In 1970, a small group of activists broke into a draft board office in Delaware to steal records. These records were stored in a secure room, and none of them were able to pick the lock. Instead, hours before the planned robbery one of them pasted a note on the door reading “Please don’t lock this door tonight.” After hours when they arrived, the door was open.
The moral of the story is that security is not about picking the right lock. It’s about how the different pieces all come together to make a complete system.
Securing any software system usually isn’t about picking a better cipher algorithm (i.e., a better lock). It’s about the way that cipher works with a sophisticated suite of related security tools to provide trust and privacy. Michael Swieton explores how the cryptographic ecosystem—which includes tools such as public key cryptography, signatures, password hashes, key exchange, and stream ciphers—provides security for our applications and explains how these tools come together to enable user-visible functionality like secure sessions, user authentication, and single sign-ons. Along the way, you’ll learn about real implementations by digging under the hood of HTTP requests to popular websites.
These tools and technologies are not new, shiny, or hip, but they are complicated, critical, and ubiquitous. Understanding the tools in the toolbox will make you better equipped to create, debug, and deploy your applications.
Michael Swieton is a software developer at Atomic Object. For more than decade Michael has written, tweaked, bent, and broken code into the shape of software of all sorts for many industries. He obsesses over details, lines, and patterns and enjoys peeking under the hood of everything, be it math, or software, or coffee, or cake. He travels regularly and seeks out adventures ranging from theatre and culture to altitude sickness. He’s a frequent speaker at conferences and meetups, including RailsConf, Windy City Rails, SyntaxCon, BeerCityCode, and GLSEC.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • email@example.com