Applied Cryptography 1st. Ed. - Errata

(Errata for the blue edition, not the second edition with the red cover.)

Version 1.5.9 - June 15, 1994

This errata includes all errors I have found in the book,
including minor spelling and grammatical errors. Please
distribute this errata sheet to anyone else who owns a copy of
the book.

Page xvii: Third paragraph, first line: "Part IV" should be
"Part III".

Page xviii: "Xuija" should be "Xuejia". "Mark Markowitz" should
be "Mike Markowitz".

Page 1: First paragraph, fourth line: "receiver cannot
intercept" should be "intermediary cannot intercept".

Page 2: Third line: "Outside the historical chapter" should be
"Outside the Classical Cryptography chapter".

Page 3: Figure 1.2: "with key" should be "with one key".

Page 4: Eleventh line: Delete the sentence which begins: "In
instances where...."

Page 5: "Chosen-plaintext attack": "but they also choose the
encrypted plaintext" should be "but they choose the plaintexts to

Page 6: Sixth and seventh lines: "against symmetric" should be
"against a symmetric".

Page 8: Second paragraph, first line: "q code" should be "a

Page 10: Second paragraph, fifth line: Reference "[744]" should
be "[774]".

Page 11: Second paragraph: "The rotations of the rotors are a
Caesar Cipher" should be "Each rotor is an arbitrary permutation
of the alphabet".

Page 13: Third paragraph: Delete parenthetical remark. Fourth
paragraph, second line: "the key against" should be "the
ciphertext against". Fifth paragraph: "Shift the key" should be
"shift the ciphertext". And: "with text XORed with itself"
should be "with the plaintext XORed with itself shifted by the
key length."

Page 14: Third line: "to be any possible" should be "to
correspond to any possible".

Page 15: Section 1.3, first line: "Throughout this book use"
should be "Throughout this book I use".

Page 22: Step (4): "gives the title" should be "gives the title
and keys".

Page 25: "Attacks Against Protocols," first paragraph: "the
protocol iself" should be "the protocol itself".

Page 27: "One-Way Functions," second paragraph: "millions of
years to compute this function" should be "millions of years
to compute the reverse function." Fourth paragraph: "For
example, x^2" should be "For example, in a finite field x^2."

Page 28: Third paragraph, third and fourth sentences should be
"How to put mail in a mailbox is public knowledge. How to open
the mailbox is not public knowledge."

Page 29: Third paragraph: "If you only want" should be "If you
want only".

Page 30: Fourth line: "symmetric cryptosystems: by distributing
the key" should be "symmetric cryptosystems: distributing the

Page 30: "Attacks Against Public Key Cryptography," first
sentence: "In all these public-key digital signature protocols"
should be "In all these public-key protocols". Second
paragraph: "The obvious way to exchange" should be "The obvious
way to get". And: "The database also has to be protected from
access by anyone" should be "The database also has to be
protected from write access by anyone". Last paragraph:
"substitute a key of his choosing for Alice's" should be
"substitute a key of his own choosing for Bob's".

Page 30: Last line: "substitute that key for his own public
key" should be "substitute his own key for that public key".

Page 32: Ninth line: Delete the word "encrypted".

Page 34: "Signing Documents with..." First sentence: "too
inefficient to encrypt long documents" should be "too inefficient
to sign long documents".

Page 35: Step (4), second sentence should be: "He then, using
the digital signature algorithm, verifies the signed hash
with Alice's public key."

Page 36: Second line: "document encrypted with" should be
"document signed with". "Multiple Signatures," step (4): "Alice
or Bob sends" should be "Alice sends".

Page 38: Fifth paragraph: "V_X = E_X and that S_X = D_X" should
be "V_X = E_X and S_X = D_X".

Page 40: Third line: "computer can exist" should be "computer
can be". Second paragraph: Delete "should be runs of zeros and
the other half should be runs of ones; half the runs". At the
end of the sentence, add "The distribution of run lengths for
zeros and ones should be the same."

Page 41: Second paragraph: At the end of the paragraph, add:
"Cryptographically secure pseudo-random sequence generators
can only be compressed if you know the secret." Last paragraph
should be: "The output of a generator satisfying these three
properties will be good enough for a one-time pad, key
generation, and any other cryptographic features that require a
truly random sequence generator."

Page 44: Ninth line: "for Alice's" should be "for Bob's".

Page 46: "Key and Message Transmission": Second steps (1) and
(2) should be (5) and (6).

Page 49: Second line: "the user" should be "Alice". First
protocol, steps (1) and (3): "secret key" should be "private

Page 50: First step (3): "With Alice's public key" should be
"with "Alice's" public key."

Page 51: Step 5: "with what he received from Bob" should be
"with what he received from Alice".

Page 55: First step (2): At the end of the step, add: "He
sends both encrypted messages to Alice."

Page 58: Last line: "Alice, Bob, and Carol" should be "Alice,
Bob, Carol, and Dave".

Page 59: First line: "Alice, Bob, and Carol" should be "Alice,
Bob, Carol, and Dave". Second paragraph: "All Alice, Bob, and
Dave, combined, know" should be "All Alice, Bob, and Dave, each,

Page 63: Tenth line: "signed timestamp" should be "signed
timestamped hash". Step (3) is actually part of step (2), and
step (4) should be step (3).

Page 66: Second line from bottom: "identity" should be

Page 69: Last line: "tried to recover her private key" should
be "tries to recover Alice's private key".

Page 72: The second set of steps (1) and (2) should be step (3)
and step (4).

Page 73: "Bit Commitment Using One-Way Functions": The general
class of one-way functions is suitable for this protocol, not
only one-way hash functions. Last paragraph: Second and third
sentences should be "Alice cannot cheat and find another message
(R_1,R_2',b'), such that H(R_1,R_2',b') = H(R_1,R_2,b). If Alice
didn't send Bob R_1, then she could change the value of both R_1
and R_2 and then the value of the bit."

Page 75: First paragraph after quotation: "over modem" should
be "over a modem".

Page 76: First paragraph of text, third sentence: "Additionally,
f(x) must produce even and odd numbers with equal probability"
should be "Additionally, Alice should ensure that the random
number x takes even and odd values with equal probability".
Fifth sentence: " For example, if f(x) produces even numbers 70%
of the time" should be "For example, if x takes even values 75%
of the time".

Page 77: "Flipping Coins into a Well," first line: "neither
party learns the result" should be "Alice and Bob don't learn the
result". Third line: parenthetical remark should be: "Alice in
the first two protocls and Bob in the last one".

Page 78: Step (1): "Alice, Bob, and Carol all generate" should
be "Alice, Bob, and Carol each generate".

Page 80: Second paragraph, second sentence. It should read: "A
general n-player poker protocol that eliminates the problem of
information leakage was developed in [228]."

Page 81: Last sentence: delete it.

Page 83: Fourth line: "five" should be "n", twice. Step (2):
"This message must" should be "These messages must". Second
sentence after protocol: "Neither the KDC" should be "Before
this surerendering, neither the KDC".

Page 87: Second sentence after protocol: "so that Bob" should
be "so that Victor". "Hamilton Cycles": "Alice" should be

Page 88: "Graph Isomorphism", second sentence: "Peggy knows
that two graphs, G_1 and G_2, are isomorphic" should be "Peggy
knows the isomorphism between two graphs, G_1 and G_2."

Page 90: Last paragraph: "step (3)" should be "step (4)".

Page 91: Second line: "step (3)" should be "step (4)".

Page 93: "Blind Signatures," first line: "An essential in all"
should be "An essential feature of all".

Page 98: First paragraph after protocol, fourth line: "to
determine the DES key with the other encrypted message" should be
"to determine the DES key that the other encrypted message was
encrypted in."

Page 115: "Protocol #2," third paragraph: "together determine
if f(a,b)" should be "together determine f(a,b)".

Page 121: Second paragraph: Delete the colon in the third line.
Step (11), sixth line: "a diferent identity string" should be "a
different selector string".

Page 131: Fifth paragraph: "each capable of checking 265
million keys" should be "each capable of checking 256 million

Page 133: Table 7.2: Third number in third column, "1.2308"
should be "0.2308".

Page 134: Table 7.3: "1027" should be "10^27".

Page 135: table 7.4: "Cost-per-Period of Breaking a 56-bit Key"
should be "Cost-per-Period of Breaking a Given Length Key".

Page 139: Indented paragraph: "could break the system" should
be "could break the system within one year".

Page 141: "Reduced Keyspaces," last sentence: "don't expect
your keys to stand up" should be "don't expect short keys to
stand up".

Page 148: Eighth line: "2^24" should be "2^32".

Page 156: Second paragraph: "blocks 5 through 10" should be
"blocks 5 through 12".

Page 157: Figure 8.2: "IO" should be "IV".

Page 158: Fifth line: "P_i" and "D_K" should be in italics.

Page 159: Figure 8.3: "IO" should be "IV".

Page 161: Figure 8.5: "Decrypt" should be "Encrypt".

Page 162: Figure 8.6: "Encipherment" diagram: Input should be
"p_i" instead of "b_i", and output should be "c_i" instead of
"p_i". "Decipherment" diagram: "Decrypt" should be "Encrypt".

Page 164: Figure 8.7: "IO" should be "IV".

Page 165: Last equation: There should be a "(P)" at the end of
that equation.

Page 167: Second paragraph, last line: "2^(2n-4)" should be

Page 168: Figure 8.8: This figure is wrong. The encryption
blocks in the second row should be off-centered from the
encryption blocks in the first and third row by half a block
length. The pads are half a block length.

Page 174: Middle of page: Equations should be:
k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2
k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3
k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4

Page 175: Last paragraph, second line: "acting as the output
function" should be "acting as the next-state function".

Page 177: Diffie's quote, second to last line: "proposal to
built" should be "proposal to build".

Page 178: Figure 8.20: In "Node 2", the subscripts should be
"D_2" and "E_3".

Page 190: Fourth paragraph, last line: "to determine M" should
be "to determine P".

Page 191: First paragraph: "3.5" should be "6.8" in fourth
line. "0.56" should be "0.15". "EBCDIC (Extended Binary-Coded
Decimal Interchange Code)" should be "BAUDOT". "0.30" should be
"0.76". "0.70" should be "0.24".

Page 193: Second sentence: "but does guarantee security if it's
high" should be "but does not guarantee security if it's high."

Page 197: Second paragraph, second sentence: "it has never been
proven that P = NP" should be "it has never been proven that P =
NP or that P <> NP". Third paragraph, fifth sentence: "Thus
SATISFIABILITY is the hardest problem in NP" should be "Thus,
there is no problem harder than SATISFIABILITY in NP".

Page 198: Fourth paragraph from bottom, second sentence: "If a
and b are positive and a is less than n, you can think of a as
the remainder of b when divided by n" should be "If a and b are
positive and b is less than n, you can think of b as the
remainder of a when divided by n".

Page 199: Middle of the page: In the sentence "Calculating the
power of a number modulo a number", "a" should not be italicized.
Fourth line from bottom: "expresses n as a sum" should be
"expresses x as a sum".

Page 201: First line of code: Remove "assuming x and y are >

Page 202: Ninth line: "The modular reduction" should be "the
modular inverse". Middle of the page: In the sentence "Now, how
do you go about finding the inverse of a modulo n?" "a" should be

Page 206: Legendre Symbol: "L(a,p) = 0 if a divides p" should
be "L(a,p) = 0 if a is divisible by p". "L(a,p) = -1 if a is a
nonresidue mod p" should be "L(a,p) = -1 if a is a
quadratic nonresidue mod p".

Page 207: "Jacobi Symbol," formula: Variable "h" should be "a".
Also, J(0,n) = 0.

Page 208: Thirteenth line: "If a = 1, then J(a/p) = 1" should be
"If a = 1, then J(a,p) = 1". Third line from the bottom: "for
each n from 0 to p-1" should be "for each n from 1 to p-1".

Page 209: Fourth paragraph: "If that value does not equal q"
should be "If that value does not equal 1".

Page 210: Fifth line: "age 21" should be "age 20".

Page 213: Second to last paragraph: "10^150" should be
"10^151", "one in log N" should be "one in ln N", and "would
still be 10^110 primes left over" should be "would still be
enough for 10^34 other universes".

Page 214: Solovay-Strassen, second sentence: "Jacobi function"
should be "Jacobi symbol". Last line: "n" should be "p". Lines
29, 30, and 31: "r" should be "a", and "gcd(p,r)" should be

Page 215: Lehman test, step 5: All three "(n-1)/2" should be

Page 217: There should be an open parenthesis in front of the
second "ln" in both exponents. Sixth paragraph: "Guassian"
should be "Gaussian".

Page 222: "Validation and Certification of DES Equipment," first
line: "As part of the standard, the DES NIST" should be "As part
of DES, NIST".

Page 223: Second to last paragraph, last line. Reference
"[472]" should be "[473]".

Page 225: Figure 10.2: L_i is taken from R_(i-1) before the
expansion permutation, not after. And "L_(i)-1" should be

Page 226: Third sentence: "bit 1 to bit 58, bit 2 to bit 50, bit
3 to bit 42, etc." should be "bit 58 to bit 1, bit 50 to bit 2,
bit 42 to bit 3, etc."

Page 227: Fourth line from bottom: "output positions that
correspond" should be "output positions correspond".

Page 228: Fourth paragraph, last line: "0 to 16" should be 0 to

Page 228: Fifth paragraph should read: "For example, assume
that the input to the sixth S-box (that is, bits 31 through 36 of
the XOR function) are 110010. The first and last bits combine to
form 10, which corresponds to row 2 of the sixth S-box. The
middle four bits combine to form 1001, which corresponds to
column 9 of the same S-box. The entry under row 2, column 9 of
S-box 6 is 0. (Remember, we count rows and columns from 0, and
not from 1.) The value 0000 is substituted for 110010.

Page 230: Fifth sentence: "bit 4 moves to bit 21, while bit 23
moves to bit 4" should be "bit 21 moves to bit 4, while bit 4
moves to bit 31". Second to last line: delete "The key shift is
a right shift".

Page 231: Table 10.9, sixth line: "80286" should be "80386".

Page 233: The second two weak keys should be:
1F1F 1F1F 0E0E 0E0E 00000000 FFFFFFFF
E0E0 E0E0 F1F1 F1F1 FFFFFFFF 00000000

Page 236: Fifth paragraph: "would never be low enough" should be
"would never be high enough".

Page 238: Next to last line before "Additional Results":
"NSA's" should be "IBM's".

Page 238: "Differential Cryptanalysis," third paragraph:
"(1/16)^2" should be "(14/64)^2".

Page 239: Figure 10.4: "14/16" should be "14/64".

Page 242: Table 10.14: In "XORs by additions" line, "2^39,2^3"
should be "2^39,2^31". In "Random" line, "2^21" should be"2^18-
2^20". In "Random permutations" line, "2^44-2^48" should

Page 245: Line 11" "8 bits is" should be "8 bits was".

Page 247: Section heading, "Cryptanalysis of the Madryga" should
be "Cryptanalysis of Madryga".

Page 250: The two functions should be:
S_0(a,b) = rotate left 2 bits ((a+b) mod 256)
S_1(a,b) = rotate left 2 bits ((a+b+1) mod 256)
Note the difference in parentheses.

Page 250: Figure 11.4: Note that a is broken up into four 8-bit
substrings, a_0, a_1, a_2, and a_3.

Page 251: Figure 11.6: The definitions for S_0 and S_1 are
incorrect ("Y = S_0" and "Y = S_1"). See corrections from
previous page. Also, "S1" should be "S_1".

Page 254: "REDOC III," second sentence: "64-bit" should be "80-
bit". "Security of REDOC III," second sentence: Delete
clause after comma: "even though it looks fairly weak."

Page 259: First line: "made the former algorithm slower" should
be "made Khafre slower".

Page 262: Figure 11.9: There is a line missing. It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Page 263: Table 11.1: The decryption key sub-blocks that are
Z_n^(m)-1 should be Z_n^((m)-1). Also, the second and third
column of decryption key sub-blocks in rounds 2 through 8 should
be switched.

Page 264: First line: "107.8 mm on a side" should be "107.8
square mm".

Page 265: Figure 11.10: There is a line missing. It should run
from the symbol where Z_5 is multiplied with the intermediate
result to the addition symbol directly to the right.

Pages 266-7: Since the publication of this book, MMB has been
broken. Do not use this algorithm.

Page 267: Sixth line from bottom: Reference should be "[256]".

Page 269: "Skipjack." First paragraph. Reference should be

Page 270: "Karn." Third paragraph. Last sentence: "append C_r
to C to produce" should be "append C_r to C_l to produce".

Page 270-1: "Luby-Rackoff." Step (4), equation should be:
"L_1 = L_0 XOR H(K_r,R_1)"
In step (6), equation should be:
"L_2 = L_1 XOR H(K_r,R_2)"

Page 271: Middle of the page: "(for example, MD2, MD5, Snefru"
should be "(for example, MD2, MD4, Snefru".

Page 272: Second to last line: "But it is be analyzed" should
be "but it is being analyzed".

Page 275: Second to last paragraph: "Using 1028 bits" should be
"using 1024 bits".

Page 277: First lines: The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)

Page 278: Second to last line: "greater than the largest number
in the sequence" should be "greater than the sum of all the
numbers in the sequence". The example on page 279 is also wrong.

Page 281: Third paragraph: The correct street address is "310 N
Mary Avenue" and the correct telephone number is "(408)

Page 283: Table 12.2: "PRIVATE KEY: d e^(-1)" should be
"PRIVATE KEY: d = e^(-1)".

Page 284: Fifth line should be:
"c = 1570 2756 2091 2276 2423 158".

Page 286: Third paragraph: "Eve gets Alice to sign y," "y"
should be italicized. Second to last line: "Eve wants to Alice
to" should be "Eve wants Alice to".

Page 287: Last line: Wiener's attack is misstated. If d is
less than one-quarter the length of the modulus, then the attack
can use e and n to find d quickly.

Page 288: The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 289: The correct street address is "310 N Mary Avenue" and
the correct telephone number is "(408) 735-5893".

Page 291: Fourth line: "factoring, and it" should be
"factoring. However, it". "Feige-Fiat-Shamir," second
paragraph: "all foreign nationals" should be "all foreign

Page 292: Fifth line: "sqrt(x/v)" should be "sqrt(1/v)".

Page 294: Second and third lines: "Bob" should be "Victor."

Page 295: First line: "t random integers fewer than n" should
be "t random numbers less than n".

Page 297: Last line: "when" should be "where".

Page 301: Middle of the page: Delete the sentence "Since the
math is all correct, they do this step."

Page 302: Fourth line from bottom: "a" should be in italics.

Page 303: "Authentication Protocol," step (1): Add "She sends x
to Victor."

Page 305: Third paragraph, parenthetical remark: "NIST claimed
that having DES meant that both that both the algorithm and the
standard were too confusing" should be "NIST claimed that having
DES mean both the algorithm and the standard was too confusing".

Page 306: Eighth line: "cryptographers' paranoia" should be

Page 307: "Description of the Algorithm": "p = a prime number
2^L bits long" should be "p = a prime number L bits long". "g =
h^((p-1)/q)" should be "g = h^((p-1)/q) mod p".

Page 309: Third line: "random k values and then precompute r
values" should be "random k-values and then precompute r-values".

Page 313: "Subliminal Channel in DSS": "see Section 16.7"
should be "see Section 16.6".

Page 314: Protocol, step (1): "when" should be "where".

Page 316: Third and fourth paragraphs: "k'" and "n'" should be
"k" and "n".

Page 318: "Other Public-Key Algorithms," third paragraph:
"methods for factorizing polynomials was invented" should be
"methods for factoring polynomials were invented".

Page 319: There should be a blank line before "discrete
logarithm:" and another before "factoring:". Fourth line from
the bottom: "depends more on the" should be "depends on more
than the".

Page 321: Third line: "when h" should be "where h".

Page 322: Second paragraph: "over 500 pairs of people" should
be "253 pairs of people".

Page 326: In the definition of h_i, "H_(i-1)" should be "h_(i-

Page 330: Definitions of FF, GG, HH, and II are wrong. These
are correct:
FF: "a = b + ((a + F(b,c,d) + M_j + t_i) <<< s)"
GG: "a = b + ((a + G(b,c,d) + M_j + t_i) <<< s)"
HH: "a = b + ((a + H(b,c,d) + M_j + t_i) <<< s)"
II: "a = b + ((a + I(b,c,d) + M_j + t_i) <<< s)"

Page 332: Round 4, second entry: "0x411aff97" should be

Page 335: Fifth line should be:
"K_t = CA62C1D6, for the fourth 20 operations".
Eleventh line: "represents a left shift" should be "represents a
circular left shift".

Page 336: "HAVAL," sixth line: "160, 92, 224" should be "160,
192, 224".

Page 339: "LOKI Single Block": In computation of Hi, drop final
"XOR M_i".

Page 340: "Modified Davies-Meyer": In computation of H_i, "M_i"
should be subscripted.

Page 342: "Tandem Davies-Meyer": In computation of W_i, "M_i"
should be subscripted.

Page 345: "Stream Cipher Mac", first line:" "A truly elegant
MDC" should be "A truly elegant MAC".

Page 347: Formula: "aX_(n1)" should be "aX_(n-1)". Second
paragraph: "(For example, m should be chosen to be a prime
number.)" should be "(For example, b and m should be relatively

Page 351: Second line of text: "they hold current" should be
"they hold the current".

Page 353: Third line: ">> 7" should be ">> 31". Fourth line:
">> 5" should be ">> 6". Fifth line: ">> 3" should be ">> 4".
Eighth line: "(ShiftRegister)" should be "(ShiftRegister))".
Tenth line: "< 31" should be "<< 31". Second paragraph: "are
often used from stream-cipher" should be "are often used for

Page 356: Source code: "ShiftRegister = (ShiftRegister ^ (mask
>> 1))" should be "ShiftRegister = ((ShiftRegister ^ mask) >>

Page 360: Equation should not be "l(2^1-1)^(n-1)", but "l(2^l-
1)^(n-1)". (A letter, not a number.)

Page 362: Figure 15.10: "LFSR-B" should be "LFSR-A" and vice
versa. The second "a(t+n-1)" should be "a(t+n-2)", and the
second "b(t+n-1)" should be "b(t+n-2)".

Page 363: Fourth paragraph: "cellular automaton, such as an
CSPRNG" should be "cellular automaton as a CSPRNG".

Page 365: "Blum-Micali Generator." In the equation, "x_i"
should be an exponent of a, not a subscript.

Page 367: Sixth paragraph: "Ingmar" should be "Ingemar".

Page 370: "Using "Random Noise." Second paragraph, last line:
"output 2 as the event" should be "output 0 as the event".

Page 371: Sixth line: "access/modify times of/dev/tty" should
be "access/modify times of /dev/tty".

Page 371: "Biases and Correlations," third line: "but there
many types" should be "but there are many types".

Page 374: "Generating Random Permutations." Note that the
obvious way of shuffling, using random (n-1) instead of random
(i) so that every position is swapped with a random position,
does not give a random distribution.

Page 376: Seventh line: "send a message, M" should be "send a
message, P".

Page 380: Step (4): "K(R_B)" should be "K(R_A)".

Page 383 and 386: "LaGrange" should be "Lagrange".

Page 391: Second protocol, step (1): "in his implementation of
DES" should be "in his implementation of DSS". Next sentence:
"such that r is either q quadratic" should be "such that r is
either a quadratic".

Page 401: Second to last line: "and x is randomly chosen"
should be "and x is secret".

Page 402: Step (1): "when all values of r are" should be "where
all r_i are". Step (2): "for all values of r" should be "for
all values of i". Step (4): "when j is the lowest value of i
for which b_i = 1" should be "when j is the lowest value for
which b_j = 1". Line 18: "2^t" should be "2^(-t)".

Page 406: Step (5): "i<j" should be i>j".

Page 409: Third paragraph: "measuring them destroys" should be
"measuring it destroys". Fifth paragraph: "it has no
probability" should be "it has zero probability".

Page 410: Third line from bottom: "British Telcom" should be
"British Telecom".

Page 417: Last paragraph: "Kerberos is a service Kerberos on
the network" should be "Kerberos is a service on the network".

Page 421: Figure 17.2: In the top message "C" should be lower

Page 428: "Privacy Enhanced Mail": First line: "adapted by the
Internet" should be "adopted by the Internet".

Page 435: "RIPEM": "Mark Riorden" should be "Mark Riordan".

Page 436: "Pretty Good Privacy," third paragraph: Delete fourth
sentence: "After verifying the signature...."

Page 436: Pretty Good Privacy is not in the public domain. It
is copyrighted by Philip Zimmermann and available for free under
the "Copyleft" General Public License from the Free Software

Page 437: Fifth line: Delete "assess your own trust level".
"Clipper," second paragraph: reference should be
"[473]". Fourth paragraph: references should be

Page 438: Middle of page: reference should be "[654]".
"Capstone," first paragraph: reference should be "[655]".

Page 445: The IACR is not the "International Association of
Cryptographic Research," but the "International Association for
Cryptologic Research." This is also wrong in the table of
contents and the index.

Source Code: The decrement operator, "--", was inadvertently
typesetted as an m-dash, "-". This error is on pages 496, 510,
511, 523, 527, 528, 540, and 541. There may be other places as

Page 472: Third line: "2, 18, 11" should be "22, 18, 11".
Eighteenth line: "for( i = 0; i<<16; i++ )" should be "for( i =
0; i<16; i++ )".

Page 473: Function "cpkey(into)". "while (from endp)" should be
"while (from < endp)".

Page 478: Fourth line: "leftt > 4" should be "leftt >> 4".
Seventh line: "leftt > 16" should be "leftt >> 16". Twentieth
line: "leftt > 31" should be "leftt >> 31".

Page 508: Line 8: "union U_INTseed" should be "union U_INT

Page 531: "for( i = 0; i<; i++ )" should be "for( i = 0; i<2;
i++ )".

Page 558: "#defineBOOLEAN int" should be "#define BOOLEAN int",
"#defineFALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 564: "#define BOOLEANint" should be "#define BOOLEAN int",
"#define FALSE0" should be "#define FALSE 0", and
"#defineTRUE(1==1)" should be "#define TRUE (1==1)".

Page 569: "rand() > 11" should be "rand() >> 11".

Page 569: In "G13.H", "#define G13int" should be "#define G13

Page 571: Reference [14: "Hopcraft" should be "Hopcroft".

Page 572: Reference [45]: "Haglen" should be "Hagelin".

Page 576: References [136] and [137]: "Branstead" should be

Page 576: Reference [148]: The authors should be G. Brassard,
C. Crepeau, and J.-M. Robert.

Page 578: Reference [184] "Proof that DES Is Not a Group"
should be "DES Is Not a Group." The correct page numbers are

Page 582: Reference [286]: The article appeared CRYPTO '89

Page 589: Reference [475]: The publisher should be E.S. Mittler
und Sohn, and the publication date should be 1863.

Page 601: References [835] and [836]: "Branstead" should be

Page 602: Reference [842]: "Solvay" should be "Solovay".

Page 603: Reference [878]: "Weiner" should be "Wiener."

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc..