- Buy this product and stream 90 days of Amazon Music Unlimited for free. E-mail after purchase. Conditions apply. Learn more
Applied Cryptography in .NET and Azure Key Vault: A Practical Guide to Encryption in .NET and .NET Core Paperback – 13 Feb 2019
|New from||Used from|
- Choose from over 13,000 locations across the UK
- Prime members get unlimited deliveries at no additional cost
- Find your preferred location and add it to your address book
- Dispatch to this address when you check out
Special offers and product promotions
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Would you like to tell us about a lower price?
If you are a seller for this product, would you like to suggest updates through seller support?
From the Back Cover
- Get an introduction to the principles of encryption
- Understand the main cryptographic protocols in use today, including AES, DES, 3DES, RSA, SHAx hashing, HMACs, and digital signatures
- Combine cryptographic techniques to create a hybrid cryptographic scheme, with the benefits of confidentiality, integrity, authentication, and non-repudiation
- Use Microsoft's Azure Key Vault to securely store encryption keys and secrets
- Build real-world code to use in your own projects
About the Author
Stephen Haunts has been a software developer for the last 25 years, working in many industries such as video games, financial services, insurance, and healthcare. One of his main specialties is security and cryptography, and he has implemented a range of techniques into many systems at many companies, including financial lenders, insurance claims management companies, and global banks. Stephen regularly speaks at conferences and user groups about secure coding in .NET, and has authored a highly-rated cryptography course for Pluralsight.
No customer reviews
|5 star (0%)|
|4 star (0%)|
|3 star (0%)|
|2 star (0%)|
|1 star (0%)|
Review this product
Most helpful customer reviews on Amazon.com
The premise of the book is fundamentally flawed. The author believes that the best way to understand and deploy cryptography is to collect a series of primitives --- SHA2, AES, RSA, and, later, HMAC. Get each primitive working using the .NET APIs. Then stitch them together in a single program, and call it a day.
Modern cryptographers don't design systems this way and neither should you. The joinery between different crypto primitives is where most of the fatal bugs live! Instead, we design cryptosystems, in which each component is carefully designed to work together. We present these cryptosystems as high-level libraries, like Nacl/Libsodium and Tink, which relieve developers of the need to choose primitives and fit them together securely. Everything this book attempts to implement can be done better, quicker, and more safely with libsodium .Net.
Further, this book suffers from a common failure of "cryptography books written by non-cryptography-engineers": it's constantly introducing and (at some length) coding insecure cryptography, meaning that the bulk of the book is filled with cryptography examples that are grievously insecure. Most of the book's encryption examples are, for instance, a CBC padding oracle attack waiting to happen. Ciphertext authentication is introduced late in one chapter (and incorrectly), and then haphazardly removed from future examples. The book discusses secure password hashes in a "bad, better, best" framework that suggests salted hashes might be a reasonable option, then discusses PBKDF2. It introduces AES only after lengthy examples using (insecure) Triple DES.
Even in the later examples, where the "feature" of authenticated encryption is presented, the constructions it illustrates are outmoded: despite .NET having offered AEAD authenticated modes like GCM since 2007, this book will have you implementing CBC mode, as if you were implementing an encryption program for MS-DOS, without even a hint at how a modern .NET encryptor would work.
When it's not providing bad example code, it's busily filling up pages with failed attempts to explain theory and mechanism. A discussion about CBC IVs (which are not in fact "also called nonces") includes several paragraphs extracted verbatim from a (weird, broken) WhatIs.com definition, which it then contradicts just a paragraph later. Heaven help you if you go into the author's introduction to RSA with any notion of what a finite field is; the book's "Modulus arithmetic" explanation will quickly force it out of your brain. I had to reread JP Aumasson's "Serious Cryptography" (highly recommended) several times to detox.
You can do better --- both for the money, and for the quality of the systems you'll build --- by sticking to Microsoft's documentation, and that's what you should do. I bought and read this book so you won't have to. You're welcome!