Secrets and Lies: Digital Security in a Networked World

摘要: From the Book: I have written this book partly to correct a mistake. Seven years ago I wrote another book: Applied Cryptography. In it, described mathematical utopia: algorithms that would keep your deepest secrets safe for millennia, protocols could perform most fantastical electronic interactions-unregulated gambling, undetectable authentication, anonymous cash-safely and securely. my vision cryptography was great technological equalizer; anyone with cheap (and getting cheaper every year) computer same security as largest government. second edition of book, two later, went so far write: "It is insufficient protect ourselves laws; we need mathematics." It's just not true. Cryptography can't do any that. It's has gotten weaker since 1994, or things in are no longer true; it's doesn't exist vacuum. Cryptography branch mathematics. And like all mathematics, it involves numbers, equations, logic. Security, palpable you might find useful our lives, people: people know, relationships between people, how they relate machines. Digital computers: complex, unstable, buggy computers. Mathematics perfect; reality subjective. Mathematics defined; computers ornery. logical; erratic, capricious, barely comprehensible. The error didn't talk at about context. talked if were The Answer. pretty naive. Theresult wasn't pretty. Readers believed kind magic dust sprinkle over their software make secure. That invoke spells "128-bit key" "public-key infrastructure." A colleague once told me world full bad systems designed by who read Cryptography. Since writing made living consultant: designing analyzing systems. To initial surprise, found weak points had nothing They hardware, software, networks, people. Beautiful pieces mathematics irrelevant through programming, lousy operating system, someone's password choice. learned look beyond cryptography, entire weaknesses. started repeating couple sentiments you'll throughout "Security chain; only secure weakest link." process, product." Any real-world system complicated series interconnections. Security must permeate system: its components connections. argue modern many connections-some them even known systems' designers, implementers, users-that insecurities always remain. No technology Answer. This obvious involved security. real world, processes. It preventative technologies, but also detection reaction processes, an forensics hunt down prosecute guilty. product; itself process. we're ever going digital secure, start building processes. A few heard quotation, am modify here: If think can solve problems, then don't understand problems technology. This those limitations technology, solutions. Read order, from beginning end. No, really. Many technical books meant skim, bounce around in, use reference. This isn't. plot; tells story. good story, makes less sense telling out order. chapters build on each other, won't buy ending haven't come along journey. Actually, want once, time. argues order system-and particular technologies. interconnected helps cursory knowledge everything before learning more anything. But readings probably too much ask; forget mentioned it. This three parts. Part 1 "The Landscape," gives context rest attackers are, what want, deal threats. 2 "Technologies," basically bunch describing different technologies limitations. 3 "Strategies": Given requirements landscape now? I coolest thing work today, reflects feeling. It's serious, fun, too. Enjoy read.