Seth James Nielson and Christopher K. Monson

Practical Cryptography in Python

Learning Correct Cryptography by Example

Seth James Nielson
Austin, TX, USA
Christopher K. Monson
Hampstead, MD, USA
ISBN 978-1-4842-4899-7e-ISBN 978-1-4842-4900-0
© Seth James Nielson, Christopher K. Monson 2019
This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed.
Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights.
While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein.
Distributed to the book trade worldwide by Springer Science+Business Media New York, 233 Spring Street, 6th Floor, New York, NY 10013. Phone 1-800-SPRINGER, fax (201) 348-4505, e-mail orders-ny@springer-sbm.com, or visit www.springeronline.com. Apress Media, LLC is a California LLC and the sole member (owner) is Springer Science + Business Media Finance Inc (SSBM Finance Inc). SSBM Finance Inc is a Delaware corporation.

For Saige, who hopes to be a Computer Scientist like Daddy.

—Seth

To Mom and Dad, who valued good writing and never settled for less than my best.

—Chris

Introduction

The interconnected world of the current era has drastically changed everything, including banking, entertainment, and even statecraft. Despite differences in users, purposes, and security profiles, these digital applications have at least one thing in common: they all require properly applied cryptography to work correctly.

Informally, cryptography is the mathematics of secrets. We need secret codes to make messages unreadable to unauthorized eyes, to make messages unchangeable, and to know who sent the message. Practical cryptography is the design and use of these codes in real systems.

This book is primarily for computer programmers with little or no previous background with cryptography. Although mathematics makes brief appearances in the book, the overall approach is to teach introductory cryptography concepts by example.

Our journey begins with some introductory components, including hashing algorithms, symmetric encryption, and asymmetric encryption. Next, we go beyond encryption and into the realm of digital certificates, signatures, and message authentication codes. The final chapters show how these various elements come together in interesting and useful combinations, such as Kerberos and TLS.

Another important part of cryptography by example is cryptography by bad example! In this book we will break things on purpose to help the reader appreciate what motivates accepted best practices. Exercises and examples include walk-throughs of real vulnerabilities that have afflicted the Internet. The bad examples will help the reader gain a greater intuition of what goes wrong in cryptography and why.

Table of Contents

Index 363

About the Authors and About the Technical Reviewer

About the Authors

Seth James Nielson
../images/472260_1_En_BookFrontmatter_Figb_HTML.png

is the Founder and Chief Scientist of Crimson Vista, Inc., a boutique computer security research and consulting company. He is also an adjunct professor at Johns Hopkins University where he teaches network security and has also served as the Director of Advanced Research Projects in the Information Security Institute. As part of his Hopkins work, he co-founded the https://​cryptodoneright.​org knowledge base, through a generous grant from Cisco.

 
Christopher K. Monson
../images/472260_1_En_BookFrontmatter_Figc_HTML.png

has a PhD in machine learning and has spent over a decade at Google in various engineering, machine learning, and leadership roles. He has broad experience writing and teaching programming courses in multiple languages and has worked in document password recovery, malware detection, and large-scale secure computing. He is serving as the Chief Technology Officer at Data Machines Corp. and teaches Cloud Computing Security at the Johns Hopkins University Information Security Institute.

 

About the Technical Reviewer

Mike Ounsworth
../images/472260_1_En_BookFrontmatter_Figd_HTML.jpg

is a Software Security Architect at Entrust Datacard. He holds an undergraduate degree in computer science with concentrations in mathematics and physics and an MSc in computer science in robotics and artificial intelligence. Professionally, his day job is mainly application security architecture and penetration testing, with some research side projects in cryptography and post-quantum cryptography. Outside of work, he mentors teams competing in the high-school-age FIRST Robotics Competition.