Re: [LUG] Security

To: list@xxxxxxxxxxxx
Subject: Re: [LUG] Security
From: Jon Still <jon-pop@xxxxxxxxxxx>
Date: Sun, 4 May 2003 17:35:54 +0100
Reply-to: list@xxxxxxxxxxxx

It's a great book and highlights many problems, like:

1. Throwing crypto at a problem won't solve it. 2. There's no point in using crypto unless you've worked out the interactions and details surrounding the algorithms. Things such as key exchange, generation of cryptographically secure random data, and policy are *everything*

3. Don't forget that people screw things up!

Working for a company producing a security product, it's been painfully obvious to me (as someone who works on the security side of things) that most technology people just don't *get* it.

But as Adrian says - the book is worth getting. If you want to know the ins and outs of various cryptographic algorithms though, get Schneier's book (Applied Cryptography), and if you want some *really* in-depth stuff, go and read the references in that book :)

J.

On Thursday, May 1, 2003, at 13:31 Europe/London, Adrian Midgley wrote:

Ross Anderson's book "Security Engineering" is very good.

--
Jon Still                               E-mail: jon@xxxxxxxxxxx
tertial.org                             Web:    http://www.tertial.org/
GPG Key: http://xanthein.net/key.asc    Key ID: 0x00493D2B


--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

Re: [LUG] Security
- From: Mark Evans

References:
- Re: [LUG] Security
  - From: Adrian Midgley

Prev by Date: Re: [LUG] What is spam? was - test.no reply needed.
Next by Date: [LUG] PCMCIA NIC problems :-(
Previous by thread: Re: [LUG] Security
Next by thread: Re: [LUG] Security
Index(es):
- Date
- Thread

Lynx friendly