Название: Hacking Cryptography: Write, break, and fix real-world implementations
Автор: Kamran Khan, Bill Cox
Издательство: Manning Publications
Год: 2025
Страниц: 328
Язык: английский
Формат: epub
Размер: 16.4 MB

Learn how the good guys implement cryptography and how the bad guys exploit it.

Everything we do in the digital world is protected by cryptography. But when pure math and algorithms are implemented in code, vulnerabilities emerge and can be exploited by hackers and bad actors. Hacking Cryptography details dozens of practical cryptographic implementations and then breaks down the flaws that adversaries use to exploit them.

In Hacking Cryptography you’ll find unique guidance for understanding how cryptography has failed time and again, including:

• DUAL_EC_DRBG random number generation using backdoored constants
• Exploiting the RC4 stream cipher, as used in WEP
• Block ciphers for padding oracle attacks and manipulation of initialization-vectors
• Exploiting hash functions by using length extension and rainbow table attacks
• Implementing RSA key generation vulnerable to short private exponents and exploiting it using the Weiner attack
• Exploiting PKCS1.5 padding by using Bleichenbacher's signature-forgery attack

In Hacking Cryptography you’ll learn the common attack principles used against cryptographic security, and how to spot the implementation errors that make cryptography unsecure. Throughout, you’ll explore historical examples where popular cryptography has failed, such as the root key compromise for Sony PlayStation 3, and see what impact those failures have had on modern cryptography.

About the technology:

Even the strongest cryptographic systems in code and hardware leave cracks and vulnerabilities a would-be attacker can exploit. In this book, you’ll learn to write cryptographically secure code, sidestep common pitfalls, and assess new bugs and vulnerabilities as they are discovered.

About the book:

Hacking Cryptography helps you secure your systems by revealing the “lockpicks” bad actors use to break cryptographic security. It dives deep into each exploit, explaining complex concepts through real-world analogies, annotated examples, and pseudo-code—no advanced mathematical knowledge required. As you read, authors Kamran Khan and Bill Cox demystify opaque cryptography concepts and techniques so you’ll understand the “why” behind each best practice.

What's inside:

• Random number generator and backdoor constants
• RC4 encryption and WiFi security
• Rainbow tables for cracking hashed passwords
• Length extension and padding oracle exploits

About the reader:
For software and security engineers. Examples in Go.
If you’re going to be working on cryptography, this book will provide a whirlwind tour of how we got where we are today. The examples were painstakingly designed to highlight the important weaknesses in these areas. It is highly recommended that you run the examples from the accompanying repo while reading the relevant sections; readers who have done so have reported a deeper understanding of the book’s content.

About the author:
Kamran Khan is a software engineer with more than a decade of experience at Salesforce, Google, and Microsoft. Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google.

Contents:







ОТСУТСТВУЕТ ССЫЛКА/ НЕ РАБОЧАЯ ССЫЛКА ЕСТЬ РЕШЕНИЕ, ПИШЕМ СЮДА!