Read Authentication From Passwords to Public Keys Richard E Smith 9780201615999 Books

https://ws.assoc-amazon.com/widgets/q?_encoding=UTF8&ASIN=0201615991&Format=_SL300_&ID=AsinImage&MarketPlace=US&ID=AsinImage&WS=1&ServiceVersion=20070822

Product details Paperback 576 pages Publisher Addison-Wesley Professional; 1 edition (October 11, 2001) Language English ISBN-10 0201615991

Authentication From Passwords to Public Keys Richard E Smith 9780201615999 Books Reviews

• Authentication is one of the 4 pillars of information security(authorization, confidentiality and integrity being the other three); but very little has directly been written directly on the topic outside of the academic community; until this book.
  Authentication From Passwords to Public Keys is an excellent work that covers all of the direct areas of authentication. Authentication is a huge challenge in that most users would prefer to have their passwords short and easy to remember, which is exactly what a password should not be.
  Even if there were a lot of other books available on the subject, Authentication From Passwords to Public Keys still would be required reading.
• An exciting book on authentication, of all things? Is such a thing even possible? Yes, Richard E. Smith proves it by publishing Authentication - a comprehensive guide to all things that authenticate or are authenticated. The book will educate you on more aspects of authentication than you ever wanted to know, but most likely you will enjoy it. As a security professional, I found the author's writing style to be excellent and even entertaining, a clear sign of writing by a true expert on the subject.
  Every obscure form of authentication protocol (have you heard of X9.17 lately?) finds its place in a book. Passwords, tokens, biometrics, various authentication protocols are all described and analyzed in great detail, in plain English and with multiple diagrams. Another valuable feature is that for every authentication protocol, the relevant attacks and defenses are outlined in every chapter summary. The attacks which are not covered by existing defenses ("residual attacks") are emphasized at the end as something to watch for. For example, a 'trojan horse' attack to steal authentication credentials is one of them - apparently there is no 100 percent reliable way to stop it.
  A chapter on passwords contains several creative ideas to make this ubiquitous form of authentication more effective, simultaneously more secure and more usable. It also answers some interesting password questions. When does it make no sense to enforce a complex non-dictionary password? How random is a random password from a dictionary? Why is a bank PIN of four digits secure enough for the job? When it is better to write a password down? Read the book and you will discover the answers! The book also explains public key crypto systems and their use for authentication (such as PKI).
  People issues of security also receive well-deserved coverage in a separate chapter. Various kinds of secrets used for people as passwords are outlined. An interesting discussion on choosing an initial password when providing system access reveals important aspects of this process that few people think about.
  For more technically inclined readers, straightforward analysis of complexities of Windows authentication (LANMAN, NTLM, Kerberos) and attacks against it is provided in a "Challenge Response Passwords" chapter. Computer scientists will find some insights on authentication algorithm design patterns. For less technical readers, understanding authentication based on Ali Baba and a cave of treasures will help to sort through the authentication system requirements and peculiarities. Overall, the book (while being targeted at security professionals) contains something for almost everyone interested in how computers tell that whoever is sitting at the console is who she says she is.
  Anton Chuvakin, Ph.D. is a senior security analyst with a major security company.
• There is no other way to put it -- this is an excellent book. Not only does Mr. Smith give us a detailed analysis of the major authentication protocols that are used in today's IT environment, but he also points out the relative strengths and weaknesses for each protocol. This is really important stuff to know -- all too often the marketing hype for systems such as PKI, biometrics, Kerberos, strong passwords, etc would lead one to believe that each of these solutions offers a bullet-proof approach to authentication security. It isn't to say that any of the protocols covered in this book are inadequate, but it is important to understand how each of them can be subverted so that one can intelligently weigh the risks of compromise before implementing a specific protocol.
  Add to that that this is a really enjoyable book to read -- that makes it worth the purchase price and the time to read it.
• Prior to reading this book it appeared to me as though there was an endless supply of Authentication methods, none of which I could distinguish between in any practical sense. I have talked with vendors of biometric solutions, token solutions, software certificate solutions, and full blown PKI solutions and each one will tell you how there solutions is more secure, scalable, and cost effective then all other methods and until now I have been unable to find an objective and informative source of information as to the strengths and weakness of each product. After reading Richard Smiths "Authentication From Passwords to Public Keys" I now feel like I have enough information to return to the vendors of these product and distinguish fact from fiction.
  In addition to empowering me, believe it or not the book was actually fun to read. I do not have an overly technical background but the book was never over my head. There was enough detail to challenge and expand my current level of understanding but not so much that it bogged me down in technical jargon. Interesting stories littered throughout the book put the technologies in historical perspective and give the reader a better understanding of the evolution of Authentication while at the same time driving the book forward, which ultimately makes it a fairly quick read.
  All in all I have to say I was extremely impressed with the way Richard Smith has tackled this subject and would encourage people interested in security or authentication to read "Authentication From Passwords to Public Keys."
• It's a must for anyone who needs to have a deep and clear understanding of the world of the authentication.
  I'm a research assistant, having finished my Master of Sciences in Electronic Commerce (2003) in the Department of Computer Science and Operations Research at Université de Montréal (Montreal (QC) Canada) and who has written a master's thesis called "ASEMC-Authentication for a SEcure M-Commerce". The book has brought me great contributions in a very clear language even if it is a technical matter. It makes extensive use of pictures, schemas, and graphs that allow us easily understand the authentication methods. Actually, it makes use of the visual intelligence of each one of us!