Practical Cryptography in Python: Learning Correct Cryptography by Example

Nielson, Seth James, Monson, Christopher K.

買這商品的人也買了...

商品描述

Develop a greater intuition for the proper use of cryptography. This book teaches the basics of writing cryptographic algorithms in Python, demystifies cryptographic internals, and demonstrates common ways cryptography is used incorrectly.

Cryptography is the life blood of the digital world's security infrastructure. From governments around the world to the average consumer, most communications are protected in some form or another by cryptography. These days, even Google searches are encrypted. Despite its ubiquity, cryptography is easy to misconfigure, misuse, and misunderstand.

Developers building cryptographic operations into their applications are not typically experts in the subject, and may not fully grasp the implication of different algorithms, modes, and other parameters. The concepts in this book are largely taught by example, including incorrect uses of cryptography and how "bad" cryptography can be broken. By digging into the guts of cryptography, you can experience what works, what doesn't, and why.

 

What You'll Learn

  •  
  • Understand where cryptography is used, why, and how it gets misused
  • Know what secure hashing is used for and its basic properties
  • Get up to speed on algorithms and modes for block ciphers such as AES, and see how bad configurations break
  • Use message integrity and/or digital signatures to protect messages
  • Utilize modern symmetric ciphers such as AES-GCM and CHACHA
  • Practice the basics of public key cryptography, including ECDSA signatures
  • Discover how RSA encryption can be broken if insecure padding is used
  • Employ TLS connections for secure communications
  • Find out how certificates work and modern improvements such as certificate pinning and certificate transparency (CT) logs

 

 

 

 

 

 

 

 

 

 

Who This Book Is For

IT administrators and software developers familiar with Python. Although readers may have some knowledge of cryptography, the book assumes that the reader is starting from scratch.

商品描述(中文翻譯)

開發對密碼學的正確使用有更深入的直覺。本書教授使用Python編寫密碼算法的基礎知識,揭示密碼學的內部運作,並展示常見的密碼學錯誤使用方式。

密碼學是數字世界安全基礎設施的命脈。從世界各國的政府到普通消費者,大多數通訊都以某種形式受到密碼學的保護。如今,甚至連Google搜索都是加密的。儘管密碼學無所不在,但易於配置錯誤、誤用和誤解。

將密碼學操作集成到應用程序中的開發人員通常不是該領域的專家,可能無法完全理解不同算法、模式和其他參數的影響。本書的概念主要通過示例教授,包括錯誤使用密碼學以及“糟糕”的密碼學如何被破解。通過深入研究密碼學的內部運作,您可以體驗到什麼有效,什麼無效以及原因。

您將學到什麼:

- 理解密碼學的使用場景、原因以及誤用情況
- 了解安全哈希的用途及其基本特性
- 熟悉用於區塊加密的算法和模式,如AES,並了解糟糕的配置如何破解
- 使用消息完整性和/或數字簽名保護消息
- 使用現代對稱加密算法,如AES-GCM和CHACHA
- 學習公鑰密碼學的基礎知識,包括ECDSA簽名
- 發現如果使用不安全的填充,RSA加密如何被破解
- 使用TLS連接進行安全通信
- 了解證書的工作原理以及證書固定和證書透明性(CT)日誌等現代改進方法

本書適合對Python熟悉的IT管理員和軟件開發人員。儘管讀者可能對密碼學有一些了解,但本書假設讀者從零開始學習。

作者簡介

Dr. Seth James Nielson is the founder and chief scientist of Crimson Vista, Inc., a boutique computer security consulting company. He is also the director of advanced research projects at the Johns Hopkins University Information Security Institute where he teaches courses in network security. At Johns Hopkins, he has been working on developing the cryptodoneright.org knowledge base, through a generous grant from Cisco. In working on this project, he came to better understand the knowledge gap between cryptographers and developers. He believes that this book can make a real difference in how cryptography is used and deployed in cyberspace.

Dr. Chris Monson has a PhD in machine learning, has spent over a decade at Google in various engineering and leadership roles, and is currently the director of machine learning at Data Machines Corp. He has broad experience writing and teaching programming courses in multiple languages, and has worked in document password recovery, malware detection, and large-scale secure computing.

作者簡介(中文翻譯)

Dr. Seth James Nielson 是Crimson Vista, Inc.的創始人和首席科學家,該公司是一家精品計算機安全咨詢公司。他還是約翰霍普金斯大學信息安全研究所的高級研究項目主任,教授網絡安全課程。在約翰霍普金斯大學,他一直致力於開發cryptodoneright.org知識庫,該項目得到了思科的慷慨資助。在進行這個項目的過程中,他更好地理解了密碼學家和開發人員之間的知識差距。他相信這本書可以在網絡空間中使用和部署密碼學方面產生真正的影響。

Dr. Chris Monson 擁有機器學習博士學位,在谷歌擔任各種工程和領導職位已有十多年的時間,目前是Data Machines Corp的機器學習主任。他在多種語言中寫作和教授編程課程方面具有廣泛的經驗,並在文檔密碼恢復、惡意軟件檢測和大規模安全計算方面工作過。