Menu
Since SSL is the backbone of the secure internet, (now technically called TLS), what are some good books I should read up on to understand all aspects of it?
I suppose I'll need to learn some math, some PKI books, crypto, and Sysadmin books as well. Since that isn't a complete list I'm interested in hearing what you think is wise to learn as well.
861
PKI is also what binds keys with user identities by means of a Certificate Authority (CA). PKI uses a hybrid cryptosystem and benefits from using both types of encryption. For example, in SSL communications, the server's SSL Certificate contains an asymmetric public and private key pair.
An SSL Certificate in a PKI is a digital document containing a public key, entity information, and a digital signature from the certificate issuer. It allows us to exchange and use public keys in order to establish trust. Certificates are normally encoded using ASN.
These certificates are known as S/MIME certificates. Like the SSL/TLS protocol, here too, PKI is implemented using a certificate — but the way they do so differs. Instead of encrypting the secure communication channel, this end-to-end encryption encrypts the message itself.
Is it Really Possible to Crack SSL. Even assuming that you had the spare computing power to test the possible combinations needed to crack SSL encryption, the short answer is no. Today's 256-bit encryption from an SSL Certificate is so secure that cracking it is totally out of reach of Mankind.
Here is a list of four good books on the subject (SSL/TLS):
SSL and TLS: Theory and Practice
SSL and TLS: Designing and Building Secure Systems
SSL & TLS: Essentials Securing the Web
Network Security with OpenSSL
Here are some good books on PKI:
Understanding PKI: Concepts, Standards, and Deployment Considerations
Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure
Public Key Infrastructure: Building Trusted Applications and Web Services
PKI: Implementing & Managing E-Security
And when it comes to cryptograpy, you can't do much better than:
Introduction to Modern Cryptography: Principles and Protocols
Applied Cryptography: Protocols, Algorithms, and Source Code in C
The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
Cryptography Engineering: Design Principles and Practical Applications
131
As far as cryptography goes, this is the best there is:
Applied Cryptography: Protocols, Algorithms, and Source Code in C
You will learn all there is from the basic building blocks upwards.
22
SSL and TLS: Designing and Building Secure Systems, Addison-Wesley, 2001 ISBN 0-201-61598-3: very detailed.
Aside from books, depending on how you like to learn, if you like practical experience, you could go through the JSSE Reference Guide (online, part of the Java documentation) and try a few tutorials based on this. Going through the documentation of other libraries is worth it too (e.g. Mozilla's NSS or OpenSSL).
If you want to see what topics are cutting edge, go through the IETF TLS mailing list archives (or subscribe to it, of course) and follow the discussions.
Going through the examples or unit tests of BouncyCastle (in Java or C#) can be interesting too.
You could also combine this with looking at what happens with existing applications using Wireshark (you won't necessarily always be able to decipher the communication, even if you have the server's private key, since it depends on the cipher suite too).
6
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
