Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Applied Cryptography, 2nd Edition

Hemos posted more than 15 years ago | from the makin'-it-safe dept.

Encryption 29

Tal Cohen, author of a number of book reviews in his own right, has sent over a review of Bruce Schneier's Applied Cryptography, 2nd Edition. One of the best introductions to the field of cryptography this is a book well worth reading, even for those who simply want a better understanding of the potentials about cryptography, and what it's all about.

More than any other field in computer science, cryptography is associated with computer warfare. Recent international treaties define cryptographic algorithms as weapons, and the laws of many countries prohibit either the development, the usage, or the export of cryptographic algorithms. Yet while feared by governments, cryptography is one of the most fascinating -- and useful -- fields of algorithmics.

The whole point of cryptography is to solve problems. (Actually, that's the whole point of computers -- something many peopletend to forget.) Cryptography solves problems that involve secrecy, authentication, integrity, and dishonest people. You can learn all about cryptographic algorithms and techniques, but these are academic unless they can solve a problem.

Bruce Schneier's Applied Cryptography, in its second edition, is probably the best introduction to the field. Schneier is not merely an excellent technical writer, but also a researcherin the field; for example, he developed the public-domain Blowfish encryption algorithm. But unlike many works by other researchers, Schneier's work does not read like a dry paper for a scientific journal. His writing is very enjoyable (though the jokes are overdone at times) and his explanations are almost always lucid.

Breaking a plate is a good example of a one-way function. It is easy to smash a plate into a thousand tiny pieces. However, it's not easy to put all those tiny pieces back together into a plate. [...]

So, what good are one-way functions? We can't use them for encryption as is. A message encrypted with the one-way function isn't useful; no one could decrypt it. (Exercise: Write a message of a plate, smash the plate into bits, and then give the bits to a friend. Ask your friend to read the message. Observe how impressed he is with the one-way function.) For public-key cryptography, we need something else.

Generally, the book covers four main subjects: protocols, algorithms, source code (in C), and politics. As the title indicates, the book is intended to people who actually wish to apply cryptographic methods to their programs, and so the theoretical discussions and mostly at introductory level - sufficient to make you understand how an algorithm works and what are its benefits and potential weaknesses, but without elaborate mathematical proofs, for example.

Part I of the book, "Cryptographic Protocols", includes five chapters: building blocks, basic protocols (like key exchange and authentication), intermediate protocols (timestamping, fair coin flips, key escrew, etc.), advanced (zero-knowledge proofs, simultaneous contract signing, digital certified mail, etc.) and esoteric ones (like secure elections and anonymous message broadcast).

Part II, "Cryptographic Techniques", deals with such issues as key length, key management, and methods of employing algorithms. The longest section, Part III, spans 13 chapters -- "Cryptographic Algorithms". The algorithms covered include DES and its variants,Skipjack, Lucifer, LOKI, RC2, RC4, RC5 (that's the cow in your tray-bin!), IDEA Blowfish, RSA and many others. The greatest detail is given to the venerable old DES, but the information about other protocols (over 50 in all, including blockDES, but the information about other protocols (over 50 in all, including block ciphers, stream ciphers, random-sequence generators, one-way hash functions, public key algorithms, and more) is sufficiently detailed for you to decide which best suites your needs. And if you need more information, an outstandingl$ detailed list of over 1,600 references is included.

As in most texts about cryptography, protocols and algorithms are described using the merry cast of Alice (side A), Bob (side B), Eve the eavesdropper, Mallory the malicious attacker, and their other friends and foes. This makes descriptions much easier, since once you get used to these Dramatis Personae (which happens rather quickly), you immediately know who plays what role in each scene, without wasting time on repeated explanations. Schneier brings those characters to life in numerous examples of the pros and cons of various approaches.

Part IV, "The Real World", deals with two subjects: sample implementations in actual products, and politics, including history and legal issues. The history of cryptography is much longer than that of computer science: from secret codes to invisible inks, encoded messages were here for a very long time indeed. On the other hand, cracking cryptographic codes was among the earliest uses of computers, back in WWII (as anyone familiar with the story of Alan Turing knows).

One section in chapter 25 lists the import and export limitations on cryptography in different places around the globe. The most interesting entry is for my own country, Israel, which (according to Schneier) "has import restrictions, but no one seems to know what they are."

The final section, "Source Code", includes over 50 pages of sources in C for several algorithms: DES, LOKI91, IDEA, GOST, Blowfish, 3-Way, RC5, A5 and SEAL. It looks insane that a book with so many lines of source is not accompanied by a CD; but then you realize that what's insane is not the boo$ but export laws, which allow cryptographic algorithms to be distributed in prin$ -- but not on electronic media. Consider, for example, how Phil Zimmermann's PG$ was legally exported from the US to the rest of the world: the sources were printed in a one-copy book, which was mailed to Europe, scanned in and recompiled.

If you live in the States, you can order a set of 3 floppies directly from Schneier, with sources for most of the algorithms discussed in the book (and more).

Anyone cares to mail me a printout?

Purchase this book at Computer Literay and help Slashdot.

For more information about this book, see the sidebar of http://www.forum2.org/tal/books/crypto.html.

For additional book reviews, please visit http://www.forum2.org/tal/books.

Sorry! There are no comments related to the filter you selected.

The book is extremely good (0)

Anonymous Coward | more than 15 years ago | (#1983625)

Sorry I don't have time to write a longer comment
(haven't even read the review)
but I own this book, and read it from cover to cover, and would thoroughly recommend it to anyone with an interest in ComSci or Maths - it provides fantastic background and insight into the subject as well as hard examples of algorithms you're going to need if you want to produce a cryptographically strong system. First Rate. The guy knows his stuff, and can write extremely well too.

Eh? (0)

Anonymous Coward | more than 15 years ago | (#1983626)

What is with the $ signs replacing various letters?

Here here... (0)

Anonymous Coward | more than 15 years ago | (#1983627)

Applied Crypto (ed 2) is a very worthwhile read. Especially interesting in that it is legal to take the book from the US in print form, but if you order those floppies, they cannot be exported. Score 1 for US Government consistancy.

Students beware: (0)

Anonymous Coward | more than 15 years ago | (#1983628)

Some professors may consider this book cheating because it teaches so well. Our professor recommended to our class that we buy the book after our current cryptography course. I think he doesn't want the book to steal the limelight.

Tray-bin? (0)

Anonymous Coward | more than 15 years ago | (#1983629)

Since no once else pointed it out I will :)

This book has been out for years (0)

Anonymous Coward | more than 15 years ago | (#1983630)

No, we have a copy of the second edition from October 96. A great book, but hardly news.


Superb book (0)

Anonymous Coward | more than 15 years ago | (#1983631)

Concur 100% with reviewer. I read this book cover to cover, impressive considering my attention span. Makes a complicated subject very accessible.


"Me too" (0)

Anonymous Coward | more than 15 years ago | (#1983632)

My first real study of crypto was a readings course working through Applied Crypto v2 cover to
cover, and since then this has been my best crypto reference book.

Tray-bin? (0)

Anonymous Coward | more than 15 years ago | (#1983633)

check out www.distributed.net [distributed.net] for more info on the tray bin... It's a contest to beat RC5 at the moment.

yellow? (0)

Anonymous Coward | more than 15 years ago | (#1983634)

whoa... I think that's the first time I've seen yellow on /. :)

Certainly Not News Is Right! (0)

Anonymous Coward | more than 15 years ago | (#1983635)

I'm getting tired of these old books getting reviewed. Hell everyone has them its rather dull when there are so many interesting new ones out that I'd like to know more about.

It is great book but its like 3 years old. Not "news for nerds". More like news for rumplestillskin.

MS (0)

Anonymous Coward | more than 15 years ago | (#1983636)

It's their code.

Would you care to explain? (0)

Anonymous Coward | more than 15 years ago | (#1983637)

Okay, so you have. That's nice. I see it. And I see that I might find a cow in it...but...what's a "Tray-Bin"?

Is that something that comes with the RC5 client?

Definite classic (1)

Erbo (384) | more than 15 years ago | (#1983638)

I have the first edition of this book, and I felt it was really good...have been meaning to get the second edition for awhile, but haven't got around to it yet.

IMHO, some reasons why Schneier spends so much time dissecting DES are:

  1. It's one of the most popular crypto algorithms in the world, despite its mediocre key length (and 3DES can help that).
  2. It's really rather well designed for its day; it shows you the kind of skull sweat that goes into crypto algorithm design.
  3. As a result of (2), many of its design features are common to other algorithms, including many of the current AES candidates. Understanding this one can give you a handle on understanding a lot more of them.
I never took the crypto course in my CS curriculum in college, but this book made me wish I had.


Agreed (1)

Matthew Kirkwood (1344) | more than 15 years ago | (#1983639)

I got a copy last week and I'm very impressed. It's sometimes a little long-winded, and for its size, it's maybe a little short on the "Here is DES. This is how is works. This is why is works." that I was looking for, but it's definitely a very worthwhile book.

If anyone has the sources and is willing to become an international arms dealer, could they please email me? I'd rather not have to type in all that stuff.. :-)

The book is extremely good (1)

Necronom (2491) | more than 15 years ago | (#1983640)

More importantly, if you are a software or hardware engineer, this is a really good heads up to what the important issues are in encryption, authenticity, and idendity.

What? (1)

Nathan Cassano (3234) | more than 15 years ago | (#1983641)

This book has been out for a long time and there's nothing new in it. I'm waiting for the third edition myself.


Crypto links (1)

Ray Dassen (3291) | more than 15 years ago | (#1983643)

Just thought I'd mention these:

key escrew? (1)

foofboy (7823) | more than 15 years ago | (#1983644)

How about key escrew? :)

Eh? (1)

Delphis (11548) | more than 15 years ago | (#1983645)

Sounds like someone passed it through pico and it put it's lil dollar signs in for long lines. Surely you can work it out tho, yes ? :)

Agreed (1)

ge (12698) | more than 15 years ago | (#1983646)

The sources are available all over the Internet.

Cryptography 101 (1)

ge (12698) | more than 15 years ago | (#1983647)

I have to agree that Applied Cryptography is a very good book, but it does not contain everything there is to know about writing safe crypto applications. The "Handbook of Applied Cryptography" is a more thorough treatise. For more specific stuff look on www.counterpane.com, they've got a huge online literature list.

Got this one a while back... (1)

GOD_ALMIGHTY (17678) | more than 15 years ago | (#1983648)

It gets a little slow in places but was an exellent companion when I was learning the SSLeay libraries. Use this book in conjunction with a good sockets book and there is much fun to be had...

This book has been out for years (1)

Ted Nitz (18875) | more than 15 years ago | (#1983649)

The first edition was published years ago, I remember seeing it atleast 2 years back, this review was of the second edition, which is (I assume) new.

Echo the train (1)

lazerai (19005) | more than 15 years ago | (#1983650)

This is a solid book, and a definate must ahve for a foundation library. What I wondered was, does anyone familar with the subject have a reccomendation for books or resources on hybrid encryption schemes?

Thanks for the assist.


Here here... (1)

cowbutt (21077) | more than 15 years ago | (#1983651)

At least you can download the contents of the floppies from ftp.replay.com (Netherlands, .com TLD notwithstanding)

This book has been out for years (1)

for(;;); (21766) | more than 15 years ago | (#1983652)

Why choose now to review it? Maybe I'm just disappointed that there isn't a new edition out. Great book.

Nope (1)

for(;;); (21766) | more than 15 years ago | (#1983653)

I've got the second edition here on my desk, in paperback form. I purchased it while still in college (I graduated May'98, probably purchased the book about a year prior). The only copyright date on the inside is listed as 1996.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?