Cryptography for Dummies

[Pages:341]This document was created by an unregistered ChmMagic, please go to to register it. Thanks.

. .Cryptography For Dummies

by Chey Cobb

ISBN:0764541889

John Wiley & Sons ? 2004

This guide to keeping your data safe offers the latest security techniques and advice on choosing and using cryptography products. It covers terminology, specific encryption technologies, pros and cons of different implementations, and more.

Table of Contents

Cryptography for Dummies Introduction Part I - Crypto Basics & What You Really Need to Know Chapter 1 - A Primer on Crypto Basics Chapter 2 - Major League Algorithms Chapter 3 - Deciding What You Really Need Chapter 4 - Locks and Keys Part II - Public Key Infrastructure Chapter 5 - The PKI Primer Chapter 6 - PKI Bits and Pieces Chapter 7 - All Keyed Up! Part III - Putting Encryption Technologies to Work for You Chapter 8 - Securing E-Mail from Prying Eyes Chapter 9 - File and Storage Strategies Chapter 10 - Authentication Systems Chapter 11 - Secure E-Commerce Chapter 12 - Virtual Private Network (VPN) Encryption Chapter 13 - Wireless Encryption Basics Part IV - The Part of Tens Chapter 14 - The Ten Best Encryption Web Sites Chapter 15 - The Ten Most Commonly Misunderstood Encryption Terms Chapter 16 - Cryptography Do's and Don'ts Chapter 17 - Ten Principles of "Cryptiquette" Chapter 18 - Ten Very Useful Encryption Products Part V - Appendixes Appendix A - Cryptographic Attacks Appendix B - Glossary Appendix C - Encryption Export Controls Index List of Figures List of Tables List of Sidebars

This document was created by an unregistered ChmMagic, please go to to register it. Thanks.

Back Cover Protect yourself and your business from online eavesdroppers--it's easier than you think! If you were hoping for a flame-throwing watch or flying a car, we're sorry--this isn't James Bond's equipment manual. Cryptography is a common-sense way to secure stuff on the Internet, and this friendly guidebook makes it easy to understand. Discover how you can protect information with keys, ciphers, PKIs, certificates, and more. Discover how to:

Analyze off-the-shelf encryption products Decide what type of security you need Create and manage keys Issue digital signatures and certificates Set up SSL for e-commerce Enable wireless encryption

About the Author Chey Cobb, CISSP, author of Network Security For Dummies was Chief Security Officer for a national Reconnaissance Office (NRO) overseas location. She is a nationally recognized computer security expert.

This document was created by an unregistered ChmMagic, please go to to register it. Tha.nks

Cryptography for Dummies

by Chey Cobb, CISSP

Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774

Copyright ? 2004 by Wiley Publishing, Inc., Indianapolis, Indiana

Published by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, e-mail: permcoordinator@.

Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, , and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Library of Congress Control Number: 2003105686

ISBN: 0764541889

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

1O/QY/QR/QU/IN

About the Author

Chey Ewertz Cobb, CISSP, began working in computer security in 1989. Since then she has managed her own computer security consulting company, Cobb Associates, working for such clients as Apple Computers and Sun Microsystems. She later worked for the government, creating a secure network at Cape Canaveral, assisting in the security at Patrick Air Force Base, and later as a technical security officer for the National Reconnaissance Office

This document was created by an unregistered ChmMagic, please go to to register it. Tha.nks

(NRO), which is more secretive than the NSA. During her work in security, she had the opportunity to evaluate and manage cryptosystems for private industry and the U.S. Intelligence Agencies. Chey now writes books on computer security (Computer Security Handbook, 4th Edition and Network Security For Dummies), writes articles for magazines, and speaks at computer security conferences.

Dedication To R. W. Ewertz, Jr. He was my role model and inspiration when things got tough. Acknowledgments First of all, let me thank Andrea Boucher and Melody Layne who saw me through thick and thin and never lost faith in me (at least they never let on that they did!). I enjoy working with them both, and any writer who has the opportunity to work with them should count himself/herself lucky! Secondly, I want to thank Dave Brussin, Ryan Upton, Josh Beneloh, Jon Callas, and Dave Del Torto for setting me on the correct path when my explanations strayed. Thanks so much for lending me your brainwork! Last, but not least, Stephen. My love, my life, and my everything. Publisher's Acknowledgments We're proud of this book; please send us your comments through our online registration form located at register/. Some of the people who helped bring this book to market include the following: Acquisitions, Editorial, and Media Development Project Editor: Andrea C. Boucher Acquisitions Editor: Melody Layne Technical Editor: Tim Crothers Editorial Manager: Carol Sheehan Media Development Manager: Laura VanWinkle Media Development Supervisor: Richard Graves Editorial Assistant: Amanda Foxworth Cartoons: Rich Tennant () Production Project Coordinator: Maridee Ennis Layout and Graphics: Joyce Haughey, Andrea Dahl, Stephanie D. Jumper, Jacque Schneider, Melanee Wolven Proofreaders: Andy Hollandbeck, Carl William Pierce, TECHBOOKS Production Services Indexer: TECHBOOKS Production Services Publishing and Editorial for Technology Dummies Richard Swadley, Vice President and Executive Group Publisher Andy Cummings, Vice President and Publisher Mary C. Corder, Editorial Director

This document was created by an unregistered ChmMagic, please go to to register it. Thanks

.

Publishing for Consumer Dummies Diane Graves Steele, Vice President and Publisher Joyce Pepple, Acquisitions Director Composition Services Gerry Fahey, Vice President of Production Services Debbie Stailey, Director of Composition Services

This document was created by an unregistered ChmMagic, please go to to register it. Thanks.

Introduction

Overview

Congratulations! You've successfully navigated through the gazillion computer books on the bookstore shelves and finally found just what you were looking for -- a book on cryptography that you can read and actually understand! Just thumb through some of the chapters here and you'll soon realize that you don't need a degree in advanced mathematics, nor do you need to be the world's biggest brainiac to understand this stuff. If you have a basic understanding of computers and networking, and you have an interest in increasing your data and communications security, then this is just the book for you.

What I'm talking about here is cryptography -- you know, crypto, geek talk, secret coding, cypherpunk'n. If you have heard of the word cryptography, you'll know that it is one of those subjects that many people are aware of, but very few people can actually tell you what it's all about. Frankly, just the mention of the word cryptography scares the heck out of people -- even experienced network administrators! And to be honest, a lot of the books on the subject are more suited as college textbooks than business "how-to" guides or intros to the subject, and have contributed to the atmosphere of FUD -- fear, uncertainty, and doubt -- about cryptography. Yep, the subject can be scary as all get-out.

So, how do you decide whether or not you should use cryptography? I'll help you answer that question with questions and checklists. Before you go on to that chapter, however, there are many situations in which cryptography could or should be used. Here's a preview of some situations:

Your company relies heavily upon its trade secrets to gain a competitive edge over your competitors. If an unauthorized person got access to those trade secrets, it could spell disaster for your entire company.

You work in the health care industry and are required by the HIPAA legislation to protect personal information. You get notice from a federal authority that your protection methods are about to be scrutinized because there have been complaints about the way you have handled personal information.

You're an attorney who has been charged with prosecuting someone guilty of war crimes, drug trafficking, or any situation where witnesses and evidence need to be fiercely protected. Obviously, you wouldn't want your evidence or your witnesses compromised.

Cryptography is a complex subject, I won't kid you there, but it could definitely save a lot of headaches if it were used in any of the situations mentioned above. Additionally, adding cryptography to your security doesn't necessarily have to be expensive or impossible to understand. That's why I wrote this book. I'm here to take the fear out of the equation and to help you get it right the first go-round. After you read through a few sections of this book, you'll be spouting the jargon like a true techno-geek and you'll even be able to understand what you're talking about.

I'll give you some advance warning, though: You'll be seeing a lot of information about keys in this book because (and excuse the clich?) the key to cryptography is the keys. That is perhaps the most confusing thing about cryptography -- that the word "key" can be used to mean more than one thing. I wish I could change the terminology so it wouldn't get so confusing, but I have to consider the real world, too. The terminology used in this book is based on what you are really likely to encounter.

This document was created by an unregistered ChmMagic, please go to to register it. Thanks.

About This Book

As I just mentioned, the subject matter covered in this book is what you are most likely to encounter in real life. That means that you can obtain enough information here to help you make decisions on cryptography: Is it right for you? What type of programs should you use? How do you set things up appropriately? After you have installed your chosen system, you can always refer back to this book to refresh your memory as need be. Every time I introduce a new concept, I start out with really basic explanations with some analogies to help you get the idea and then, as the chapter progresses, I explain things in more detail. I promise not to get to the uber-geek level of detail on any particular subject because I certainly haven't intended for the book to act as a substitute for a sedative.

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download