Hacking Cryptography: Write, Break, and Fix Real-World Implementations
暫譯: 破解密碼學:撰寫、破解與修正實際應用程式
Khan, Kamran, Cox, Bill
相關主題
商品描述
Learn how the good guys implement cryptography and how the bad guys exploit it. In Hacking Cryptography you'll find unique guidance for creating strong cryptography that can withstand attempts to exploit it including: - DUAL_EC_DRBG random number generator using Go's elliptic curve library
- Exploiting the RC4 stream cipher, as used in WEP
- Block ciphers for padding oracle attacks and manipulation of initialization-vectors
- Exploiting hash functions by using extension and rainbow table attacks
- Implementing RSA key generation using the Miller-Rabin primality test and exploiting it using the Weiner attack
- Exploiting PKCS1.5 padding by using Bleichenbacher's chosen-ciphertext attack
- Implementing Diffie-Hellman Key Exchange and breaking it using a MITM parameter injection attack Theoretically strong cryptography often becomes vulnerable to exploitation as soon as it's built into real applications and networks. Hacking Cryptography details dozens of practical cryptographic implementations and then breaks down the flaws that adversaries use to exploit them. You'll learn just what it takes to write cryptographically secure code, build an intuition for spotting potential vulnerabilities, and master techniques to avoid the pitfalls that leave your systems at risk. Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications. About the technology Everything we do in the digital world is protected by cryptography. It is the final and most reliable defense of our data, and it is often impossible to break in its pure mathematical form. Unfortunately, life is different outside the lab. Implementing cryptography in code and hardware is never perfect, and any crack is an invitation for a would-be attacker's exploitation. About the book Hacking Cryptography builds your understanding of cryptography by revealing the "lockpicks" that bad actors use to exploit security protocols, firewalls, and other cryptography-based protection schemes. The book dives deep into each cryptographic exploit, explaining complex concepts in detail through real-world analogies, code annotations, and pseudo-code. You'll explore historical examples where popular cryptography has failed, such as the breaking of the WEP protocol, and see what impact those failures have had on modern cryptography. About the reader For software and security engineers. No advanced mathematical knowledge required. Examples in Go. About the author Kamran Khan is a software engineer with more than a decade of experience in the security industry. He currently works as a Software Engineering Architect at Salesforce, and his previous roles have included Google and Microsoft. He has worked in a variety of areas related to security engineering, including large-scale distributed services, embedded devices intended for multi-factor authentication, and cryptographically verifiable elections. Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google and loves teaching engineers the fundamentals of writing secure code.
- Exploiting the RC4 stream cipher, as used in WEP
- Block ciphers for padding oracle attacks and manipulation of initialization-vectors
- Exploiting hash functions by using extension and rainbow table attacks
- Implementing RSA key generation using the Miller-Rabin primality test and exploiting it using the Weiner attack
- Exploiting PKCS1.5 padding by using Bleichenbacher's chosen-ciphertext attack
- Implementing Diffie-Hellman Key Exchange and breaking it using a MITM parameter injection attack Theoretically strong cryptography often becomes vulnerable to exploitation as soon as it's built into real applications and networks. Hacking Cryptography details dozens of practical cryptographic implementations and then breaks down the flaws that adversaries use to exploit them. You'll learn just what it takes to write cryptographically secure code, build an intuition for spotting potential vulnerabilities, and master techniques to avoid the pitfalls that leave your systems at risk. Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications. About the technology Everything we do in the digital world is protected by cryptography. It is the final and most reliable defense of our data, and it is often impossible to break in its pure mathematical form. Unfortunately, life is different outside the lab. Implementing cryptography in code and hardware is never perfect, and any crack is an invitation for a would-be attacker's exploitation. About the book Hacking Cryptography builds your understanding of cryptography by revealing the "lockpicks" that bad actors use to exploit security protocols, firewalls, and other cryptography-based protection schemes. The book dives deep into each cryptographic exploit, explaining complex concepts in detail through real-world analogies, code annotations, and pseudo-code. You'll explore historical examples where popular cryptography has failed, such as the breaking of the WEP protocol, and see what impact those failures have had on modern cryptography. About the reader For software and security engineers. No advanced mathematical knowledge required. Examples in Go. About the author Kamran Khan is a software engineer with more than a decade of experience in the security industry. He currently works as a Software Engineering Architect at Salesforce, and his previous roles have included Google and Microsoft. He has worked in a variety of areas related to security engineering, including large-scale distributed services, embedded devices intended for multi-factor authentication, and cryptographically verifiable elections. Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google and loves teaching engineers the fundamentals of writing secure code.
商品描述(中文翻譯)
了解好人如何實施密碼學,以及壞人如何利用它。
在Hacking Cryptography中,您將找到創建強大密碼學的獨特指導,這些密碼學能夠抵禦利用嘗試,包括: - 使用Go的橢圓曲線庫的DUAL_EC_DRBG隨機數生成器- 利用WEP中使用的RC4流加密
- 用於填充Oracle攻擊和初始化向量操作的區塊加密
- 通過擴展和彩虹表攻擊利用哈希函數
- 使用Miller-Rabin質數測試實現RSA密鑰生成,並通過Weiner攻擊利用它
- 通過使用Bleichenbacher的選擇密文攻擊利用PKCS1.5填充
- 實現Diffie-Hellman密鑰交換,並通過MITM參數注入攻擊破解它 理論上強大的密碼學在實際應用和網絡中構建後,往往會變得容易受到利用。Hacking Cryptography詳細介紹了數十種實用的密碼學實現,然後分析對手用來利用它們的缺陷。您將學到編寫密碼學安全代碼所需的所有知識,培養識別潛在漏洞的直覺,並掌握避免使系統面臨風險的陷阱的技術。 購買印刷書籍包括來自Manning Publications的免費PDF和ePub格式電子書。 關於技術 我們在數位世界中所做的一切都受到密碼學的保護。它是我們數據的最終和最可靠的防禦,並且在其純數學形式下通常無法被破解。不幸的是,實際情況在實驗室之外是不同的。在代碼和硬體中實施密碼學從來不是完美的,任何漏洞都是潛在攻擊者利用的邀請。 關於本書 Hacking Cryptography通過揭示壞人用來利用安全協議、防火牆和其他基於密碼學的保護方案的“撬鎖工具”,來增強您對密碼學的理解。該書深入探討每一個密碼學漏洞,通過現實世界的類比、代碼註釋和偽代碼詳細解釋複雜的概念。您將探索流行密碼學失敗的歷史例子,例如WEP協議的破解,並了解這些失敗對現代密碼學的影響。 關於讀者 針對軟體和安全工程師。不需要高級數學知識。示例使用Go。 關於作者 Kamran Khan是一位擁有十多年安全行業經驗的軟體工程師。他目前在Salesforce擔任軟體工程架構師,之前的職位包括Google和Microsoft。他在與安全工程相關的各個領域工作過,包括大規模分佈式服務、用於多因素身份驗證的嵌入式設備以及可進行密碼學驗證的選舉。 Bill Cox是一位擁有近四十年硬體和軟體安全經驗的軟體工程師。他在Google舉辦密碼寫作工作坊,並熱愛教導工程師編寫安全代碼的基本原則。
作者簡介
Kamran Khan is a software engineer with more than a decade of experience in the security industry. He currently works as a Software Engineering Architect at Salesforce, and his previous roles have included Google and Microsoft. He has worked in a variety of areas related to security engineering, including large-scale distributed services, embedded devices intended for multi-factor authentication, and cryptographically verifiable elections. Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google and loves teaching engineers the fundamentals of writing secure code.
作者簡介(中文翻譯)
Kamran Khan 是一位擁有超過十年安全產業經驗的軟體工程師。他目前在 Salesforce 擔任軟體工程架構師,之前曾在 Google 和 Microsoft 工作。他在與安全工程相關的多個領域工作過,包括大規模分散式服務、用於多因素身份驗證的嵌入式設備,以及可加密驗證的選舉。
Bill Cox 是一位擁有近四十年硬體和軟體安全經驗的軟體工程師。他在 Google 主辦加密寫作工作坊,並熱愛教導工程師撰寫安全程式碼的基本原則。
