ebook img

Serious Cryptography: A Practical Introduction to Modern Encryption PDF

314 Pages·2017·5.394 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Serious Cryptography: A Practical Introduction to Modern Encryption

S Serious “A thorough and up-to-date discussion of cryptographic e r i o engineering, designed to help practitioners who plan to u s work in this field do better.” — Matthew D. Green, Professor, Cryptography C r Johns Hopkins University Information Security Institute y p t o This practical guide to modern encryption Each chapter includes a discussion of common g breaks down the fundamental mathematical implementation mistakes using real-world r concepts at the heart of cryptography without examples and details what could go wrong a A Practical Introduction shying away from meaty discussions of how and how to avoid these pitfalls. p they work. You’ll learn about authenticated h Whether you’re a seasoned practitioner or a encryption, secure randomness, hash functions, y beginner looking to dive into the field, Serious to Modern Encryption block ciphers, and public-key techniques such Cryptography will provide a complete survey as RSA and elliptic curve cryptography. of modern encryption and its applications. A You’ll also learn: P r 🔑 Key concepts in cryptography, such as About the Author a c computational security, attacker models, ti c and forward secrecy Jean-Philippe Aumasson is Principal Research a l Engineer at Kudelski Security, an international I 🔑 The strengths and limitations of the TLS n cybersecurity company based in Switzerland. t protocol behind HTTPS secure websites He has authored more than 40 research a rticles ro d 🔑 Quantum computation and post-quantum in the field of cryptography and cryptanalysis u c cryptography and designed the widely used hash functions t i BLAKE2 and SipHash. He speaks regularly o n 🔑 About various vulnerabilities by examining at information security conferences and has t o numerous code examples and use cases presented at Black Hat, DEF CON, Troopers, M and Infiltrate. 🔑 How to choose the best algorithm or protocol o d and ask vendors the right questions e r n E n c r y p t i o n THE FINEST IN GEEK ENTERTAINMENT™ www.nostarch.com Price: $49.95 ($65.95 CDN) Aumasson Shelve In: ComPuterS/SeCurIty Jean-Philippe Aumasson Foreword by Matthew D. Green serious cryptography s e r i o u s C r y p t o g r a p h y a practical introduction to Modern encryption by Jean-Philippe Aumasson San Francisco SERIOUS CRYPTOGRAPHY. Copyright © 2018 by Jean-Philippe Aumasson. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed in USA Seventh printing 25 24 23 22 21 7 8 9 10 11 ISBN-10: 1-59327-826-8 ISBN-13: 978-1-59327-826-7 Publisher: William Pollock Production Editor: Laurel Chun Cover Illustration: Jonny Thomas Interior Design: Octopod Studios Developmental Editors: William Pollock, Jan Cash, and Annie Choi Technical Reviewers: Erik Tews and Samuel Neves Copyeditor: Barton D. Reed Compositor: Meg Sneeringer Proofreader: James Fraleigh For information on distribution, translations, or bulk sales, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 245 8th Street, San Francisco, CA 94103 phone: 1.415.863.9900; [email protected] www.nostarch.com Library of Congress Control Number: 2017940486 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. Brief Contents Foreword by Matthew D. Green ........................................xv Preface.........................................................xvii Abbreviations .................................................... xxi Chapter 1: Encryption ............................................... 1 Chapter 2: Randomness ............................................. 21 Chapter 3: Cryptographic Security...................................... 39 Chapter 4: Block Ciphers ............................................ 53 Chapter 5: Stream Ciphers ........................................... 77 Chapter 6: Hash Functions .......................................... 105 Chapter 7: Keyed Hashing .......................................... 127 Chapter 8: Authenticated Encryption ................................... 145 Chapter 9: Hard Problems .......................................... 163 Chapter 10: RSA................................................. 181 Chapter 11: Diffie–Hellman.......................................... 201 Chapter 12: Elliptic Curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Chapter 13: TLS.................................................. 235 Chapter 14: Quantum and Post-Quantum ................................ 251 Index ......................................................... 271 Contents in De tail Foreword by Matthew d. green xv preFace xvii This Book’s Approach...............................................xviii Who This Book Is For . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xviii How This Book Is Organized.......................................... xix Fundamentals.............................................. xix Symmetric Crypto ........................................... xix Asymmetric Crypto .......................................... xix Applications................................................xx Acknowledgments ..................................................xx abbreviations xxi 1 encryption 1 The Basics........................................................ 2 Classical Ciphers................................................... 2 The Caesar Cipher ........................................... 2 The Vigenère Cipher.......................................... 3 How Ciphers Work ................................................. 4 The Permutation ............................................. 4 The Mode of Operation........................................ 5 Why Classical Ciphers Are Insecure ............................... 6 Perfect Encryption: The One-Time Pad..................................... 7 Encrypting with the One-Time Pad................................. 7 Why Is the One-Time Pad Secure?................................. 8 Encryption Security.................................................. 9 Attack Models ............................................. 10 Security Goals ............................................. 12 Security Notions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Asymmetric Encryption .............................................. 15 When Ciphers Do More Than Encryption ................................. 16 Authenticated Encryption ...................................... 16 Format-Preserving Encryption ................................... 16 Fully Homomorphic Encryption .................................. 17 Searchable Encryption........................................ 17 Tweakable Encryption ........................................ 17 How Things Can Go Wrong.......................................... 18 Weak Cipher.............................................. 18 Wrong Model ............................................. 19 Further Reading................................................... 19 2 randoMness 21 Random or Non-Random?............................................ 22 Randomness as a Probability Distribution ................................. 22 Entropy: A Measure of Uncertainty...................................... 23 Random Number Generators (RNGs) and Pseudorandom Number Generators (PRNGs) ........................... 24 How PRNGs Work .......................................... 25 Security Concerns........................................... 26 The PRNG Fortuna .......................................... 26 Cryptographic vs. Non-Cryptographic PRNGs ....................... 27 The Uselessness of Statistical Tests................................ 29 Real-World PRNGs................................................. 29 Generating Random Bits in Unix-Based Systems ...................... 30 The CryptGenRandom() Function in Windows........................ 33 A Hardware-Based PRNG: RDRAND in Intel Microprocessors............. 34 How Things Can Go Wrong.......................................... 35 Poor Entropy Sources......................................... 35 Insufficient Entropy at Boot Time ................................. 35 Non-cryptographic PRNG ..................................... 36 Sampling Bug with Strong Randomness............................ 37 Further Reading................................................... 38 3 cryptographic security 39 Defining the Impossible.............................................. 40 Security in Theory: Informational Security........................... 40 Security in Practice: Computational Security......................... 40 Quantifying Security................................................ 42 Measuring Security in Bits ..................................... 42 Full Attack Cost............................................. 43 Choosing and Evaluating Security Levels ........................... 44 Achieving Security................................................. 46 Provable Security ........................................... 46 Heuristic Security ........................................... 48 Generating Keys .................................................. 49 Generating Symmetric Keys .................................... 49 Generating Asymmetric Keys ................................... 49 Protecting Keys............................................. 50 How Things Can Go Wrong.......................................... 51 Incorrect Security Proof ....................................... 52 Short Keys for Legacy Support .................................. 52 Further Reading................................................... 52 4 bLock ciphers 53 What Is a Block Cipher?............................................. 54 Security Goals ............................................. 54 Block Size ................................................ 54 The Codebook Attack ........................................ 55 viii Contents in Detail

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.