Re: Crypto Mini Faq

From: Tom St Denis (tom_at_securescience.net)
Date: 03/30/04 

Date: Tue, 30 Mar 2004 19:57:10 GMT

Paul Pires wrote:
>> Dude it's a book "for morons". They could say anything and they would
>> believe it.
>
> There is a difference between a book "for morons to read"
> and a book "promoting morons" ANY book should have its
> facts straight or be burned as kindling. I have seen enough
> erroneous excerpts from this book to volunteer the match.

What gets me more than the occasional mistake [let's recall knuth is on his
third edition after all....] is the lowering of the bar...

Sure crypto can be taught well... but being taught well doesn't mean being
taught stupid.

E.g.

p4 of that excerpt...

"encrypt - Scrambling data to make it unrecognizable"

Um how about

"encrypt [or encipher] - concealing the meaning of a message"

Not only is the latter description accurate but it is more meaningful. What
exactly is "scrabling" data? I mean you could permute the data and it's
[literally] scrabled. That's not "encryption" by any means.

The "books for [yuppy impatient] dummies" are just symptomatic of a greater
problem.

p26 of the PDF is another good indication.. "Figure 1-2 When you see the
lock you know you're secure". Um not only is that wrong [think: phisher
sites] but misleading as well. A site with a valid CA'ed key doesn't mean
the site is trustworthy.

So the net result of someone reading this book is they know enough jargon to
impress some PHB and get into a position of some real decision making.
They still don't have the first clue about security [or how it really
works] or how to design a security [or crypto] system.

I agree with you that this book should be burned but I also think that all
BFD series books should be in that pile too.

Tom