Security Engineering 2 - Errata

Here are the errata for the second edition of my book Security Engineering - A Guide to Building Dependable Distributed Systems. I am grateful to all the readers who've sent them in; they're credited below. Almost all the errors are typos:

Page location error replace with

5 line 1 accidentially accidentally

5 para 3 line 8 democractic democratic

5 para 4 line 2 content context

12 para 4 line 12 A principal may considered A principal may be considered

27 para 2 line 6 programmed programmed to

55 para 3 line 2 ; ,

61 para 2 line 2 no far so far

79 line 1 manoever maneuver

95 para 3 line 10 truns turns

100 para 1 line 5 world, group, and owner owner, group, and world

105 para 4 line 10 woulod would

107 para 2 line 2 will run still run still run

120 para 3 line 6 potentialy potentially

121 para 1 line 15 reovery recovery

131 para 1 line 4 'a, 'a',

131 para 6 line 2 8 corresponds to J 9 corresponds to J

131 para 6 line 3 So in In

150 5.4.1.1 line 7 four-but four-bit

153 5.4.1.6 line 11 plaintext ciphertext

158 para 3 line 4 PCs computers PCs

159 equation last two commas semi-colons

171 3rd equation Mx1 M.1

174 para 4 lines 17–21 KA, KB subscripts

177 3rd line from bottom bits1 bits

192 sec 6.2 line 2 year years

202 para 2 line 1 128-bit in 128-bit address in

228 para 1 line 2 An Eye An eye

230 para 1 line 5 Handbook) Handbook

233 para 2 line 11 experts like me get invited to experts like me get to

233 para 3 line 4 Paliament Parliament

254 para 1 line 1 which now which has now

258 para 3 line 2 IRM IRM (Information Rights Management)

259 para 1 line 3 server which provides server provides

263 para 1 line 1 this led to led to this led to

281 para 1 line 2 problem problems

291 para 2 line 14 problems, problems.

304 para 3 line 10 11/population 11% of the population

309 para 2 line 8 ever-large ever-larger

318 para 2 line 4 And even if And if

324 first bullet line 1 clark clerk

327 fifth bullet line 1 will never be will ever be

327 para 4 line 3 check that the check that they

332 para 3 line 7 than that

334 para 2 line 4 the decimalize then decimalize

336 para 3 line 9 kept in kept on

337 para 4 line 5 used it used it to

343 para 2 line 3 that than

350 para 2 line 4 on your are on your site are

355 para 4 line 4 kinds skimmer kinds of skimmer

370 para 2 line 11 cards car thieves

370 para 3 line 4 have think have to think

370 last para line 1 is figure out is to figure out

382 para 4 line 4 with a more serious with more serious

384 para 2 line 9 insure ensure

388 para 2 line 7 disputed disrupted

396 para 2 line 7 only remembered only remembered only

402 para 3 line 1 amounted accounted

406 para 2 line 7 inspectors inspector

413 para 3 line 7 middle middleware

416 footnote last line eniment eminent

421 para 2 line 9 simple simply

440 para 4 line 5 for documents to documents

446 para 4 line 7 it completely impossible it is completely impossible

468 para 3 line 15 Latest Latent

491 bullet 3 line 2 to use destroy to destroy

526 para 4 line 10 recording text recording of text

530 para 3 line 4 in 1914 1914

542 para 3 line 7 state someone state somehow

542 para 4 line 4 thier their

548 para 3 line 9 is now is how

553 para 3 line 6 you bank your bank

555 line 10 now are they so nor are they so

581 para 3 line 6 radio radios

595 para 1 line 8 electicity electricity

603 last para line 3 on order to in order to

610 para 2 line 6 Figure 5.9 Figure 5.10

616 para 2 line 21 where heavily fined were heavily fined

623 para 3 line 9 are firewalls at firewalls

640 para 2 line 6 and, or on and, on

650 line 8 given him gives him

657 para 4 line 3 enforcement and marketing enforcement or marketing

662 para 2 line 9 Beford's Benford's

662 para 3 line 2 defence to defence is to

665 bullet 1 line are kept of packets of packets

666 line 10 I'm prompter I'm prompted

667 para 3 line 4 exports experts

667 para 4 line 6 than then

671 line 3 K₁=h(K_CS,N_C,N_S) K₁=h(K₀,N_C,N_S)

674 bullet 1 line 6 identities. identities.’

674 bullet 3 line 3 and their and in their

682 para 3 line 3 require need need

686 para 1 line 10 contained a details contained details

693 para 6 line 7 this key=log attack exist this key-log attack

694 para 2 line 2 61 59

697 para 5 line 4 and many are many

692 para 2 line 5 expert regulations export regulations

706 para 3 line 7 and Apply and Apple

716 para 1 line 1 and concentrate and concentrates

720 para 2 line 2 bewteen between

735 para 4 line 10 offering good offering goods

743 para 3 line 12 there tales there are tales

744 para 1 line 11 cope' cope

748 para 1 line 14 revealed being revealed

751 para 1 line 7 these is there is

751 para 2 lines 10 and 12 Should be Should he

752 line 1 But are But they are

754 para 1 line 8 and make and not make

755 para 3 line 7 that than

757 second item line 4 make that scams make scams

760 para 4 line 10 and wrote wrote

760 para 2 line 5 read-team red-team

763 para 2 line 6 he could it could

763 para 2 line 8 somplex complex

763 para 2 line 12 when happens when that happens

765 para 3 line 1 is by Greg is Greg

769 third epigram They that can give up Those that would give up

770 para 3 line 11 thr ROC the ROC

770 para 4 line 2 though through

773 para 2 line 6 psychonalysis psychoanalysis

776 para 1 line 18 Democract Democrat

778 para 4 line 11 or example for example

785 para 2 line 5 time they time

788 para 1 line 3 perverse incentive perverse incentives

789 para 2 line 2 is a also is also a

792 para 3 line 15 was of the was one of the

795 para 3 line 11 TSL TLS

797 para 2 line 5 issue, over issue over

799 para 2 line 8 that that than that

801 para 3 line 5 watch TV to watch TV

805 para 2 line 9 of people on people

805 para 4 line 3 dependability Recall dependability. Recall

806 para 2 whole paragraph should be indented

812 para 1 line 13 offenders of registers registers of offenders

814 para 1 line 2 compilations compilation

814 para 2 line 2 Reports Reporters

814 para 2 line 5 ipen open

832 para 2 line 2 of something if something

837 para 3 line 2 first Tuesday second Tuesday

847 line 2 of text pos-Enron post-Enron

871 para 2 line 1 that are done done

872 para 2 line 4 goal of was goal was

877 para 4 line 3 boo boot

877 para 6 line 1 must have involved must have been involved

879 para 4 line 5 bankes' bankers'

883 para 3 line 3 many may

884 para 5 line 3 OpenBSD FreeBSD

885 para 2 line 8 Chapter 22 Chapter 25

889 para 4 line 9 techincal technical

897 ref 52 Protocols Security Protocols

906 ref 169 E Biham, A Biryukov E Biham, A Biryukov, A Shamir

917 ref 316 Comer Conner

Page	location	error	replace with
5	line 1	accidentially	accidentally
5	para 3 line 8	democractic	democratic
5	para 4 line 2	content	context
12	para 4 line 12	A principal may considered	A principal may be considered
27	para 2 line 6	programmed	programmed to
55	para 3 line 2	;	,
61	para 2 line 2	no far	so far
79	line 1	manoever	maneuver
95	para 3 line 10	truns	turns
100	para 1 line 5	world, group, and owner	owner, group, and world
105	para 4 line 10	woulod	would
107	para 2 line 2	will run still run	still run
120	para 3 line 6	potentialy	potentially
121	para 1 line 15	reovery	recovery
131	para 1 line 4	'a,	'a',
131	para 6 line 2	8 corresponds to J	9 corresponds to J
131	para 6 line 3	So in	In
150	5.4.1.1 line 7	four-but	four-bit
153	5.4.1.6 line 11	plaintext	ciphertext
158	para 3 line 4	PCs computers	PCs
159	equation	last two commas	semi-colons
171	3rd equation	Mx1	M.1
174	para 4 lines 17–21	KA, KB	subscripts
177	3rd line from bottom	bits1	bits
192	sec 6.2 line 2	year	years
202	para 2 line 1	128-bit in	128-bit address in
228	para 1 line 2	An Eye	An eye
230	para 1 line 5	Handbook)	Handbook
233	para 2 line 11	experts like me get invited to	experts like me get to
233	para 3 line 4	Paliament	Parliament
254	para 1 line 1	which now	which has now
258	para 3 line 2	IRM	IRM (Information Rights Management)
259	para 1 line 3	server which provides	server provides
263	para 1 line 1	this led to led to	this led to
281	para 1 line 2	problem	problems
291	para 2 line 14	problems,	problems.
304	para 3 line 10	11/population	11% of the population
309	para 2 line 8	ever-large	ever-larger
318	para 2 line 4	And even if	And if
324	first bullet line 1	clark	clerk
327	fifth bullet line 1	will never be	will ever be
327	para 4 line 3	check that the	check that they
332	para 3 line 7	than	that
334	para 2 line 4	the decimalize	then decimalize
336	para 3 line 9	kept in	kept on
337	para 4 line 5	used it	used it to
343	para 2 line 3	that	than
350	para 2 line 4	on your are	on your site are
355	para 4 line 4	kinds skimmer	kinds of skimmer
370	para 2 line 11	cards	car thieves
370	para 3 line 4	have think	have to think
370	last para line 1	is figure out	is to figure out
382	para 4 line 4	with a more serious	with more serious
384	para 2 line 9	insure	ensure
388	para 2 line 7	disputed	disrupted
396	para 2 line 7	only remembered only	remembered only
402	para 3 line 1	amounted	accounted
406	para 2 line 7	inspectors	inspector
413	para 3 line 7	middle	middleware
416	footnote last line	eniment	eminent
421	para 2 line 9	simple	simply
440	para 4 line 5	for documents	to documents
446	para 4 line 7	it completely impossible	it is completely impossible
468	para 3 line 15	Latest	Latent
491	bullet 3 line 2	to use destroy	to destroy
526	para 4 line 10	recording text	recording of text
530	para 3 line 4	in 1914	1914
542	para 3 line 7	state someone	state somehow
542	para 4 line 4	thier	their
548	para 3 line 9	is now	is how
553	para 3 line 6	you bank	your bank
555	line 10	now are they so	nor are they so
581	para 3 line 6	radio	radios
595	para 1 line 8	electicity	electricity
603	last para line 3	on order to	in order to
610	para 2 line 6	Figure 5.9	Figure 5.10
616	para 2 line 21	where heavily fined	were heavily fined
623	para 3 line 9	are firewalls	at firewalls
640	para 2 line 6	and, or on	and, on
650	line 8	given him	gives him
657	para 4 line 3	enforcement and marketing	enforcement or marketing
662	para 2 line 9	Beford's	Benford's
662	para 3 line 2	defence to	defence is to
665	bullet 1 line	are kept of packets	of packets
666	line 10	I'm prompter	I'm prompted
667	para 3 line 4	exports	experts
667	para 4 line 6	than	then
671	line 3	K₁=h(K_CS,N_C,N_S)	K₁=h(K₀,N_C,N_S)
674	bullet 1 line 6	identities.	identities.’
674	bullet 3 line 3	and their	and in their
682	para 3 line 3	require need	need
686	para 1 line 10	contained a details	contained details
693	para 6 line 7	this key=log attack exist	this key-log attack
694	para 2 line 2	61	59
697	para 5 line 4	and many	are many
692	para 2 line 5	expert regulations	export regulations
706	para 3 line 7	and Apply	and Apple
716	para 1 line 1	and concentrate	and concentrates
720	para 2 line 2	bewteen	between
735	para 4 line 10	offering good	offering goods
743	para 3 line 12	there tales	there are tales
744	para 1 line 11	cope'	cope
748	para 1 line 14	revealed	being revealed
751	para 1 line 7	these is	there is
751	para 2 lines 10 and 12	Should be	Should he
752	line 1	But are	But they are
754	para 1 line 8	and make	and not make
755	para 3 line 7	that	than
757	second item line 4	make that scams	make scams
760	para 4 line 10	and wrote	wrote
760	para 2 line 5	read-team	red-team
763	para 2 line 6	he could	it could
763	para 2 line 8	somplex	complex
763	para 2 line 12	when happens	when that happens
765	para 3 line 1	is by Greg	is Greg
769	third epigram	They that can give up	Those that would give up
770	para 3 line 11	thr ROC	the ROC
770	para 4 line 2	though	through
773	para 2 line 6	psychonalysis	psychoanalysis
776	para 1 line 18	Democract	Democrat
778	para 4 line 11	or example	for example
785	para 2 line 5	time they	time
788	para 1 line 3	perverse incentive	perverse incentives
789	para 2 line 2	is a also	is also a
792	para 3 line 15	was of the	was one of the
795	para 3 line 11	TSL	TLS
797	para 2 line 5	issue, over	issue over
799	para 2 line 8	that that	than that
801	para 3 line 5	watch TV	to watch TV
805	para 2 line 9	of people	on people
805	para 4 line 3	dependability Recall	dependability. Recall
806	para 2	whole paragraph	should be indented
812	para 1 line 13	offenders of registers	registers of offenders
814	para 1 line 2	compilations	compilation
814	para 2 line 2	Reports	Reporters
814	para 2 line 5	ipen	open
832	para 2 line 2	of something	if something
837	para 3 line 2	first Tuesday	second Tuesday
847	line 2 of text	pos-Enron	post-Enron
871	para 2 line 1	that are done	done
872	para 2 line 4	goal of was	goal was
877	para 4 line 3	boo	boot
877	para 6 line 1	must have involved	must have been involved
879	para 4 line 5	bankes'	bankers'
883	para 3 line 3	many	may
884	para 5 line 3	OpenBSD	FreeBSD
885	para 2 line 8	Chapter 22	Chapter 25
889	para 4 line 9	techincal	technical
897	ref 52	Protocols	Security Protocols
906	ref 169	E Biham, A Biryukov	E Biham, A Biryukov, A Shamir
917	ref 316	Comer	Conner

Further errors have been introduced by the publishers when they translated the book into an ebook. For example, "decimalize" in the fourth line of section 10.4.1 was somehow changed into "decriminalize".

There are two minor errors of fact. At p 167 I say that the cipher Treyfer has no vulnerabilities that prevent its use in hash functions, not don't affect its use for confidentiality. However, Alex Biryukov and David Wagner published a slide attack at FSE99, reducing the keyspace from 64 bits to about 44 bits. Second, I say on page 837 that Patch Tuesday is the first Tuesday of every month, when in fact it's the second.

Thanks to Adam Atkinson, Alastair Beresford, Antonomasia, David Boddie, Kristof Boeynaems, Martin Brain, James Davenport, Orr Dinkelman, Dan Eble, Rasit Eskicioglu, Shailendra Fuloria, Dan Hasather, Bill Hey, Neil Jenkins, Nikolaos Karapanos, Hyoung Joong Kim, Patrick Koeberl, Simon Kramer, Jim Lippard, Stephan Neuhaus, Mark Oeltjenbruns, Alexandros Papadopoulos, Chris Pepper, Oscar Pereira, Raphael Phan, Matthew Slyman, Daniel Thomas, Daniel Wagner-Hall, Randall Walker, and Stuart Wray!

Return to the book's home page.