. This document was created by an unregistered ChmMagic ...

1 Cryptography For Dummiesby Chey Cobb ISBN:0764541889 John Wiley & Sons 2004 This guide to keeping your data safe offers the latest security techniques and advice on choosing and using cryptography products. It covers terminology, specific encryption technologies, pros and cons of different implementations, and of Contents Cryptography for DummiesIntroductionPart I - Crypto Basics & What You Really Need to KnowChapter 1-A Primer on Crypto BasicsChapter 2-Major League AlgorithmsChapter 3-Deciding What You Really NeedChapter 4-Locks and KeysPart II - Public Key InfrastructureChapter 5-The PKI PrimerChapter 6-PKI Bits and PiecesChapter 7-All Keyed Up!Part III - Putting Encryption Technologies to Work for YouChapter 8-Securing E-Mail from Prying EyesChapter 9-File and Storage StrategiesChapter 10-Authentication SystemsChapter 11-Secure E-CommerceChapter 12-Virtual Private Network (VPN) EncryptionChapter 13-Wireless Encryption BasicsPart IV - The Part of TensChapter 14-The Ten Best Encryption Web SitesChapter 15-The Ten Most Commonly Misunderstood Encryption TermsChapter 16-Cryptography Do s and Don tsChapter 17-Ten Principles of Cryptiquette Chapter 18-Ten Very Useful Encryption ProductsPart V - AppendixesAppendix A-Cryptographic AttacksAppendix B-GlossaryAppendix C-Encryption Export ControlsIndexList of FiguresList of TablesList of SidebarsThis document was created by an unregistered ChmMagic , please go to to register it.

2 document was created by an unregistered ChmMagic , please go to to register it. Thanks. Back CoverProtect yourself and your business from online eavesdroppers it s easier than you think! If you were hoping for aflame-throwing watch or flying a car, we re sorry this isn t James Bond s equipment manual. Cryptography is acommon-sense way to secure stuff on the Internet, and this friendly guidebook makes it easy to understand. Discover howyou can protect information with keys, ciphers, PKIs, certificates, and how to:Analyze off-the-shelf encryption productsDecide what type of security you needCreate and manage keysIssue digital signatures and certificatesSet up SSL for e-commerceEnable wireless encryptionAbout the Author Chey Cobb, CISSP, author of Network Security For Dummies was Chief Security Officer for a national Reconnaissance Office (NRO) overseas location. She is a nationally recognized computer security expert. This document was created by an unregistered ChmMagic , please go to to register it.

3 Thanks. Cryptography for Dummiesby Chey Cobb, CISSPP ublished by Wiley Publishing, Inc. 111 River StreetHoboken, NJ 07030-5774 Copyright 2004 by Wiley Publishing, Inc., Indianapolis, IndianaPublished by Wiley Publishing, Inc., Indianapolis, IndianaPublished simultaneously in CanadaNo part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, e-mail: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!

4 , The Dummies Way, Dummies Daily, The Fun and Easy Way, , and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate.

5 Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or to obtain technical support, please contact our Customer care Department within the at 800-762-2974, outside the at 317-572-3993, or fax also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic of Congress Control Number: 2003105686 ISBN: 0764541889 Manufactured in the United States of America10 9 8 7 6 5 4 3 2 11O/QY/QR/QU/INAbout the AuthorChey Ewertz Cobb, CISSP, began working in computer security in 1989. Since then she has managed her own computer security consulting company, Cobb Associates, working for such clients as Apple Computers and Sun microsystems . She later worked for the government, creating a secure network at Cape Canaveral, assisting in the security at Patrick Air Force Base, and later as a technical security officer for the National Reconnaissance Office This document was created by an unregistered ChmMagic , please go to to register it.

6 Thanks.(NRO), which is more secretive than the her work in security, she had the opportunity to evaluate and manage cryptosystems for private industry and the Intelligence now writes books on computer security (Computer Security Handbook, 4th Edition and Network Security For Dummies), writes articles for magazines, and speaks at computer security R. W. Ewertz, Jr. He was my role model and inspiration when things got of all, let me thank Andrea Boucher and Melody Layne who saw me through thick and thin and never lost faith in me (at least they never let on that they did!). I enjoy working with them both, and any writer who has the opportunity to work with them should count himself/herself lucky!Secondly, I want to thank Dave Brussin, Ryan Upton, Josh Beneloh, Jon Callas, and Dave Del Torto for setting me on the correct path when my explanations strayed. Thanks so much for lending me your brainwork!Last, but not least, Stephen.

7 My love, my life, and my s AcknowledgmentsWe re proud of this book; please send us your comments through our online registration form located of the people who helped bring this book to market include the following:Acquisitions, Editorial, and Media DevelopmentProject Editor: Andrea C. BoucherAcquisitions Editor: Melody LayneTechnical Editor: Tim CrothersEditorial Manager: Carol SheehanMedia Development Manager: Laura VanWinkleMedia Development Supervisor: Richard GravesEditorial Assistant: Amanda FoxworthCartoons: Rich Tennant ( )ProductionProject Coordinator: Maridee EnnisLayout and Graphics: Joyce Haughey, Andrea Dahl, Stephanie D. Jumper, Jacque Schneider, Melanee WolvenProofreaders: Andy Hollandbeck, Carl William Pierce, TECHBOOKS Production ServicesIndexer: TECHBOOKS Production ServicesPublishing and Editorial for Technology DummiesRichard Swadley, Vice President and Executive Group PublisherAndy Cummings, Vice President and PublisherMary C.

8 Corder, Editorial DirectorThis document was created by an unregistered ChmMagic , please go to to register it. for Consumer DummiesDiane Graves Steele, Vice President and PublisherJoyce Pepple, Acquisitions DirectorComposition ServicesGerry Fahey, Vice President of Production ServicesDebbie Stailey, Director of Composition Services This document was created by an unregistered ChmMagic , please go to to register it. Thanks. IntroductionOverviewCongratulations! You ve successfully navigated through the gazillion computer books on the bookstore shelves andfinally found just what you were looking for a book on cryptography that you can read and actually understand! Justthumb through some of the chapters here and you ll soon realize that you don t need a degree in advancedmathematics, nor do you need to be the world s biggest brainiac to understand this stuff. If you have a basicunderstanding of computers and networking, and you have an interest in increasing your data and communicationssecurity, then this is just the book for I m talking about here is cryptography you know, crypto, geek talk, secret coding, cypherpunk n.

9 If you have heard of the word cryptography, you ll know that it is one of those subjects that many people are aware of, but very fewpeople can actually tell you what it s all about. Frankly, just the mention of the word cryptography scares the heck outof people even experienced network administrators! And to be honest, a lot of the books on the subject are moresuited as college textbooks than business how-to guides or intros to the subject, and have contributed to theatmosphere of FUD fear, uncertainty, and doubt about cryptography. Yep, the subject can be scary as all , how do you decide whether or not you should use cryptography? I ll help you answer that question with questionsand checklists. Before you go on to that chapter, however, there are many situations in which cryptography could orshould be used. Here s a preview of some situations:Your company relies heavily upon its trade secrets to gain a competitive edge over your competitors.

10 If an unauthorized person got access to those trade secrets, it could spell disaster for your entire work in the health care industry and are required by the HIPAA legislation to protect personal information. You get notice from a federal authority that your protection methods are about to be scrutinized because there have been complaints about the way you have handled personal re an attorney who has been charged with prosecuting someone guilty of war crimes, drugtrafficking, or any situation where witnesses and evidence need to be fiercely protected. Obviously,you wouldn t want your evidence or your witnesses is a complex subject, I won t kid you there, but it could definitely save a lot of headaches if it were usedin any of the situations mentioned above. Additionally, adding cryptography to your security doesn t necessarily haveto be expensive or impossible to understand. That s why I wrote this book. I m here to take the fear out of the equationand to help you get it right the first go-round.