Practical Cryptography in Python (eBook)
XV, 371 Seiten
Apress (Verlag)
978-1-4842-4900-0 (ISBN)
Develop a greater intuition for the proper use of cryptography. This book teaches the basics of writing cryptographic algorithms in Python, demystifies cryptographic internals, and demonstrates common ways cryptography is used incorrectly.
Cryptography is the lifeblood of the digital world's security infrastructure. From governments around the world to the average consumer, most communications are protected in some form or another by cryptography. These days, even Google searches are encrypted. Despite its ubiquity, cryptography is easy to misconfigure, misuse, and misunderstand.
Developers building cryptographic operations into their applications are not typically experts in the subject, and may not fully grasp the implication of different algorithms, modes, and other parameters. The concepts in this book are largely taught by example, including incorrect uses of cryptography and how 'bad' cryptography can be broken. By digging into the guts of cryptography, you can experience what works, what doesn't, and why.
What You'll Learn
- Understand where cryptography is used, why, and how it gets misused
- Know what secure hashing is used for and its basic properties
- Get up to speed on algorithms and modes for block ciphers such as AES, and see how bad configurations break
- Use message integrity and/or digital signatures to protect messages
- Utilize modern symmetric ciphers such as AES-GCM and CHACHA
- Practice the basics of public key cryptography, including ECDSA signatures
- Discover how RSA encryption can be broken if insecure padding is used
- Employ TLS connections for secure communications
- Find out how certificates work and modern improvements such as certificate pinning and certificate transparency (CT) logs
Who This Book Is For
IT administrators and software developers familiar with Python. Although readers may have some knowledge of cryptography, the book assumes that the reader is starting from scratch.
Dr. Seth James Nielson is the founder and chief scientist of Crimson Vista, Inc., a boutique computer security research and consulting company. He is also an adjunct professor at Johns Hopkins University where he teaches network security and has also served as the director of advanced research projects at the Information Security Institute. As part of his Hopkins work, he co-founded the cryptodoneright.org knowledge base, through a generous grant from Cisco.
Christopher K. Monson has a PhD in machine learning, and has spent over a decade at Google in various engineering, machine learning, and leadership roles. He has broad experience writing and teaching programming courses in multiple languages, and has worked in document password recovery, malware detection, and large-scale secure computing. He is currently serving as the chief technology officer at Data Machines Corp. and teaches cloud computing security as a lecturer at the Johns Hopkins University Information Security Institute.
Develop a greater intuition for the proper use of cryptography. This book teaches the basics of writing cryptographic algorithms in Python, demystifies cryptographic internals, and demonstrates common ways cryptography is used incorrectly.Cryptography is the lifeblood of the digital world s security infrastructure. From governments around the world to the average consumer, most communications are protected in some form or another by cryptography. These days, even Google searches are encrypted. Despite its ubiquity, cryptography is easy to misconfigure, misuse, and misunderstand.Developers building cryptographic operations into their applications are not typically experts in the subject, and may not fully grasp the implication of different algorithms, modes, and other parameters. The concepts in this book are largely taught by example, including incorrect uses of cryptography and how "e;bad"e; cryptography can be broken. By digging into the guts of cryptography, you can experience what works, what doesn't, and why.What You ll LearnUnderstand where cryptography is used, why, and how it gets misusedKnow what secure hashing is used for and its basic propertiesGet up to speed on algorithms and modes for block ciphers such as AES, and see how bad configurations breakUse message integrity and/or digital signatures to protect messagesUtilize modern symmetric ciphers such as AES-GCM and CHACHAPractice the basics of public key cryptography, including ECDSA signaturesDiscover how RSA encryption can be broken if insecure padding is usedEmploy TLS connections for secure communicationsFind out how certificates work and modern improvements such as certificate pinning and certificate transparency (CT) logsWho This Book Is ForIT administrators and software developers familiar with Python. Although readers may have some knowledge of cryptography, the book assumes that the reader is starting from scratch.
Table of Contents 5
About the Authors 10
About the Technical Reviewer 11
Introduction 12
Chapter 1: Cryptography: More Than Secrecy 13
Setting Up Your Python Environment 13
Caesar’s Shifty Cipher 15
A Gentle Introduction to Cryptography 24
Uses of Cryptography 25
What Could Go Wrong? 26
YANAC: You Are Not A Cryptographer 27
“Jump Off This Cliff”—The Internet 28
The cryptodoneright.org Project 29
Enough Talk, Let’s Sum Up 30
Onward 31
Chapter 2: Hashing 32
Hash Liberally with hashlib 32
Making a Hash of Education 36
Preimage Resistance 38
Byte into Some Non-negative Integers 40
How Hard a Hash! 43
Second-Preimage and Collision Resistance 44
Second-Preimage Resistance 44
Collision Resistance 44
Digestible Hash 47
Pass Hashwords...Er...Hash Passwords 50
Pick Perfect Parameters 55
Cracking Weak Passwords 56
Proof of Work 59
Time to Rehash 63
Chapter 3: Symmetric Encryption: Two Sides, One Key 64
Let’s Scramble! 64
What Is Encryption, Really? 68
AES: A Symmetric Block Cipher 69
ECB Is Not for Me 71
Wanted: Spontaneous Independence 81
Not That Blockchain 82
Proper Padding 86
A Key to Hygienic IVs 93
Cross the Streams 97
Key and IV Management 102
Exploiting Malleability 107
Gaze into the Padding 110
Weak Keys, Bad Management 118
Other Encryption Algorithms 120
finalize() 120
Chapter 4: Asymmetric Encryption: Public/Private Keys 122
A Tale of Two Keys 122
Getting Keyed Up 123
RSA Done Wrong: Part One 125
Stuffing the Outbox 133
What Makes Asymmetric Encryption Different? 137
Pass the Padding 139
Deterministic Outputs 140
Chosen Ciphertext Attack 142
Common Modulus Attack 146
The Proof Is in the Padding 149
Exploiting RSA Encryption with PKCS #1 v1.5 Padding 153
Step 1: Blinding 159
Step 2: Searching for PKCS-Conforming Messages 161
Step 3: Narrowing the Set of Solutions 167
Step 4: Computing the Solution 169
Additional Notes About RSA 171
Key Management 172
Algorithm Parameters 173
Quantum Cryptography 173
Really Short Addendum 174
Chapter 5: Message Integrity, Signatures, and Certificates 175
An Overly Simplistic Message Authentication Code (MAC) 175
MAC, HMAC, and CBC-MAC 178
HMAC 179
CBC-MAC 184
Encrypting and MACing 191
Digital Signatures: Authentication and Integrity 193
Elliptic Curves: An Alternative to RSA 203
Certificates: Proving Ownership of Public Keys 205
Certificates and Trust 218
Revocation and Private Key Protection 220
Replay Attacks 220
Summarize-Then-MAC 222
Chapter 6: Combining Asymmetric and Symmetric Algorithms 223
Exchange AES Keys with RSA 223
Asymmetric and Symmetric: Like Chocolate and Peanut Butter 227
Measuring RSA’s Relative Performance 228
Diffie-Hellman and Key Agreement 237
Diffie-Hellman and Forward Secrecy 243
Challenge-Response Protocols 250
Common Problems 252
An Unfortunate Example of Asymmetric and Symmetric Harmony 254
That’s a Wrap 258
Chapter 7: More Symmetric Crypto: Authenticated Encryption and Kerberos 259
AES-GCM 259
AES-GCM Details and Nuances 264
Other AEAD Algorithms 268
Working the Network 270
An Introduction to Kerberos 278
Additional Data 301
Chapter 8: TLS Communications 303
Intercepting Traffic 303
Digital Identities: X.509 Certificates 309
X.509 Fields 309
Certificate Signing Requests 312
Generate a Key 313
Create a CSR from a Key 314
Signing a CSR to Produce a Certificate 316
Creating Keys, CSRs, and Certificates in Python 325
An Overview of TLS 1.2 and 1.3 330
The Introductory “Hellos” 332
Client Authentication 336
Deriving Session Keys 337
Switching to the New Cipher 340
Deriving Keys and Bulk Data Transfer 341
TLS 1.3 347
Certificate Verification and Trusting Trust 349
Certificate Revocation 350
Untrustworthy Roots, Pinning, and Certificate Transparency 351
Known Attacks Against TLS 354
POODLE 354
FREAK and Logjam 355
Sweet32 356
ROBOT 357
CRIME, TIME, and BREACH 357
Heartbleed 358
Using OpenSSL with Python for TLS 358
The End of the Beginning 369
Bibliography 370
Index 372
Erscheint lt. Verlag | 27.9.2019 |
---|---|
Zusatzinfo | XV, 371 p. 39 illus. |
Sprache | englisch |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Mathematik / Informatik ► Informatik ► Programmiersprachen / -werkzeuge | |
Schlagworte | authentication • Certificates • cryptography • Digital Signatures • Encryption • Hashing • Message integrity • Public Key Cryptography • Python • security • TLS |
ISBN-10 | 1-4842-4900-3 / 1484249003 |
ISBN-13 | 978-1-4842-4900-0 / 9781484249000 |
Haben Sie eine Frage zum Produkt? |
Größe: 6,1 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich