The Virtual Bookcase for browsing and sharing reviews of books. New to this site? Read the welcome page first.

The Virtual Bookcase Home
Recent reviews
Collected book news
Welcome to this site

Book details of 'Authentication: From Passwords to Public Keys'

Cover of Authentication: From Passwords to Public Keys
TitleAuthentication: From Passwords to Public Keys
Author(s)Richard E. Smith
PublishedOctober 2001
PublisherAddison-Wesley Pub Co
Web links for this book
Search at
Wikipedia booksources
Shop for this book
As an Amazon Associate I earn from qualifying purchases

Back to shelf Computer security


Vote for this book

The Virtual Bookcase Reviews of 'Authentication: From Passwords to Public Keys':

Reviewer wrote:
One of the key problems of computer security is that of guaranteeing that an entity (person or system) really is who he, she, or it claims to be. Authentication procedures may be very trusting (as for "guest" accounts with limited capability), moderately strong (your bank requires both a physical card and a PIN before it will dispense money from an ATM), or nearly foolproof (biometric devices, which examine--to cite two examples--retina scans or fingerprints). Authentication: From Passwords to Public Keys examines the whole range of authentication options and offers advice on which one might be right for your security requirements, budget, and tolerance for user inconvenience. As the "public keys" part of the title implies, this book also deals with some aspects of encryption.Rather than present a menagerie of security techniques and explain their strengths and weaknesses in an academic way, Richard Smith demonstrates the strength of protection mechanisms in the only way that counts--he shows how they can be defeated, and at what expenditure of effort. He's also made lists of attacks, complete with assessments of the popularity of each and the particular risk it poses, and a similar list of defenses. Margin notes refer to list entries by number, so it's easy to see what problems and solutions are covered in a given passage of text--though there's no index of references to attacks and defenses by number. --David Wall Topics covered: How to defend computer systems, primarily through the application of identity-verification techniques. Those covered include passwords (including the randomly generated kind, and their hashes), authentication by machine address, biometric examination, smart cards, and RSA public-key cryptography.

Reviewer Rob Slade wrote:
Chapter one looks at the history and evolution of password technology, and introduces a system of discussing attacks and defences that provides an easy structure for an end-of-chapter summary. A more detailed history appears in chapter two, while chapter three discusses the enrolling of users. Chapter four is rather odd: it brings up the concept of "patterns" as defined in the study of architecture, but doesn't really explain what this has to do with authentication or the book itself. The closest relation seems to be the idea of determining a security perimeter. The material poses a number of authentication problems and touches on lots of different technologies, but the various difficulties are not fully analyzed. Chapter five is supposed to be about local authentication, but mostly examines encryption. Strangely, chapter six inveighs against the complex rules for password choice and management that are commonly recommended--and then adds to the list of canons the requirement to assess the security of a system when choosing a password. Ultimately the text falls back on the traditional suggestions, with a few good suggestions for password generation. This place in the text also marks a change in the volume: the content moves from a vague collection of trivia to a much more practical and useful guide. Chapter seven is a decent overview of biometrics, although there is an odd treatment of false acceptance and rejection rates, and some strange opinions. Authentication by address, emphasizing IP spoofing, is covered in chapter eight, while hardware tokens are discussed in chapter nine. Challenge/response systems are reviewed in chapter ten, as well as software tokens. Indirect or remote authentication, concentrating on the RADIUS (Remote Authentication Dial In User Services) system, is examined in chapter eleven. Chapter twelve outlines Kerberos, and has a discussion of the Windows 2000 version, albeit with limited analysis. The study of public key (asymmetric) cryptography in chapter thirteen would be more convincing with just a few more sentences of explanation about how keys are established. Chapter fourteen talks about certificates and signing, while fifteen finishes with some vague thoughts on password storage. After a slow (but interesting) start, the book does have a good deal of useful material in the later chapters. Long on verbiage and a bit short on focus, this text does have enough to recommend it to security practitioners serious about the authentication problem. copyright Robert M. Slade, 2002

Add my review for Authentication: From Passwords to Public Keys

Book description:

Gives readers a clear understanding of what an organization needs to reliably identify its users and how the different techniques for verifying identity are executed. Softcover.

Search The Virtual Bookcase

Enter a title word, author name or ISBN.

The shelves in The Virtual Bookcase

Arts and architecture (25)
Biography (24)
Business and Management (120)
Cars and driving (53)
Cartoons (45)
Children's books (180)
Computer (475)
Computer history/fun (113)
Computer networks (382)
Computer programming (215)
Computer security (272)
Cook books (89)
Fantasy (154)
Fiction (446)
Health and body (71)
History (138)
Hobby (37)
Horror (65)
Humorous books (52)
Literature (57)
Operating systems (94)
Outdoor camping (162)
Outdoors (236)
Politics (85)
Privacy (61)
Psychology (55)
Religion (17)
Science (113)
Science Fiction (156)
Self-help books (56)
Technology (14)
Travel guides (308)
War and weapons (29)
World Wide Web (213)
Zen (5)
Other books (89)

The Virtual Bookcase is created and maintained by Koos van den Hout. Contact e-mail
Site credits
Copyright © 2000-2020 Koos van den Hout / The Virtual Bookcase Copyright and privacy statement