or
Sign in to turn on 1-Click ordering.
 
 
Express Checkout with PayPhrase
What's this? | Create PayPhrase
Sorry!
More Buying Choices
38 used & new from $4.78

Have one to sell? Sell yours here
 
   
Authentication: From Passwords to Public Keys
 
See larger image
 
Tell the Publisher!
I’d like to read this book on Kindle

Don’t have a Kindle? Get your Kindle here.
 
  

Authentication: From Passwords to Public Keys (Paperback)

~ (Author)
4.9 out of 5 stars  See all reviews (7 customer reviews)

List Price: $54.99
Price: $37.53 & this item ships for FREE with Super Saver Shipping. Details
You Save: $17.46 (32%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.

Only 2 left in stock--order soon (more on the way).

Want it delivered Thursday, November 12? Choose One-Day Shipping at checkout. Details
16 new from $14.95 22 used from $4.78

Frequently Bought Together

Customers buy this book with Mechanics of User Identification and Authentication: Fundamentals of Identity Management by Dobromir Todorov

Authentication: From Passwords to Public Keys + Mechanics of User Identification and Authentication: Fundamentals of Identity Management

Customers Who Bought This Item Also Bought

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning

by Gordon Fyodor Lyon
4.9 out of 5 stars (18)  $32.97
Restful Web Services

Restful Web Services

by Leonard Richardson
4.4 out of 5 stars (40)  $26.39
Practical Cryptography

Practical Cryptography

by Niels Ferguson
4.1 out of 5 stars (16)  $31.50
Risk Analysis and the Security Survey, Third Edition

Risk Analysis and the Security Survey, Third Edition

by James F. Broder
4.0 out of 5 stars (3)  $41.60
Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)

Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses (2nd Edition)

by Edward Skoudis
4.8 out of 5 stars (45)  $40.94
Explore similar items

Editorial Reviews

Amazon.com Review

One of the key problems of computer security is that of guaranteeing that an entity (person or system) really is who he, she, or it claims to be. Authentication procedures may be very trusting (as for "guest" accounts with limited capability), moderately strong (your bank requires both a physical card and a PIN before it will dispense money from an ATM), or nearly foolproof (biometric devices, which examine--to cite two examples--retina scans or fingerprints). Authentication: From Passwords to Public Keys examines the whole range of authentication options and offers advice on which one might be right for your security requirements, budget, and tolerance for user inconvenience. As the "public keys" part of the title implies, this book also deals with some aspects of encryption.

Rather than present a menagerie of security techniques and explain their strengths and weaknesses in an academic way, Richard Smith demonstrates the strength of protection mechanisms in the only way that counts--he shows how they can be defeated, and at what expenditure of effort. He's also made lists of attacks, complete with assessments of the popularity of each and the particular risk it poses, and a similar list of defenses. Margin notes refer to list entries by number, so it's easy to see what problems and solutions are covered in a given passage of text--though there's no index of references to attacks and defenses by number. --David Wall

Topics covered: How to defend computer systems, primarily through the application of identity-verification techniques. Those covered include passwords (including the randomly generated kind, and their hashes), authentication by machine address, biometric examination, smart cards, and RSA public-key cryptography.



Product Description

Gives readers a clear understanding of what an organization needs to reliably identify its users and how the different techniques for verifying identity are executed. Softcover.

Product Details

  • Paperback: 576 pages
  • Publisher: Addison-Wesley Professional (October 11, 2001)
  • Language: English
  • ISBN-10: 0201615991
  • ISBN-13: 978-0201615999
  • Product Dimensions: 9.2 x 7.4 x 1.2 inches
  • Shipping Weight: 2.2 pounds (View shipping rates and policies)
  • Average Customer Review: 4.9 out of 5 stars  See all reviews (7 customer reviews)
  • Amazon.com Sales Rank: #309,876 in Books (See Bestsellers in Books)

More About the Author

Richard E. Smith
Discover books, learn about writers, read author blogs, and more.

Visit Amazon's Richard E. Smith Page

What Do Customers Ultimately Buy After Viewing This Item?


Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 

Your tags: Add your first tag
 

Sell a Digital Version of This Book in the Kindle Store

If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store. Learn more

 

Customer Reviews

7 Reviews
5 star:
 (6)
4 star:
 (1)
3 star:    (0)
2 star:    (0)
1 star:    (0)
 
 
 
 
 
Average Customer Review
4.9 out of 5 stars (7 customer reviews)
 
 
 
 
Share your thoughts with other customers:
Most Helpful Customer Reviews

 
14 of 16 people found the following review helpful:
5.0 out of 5 stars Really Enjoyed Reading It!, November 30, 2001
By Hugh K. Boyd (Fayetteville, GA USA) - See all my reviews
There is no other way to put it -- this is an excellent book. Not only does Mr. Smith give us a detailed analysis of the major authentication protocols that are used in today's IT environment, but he also points out the relative strengths and weaknesses for each protocol. This is really important stuff to know -- all too often the marketing hype for systems such as PKI, biometrics, Kerberos, strong passwords, etc would lead one to believe that each of these solutions offers a bullet-proof approach to authentication security. It isn't to say that any of the protocols covered in this book are inadequate, but it is important to understand how each of them can be subverted so that one can intelligently weigh the risks of compromise before implementing a specific protocol.

Add to that that this is a really enjoyable book to read -- that makes it worth the purchase price and the time to read it.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)



 
8 of 10 people found the following review helpful:
4.0 out of 5 stars An exciting book on authentication, of all things? It is!, August 7, 2002
An exciting book on authentication, of all things? Is such a thing even possible? Yes, Richard E. Smith proves it by publishing Authentication - a comprehensive guide to all things that authenticate or are authenticated. The book will educate you on more aspects of authentication than you ever wanted to know, but most likely you will enjoy it. As a security professional, I found the author's writing style to be excellent and even entertaining, a clear sign of writing by a true expert on the subject.

Every obscure form of authentication protocol (have you heard of X9.17 lately?) finds its place in a book. Passwords, tokens, biometrics, various authentication protocols are all described and analyzed in great detail, in plain English and with multiple diagrams. Another valuable feature is that for every authentication protocol, the relevant attacks and defenses are outlined in every chapter summary. The attacks which are not covered by existing defenses ("residual attacks") are emphasized at the end as something to watch for. For example, a 'trojan horse' attack to steal authentication credentials is one of them - apparently there is no 100 percent reliable way to stop it.

A chapter on passwords contains several creative ideas to make this ubiquitous form of authentication more effective, simultaneously more secure and more usable. It also answers some interesting password questions. When does it make no sense to enforce a complex non-dictionary password? How random is a random password from a dictionary? Why is a bank PIN of four digits secure enough for the job? When it is better to write a password down? Read the book and you will discover the answers! The book also explains public key crypto systems and their use for authentication (such as PKI).

People issues of security also receive well-deserved coverage in a separate chapter. Various kinds of secrets used for people as passwords are outlined. An interesting discussion on choosing an initial password when providing system access reveals important aspects of this process that few people think about.

For more technically inclined readers, straightforward analysis of complexities of Windows authentication (LANMAN, NTLM, Kerberos) and attacks against it is provided in a "Challenge Response Passwords" chapter. Computer scientists will find some insights on authentication algorithm design patterns. For less technical readers, understanding authentication based on Ali Baba and a cave of treasures will help to sort through the authentication system requirements and peculiarities. Overall, the book (while being targeted at security professionals) contains something for almost everyone interested in how computers tell that whoever is sitting at the console is who she says she is.

Anton Chuvakin, Ph.D. is a senior security analyst with a major security company.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)



 
5 of 6 people found the following review helpful:
5.0 out of 5 stars Masterful writing and in-depth treatment of the subject, April 16, 2002
I'm in complete agreement with the previous reviewers that this book is easy to read and that it clearly explains complex material.

What I like is the way the author integrates theory, application and the human side of authentication. For example, he makes excellent use of tables to distill and display information, such as summary tables for attacks and defenses that are cross-referenced to each other. This is particularly useful to anyone who is developing security profiles, and the thorough and meticulous way that the author summarizes the information reduces the attack-defense pairings to the essentials.

His clear explanations of authentication methods and their underlying technologies, as well as how they evolved, are among the clearest in print. More importantly, he goes beyond explaining the mathematics behind the protocols by also showing how assumptions can lead to exposures. An example is the 4-digit lock, which has 10,000 possible combinations. At first glance it would seem that you have a 1-in-10000 chance of guessing the combination. However, he goes on to explain that a study showed 50% of people chose a calendar date for the combination, then leads you through the math of showing why you have approximately 1-in-512 chance of breaking the combination on the first try. He uses similar techniques throughout the book, which makes you think in real-world terms. It's his treatment of the people side of the authentication techniques that add to the real-world approach.

I also thought that the chapter on picking PINs and passwords was exceptional. I've written password management policies and procedures for a number of clients in recent years and thought I was an expert. After reading this 37-page chapter I discovered what I didn't know - and it was a lot!

Each chapter is filled with facts that you may have or have not considered, and each is filled with common sense, backed up with the math or technical underpinnings. Moreover, the book complete covers authentication and will get anyone quickly up-to-speed on the basics and many of the finer points. This book is especially important as a resource to anyone who is involved in health care because the material is directly applicable to requirements set forth in HIPAA. It is also essential reading for anyone who develops or manages security in a web- or e-commerce environment because of the dependencies upon the technologies and methods that are discussed in this book. IT security specialists will also find this book to be an invaluable resource, especially the parts that cover password management, social engineering and practical applications of authentication.

Comment Comment | Permalink | Was this review helpful to you? Yes No (Report this)


Share your thoughts with other customers: Create your own review
 
 
 
Most Recent Customer Reviews

5.0 out of 5 stars Amazing compilation of the Authentication Methods!
It's a must for anyone who needs to have a deep and clear understanding of the world of the authentication. Read more
Published on October 28, 2003 by Christina Braz

5.0 out of 5 stars Really, really good book
Smith does a great job of writing about authentication while being vendor agnostic.

The book provides everything you need to know about PKI and other crucial security topics.

Published on August 31, 2003 by Eric Kent

5.0 out of 5 stars Everything you need to know about authentication
Authentication is one of the 4 pillars of information security(authorization, confidentiality and integrity being the other three); but very little has directly been written... Read more
Published on December 17, 2001 by Ben Rothke

5.0 out of 5 stars An Easy to Read and Informative Look at Authentication
Prior to reading this book it appeared to me as though there was an endless supply of Authentication methods, none of which I could distinguish between in any practical sense. Read more
Published on October 12, 2001 by Timothy Leehealey

Only search this product's reviews



Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
Topic:
First post:
Prompts for sign-in
 

Search Customer Discussions
Search all Amazon discussions
   




Product Information from the Amapedia Community

Beta (What's this?)


Look for Similar Items by Category


Look for Similar Items by Subject

 

Feedback

If you need help or have a question for Customer Service, contact us.
 Would you like to update product info or give feedback on images?
Is there any other feedback you would like to provide?

Your comments can help make our site better for everyone.


Your Recent History

 (What's this?)

After viewing product detail pages or search results, look here to find an easy way to navigate back to pages you are interested in.