Blog in the Category "Applied Cryptography"

Page 1 of 2

Order Signed Copies

You can order signed hardcover copies of Applied Cryptography for $64 shipped to U.S. addresses, $100 to Canada, or $110 to the rest of the world. (Yes, buying the book from an online bookstore is cheaper—and you can always find me at a conference and ask me to sign it.)

Cover of Applied Cryptography

Order Applied Cryptography

US (US$64.00 shipped)Canada ($100.00 shipped)anywhere else (US$110.00 shipped)
Would you like the book:
just signed signed to:

More signed books for sale: We Have Root…

Source Code

This is the source code that accompanies Applied Cryptography, Second Edition, plus additional material from public sources. The source code here has been collected from a variety of places. Some code will not run on some machines. Use it as you see fit, but be aware of any copyright notices on the individual files.

The source code CD-ROM that I used to offer is obsolete and no longer available, but you can download everything here.

All the source code files in a single 20MB zip file

Author : Pate Williams
Date : 1996
Description: 3-WAY algorithm…

Praise for Applied Cryptography

“…the best introduction to cryptography I’ve ever seen…. The book the National Security Agency wanted never to be published….”

—Wired Magazine

“…monumental…the definitive work on cryptography for computer programmers…”

—Dr. Dobb’s Journal

“…easily ranks as one of the most authorative in its field.”

—PC Magazine

“…the bible of code hackers.”

—The Millennium Whole Earth Catalog

“…the definitive text on the subject….”

—Software Development Magazine

“…good reading for anyone interested in cryptography.”


“This book should be on the shelf of any computer professional involved in the use or implementaion of cryptography.”…

French Editions

Cover of the French Second Edition of Applied Cryptography
Second Edition
Éditeur : Vuibert
Format : Broché – 846 pages
ISBN: 2711786765

Cover of the French First Edition of Applied Cryptography
First Edition
Éditeur : Vuibert
678 pages
ISBN: 2841800008

First Edition Errata

Note: this errata is for the first edition of Applied Cryptography (with the blue cover). For the second edition (red cover), see the Second Edition Errata instead.

Version 1.5.9
June 15, 1994

This errata includes all errors I have found in the book,
including minor spelling and grammatical errors.

Page xvii: Third paragraph, first line: “Part IV” should be “Part III”.

Page xviii: “Xuija” should be “Xuejia”. “Mark Markowitz” should be “Mike Markowitz”.

Page 1: First paragraph, fourth line: “receiver cannot intercept” should be “intermediary cannot intercept”…

Second Edition Errata

Version 3.0

April 5, 1998

This errata includes all the errors I’ve found in the second edition of Applied Cryptography, including minor spelling and grammatical errors.

Later printings of the second edition fix most of the errors on this list. All the 20th Anniversary hardcovers are corrected. For copies of the 2nd edition without the “20th Anniversary Edition” banner on the cover, the fifth and later printings are corrected.

To find out what printing you own, turn to page iv (it’s opposite the “Contents in Brief” page). The last line (under “Printed in the United States of America”) is a series of numbers, counting down. The lowest number is the printing. For instance, you have a fifth printing if your last line looks like:…


By Matt Blaze

One of the most dangerous aspects of cryptology (and, by extension, of this book), is that you can almost measure it. Knowledge of key lengths, factoring methods, and cryptanalytic techniques make it possible to estimate (in the absence of a real theory of cipher design) the “work factor” required to break a particular cipher. It’s all too tempting to misuse these estimates as if they were overall security metrics for the systems in which they are used. The real world offers the attacker a richer menu of options than mere cryptanalysis; often more worrisome are protocol attacks, Trojan horses, viruses, electromagnetic monitoring, physical compromise, blackmail and intimidation of key holders, operating system bugs, application program bugs, hardware bugs, user errors, physical eavesdropping, social engineering, and dumpster diving, to name just a few. High quality ciphers and protocols are important tools, but by themselves make poor substitutes for realistic, critical thinking about what is actually being protected and how various defenses might fail (attackers, after all, rarely restrict themselves to the clean, well-defined threat models of the academic world). Ross Anderson gives examples of cryptographically strong systems (in the banking industry) that fail when exposed to the threats of the real world [43,44]. Even when the attacker has access only to ciphertext, seemingly minor breaches in other parts of the system can leak enough information to render good cryptosystems useless. The allies in World War II broke the German Enigma traffic largely by carefully exploiting operator errors [1587]…

Sidebar photo of Bruce Schneier by Joe MacInnis.