Customer Reviews

Cryptography's Role in Securing the Information Society

5 star:		(0)
4 star:		(2)
3 star:		(1)
2 star:		(0)
1 star:		(0)

 

 

This book, prepared by the Committee to Study National Cryptography Policy of the Computer Science and Telecommunications Board of the National Research Council, is essential reading for anybody concerned with the role of crytography in information security. Written by experts, it surveys the topic dispassionately, and makes wise recommendations. No technical knowledge is required to read it, so it is suitable for everyone from policymakers to techies.

It has two flaws, one minor and inevitable, the other more serious. The first stems from the fact that the National Research Council undertakes studies like this only at the request of the US government. The federal government is notorious for its belief that anything worth saying should be said in the dullest possible bureaucratese. I know the staff members who produced the actual text of this book; they are excellent writers, and did their best to make the book readable within the constraints imposed by government mindset, but it's still dull and tedious to read. Compared to the Federal Register, however, it's a model of expository clarity.

The second flaw is the very cursory treatment given to one of the most serious problems in using cryptography for information security. The great majority of civilian computers, and even some military computers, are vulnerable to a wide variety of viruses, worms and trojan horses, and in most cases the users and system administrators are unaware of how vulnerable they are.

Cryptography is completely useless as a protective mechanism if cleartext or keys can be retrieved and transmitted from an originating or destination computer by a program inserted by an attacker. Equally serious, if the attacker substitutes trojan horse code for the encipherment/decipherment techniques employed, the whole system is wide open. I regard this as the current greatest weakness in the use of cryptography for information security, except within certain parts of the military. I dn't have any good ideas at all about how to plug this weakness, but it deserves much more careful attention than it gets in this book. If you are responsible for any aspect of computer or communications security, think hard about this problem.

A thorough, and unbiased inquiry, commissioned by congress, of the importance of cryptography to the information economy. Still highly useful, despite being increasingly dated.

Excellent overview of social & organizational issues that affect use of encryption. Some of the material is becoming quickly dated, but the chapters on "Roles, Market & Infrastructure," "Crypto Primer," "Public Key Infrastructure," and "[Applicability of Encryption by] Industry" will be useful for years.