Authentication:
From Passwords to Public Keys

a book by Richard E. Smith

Addison Wesley, 2002 ISBN 0-201-61599-1 Paperback, 550 pp.

This book examines the state of the practice in authentication systems today: what works, what doesn't work, and why. It examines good and bad ways to use passwords, and examines the strengths and weaknesses of the alternatives. Like Internet Cryptography, this book explains and illustrates the different techniques by looking and how attackers try to subvert them, often successfully.

Reviewers on Amazon have had a lot of positive things to say about the book. As with Internet Cryptography, I've focused on describing sophisticated security technologies and protocols as clearly and simply as possible. Comments by reviews and by other readers suggest that I have succeeded.

Click on the links below for more information:

Buy it

Topics and Themes

Sample Contents

Web and Vendor Resources

Author

Topics Covered

• Reusable passwords
• Biometrics
• One-time password technology
• Practical aspects of picking PINs and passwords, and of managing them
• Multi-factor authentication (cards+biometrics+PINs, etc.)
• RADIUS, Windows NT LAN Manager Kerberos, Windows 2000
• Fundamentals of public key authentication
• Public key certificates
• Handling public key pairs with smart cards, Novell NetWare, Lotus Notes, etc.

Distinctive Themes and Issues

• Choose the right authentication factors (what you know, have, are) for your particular requirements.
• Compare the relative strength of different authentication mechanisms by estimating the average attack space.
• Balance economy, safety, and usability with reusable passwords, but there's a limit to the amount safety they can provide.
• Choose the right design pattern for authentication by considering your server environment, size of enterprise, and administrative requirements.
• Weaknesses in one authentication mechanism are sometimes corrected by another, but not always.

Sample Chapters

Table of Contents

This is the complete table of contents, including subsections and back matter sections.

Preface: About This Book

This includes the portion of the preface that describes the book and its audience.

Chapter 1: The Authentication Landscape

This chapter introduces the topic of authentication and uses the early history of passwords to illustrate how security measures have evolved. An excerpt from Chapter 1 has also been published as an article in the Internet World on-line newsletter, entitled "The Authentication Landscape".

Chapter 4 excerpt: Design Patterns

This abbreviated version of Chapter 4 entitled "Authentication: Patterns of Trust" appeared as the cover story of the August 2000 issue of Information Security.

Chapter 6 excerpt: Picking PINs and Passwords

This excerpt was published as the article "The Strong Password Dilemma" in the CSI's Computer Security Journal. This was the basis for the companion Web site The Center for Password Sanity.

Appendix: Web and Vendor Resources

This is a copy of the corresponding appendix from the book that is updated to reflect changes since publication.

 

Click here to buy Authentication from Amazon

Back to My Home Page

4

Rick Smith, smith@smat.us

Last update: 8/13/2003

Copyright © 1999, 2002 Richard E. Smith
Material from Authentication is Copyright © 2002 Addison Wesley Longman, Inc.