Forgot your password?
typodupeerror
Encryption Books Media Security Book Reviews

Practical Cryptography 140

Posted by timothy
from the below-the-subtext dept.
jpetts writes "If you have an interest in cryptography and spend even a small amount of time looking at the subject on the Internet, you will almost certainly have come across the name Bruce Schneier. His book, Applied Cryptography is widely regarded as the most accessible, and one of the most important books on cryptographic algorithms ever published. Schneier has also published other books, including the less technical Secrets and Lies, an thought-provoking book aimed at getting people to think about the whole of the security landscape, not just cryptography. Now, together with Niels Ferguson, renowned cryptographic expert, and longtime collaborator, another immensely valuable book on security has just appeared." Read on for the rest of jpetts' review.
Practical Cryptography
author Neils Ferguson and Bruce Schneier
pages xx + 410
publisher Wiley
rating 10/10
reviewer James Petts
ISBN 0471223573
summary Pure Hands-On Cryptographic Gold; invaluable guide for cryptographers.

Schneier is one of the world's foremost experts, not just on cryptography, but also on security. It was as he delved deeper into the security of cryptographic systems that he realised that even though - theoretically at least - cryptography could be made arbitrarily secure, this was one of the more tractable problems in the security puzzle. For this reason, his company, Counterpane repositioned itself as a managed security company, rather than continuing to focus solely on cryptography. This transition was also reflected in his publication of Secrets and Lies (SL), which is very different in tone and focus from Applied Cryptography (AC). So where does Practical Cryptography (PC) fit in, and what does it offer? For me, the answer is that it lies pretty much squarely in the middle of the line reaching from AC to SL.

There is no shortage of products in the cryptography arena, but the vast majority of these attract undisguised scorn from professional cryptographers (at least those who can be bothered to comment on them), and although I am only an amateur in this field, I take it as axiomatic that only peer-reviewed cryptosystems (algorithms, protocols, etc) which have stood the test of time are worth taking even a preliminary peek at. This includes many that are described in AC. However, One of the problems with AC, openly acknowledged by the author, is that it contains essentially no implementation details. Furthermore, the cryptographic field has moved on since its publication, most notably with the adoption of Rijndael as the Advanced Encryption Standard, now a mandated Federal Information Processing Standard.

The source code to AC has been available from pretty much the moment of the book's publication, but one of the problems which faced a would-be cryptographic coder, is how to produce a working cryptographic product based on the routines that one could lay one's hands on. Merely incorporating the source code in a program does not a cryptosystem make: as Schneier points out cryptography is hard. And this is where this new book is invaluable: it tells you in great detail how hard it is, what the hardest parts are, and how you can maximise the return on the effort you may invest in developing cryptographic software.

The book pulls no punches, and does not gloss over any issues relating to implementing cryptographic systems. It deals with all the major components of a practical cryptosystem: the book's major sections are titled Message Security, Key Negotiation, Key Management and Miscellaneous.

Within each of these sections there are several chapters, covering virtually all the salient points imaginable, right down to the fundamentals. For example, the first chapter of the Key Management section deals with the clock. It explains from first principles the need for a clock: "At first glance, [a clock] is a decidedly un-cryptographic primitive, but because the current time is often used in cryptographic systems, we need a reliable clock." It is this sort of attention to particular implementation details that turns PC from a mere recipe book into an invaluable reference and a true cookbook.

Another invaluable feature is the generous use of pseudocode snippets, not only for algorithmic details, such as MACs and block cyphers, but also for higher-level operations like sending and receiving messages.

Ferguson and Schneier are refreshingly frank, too. Where they believe strongly in something, they let you know it. For example, the first paragraph of chapter 23, Standards, contains the statement that "[s]ecurity standards rarely work," while the authors go even further when dealing with X.509 certificates, stating on p.339, "[w]hatever you do, stay away from X.509 certificates. If you need a reason, read [40] and weep". This candour is refreshing, especially when juxtaposed with the weasel words that so many consultants and software vendors seem to rely on. However, this advice is not just given in curmudgeonly fashion, and when the authors discuss the matter of X.509 in a different context, they add, humorously, "[i]f you must use X.509, you have out condolences."

I am tempted to continue to analyse the book at great length, but to save space I will just highlight some further jewels from this work:

  • Implementation issues such as swap files, language-specific memory handling behaviour, caches, etc. are covered in enough detail for you to understand how to do things, and more importantly, how not to do things.
  • Randomness, pseudo-randomness and entropy are covered in enough depth for an implementor to avoid pitfalls, and pseudocode examples are given.
  • Mathematical topics such as prime numbers, groups and large integer arithmetic are described in excellent detail.
  • PKI, its promise, and failure are covered with wit and wisdom.
As you can probably guess from the above description, I believe that the real value of this book lies in the fact that two renowned experts, in both theory and practice, are sharing what works, and more importantly what you should avoid like the plague when working with cryptosystems. This information has until now generally only been available by listening to people like Schneier and Ferguson talk, either one-to-one or at conferences. Even then, the authors point out that even talking to "experts" is not without danger: chapter 25 begins "There is something strange about cryptography: everybody thinks they know enough about it to design and build their own system. We never ask a second-year physics student to design a nuclear power plant. We wouldn't let a trainee nurse who claims to have found a revolutionary method for heart surgery operate on us. Yet people who have read a book or two think they can design their own cryptographic system. Worse still, they are sometimes able to convince management, venture capitalists, and even some customers that their design is the neatest thing since sliced bread." Given this statement, some people might claim that this book is a little hubristic, but I disagree. Paranoia, self evaluation and a healthy scepticism are pre-requisites for assessing, deploying and implementing cryptosystems, but since a sine qua non of reliable crypto is open examination and peer evaluation, I believe that the authors are here simply offering advice, which once you understand more about the issues surrounding crypto, is merely common sense. Schneier and Ferguson have both "earned their bones" in the glaring light of crypto, and this book admirably fills an obvious gap in the literature of the field. There is not, to my knowledge, another book like it on the subject, and had it been published at around the same time as AC, I am sure that it would have been regarded by the NSA as even more dangerous than that book. After all, it is frighteningly easy for the uninformed to take good cryptographic algorithms and protocols, and through ignorance turn them into worse-than-useless crypto products.

Is there anything I didn't like about the book? Frankly, no. Some might complain that it is priced too high (it lists at USD50 for the softcover, and USD70 for the hardcover), but it is printed on acid-free paper, and the density of useful advice is such that it outstrips in value many works which cost half the price or less.

If you are interested in crypto, do yourself a favour: buy this book.


You can purchase Practical Cryptography from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

This discussion has been archived. No new comments can be posted.

Practical Cryptography

Comments Filter:
  • DMCA (Score:5, Insightful)

    by ih8apple (607271) on Tuesday April 22, 2003 @12:03PM (#5781636)
    Isn't this review a violation of the DMCA?


    I'm not joking...if you take the wording of the law literally?
    • Re:DMCA (Score:5, Funny)

      by ShadowBottle (663193) on Tuesday April 22, 2003 @12:44PM (#5782003)
      OMG! He is going to get SO busted. Everybody got their lighters ready for a crypto-book burning session? Always remember, security comes after the wants and needs of the power-mad robber barons of the DMCA. NOOOBODY EXPECTS THE DMCA! Our Cheif Weapon is Ignorance, Ignorance and fear.. no no no our TWO cheif weapons are ignorance, fear and a ruthless abandon from the ways of free thought.. no no no our THREE cheif weapons are ignorance, fear, a ruthless abandondon of free though and ignorance again.. yes.. OUR FOUR CHEIF WEAPONS ARE... Fear that which you cannot understand. ( C; And yeah.. /. is going to get nailed for providing information about where to get information on information that involves circuitous ways of securing information. Fscking rat bastards. May they all burn in hell... securely. ( C: ShadowBottle
    • by Tom7 (102298)
      No. What possibly could be a violation? He's *describing* a book that *describes* encryption algorithms. The DMCA bans *devices* that *circumvent* *technologies* that *control access* to *copyrighted works*. Encryption algorithms don't usually control access, and there's no copyrighted work here (aside from the book itself and the review), discussions and pseudocode don't constitute devices, and there's no circumvention.

      Do yourself a favor and read the DMCA. http://www4.law.cornell.edu/uscode/17/1201.html
      I
      • Re:DMCA (Score:1, Insightful)

        by Anonymous Coward
        Encryption algorithms don't usually control access

        Considering that the only reason to use an encryption algorithm is to control access to a message, I have to say you don't have a clue what you're talking about. Not only that, your humor detection circuit seems to be on the fritz.
        • Humor detection? The original post said "I'm not joking".

          Considering that the only reason to use an encryption algorithm is to control access to a message

          I don't even know what to type here. I'm stunned, frankly.
        • by Tom7 (102298)
          > > Encryption algorithms don't usually control access
          >
          > Considering that the only reason to use an encryption algorithm is to control access to a message, I have to say you don't
          > have a clue what you're talking about. Not only that, your humor detection circuit seems to be on the fritz.

          "Technological measure that controls access to a work" is defined in the DMCA. They are not talking about the english word "control" or "access," though the meaning is similar. Read the law if you want to un
    • by Sloppy (14984)
      No, the algorithms have significant other uses, besides bypassing tech measures that limit access to copyrighted works, without authorization.

      (And so will DeCSS, if people start using CSS as an alternative to Rot-13ing their Usenet postings. ;-)

  • FP (Score:5, Informative)

    by jpetts (208163) on Tuesday April 22, 2003 @12:04PM (#5781645)
    It's probably bad form to be FPer to one's own review, but just to let you know there is an oopsie in my review concerning experts. A paragraph got lost (my fault). Schneier and Ferguson start their chapter with the warning about self-proclaimed experts I mention, but they realldo do recommend using experts: just be careful that they really ARE experts, not flim-flam artists.
    • Re:FP (Score:5, Funny)

      by B3ryllium (571199) on Tuesday April 22, 2003 @12:13PM (#5781721) Homepage
      Whenever I'm contracted as a security expert, I *always* highly recommend ROT13.

      I'm looking into this thing called a "caesar cipher", but it's slow going. I think it needs to be applied 13 times before the data is sufficiently encrypted.
      • Re:FP (Score:3, Funny)

        by Bingo Foo (179380)
        I'm looking into this thing called a "caesar cipher"

        Beware: it comes undone on March 15.

      • by Anonymous Coward
        I think it needs to be applied 13 times before the data is sufficiently encrypted.

        Applying it 26 times has to be twice as good. Has to be!
    • by Anonymous Coward
      So you get 3 karma points for submitting an article and THEN in the comments section you add something you "forgot" to include in your review and get modded up +5. How can I get in on this scam?
    • by Anonymous Coward
      Has Slashdot considered adding a little about the credentials of book reviewers, especially on more technical topics?

      I am not in any way passing judgement on "jpetts" here. He, or she, is quite articulate, but could be anywhere from an expert with years of experience to someone who's "read a book or two" and talks a very good game.

      Generally I try to assess a writer by coherence and consistency when I don't know the subject material myself. But that only gets one so far - and I usually spot some discrepanc
  • good companion to ac (Score:2, Informative)

    by Horny Smurf (590916)
    For those of you (including myself) who were expecting an updated version of the Applied Cryptography, this book is NOT it. Based on the pre-publication blurbs here and there, I thought it may be a simple how-to book without too much theory. The book didn't turn out to be that sort of thing either.

    This book is, sort of an executive summary of Applied Cryptography (AC), with some updates. It touches upon the insights that Scheneier mentioned in Secret and Lies (like crypto is the easy part and that won't s

  • by TopShelf (92521) on Tuesday April 22, 2003 @12:05PM (#5781652) Homepage Journal
    Jakb sdf aksvbmk aklsdfj alksjd SjkczLzeq adjskf sdkimz zoikjp ead!
  • by burgburgburg (574866) <splisken06 @ e m a i l . com> on Tuesday April 22, 2003 @12:06PM (#5781666)
    All of this is now officially illegal.
    Cryptography supports terrorism.
    Reading about implementing cryptography supports terrorism.
    Reading reviews about books about implementing cryptography supports terrorism.

    Now turn off the computer, stand over there in the corner and we'll be by to pick you up in a little while. And remember, running supports terrorism.

  • Practical vs Applied (Score:5, Interesting)

    by Blaine Hilton (626259) on Tuesday April 22, 2003 @12:08PM (#5781675) Homepage
    I'm glad to see a book on practical cryptography. I like reading about the theory behind how things work, but on the job when I'm working on websites and such I need a reliable way to protect sensitive information and not a bunch of words from theorists.

    Hopefully this helps the good guys more then the bad ones though...

    Go calculate [webcalc.net] something.

    • Schneir is actually releasing a followup to AC centered around actually using crypto in everyday applications.

      He mentioned it in this month Cryptogram.
    • by Anonymous Coward on Tuesday April 22, 2003 @12:45PM (#5782023)
      I'm sorry, but it is attitudes (and books) like these that give rise to the woeful state of affairs that have existed in "practical cryptography" over the years. Schneier's book, while certainly well-meaning, has promoted the idea that you don't need to understand formal notions of security to be a serious cryptographer. It is hard to overestimate the damage that this idea (and this) book have caused.

      Currently, the only way to argue that a cryptosystem is secure is by reducing its security to that a well-studied primitive, like factoring, DLP, even DES! (Of course, it is true that we don't currently know of any explicit intractable problems, but if you are going to use a cryptosystem handed to you on a platter, better to know that its security has an undeniable link to factoring than merely that some group of software engineers somewhere couldn't find a way to break it.)

      The point is that there is no "royal road" to cryptography. If you want to be a serious cryptographer, you need to get your hands dirty: understand what a reduction is, learn some complexity theory, learn some computational number theory. Of course, it is fine for end users or businesses to use prepackaged systems if they trust them. The dangerous road is the middle road, where we have "experts" who don't really understand the foundations of the subject.

      If you want a laugh, read the description of pseudorandomness in Schneier's book and cf. that of, say, Goldreich's.
      • I'm sorry, but it is attitudes (and books) like these that give rise to the woeful state of affairs that have existed in "practical cryptography" over the years. Schneier's book, while certainly well-meaning, has promoted the idea that you don't need to understand formal notions of security to be a serious cryptographer. It is hard to overestimate the damage that this idea (and this) book have caused.

        I find it astonishing that a book that has only been out a few weeks has caused much damage.

        Unless you a

      • Go read Schneier's web site and learn something. He has a section on how to become a cryptographer. He even gives a self study course in block cypher cryptanalysis [counterpane.com]. He asserts exactly what you do: to become a cryptographer you need to get your hands dirty. He has credentials though. You don't.

        These books are like popular science books such as A Brief History of Time, or Cosmos. They're not about making people an expert in a field, they're about helping the layman learn a little bit about a field.

      • Schneier's book, while certainly well-meaning, has promoted the idea that you don't need to understand formal notions of security to be a serious cryptographer.

        I'd like to see the AC expand upon this, since I'm not quite sure what he means. Given the typical short attention span of /. I'm going to make a guess on what he meant; and comment on that guess. If I have guessed wrong, please post a follow-up comment.

        Schneier himself has mentioned the problem with poor crypto system designs (and the self-taug
      • Perhaps you are referring to the "attitudes" of the person whose message you were responding to.

        After reading the review (I have not read the book being reviewed), I think your concerns are unfounded. Or better yet, your concerns are the reverse of the concerns of the book's authors. As I understand it, from reading the review, the authors are concerned that those who understand cryptography from a theoretical point of view -- that is, the "academics" -- would be the ones to create ineffective cryptosys

  • Applied Cryptography (Score:5, Interesting)

    by msheppard (150231) on Tuesday April 22, 2003 @12:12PM (#5781713) Homepage Journal
    I've always liked the tagline on the back of the Applied Cryptography book:
    "The Book the National Security Agency wanted never to be published..."

    M@

  • by (H)elix1 (231155) <slashdot.helix@nOSPaM.gmail.com> on Tuesday April 22, 2003 @12:13PM (#5781727) Homepage Journal
    Applied Cryptography is a must read. Few books invoke the proper fear and respect cryptology deserves, with example after example of why your l33t encryption should not be used for anything more valuable than your Slashdot UID. Great examples, solid code, lots of history... If this is even half the book Applied Cryptography was, get your checkbook ready.
    • by fermion (181285) on Tuesday April 22, 2003 @01:01PM (#5782167) Homepage Journal
      Let me add that though Applied Cryptography is a dauntingly dense book, one can get great benefit from the first hundred pages. The first section of the book develops background material and basic understanding of the issues. To use the authors' physics example, reading a first semester physics book will not teach you physics, but it will teach enough of the science to defend yourself against those who would abuse it.

      As the reviewers states, the algorithms have changed over the past several years, but it may be more important to remember that the basic issues have not. People are still trying to pass off obviously flawed protocols as good security measures.

    • If this is even half the book Applied Cryptography was, get your checkbook ready.

      I donno if the checkbook is a good idea. Probably unmarked bills, nonsequential. Mabey have your grandmother go out and buy it.
  • Too expensive? (Score:5, Insightful)

    by analog_line (465182) on Tuesday April 22, 2003 @12:17PM (#5781768)

    Is there anything I didn't like about the book? Frankly, no. Some might complain that it is priced too high (it lists at USD50 for the softcover, and USD70 for the hardcover), but it is printed on acid-free paper, and the density of useful advice is such that it outstrips in value many works which cost half the price or less.

    Taking a look at my paperback copy of Applied Cryptography, it's listed at $55, so I hardly consider that any more expensive. And I paid full cover price for this bugger, as opposed to getting it online for a song, like I should have.

    I don't think Applied Cryptography had a hardcover edition available, at least of the Second Edition. I certainly may consider picking that thing up. Hopefully it'll be able to stick together for awhile.

    And on another note, what isn't printed on acid-free paper these days? Aside from little paperback novels, etc. I thought that was all done away with.

    • I totally agree - AC2 was well worth the money. FWIW AC2 was available in hardcover - Amazon still sell it at an unpleasant 85USD!

    • Taking a look at my paperback copy of Applied Cryptography, it's listed at $55, so I hardly consider that any more expensive.

      Of course, if you compare it to Secrets and Lies, which was sent in duplicate for free to anyone who wanted it, $50-70 (or even $30 for the paperback at Bookpool) is a lot more expensive. But I guess mailing out tons of free books isn't a very good business model these days...

      • Secrets and Lies wasn't exactly a manual for information security. It was much more of a (sorely needed at the time, and still to a certain extent) book to evangelize the need for information security, and to try to explain to people not in the field why exactly it was so important. Personally, I didn't learn anything new about information security, but I did learn a lot of good ways to explain why it's so important to people who have no basis for understanding why. And I've loaned it out a lot, and it's
    • I have a Hard Cover copy of Applied Cryptography, 2e, so I can say, at least, that they do exist.
    • Re:Too expensive? (Score:3, Informative)

      by eric_ste (446052)
      HAC can be downloaded from here

      http://www.cacr.math.uwaterloo.ca/hac/

      and many other places.
  • by Ratphace (667701) on Tuesday April 22, 2003 @12:19PM (#5781794)
    ...you can look forward to your name being recorded with the FBI when you visit the local library to check this book out along with a copy of 'the catcher in the rye'
    • by jpetts (208163) on Tuesday April 22, 2003 @12:28PM (#5781857)
      you can look forward to your name being recorded with the FBI when you visit the local library to check this book out along with a copy of 'the catcher in the rye'

      Hmmm, maybe the PATRIOT Act is a ploy by authors to make sure we BUY their books (with cash, natch...), instead of checking 'em out from libraries...
  • by Prof.Phreak (584152) on Tuesday April 22, 2003 @12:22PM (#5781812) Homepage
    His book, Applied Cryptography is widely regarded as the most accessible, and one of the most important books on cryptographic algorithms ever published. "A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography" - Bruce Schneier (author of Applied Cryptography). Quote from Secrets & Lies.
    • A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography" - Bruce Schneier (author of Applied Cryptography). Quote from Secrets & Lies.
      I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually "Nothing; you're screwed." - Bruce Schneier
  • Accessible? (Score:5, Funny)

    by Bingo Foo (179380) on Tuesday April 22, 2003 @12:30PM (#5781871)
    Calling the book "accessible" is hardly a compliment for a book on crypography, isnt' it?

    I'd rather see a review like: "This book was so impenetrable that teams of scientists in academia and the NSA, working with the online computing grid will take many times the age of the universe to understand the first chapter alone."

  • by cperciva (102828) on Tuesday April 22, 2003 @12:32PM (#5781887) Homepage
    I'm really glad this is printed on acid-free paper. Because, you know, I'm really likely to be wanting to read this book fifty years from now.

    Before you worry about finding a storage medium which will survive for a long time, think about how long the information you're storing will be useful.
    • Well, RSA, one of the algorithms presented in this book is now about 20 years old and is still as, if not more, important today than it was 20 years ago. It's no 50 years but I bet we'll still be using RSA in another 10.
      • Depends on if Quantum Computers become practical in that timeframe. If they do, RSA (and a lot of other crypto algorithms) become useless.

        • Depends on if Quantum Computers become practical in that timeframe. If they do, RSA (and a lot of other crypto algorithms) become useless.

          Um, no.

          From the Crypto Mini-FAQ [mindspring.com]:

          Q: Will quantum computers make all this crypto obsolete?

          Not in our lifetimes. Quantum cryptography along a single fiber optic
          strand has been demonstrated, and claims to offer provable security
          in a certain narrow academic sense, like the one-time pad. But to be
          practical, it has to be combined with conventional cryptography, in
          which cas
  • by Anonymous Coward
    I wish that the bignum libraries were a little more straightforward. For example, lots of cryptographic algorithms involve enormous numbers like 1024 bit primes and so forth. But I think libcrypto's bn_* function family is something like 4000 lines of code, and GMP is enormous too. For secure applications, I want to be able to understand and audit the entire library, so I wish they were written for readability instead of speed or whatever they're currently going for. The encryption protocol is useless if th
    • Readability of such things often sacrifices speed. Ie: multiplication can be done in like maybe 7 or so lines of C, yet if you use FFT the code (& its speed) increases.

      A very good straight forward implementation of most basic algorithms (addition, subtraction, multiplication, division) can be found in BigInteger class in Java source code (one that comes with the SDK). Basically they took word-for-word what's in the Knuth's The Art of Computer Programming Vol. 2, and implemented it in Java.
    • I think it is somewhat unreasonable to expect a big number (BN) library to be completely transparent on a casual reading. Public key (BN) operations in software are very slow. The OpenSSL implementation uses every optimisation it can to speed up its BN operations, just like compiler writers do everything they can to optimize the compiler output.

      Did you write your own compiler? No, well have you read every line of gcc? Especially all of the complicated optimizer that makes the binary run faster? Even if yo

  • by ssimpson (133662) <slashdot&samsimpson,com> on Tuesday April 22, 2003 @12:39PM (#5781955) Homepage

    I can't comment on Practical Cryptography as Wiley haven't yet shipped my pre-ordered copy of the book, grumble.....

    BUT I can recommed 2 books that any person interested in implementing cryptography should have on their shelf:

    • Handbook of Applied Cryptography [amazon.com] by Menezes et al. Very much like Applied Cryptography 2nd Ed but far more rigorous.
    • Security Engineering [amazon.com] by Ross Andreson - an excellent treatment on why cryptographic and security systems fail in the real world.
  • by ralico (446325) on Tuesday April 22, 2003 @12:48PM (#5782055) Homepage Journal
    At the bottom of the X.509 certificates link [auckland.ac.nz]

    An engineer, a chemist, and a standards designer are stranded on a desert island with absolutely nothing on it. One of them finds a can of spam washed up by the waves.

    The engineer says "Taking the strength of the seams into account, we can calculate that bashing it against a rock with a given force will open it up without destroying the contents".

    The chemist says "Taking the type of metal the can is made of into account, we can calculate that further immersion in salt water will corrode it enough to allow it to be easily opened after a day".

    The standards designer gives the other two a condescending look, gazes into the middle distance, and begins "Assuming we have an electric can opener...".

  • by mattsucks (541950) on Tuesday April 22, 2003 @12:55PM (#5782109) Homepage
    A bit OT, but I've always thought it would be intersting to see a cryptology book released in electronic form .... encrypted. Kind of a "you must be at least this tall to ride this ride" kind of thing.
  • What about HAC? (Score:5, Informative)

    by mh_cryptonomicon (608940) on Tuesday April 22, 2003 @01:08PM (#5782217)

    Applied Crypto is certainly a quality, wide-ranging tome on crypto. For years though, there have been a couple very good books with more implementation details. The Handbook of Applied Crypto from Menezes, et al comes immediately to mind. Either of the two books by Neal Koblitz are excellent. I also like to recommend Decrypted Secrets from Bauer. The Handbook of Applied Crypto is available as a free download from the author's site:

    • Other than the Handbook of Applied Crypto, the rest offer no implementation details or practical advice.

      • I'm not sure I understand what you mean by "practical." I found all of them to have very good things to say about practical implementations. If you're just looking for source code, then no, they don't offer source code. If you're looking to implement a crypto algorithm for use in a real system, I wouldn't try to do it without them. The commentary at the end of each chapter in HAC is somewhat scattered and haphazard, Koblitz' books present a lot of this information in a structured way.
  • by staaktdenarbeid (620908) on Tuesday April 22, 2003 @01:15PM (#5782277)
    A classic for cryptographers is Handbook of Applied Cryptography [uwaterloo.ca] by Menzenes, Van Oorschot and Vanstone. Very accessible imho. You can even download it and read it completely before you buy it.
  • by c64cryptoboy (310001) on Tuesday April 22, 2003 @01:51PM (#5782627) Homepage Journal
    Check out reviews of LOTS of cryptography books here [youdzone.com] -- most with an associated set of prerequisite book reading, math, and computer language skills.
  • by roalt (534265) <[moc.tlaor] [ta] [gro.todhsals]> on Tuesday April 22, 2003 @01:58PM (#5782697) Homepage Journal
    One of the best (and accessible) books I've read about cryptology (from hieroglyphs to quantum computing) is The Code Book [amazon.com] by Simon Singh

    It's fun reading!

  • this book is an ok reference, but not on the actual algorithms. it is more about implementation, and is not too mathematical, which is why people like it.
  • Don't forget Double-ROT13
  • I guess when you're such a rabid fan, finding enough complements to pack into your review can be quite a challenge. As a result, one should expect the redundancies.

    "Invaluable" appears once in the summary and three more times in the review.

    And not only do we discover that "[t]he book pulls no punches", we later learn that "Ferguson and Schneier are refreshingly frank, too."

    I would hope that a book outstrips the value of those which cost half the price or less, so is this really a complement?

    Some

  • So is his much-hyped much-secret Fortuna pseudorandom number generator just another Yarrow implementation, an evolutionary step beyond Yarrow-160? He seems to not have any specs online...

    From the table of contents of the book, it looks like it could be just another member of the Yarrow family.

  • by seaan (184422) <seaanNO@SPAMconcentric.net> on Tuesday April 22, 2003 @06:30PM (#5785059)
    I've read about 1/3 of the book, and based upon that feel the book is worth recommending. Aside from the good points I'll mention below, my biggest problem with the book is lack of depth. I've been doing applied cryptography for over 15 years now, so I'm probably not the typical reader (I'm not a cryptographer in the formal sense, but I design protocols and use cryptographic constructs on a regular basis).

    The writing is clear and does a good job of presenting information, and doing that well for a dense subject like cryptography should not be underestimated. The book is strongly opinionated, and I think that is a strength since the authors try [and for the most part succeed] in explaining how those opinions were formed. The topics are fairly comprehensive, and the material seems to be well organized (from what I've read so far).

    For the knowledgeable, it is a bit disappointing. I did not expect to learn tons of new stuff, but was still disappointed at the depth. In many ways, the book was only a half-notch deeper than reading Schneier's Cryptogram essays, where perhaps I was hoping for something more like his papers. The good use of footnotes and references helps offset things a little.

    There were clearly areas where the authors were more interested in than others, often corresponding to previous work (CTR block-cipher mode, PRNG). Other areas were less inspired, for example in the MAC (message-authentication-code) chapter they offer the advice "Do not output any of the intermediate values." This sounds good at first glance, but it totally impractical except under special circumstances (if the MAC routine allows variable length messages, and almost all do, intermediate values can be calculated by simply feeding the parts of the message into the routine - thus this advice has no real world value).

    Another nitpick, is that I would have liked to see the various "rules" and advice formulated into check lists. That would have made the book much more valuable for crypto system designers, be they novice or expert.

    On the balance, I feel that the book is worthwhile to anyone interested in the subject of cryptography, or who has to use [or design, test] a system that has cryptography. It won't make you an expert (funny how some people still think reading a book could do this), but at least it raises an awareness of the types of problems that derail cryptographic systems designs. It is easy to read and informative.
  • It is Niels Ferguson, not Neils
  • if only the computer industry would adopt my scheme [slashdot.org]for data encoding, all this crypto stuff would become irrelevant.

A penny saved is a penny to squander. -- Ambrose Bierce

Working...