Beruflich Dokumente
Kultur Dokumente
Niels Ferguson
Bruce Schneier
Tadayoshi Kohno
WILEY
Wiley Publishing, Inc.
Contents
xxiii
xxiv
xxiv
xxvi
xxvii
xxix
Part 1
Introduction
Chapter 1
3
4
5
7
9
9
10
12
13
13
14
14
14
17
17
xiii
xiv
Contents
1.11
1.12
1.13
Chapter 2
Further Reading
Exercises for Professional Paranoia
1.12.1 Current Event Exercises
1.12.2 Security Review Exercises
General Exercises
18
18
19
20
21
Introduction to Cryptography
23
2.1
23
24
25
27
29
29
31
31
31
32
32
32
33
33
33
34
36
37
37
38
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.11
Encryption
2.1.1
Kerckhoffs' Principle
Authentication
Public-Key Encryption
Digital Signatures
PKI
Attacks
2.6.1
The Ciphertext-Only Model
2.6.2
The Known-Plaintext Model
2.6.3
The Chosen-Plaintext Model
2.6.4
The Chosen-Ciphertext Model
2.6.5
The Distinguishing Attack Goal
2.6.6
Other Types of Attack
Under the Hood
2.7.1
Birthday Attacks
2.7.2
Meet-in-the-Middle Attacks
Security Level
Performance
Complexity
Exercises
Part II
Message Security
41
Chapter 3
Block Ciphers
43
3.1
3.2
3.3
3.4
43
44
46
46
49
50
51
54
56
3.5
Contents
3.6
Chapter 4
4.4
4.5
4.6
4.7
4.8
4.9
Chapter 5
3.5.4
Twofish
3.5.5
Other AES Finalists
3.5.6
Which Block Cipher Should I Choose?
3.5.7
What Key Size Should I Use?
Exercises
Padding
ECB
CBC
Fixed IV
4.3.1
4.3.2
Counter IV
Random IV
4.3.3
4.3.4
Nonce-Generated IV
OFB
CTR
Combined Encryption and Authentication
Which Mode Should I Use?
Information Leakage
Chances of a Collision
4.8.1
How to Deal With Leakage
4.8.2
About Our Math
4.8.3
Exercises
57
58
59
60
61
63
64
65
65
66
66
66
67
68
70
71
71
72
73
74
75
75
Hash Functions
77
5.1
5.2
78
79
80
81
82
82
83
83
84
84
85
85
87
87
87
5.3
5.4
5.5
5.6
xvi
Contents
Chapter 6
Chapter 7
89
6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
89
90
91
93
94
95
95
97
7.2
7.3
7.4
7.5
7.6
Chapter 8
99
99
99
100
100
101
102
104
105
106
106
107
107
107
108
109
111
112
113
T15
8.1
116
117
118
119
119
120
120
121
122
8.2
8.3
Contents
8.4
8.5
8.6
8.7
8.3.3
Caches
8.3.4
Data Retention by Memory
8.3.5
Access by Others
Data Integrity
8.3.6
8.3.7
What to Do
Quality of Code
8.4.1
Simplicity
Modularization
8.4.2
8.4.3
Assertions
8.4.4
Buffer Overflows
Testing
8.4.5
Side-Channel Attacks
Beyond this Chapter
Exercises
124
125
127
127
128
128
129
129
130
131
131
132
133
133
Part III
Key Negotiation
135
Chapter 9
Generating Randomness
137
9.1
9.2
9.3
9.4
9.5
9.6
Real Random
Problems With Using Real Random Data
9.1.1
Pseudorandom Data
9.1.2
Real Random Data and PRNGS
9.1.3
Attack Models for a PRNG
Fortuna
The Generator
9.4.1
Initialization
9.4.2
Reseed
Generate Blocks
9.4.3
9.4.4
Generate Random Data
Generator Speed
9.4.5
Accumulator
9.5.1
Entropy Sources
9.5.2
Pools
Implementation Considerations
9.5.3
9.5.3.1 Distribution of Events Over Pools
9.5.3.2 Running Time of Event Passing
Initialization
9.5.4
9.5.5
Getting Random Data
Add an Event
9.5.6
Seed File Management
9.6.1
Write Seed File
138
139
140
140
141
142
143
145
145
146
146
147
147
147
148
150
150
151
152
153
154
155
156
xvii
xviii
Contents
9.7
9.8
9.6.2
Update Seed File
When to Read and Write the Seed File
9.6.3
9.6.4
Backups and Virtual Machines
Atomicity of File System Updates
9.6.5
First Boot
9.6.6
Choosing Random Elements
Exercises
Chapter 10 Primes
10.1 Divisibility and Primes
10.2 Generating Small Primes
10.3 Computations Modulo a Prime
10.3.1 Addition and Subtraction
10.3.2 Multiplication
10.3.3 Groups and Finite Fields
10.3.4 The GCD Algorithm
10.3.5 The Extended Euclidean Algorithm
10.3.6 Working Modulo 2
10.4 Large Primes
10.4.1 Primality Testing
10.4.2 Evaluating Powers
10.5 Exercises
Chapter 11
Groups
Basic DH
Man in the Middle
Pitfalls
Safe Primes
Using a Smaller Subgroup
The Size of p
Practical Rules
What Can Go Wrong?
Exercises
Introduction
The Chinese Remainder Theorem
12.2.1 Garner's Formula
12.2.2 Generalizations
12.2.3 Uses
12.2.4 Conclusion
Multiplication Modulo n
195
195
196
196
197
198
199
199
Chapter 12 RSA
12.1
12.2
12.3
163
163
166
167
168
169
169
170
171
172
173
176
178
179
181
182
183
184
185
186
187
188
190
191
193
Diffie-Hellman
11.1
11.2
11.3
11.4
11.5
11.6
11.7
11.8
11.9
11.10
156
157
157
158
158
159
161
Contents
12.4
RSA Defined
12.4.1 Digital Signatures with RSA
12.4.2 Public Exponents
12.4.3 The Private Key
12.4.4 The Size of n
12.4.5 Generating RSA Keys
Pitfalls Using RSA
Encryption
Signatures
Exercises
200
200
201
202
203
203
205
206
209
211
213
12.5
12.6
12.7
12.8
13.1
13.2
13.3
13.4
13.5
13.6
Roles
Trust
13.2.1 Risk
Incentive
Trust in Cryptographic Protocols
Messages and Steps
13.5.1 The Transport Layer
13.5.2 Protocol and Message Identity
13.5.3 Message Encoding and Parsing
13.5.4 Protocol Execution States
13.5.5 Errors
13.5.6 Replay and Retries
Exercises
213
214
215
215
217
218
219
219
220
221
221
223
225
227
227
228
229
230
231
232
233
235
235
236
236
238
238
239
240
xix
xx
Contents
14.11 A Gentle Warning
14.12 Key Negotiation from a Password
14.13 Exercises
Chapter 15 Implementation Issues (II)
15.1
15.2
15.3
15.4
15.5
Part IV
Key Management
16.2
16.3
16.4
16.5
16.6
16.7
16.8
241
241
241
243
243
245
248
248
249
249
249
250
251
252
253
253
255
255
257
259
259
259
260
260
260
261
262
262
262
263
264
265
266
267
267
269
270
270
Contents
17.3
17.4
17.5
Simpler Solutions
17.3.1 Secure Connection
17.3.2 Setting Up a Key
17.3.3 Rekeying
17.3.4 Other Properties
What to Choose
Exercises
271
272
272
272
273
273
274
275
18.1
18.2
275
276
276
276
276
277
277
277
277
278
279
280
280
18.3
18.4
18.5
Names
Authority
Trust
Indirect Authorization
Direct Authorization
Credential Systems
The Modified Dream
Revocation
19.8.1 Revocation List
19.8.2 Fast Expiration
19.8.3 Online Certificate Verification
19.8.4 Revocation Is Required
19.9 So What Is a PKI Good For?
19.10 What to Choose
19.11 Exercises
281
281
283
284
285
286
286
288
289
289
290
291
291
292
293
294
xxi
xxii
Contents
Chapter 20 PKI Practicalities
295
20.1
295
295
296
297
298
300
300
20.2
20.3
20.4
20.5
Certificate Format
20.1.1 Permission Language
20.1.2 The Root Key
The Life of a Key
Why Keys Wear Out
Going Further
Exercises
301
302
304
306
306
307
308
309
310
310
311
311
312
313
313
Miscellaneous
315
21.3
21.4
21.5
21.6
21.7
21.8
21.9
21.10
PartV
301
22.2
Standards
22.1.1 The Standards Process
22.1.1.1 The Standard
22.1.1.2 Functionality
22.1.1.3 Security
22.1.2 SSL
22.1.3 AES: Standardization by Competition
Patents
317
317
317
319
319
320
320
321
322
323
Bibliography
327
Index
339