Crypto Basics & What You Really Need to Know.

Chapter 1: A Primer on Crypto Basics.

Chapter 2: Major League Algorithms.

Chapter 3: Deciding What You Really Need.

Chapter 4: Locks and Keys.

Part II: Public Key Infrastructure.

Chapter 5: The PKI Primer.

Chapter 6: PKI Bits and Pieces.

Chapter 7: All Keyed Up!

Part III: Putting Encryption Technologies to Work for You.

Chapter 8: Securing E-Mail from Prying Eyes.

Chapter 9: File and Storage Strategies.

Chapter 10: Authentication Systems.

Chapter 11: Secure E-Commerce.

Chapter 12: Virtual Private Network (VPN) Encryption.

Chapter 13: Wireless Encryption Basics.

Part IV: The Part of Tens.

Chapter 14: The Ten Best Encryption Web Sites.

Chapter 15: The Ten Most Commonly Misunderstood Encryption Terms.

Chapter 16: Cryptography Do’s and Don’ts.

Chapter 17: Ten Principles of “Cryptiquette”.

Chapter 18: Ten Very Useful Encryption Products.

Part V: Appendixes.

Appendix A: Cryptographic Attacks.

Appendix B: Glossary.

Appendix C: Encryption Export Controls.

Index.

Read More Show Less

First Chapter

Cryptography For Dummies


By Chey Cobb

John Wiley & Sons

ISBN: 0-7645-4188-9


Chapter One

A Primer on Crypto Basics

In This Chapter

* It's not just for spies anymore

* Basic information on early cryptography

* Cipher, cipher, who's got the cipher?

* It's all hashed up

* What are cryptosystems?

* Some everyday uses

* Elitist attitudes towards cryptography

Computers and use of the Internet have fostered new interest in cryptography partly due to the new emphasis on personal privacy. Little did I realize that in our efforts to make it easy for computers to share stuff, it would make it easy for other people to see all of our personal stuff, too. Perhaps you've discovered for yourself that it is far too easy for unknown persons to read your e-mail, private documents, love letters, financial information, and so on. The Internet is truly the Global Village ... a village where everyone can see what you do and hear what you say. The good news is that you can use cryptography to protect yourself from the eavesdroppers and Peeping Toms of the village.

Not only can cryptography scramble your files, but it can also be used to prove who you are (and maybe who you aren't!). Cryptography can be used to alert you if the contents of a file have been changed, attest to the identity of the person who sent you a message, keep online communications safe and secure, and, of course, hide important data. And the best news of all is that not every cryptographicsolution is expensive, and you don't need to be a rocket scientist to incorporate crypto solutions into your network.

It's Not about James Bond

There's no need for fancy gizmos, fast cars, or beautiful women. As nice as those may be (for some!), the world of cryptography can be used on even low-tech systems. Forget the cloak and dagger and put away your raincoat and fedora - most cryptography is done out in the open now. The special programs and codes used to scramble data are available for all the world to see. In fact, having them out in the open helps make cryptography more secure because more people can test for weaknesses.

Because cryptography is usually associated with spies, secret messages, and clandestine meetings, you might have thought that cryptography stopped being used at the end of the Cold War. Believe it or not, its use is actually on the rise. I think that's partially due to more awareness of personal identity theft and also because more is being written in the media about how data needs more protection that a common PC gives you.

Cryptography is about scrambling data so that it looks like babble to anyone except those who know the trick to decoding it. Almost anything in the world can be hidden from sight and revealed again. The magician David Copperfield has made his living from hiding enormous things from plain view - like elephants and the Statue of Liberty - and then magically revealing them again. Any magician will tell you that in order to make things disappear and appear again, you have to have a plan of action - a formula or recipe - to make the magic work. Although you can't directly equate magic acts with cryptography (although cryptography may seem like magic), there is a similarity between magic and cryptography in that they both need to have a formula in order to work correctly time after time.

Go with the rhythm

In cryptography, the magic recipe for hiding data is called an algorithm. An algorithm is a precise set of instructions that tells programs how to scramble and unscramble data. A simple algorithm might read like this:

Step 1: Delete all instances of the letter "e" in the data

Step 2: Replace the letter "t" with the number "7"

Step 3: Reverse the order of the data and rewrite it from the end to the beginning

Now, this is just me playing around with what a simple algorithm might look like, just so you can get an idea of what I'm talking about. The steps above are not an actual algorithm; it's my pretend algorithm of the week. Algorithms used in programs today are mathematical functions with the instructions written in programming code.

Here's just a portion of a real algorithm called DES (Data Encryption Standard) that was adopted by the government in 1977. DES is a block cipher that transforms 64-bit data blocks under a 56-bit secret key by means of permutation and substitution. (You're not meant to understand that last sentence yet!) So, here is just a tiny, tiny bit of the DES algorithm:

Get a 64-bit key from the user. (Every 8th bit is considered a parity bit. For a key to have correct parity, each byte should contain an odd number of "1" bits.)

Calculate the key schedule.

Perform the following permutation on the 64-bit key. (The parity bits are discarded, reducing the key to 56 bits. Bit 1 of the permuted block is bit 57 of the original key, bit 2 is bit 49, and so on with bit 56 being bit 4 of the original key.)

Permuted Choice 1 (PC-1)

57 49 41 33 25 17 9 1 58 50 42 34 26 18 10 2 59 51 43 35 27 19 11 3 60 52 44 36 63 55 47 39 31 23 15 7 62 54 46 38 30 22 14 6 61 53 45 37 29 21 13 5 28 20 12 4

In actuality, the remainder of the DES algorithm could easily fill six or seven pages! What I've shown you is just a small portion of the entire recipe. Interestingly, although DES is complex, it was found to have serious flaws that were exposed in 1998. These flaws lead teams of cryptographers to rework DES because the original algorithm could be cracked and was no longer considered safe to use. The algorithm the cryptographers came up with to replace DES is called 3DES (Triple DES). I' tell you more about 3DES in Chapter 2 about algorithms.

Rockin' the rhythm

The reason that algorithms are so complex is to ensure that they can't be easily broken. It wouldn't do a spy any good to send out a secret message if everyone in the world could crack the code and read it. The algorithms we use today have been tested by crypto experts to check their strength, but sometimes it takes years to find the fatal flaw. When this happens, notices are sent out via vendors and the media to let users know that they may need to make some changes in encryption programs they are using.

Most algorithms are mind-numbingly complex mathematical equations - or at least they appear that way to me! Fortunately, you normally don't have to deal with the algorithm itself - the encryption software does that for you. For that reason, I'm not going to dwell on the math behind the science. Just like you don't need to be a mechanical genius to drive a car, you don't need to be a mathematician to be able to use encryption products. (Hooray!) For most encryption products, the most difficult part is the initial setup. After that, the scrambling and unscrambling is mostly done without your interaction.

There are tons of different algorithms used in the world of cryptography. Why? For the same reason you use different recipes to make a cake. Some recipes are better, some recipes are easier, and some recipes depend on time and care to make them turn out right. The same thing happens with algorithms - we need to use faster, easier, stronger algorithms, and some are better than others at accomplishing the task. It all depends on your needs as to which algorithms you'll eventually use in your system.

There are also tons of arguments as to what makes a good algorithm and what makes a bad algorithm. Get any three crypto geeks in a room to discuss the differences and, chances are, they'll still be arguing a week later. Good algorithms are generally referred to as strong crypto and bad algorithms are called weak crypto. You'll find arguments galore in newsletters and mail lists that attempt to describe why one algorithm is better than the other. You'll need to know at least the basics on how to tell one from the other, so you'll be seeing information on good versus bad later on in this book. Often the problem has more to do with the installation and setup of the software than problems with the product or the algorithm.

Starting with this chapter, I give you the plain, old-fashioned basics that are good for you to know. This subject is really complex, and humongous tomes have been written by others, but that's not what I'll be doing here. I know you're not trying to get a college degree on the subject - you just want to know enough to buy the right stuff, install it correctly, and be able to use it. If that's what you want, then you've got the right book!

Getting to Know the Basic Terms

I'm going to start you off with some introductory terms. These are not meant to confuse you; rather, they are meant to gradually introduce you to some of the lingo used in cryptography.

  •   Encrypt: Scrambling data to make it unrecognizable
  •   Decrypt: Unscrambling data to its original format
  •   Cipher: Another word for algorithm
  •   Key: A complex sequence of alpha-numeric characters, produced by the algorithm, that allows you to scramble and unscramble data
  •   Plaintext: Decrypted or unencrypted data (it doesn't have to be text only)
  •   Ciphertext: Data that has been encrypted

I want to mention keys at this point because they are all-important to cryptography. A key locks and unlocks secret messages - just like a door key locks and unlocks doors. Because keys are central to good cryptography, you can be sure that you'll be learning much more about them in Chapter 4. For now, though, I'm going to keep focused on ciphers and discuss some of the common cipher types.

What Makes a Cipher?

Over the ages there have been as many ways to hide and change data as there have been changes in clothing fashions. Likewise, some of these ciphers have fallen out of fashion while others have become classics.

Generally, ciphers are much simpler forms of algorithms than we use today. Many of these early ciphers were very easy to crack. In today's algorithms, we use the principles of these early ciphers, but much complexity has been added to make them harder to crack. Here, then, are some of the basic ciphers from which our modern cryptography has emerged.

Concealment ciphers

Concealment ciphers have been used for centuries to hide a message in plain sight. They have been used to give orders to troops at war, to tell spies where to meet their contacts, and to even help people like Mary, Queen of Scots, coordinate rendezvous times with her admirers.

The next paragraph is an example of a very old concealment cipher that was given to a prisoner in England during the time of Oliver Cromwell. Hidden within the message are the instructions to the prisoner on how to escape:

Worthie Sir John: Hope, that is the best comfort of the afflicated, cannot much, I fear me, help you now. That I would saye to you, is this only: if ever I may be able to requite that I do owe you, stand not upon asking me: Tis not much I can do: but what I can do, bee you verie sure I wille. I knowe that, if deathe comes, if ordinary men fear it, it frights not you, accounting is for a high hounour, to have such a rewarde of your loyalty. Pray yet that you may be spare this soe bitter, cup, I fear not that you will grudge any suffereings; onlie if bie submission you can turn them away, tis the part of a wise man. Tell me, as If you can, I do for you anythinge that you can wolde have done. The general goes back on Wednesday. Restinge your servant to command. R.J.

I don't know how the key was given to the prisoner so he could decrypt the message, but the key is, "the third letter after every punctuation mark." If you follow that key, you will find that the concealed message is:

"panel at east end of chapel slides"

And, yes, the prisoner did escape! He asked to go to the chapel prior to his execution so he could pray for his soul. The guards left him in the chapel and manned the entrance. When they figured he had had long enough and went in to check on him, surprise! No prisoner! How do you explain that one to the King?

Substitution ciphers

Just as it sounds, a substitution cipher substitutes one letter or character for another. As a child you may have gotten a secret decoder ring from an offer on a cereal box or chocolate milk powder. The decoder ring consisted of two dials, both containing all the letters of the alphabet. The trick was to twirl one dial around the other so that the letters of the alphabet did not match up. Then you found the letter you wanted to use on one ring and substituted the letter on the other ring. Carry on letter by letter and then you have a secret message. Although this is technically not a ring shown below, here's an example of how the substitutions would line up:

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z S T U V W X Y Z A B C D E F G H I J K L M N O P Q R

Using the graph above, you would locate your letter and then substitute it with the letter directly below it. Therefore, the phrase:

ATTACK AT DAWN AT THE NORTHERN BRIDGE

would become

SLLSUC SL VSOF SL LZW FGJLZWJF TJAVYW

Of course to decrypt your message, your intended recipient would also have to have a decoder ring and he would need to know how far to twirl his dial so it matched yours. This number would indicate the switch in letters - and it is also the key to decrypting the message. In the example above, the switch is 18 letters to the right of the letter A; therefore, the key is "18." This cipher is probably one of the best known in the world and is also referred to as the "Caesar Cipher" because of historical references linking Julius Caesar and this type of cipher.

Transposition ciphers

One of the oldest known ciphers is called a transposition cipher. This type of cipher changes the order of the letters of the original message. One method is to write the message in a series of columns and rows in a grid - or you could write the message backwards. One of the oldest transposition ciphers is the Spartan scytale (also spelled as skytale). This information comes from Plutarch, who was an ancient Greek priest and scholar. Plutarch tells how Lacedaemonian generals exchanged messages by winding a narrow ribbon of parchment spirally around a staff or a spear. The message was then written length-wise across the wound-up parchment. When the parchment was unwound, you could only see parts of words or phrases that were written and the pattern of the words seemed random. This cipher could be read only by the person who had a spear of exactly the same circumference, who could rewind the parchment, so that the letters would reappear in their original order.

Continues...


Excerpted from Cryptography For Dummies by Chey Cobb Excerpted by permission.
All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)