Learn how the good guys implement cryptography and how the bad guys exploit it.
Everything we do in the digital world is protected by cryptography. But when pure math and algorithms are implemented in code, vulnerabilities emerge and can be exploited by hackers and bad actors. Hacking Cryptography details dozens of practical cryptographic implementations and then breaks down the flaws that adversaries use to exploit them.
In Hacking Cryptography you’ll find unique guidance for understanding how cryptography has failed time and again, including:
• DUAL_EC_DRBG random number generation using backdoored constants
• Exploiting the RC4 stream cipher, as used in WEP
• Block ciphers for padding oracle attacks and manipulation of initialization-vectors
• Exploiting hash functions by using length extension and rainbow table attacks
• Implementing RSA key generation vulnerable to short private exponents and exploiting it using the Weiner attack
• Exploiting PKCS1.5 padding by using Bleichenbacher's signature-forgery attack
In Hacking Cryptography you’ll learn the common attack principles used against cryptographic security, and how to spot the implementation errors that make cryptography unsecure. Throughout, you’ll explore historical examples where popular cryptography has failed, such as the root key compromise for Sony PlayStation 3, and see what impact those failures have had on modern cryptography.
Purchase of the print book includes a free eBook in PDF and ePub formats from Manning Publications.
About the technology
Even the strongest cryptographic systems in code and hardware leave cracks and vulnerabilities a would-be attacker can exploit. In this book, you’ll learn to write cryptographically secure code, sidestep common pitfalls, and assess new bugs and vulnerabilities as they are discovered.
About the book
Hacking Cryptography helps you secure your systems by revealing the “lockpicks” bad actors use to break cryptographic security. It dives deep into each exploit, explaining complex concepts through real-world analogies, annotated examples, and pseudo-code—no advanced mathematical knowledge required. As you read, authors Kamran Khan and Bill Cox demystify opaque cryptography concepts and techniques so you’ll understand the “why” behind each best practice.
What's inside
• Random number generator and backdoor constants
• RC4 encryption and WiFi security
• Rainbow tables for cracking hashed passwords
• Length extension and padding oracle exploits
About the reader
For software and security engineers. Examples in Go.
About the author
Kamran Khan is a software engineer with more than a decade of experience at Salesforce, Google, and Microsoft. Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google.
Table of Contents
1 Introduction
2 Random number generators
3 Implementing and exploiting RNGs
4 Stream ciphers
5 Block ciphers
6 Hash functions
7 Message authentication codes
8 Public-key cryptography
9 Digital signatures
10 Guidelines and common pitfalls for cryptographic implementations
About The Author
Kamran Khan is a software engineer with more than a decade of experience in the security industry. He currently works as a Software Engineering Architect at Salesforce, and his previous roles have included Google and Microsoft. He has worked in a variety of areas related to security engineering, including large-scale distributed services, embedded devices intended for multi-factor authentication, and cryptographically verifiable elections.
Bill Cox is a software engineer with nearly forty years of experience in securing hardware and software. He conducts the crypto-writing workshop at Google and loves teaching engineers the fundamentals of writing secure code.
Ebook License
End-User Warranty And License Agreement
1. Grant Of License
Manning Has Authorized The Download By You Of An Unrestricted Number Of Copies Of The Electronic Book (Ebook) In Any Of The Available Formats. Manning Grants You A Nonexclusive, Nontransferable License To Use The Ebook According To The Terms And Conditions Herein. This License Agreement Permits You To Install The Ebook On Any And All Your Devices For Your Personal Use Only.
2. Restrictions
You Shall Not: (1) Share, Resell, Rent, Assign, Timeshare, Distribute, Or Transfer All Or Part Of The Ebook Or Any Rights Granted Hereunder To Any Other Person; (2) Duplicate The Ebook, Except For A Single Backup Or Archival Copy; (3) Remove Any Proprietary Notices, Labels, Or Marks From The Ebook; (4) Transfer Or Sublicense Title To The Ebook To Any Other Party.
3. Intellectual Property Protection
The Ebook Is Owned By Manning And Is Protected By United States And International Copyright And Other Intellectual Property Laws. Manning Reserves All Rights In The Ebook Not Expressly Granted Herein. This License And Your Right To Use The Ebook Terminate Automatically If You Violate Any Part Of This Agreement. In The Event Of Termination, You Must Remove The Original And Any Copies Of The Ebook From All Your Devices.
4. Source Code Supplementary Material
Any Source Code Files Provided As A Supplement To The Book Are Freely Available To The Public For Download. Reuse Of The Code Is Permitted, In Whole Or In Part, Including The Creation Of Derivative Works, Provided That You Acknowledge That You Are Using It And Identify The Source: Title, Publisher And Year.
5. Limited Warranty
Manning Warrants That The Ebook Files, A Copy Of Which You Are Authorized To Download, Are Free From Defects In The Operational Sense That They Can Be Read By A Pdf Reader Or Epub Reader, Or Other. Except For This Express Limited Warranty, Manning Makes And You Receive No Warranties, Express, Implied, Statutory Or In Any Communication With You, And Manning Specifically Disclaims Any Other Warranty Including The Implied Warranty Of Merchantability Or Fitness Or A Particular Purpose. Manning Does Not Warrant That The Operation Of The Ebook Will Be Uninterrupted Or Error Free. If The Ebook Was Purchased In The United States, The Above Exclusions May Not Apply To You As Some States Do Not Allow The Exclusion Of Implied Warranties. In Addition To The Above Warranty Rights, You May Also Have Other Rights That Vary From State To State.
6. Limitation Of Liability
In No Event Will Manning Be Liable For Any Damages, Whether Arising For Tort Or Contract, Including Loss Of Data, Lost Profits, Or Other Special, Incidental, Consequential, Or Indirect Damages Arising Out Of The Use Or Inability To Use The Ebook.
7. General
This Agreement Constitutes The Entire Agreement Between You And Manning And Supersedes Any Prior Agreement Concerning The Ebook. This Agreement Is Governed By The Laws Of The State Of New York
