What do you think?
Rate this book
Authentication: From Passwords to Public Keys by Richard E. Smith
One of the key problems of computer security is that of guaranteeing that an entity (person or system) really is who he, she, or it claims to be. Authentication procedures may be very trusting (as for "guest" accounts with limited capability), moderately strong (your bank requires both a physical card and a PIN before it will dispense money from an ATM), or nearly foolproof (biometric devices, which examine--to cite two examples--retina scans or fingerprints). Authentication: From Passwords to Public Keys examines the whole range of authentication options and offers advice on which one might be right for your security requirements, budget, and tolerance for user inconvenience. As the "public keys" part of the title implies, this book also deals with some aspects of encryption.
Rather than present a menagerie of security techniques and explain their strengths and weaknesses in an academic way, Richard Smith demonstrates the strength of protection mechanisms in the only way that counts--he shows how they can be defeated, and at what expenditure of effort. He's also made lists of attacks, complete with assessments of the popularity of each and the particular risk it poses, and a similar list of defenses. Margin notes refer to list entries by number, so it's easy to see what problems and solutions are covered in a given passage of text--though there's no index of references to attacks and defenses by number. --David Wall
Topics covered: How to defend computer systems, primarily through the application of identity-verification techniques. Those covered include passwords (including the randomly generated kind, and their hashes), authentication by machine address, biometric examination, smart cards, and RSA public-key cryptography.
Paperback
First published October 11, 2001
1 person is currently reading
26 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
May 28, 2015
This is an expansive survey of the field of authentication: from biometrics, to public key cryptosystems, to the various network authentication protocols in use today. The discussion is at a high level (although too terse at times), and helpful diagramatic representations of the various handshakes and negotiations guide the reader through the more complex protocols like RADIUS and Kerberos.
The writing at times is unclear and better writing overall would improve the book. It is also dated (from 2002, pre-NTLMv2).
The writing at times is unclear and better writing overall would improve the book. It is also dated (from 2002, pre-NTLMv2).
Displaying 1 of 1 review