## Applied Cryptography 1st. Ed. - Errata

(Errata for the blue edition, not the second edition with the red cover.)

ERRATA

Version 1.5.9 - June 15, 1994

This errata includes all errors I have found in the book,

including minor spelling and grammatical errors. Please

distribute this errata sheet to anyone else who owns a copy of

the book.

Page xvii: Third paragraph, first line: "Part IV"
should be

"Part III".

Page xviii: "Xuija" should be "Xuejia".
"Mark Markowitz" should

be "Mike Markowitz".

Page 1: First paragraph, fourth line: "receiver cannot

intercept" should be "intermediary cannot
intercept".

Page 2: Third line: "Outside the historical chapter"
should be

"Outside the Classical Cryptography chapter".

Page 3: Figure 1.2: "with key" should be "with one
key".

Page 4: Eleventh line: Delete the sentence which begins: "In

instances where...."

Page 5: "Chosen-plaintext attack": "but they also
choose the

encrypted plaintext" should be "but they choose the
plaintexts to

encrypt".

Page 6: Sixth and seventh lines: "against symmetric"
should be

"against a symmetric".

Page 8: Second paragraph, first line: "q code" should
be "a

code".

Page 10: Second paragraph, fifth line: Reference
"[744]" should

be "[774]".

Page 11: Second paragraph: "The rotations of the rotors are
a

Caesar Cipher" should be "Each rotor is an arbitrary
permutation

of the alphabet".

Page 13: Third paragraph: Delete parenthetical remark. Fourth

paragraph, second line: "the key against" should be
"the

ciphertext against". Fifth paragraph: "Shift the
key" should be

"shift the ciphertext". And: "with text XORed with
itself"

should be "with the plaintext XORed with itself shifted by
the

key length."

Page 14: Third line: "to be any possible" should be
"to

correspond to any possible".

Page 15: Section 1.3, first line: "Throughout this book
use"

should be "Throughout this book I use".

Page 22: Step (4): "gives the title" should be
"gives the title

and keys".

Page 25: "Attacks Against Protocols," first paragraph:
"the

protocol iself" should be "the protocol itself".

Page 27: "One-Way Functions," second paragraph:
"millions of

years to compute this function" should be "millions of
years

to compute the reverse function." Fourth paragraph:
"For

example, x^2" should be "For example, in a finite field
x^2."

Page 28: Third paragraph, third and fourth sentences should be

"How to put mail in a mailbox is public knowledge. How to
open

the mailbox is not public knowledge."

Page 29: Third paragraph: "If you only want" should be
"If you

want only".

Page 30: Fourth line: "symmetric cryptosystems: by
distributing

the key" should be "symmetric cryptosystems:
distributing the

key".

Page 30: "Attacks Against Public Key Cryptography,"
first

sentence: "In all these public-key digital signature
protocols"

should be "In all these public-key protocols". Second

paragraph: "The obvious way to exchange" should be
"The obvious

way to get". And: "The database also has to be
protected from

access by anyone" should be "The database also has to
be

protected from write access by anyone". Last paragraph:

"substitute a key of his choosing for Alice's" should
be

"substitute a key of his own choosing for Bob's".

Page 30: Last line: "substitute that key for his own public

key" should be "substitute his own key for that public
key".

Page 32: Ninth line: Delete the word "encrypted".

Page 34: "Signing Documents with..." First sentence:
"too

inefficient to encrypt long documents" should be "too
inefficient

to sign long documents".

Page 35: Step (4), second sentence should be: "He then,
using

the digital signature algorithm, verifies the signed hash

with Alice's public key."

Page 36: Second line: "document encrypted with" should
be

"document signed with". "Multiple
Signatures," step (4): "Alice

or Bob sends" should be "Alice sends".

Page 38: Fifth paragraph: "V_X = E_X and that S_X =
D_X" should

be "V_X = E_X and S_X = D_X".

Page 40: Third line: "computer can exist" should be
"computer

can be". Second paragraph: Delete "should be runs of
zeros and

the other half should be runs of ones; half the runs". At
the

end of the sentence, add "The distribution of run lengths
for

zeros and ones should be the same."

Page 41: Second paragraph: At the end of the paragraph, add:

"Cryptographically secure pseudo-random sequence generators

can only be compressed if you know the secret." Last
paragraph

should be: "The output of a generator satisfying these three

properties will be good enough for a one-time pad, key

generation, and any other cryptographic features that require a

truly random sequence generator."

Page 44: Ninth line: "for Alice's" should be "for
Bob's".

Page 46: "Key and Message Transmission": Second steps
(1) and

(2) should be (5) and (6).

Page 49: Second line: "the user" should be
"Alice". First

protocol, steps (1) and (3): "secret key" should be
"private

key".

Page 50: First step (3): "With Alice's public key"
should be

"with "Alice's" public key."

Page 51: Step 5: "with what he received from Bob"
should be

"with what he received from Alice".

Page 55: First step (2): At the end of the step, add: "He

sends both encrypted messages to Alice."

Page 58: Last line: "Alice, Bob, and Carol" should be
"Alice,

Bob, Carol, and Dave".

Page 59: First line: "Alice, Bob, and Carol" should be
"Alice,

Bob, Carol, and Dave". Second paragraph: "All Alice,
Bob, and

Dave, combined, know" should be "All Alice, Bob, and
Dave, each,

know".

Page 63: Tenth line: "signed timestamp" should be
"signed

timestamped hash". Step (3) is actually part of step (2),
and

step (4) should be step (3).

Page 66: Second line from bottom: "identity" should be

"content".

Page 69: Last line: "tried to recover her private key"
should

be "tries to recover Alice's private key".

Page 72: The second set of steps (1) and (2) should be step (3)

and step (4).

Page 73: "Bit Commitment Using One-Way Functions": The
general

class of one-way functions is suitable for this protocol, not

only one-way hash functions. Last paragraph: Second and third

sentences should be "Alice cannot cheat and find another
message

(R_1,R_2',b'), such that H(R_1,R_2',b') = H(R_1,R_2,b). If Alice

didn't send Bob R_1, then she could change the value of both R_1

and R_2 and then the value of the bit."

Page 75: First paragraph after quotation: "over modem"
should

be "over a modem".

Page 76: First paragraph of text, third sentence:
"Additionally,

f(x) must produce even and odd numbers with equal
probability"

should be "Additionally, Alice should ensure that the random

number x takes even and odd values with equal probability".

Fifth sentence: " For example, if f(x) produces even numbers
70%

of the time" should be "For example, if x takes even
values 75%

of the time".

Page 77: "Flipping Coins into a Well," first line:
"neither

party learns the result" should be "Alice and Bob don't
learn the

result". Third line: parenthetical remark should be:
"Alice in

the first two protocls and Bob in the last one".

Page 78: Step (1): "Alice, Bob, and Carol all generate"
should

be "Alice, Bob, and Carol each generate".

Page 80: Second paragraph, second sentence. It should read:
"A

general n-player poker protocol that eliminates the problem of

information leakage was developed in [228]."

Page 81: Last sentence: delete it.

Page 83: Fourth line: "five" should be "n",
twice. Step (2):

"This message must" should be "These messages
must". Second

sentence after protocol: "Neither the KDC" should be
"Before

this surerendering, neither the KDC".

Page 87: Second sentence after protocol: "so that Bob"
should

be "so that Victor". "Hamilton Cycles":
"Alice" should be

"Peggy".

Page 88: "Graph Isomorphism", second sentence:
"Peggy knows

that two graphs, G_1 and G_2, are isomorphic" should be
"Peggy

knows the isomorphism between two graphs, G_1 and G_2."

Page 90: Last paragraph: "step (3)" should be
"step (4)".

Page 91: Second line: "step (3)" should be "step
(4)".

Page 93: "Blind Signatures," first line: "An
essential in all"

should be "An essential feature of all".

Page 98: First paragraph after protocol, fourth line: "to

determine the DES key with the other encrypted message"
should be

"to determine the DES key that the other encrypted message
was

encrypted in."

Page 115: "Protocol #2," third paragraph:
"together determine

if f(a,b)" should be "together determine f(a,b)".

Page 121: Second paragraph: Delete the colon in the third line.

Step (11), sixth line: "a diferent identity string"
should be "a

different selector string".

Page 131: Fifth paragraph: "each capable of checking 265

million keys" should be "each capable of checking 256
million

keys".

Page 133: Table 7.2: Third number in third column,
"1.2308"

should be "0.2308".

Page 134: Table 7.3: "1027" should be
"10^27".

Page 135: table 7.4: "Cost-per-Period of Breaking a 56-bit
Key"

should be "Cost-per-Period of Breaking a Given Length
Key".

Page 139: Indented paragraph: "could break the system"
should

be "could break the system within one year".

Page 141: "Reduced Keyspaces," last sentence:
"don't expect

your keys to stand up" should be "don't expect short
keys to

stand up".

Page 148: Eighth line: "2^24" should be
"2^32".

Page 156: Second paragraph: "blocks 5 through 10"
should be

"blocks 5 through 12".

Page 157: Figure 8.2: "IO" should be "IV".

Page 158: Fifth line: "P_i" and "D_K" should
be in italics.

Page 159: Figure 8.3: "IO" should be "IV".

Page 161: Figure 8.5: "Decrypt" should be
"Encrypt".

Page 162: Figure 8.6: "Encipherment" diagram: Input
should be

"p_i" instead of "b_i", and output should be
"c_i" instead of

"p_i". "Decipherment" diagram:
"Decrypt" should be "Encrypt".

Page 164: Figure 8.7: "IO" should be "IV".

Page 165: Last equation: There should be a "(P)" at the
end of

that equation.

Page 167: Second paragraph, last line: "2^(2n-4)"
should be

"2^(2n-14)".

Page 168: Figure 8.8: This figure is wrong. The encryption

blocks in the second row should be off-centered from the

encryption blocks in the first and third row by half a block

length. The pads are half a block length.

Page 174: Middle of page: Equations should be:

k_2 = c'_2 XOR p', and then p_2 = c_2 XOR k_2

k_3 = c'_3 XOR p_2, and then p_3 = c_3 XOR k_3

k_4 = c'_4 XOR p_3, and then p_4 = c_4 XOR k_4

Page 175: Last paragraph, second line: "acting as the output

function" should be "acting as the next-state
function".

Page 177: Diffie's quote, second to last line: "proposal to

built" should be "proposal to build".

Page 178: Figure 8.20: In "Node 2", the subscripts
should be

"D_2" and "E_3".

Page 190: Fourth paragraph, last line: "to determine M"
should

be "to determine P".

Page 191: First paragraph: "3.5" should be
"6.8" in fourth

line. "0.56" should be "0.15". "EBCDIC
(Extended Binary-Coded

Decimal Interchange Code)" should be "BAUDOT".
"0.30" should be

"0.76". "0.70" should be "0.24".

Page 193: Second sentence: "but does guarantee security if
it's

high" should be "but does not guarantee security if
it's high."

Page 197: Second paragraph, second sentence: "it has never
been

proven that P = NP" should be "it has never been proven
that P =

NP or that P <> NP". Third paragraph, fifth sentence:
"Thus

SATISFIABILITY is the hardest problem in NP" should be
"Thus,

there is no problem harder than SATISFIABILITY in NP".

Page 198: Fourth paragraph from bottom, second sentence: "If
a

and b are positive and a is less than n, you can think of a as

the remainder of b when divided by n" should be "If a
and b are

positive and b is less than n, you can think of b as the

remainder of a when divided by n".

Page 199: Middle of the page: In the sentence "Calculating
the

power of a number modulo a number", "a" should not
be italicized.

Fourth line from bottom: "expresses n as a sum" should
be

"expresses x as a sum".

Page 201: First line of code: Remove "assuming x and y are
>

0".

Page 202: Ninth line: "The modular reduction" should be
"the

modular inverse". Middle of the page: In the sentence
"Now, how

do you go about finding the inverse of a modulo n?"
"a" should be

italicized.

Page 206: Legendre Symbol: "L(a,p) = 0 if a divides p"
should

be "L(a,p) = 0 if a is divisible by p". "L(a,p) =
-1 if a is a

nonresidue mod p" should be "L(a,p) = -1 if a is a

quadratic nonresidue mod p".

Page 207: "Jacobi Symbol," formula: Variable
"h" should be "a".

Also, J(0,n) = 0.

Page 208: Thirteenth line: "If a = 1, then J(a/p) = 1"
should be

"If a = 1, then J(a,p) = 1". Third line from the
bottom: "for

each n from 0 to p-1" should be "for each n from 1 to
p-1".

Page 209: Fourth paragraph: "If that value does not equal
q"

should be "If that value does not equal 1".

Page 210: Fifth line: "age 21" should be "age
20".

Page 213: Second to last paragraph: "10^150" should be

"10^151", "one in log N" should be "one
in ln N", and "would

still be 10^110 primes left over" should be "would
still be

enough for 10^34 other universes".

Page 214: Solovay-Strassen, second sentence: "Jacobi
function"

should be "Jacobi symbol". Last line: "n"
should be "p". Lines

29, 30, and 31: "r" should be "a", and
"gcd(p,r)" should be

gcd(a,p)".

Page 215: Lehman test, step 5: All three "(n-1)/2"
should be

exponents.

Page 217: There should be an open parenthesis in front of the

second "ln" in both exponents. Sixth paragraph:
"Guassian"

should be "Gaussian".

Page 222: "Validation and Certification of DES
Equipment," first

line: "As part of the standard, the DES NIST" should be
"As part

of DES, NIST".

Page 223: Second to last paragraph, last line. Reference

"[472]" should be "[473]".

Page 225: Figure 10.2: L_i is taken from R_(i-1) before the

expansion permutation, not after. And "L_(i)-1" should
be

"L_(i-1)".

Page 226: Third sentence: "bit 1 to bit 58, bit 2 to bit 50,
bit

3 to bit 42, etc." should be "bit 58 to bit 1, bit 50
to bit 2,

bit 42 to bit 3, etc."

Page 227: Fourth line from bottom: "output positions that

correspond" should be "output positions
correspond".

Page 228: Fourth paragraph, last line: "0 to 16" should
be 0 to

15".

Page 228: Fifth paragraph should read: "For example, assume

that the input to the sixth S-box (that is, bits 31 through 36 of

the XOR function) are 110010. The first and last bits combine to

form 10, which corresponds to row 2 of the sixth S-box. The

middle four bits combine to form 1001, which corresponds to

column 9 of the same S-box. The entry under row 2, column 9 of

S-box 6 is 0. (Remember, we count rows and columns from 0, and

not from 1.) The value 0000 is substituted for 110010.

Page 230: Fifth sentence: "bit 4 moves to bit 21, while bit
23

moves to bit 4" should be "bit 21 moves to bit 4, while
bit 4

moves to bit 31". Second to last line: delete "The key
shift is

a right shift".

Page 231: Table 10.9, sixth line: "80286" should be
"80386".

Page 233: The second two weak keys should be:

1F1F 1F1F 0E0E 0E0E 00000000 FFFFFFFF

E0E0 E0E0 F1F1 F1F1 FFFFFFFF 00000000

Page 236: Fifth paragraph: "would never be low enough"
should be

"would never be high enough".

Page 238: Next to last line before "Additional
Results":

"NSA's" should be "IBM's".

Page 238: "Differential Cryptanalysis," third
paragraph:

"(1/16)^2" should be "(14/64)^2".

Page 239: Figure 10.4: "14/16" should be
"14/64".

Page 242: Table 10.14: In "XORs by additions" line,
"2^39,2^3"

should be "2^39,2^31". In "Random" line,
"2^21" should be"2^18-

2^20". In "Random permutations" line,
"2^44-2^48" should

be"2^33-2^41".

Page 245: Line 11" "8 bits is" should be "8
bits was".

Page 247: Section heading, "Cryptanalysis of the
Madryga" should

be "Cryptanalysis of Madryga".

Page 250: The two functions should be:

S_0(a,b) = rotate left 2 bits ((a+b) mod 256)

S_1(a,b) = rotate left 2 bits ((a+b+1) mod 256)

Note the difference in parentheses.

Page 250: Figure 11.4: Note that a is broken up into four 8-bit

substrings, a_0, a_1, a_2, and a_3.

Page 251: Figure 11.6: The definitions for S_0 and S_1 are

incorrect ("Y = S_0" and "Y = S_1"). See
corrections from

previous page. Also, "S1" should be "S_1".

Page 254: "REDOC III," second sentence:
"64-bit" should be "80-

bit". "Security of REDOC III," second sentence:
Delete

clause after comma: "even though it looks fairly weak."

Page 259: First line: "made the former algorithm
slower" should

be "made Khafre slower".

Page 262: Figure 11.9: There is a line missing. It should run

from the symbol where Z_5 is multiplied with the intermediate

result to the addition symbol directly to the right.

Page 263: Table 11.1: The decryption key sub-blocks that are

Z_n^(m)-1 should be Z_n^((m)-1). Also, the second and third

column of decryption key sub-blocks in rounds 2 through 8 should

be switched.

Page 264: First line: "107.8 mm on a side" should be
"107.8

square mm".

Page 265: Figure 11.10: There is a line missing. It should run

from the symbol where Z_5 is multiplied with the intermediate

result to the addition symbol directly to the right.

Pages 266-7: Since the publication of this book, MMB has been

broken. Do not use this algorithm.

Page 267: Sixth line from bottom: Reference should be
"[256]".

Page 269: "Skipjack." First paragraph. Reference should
be

"[654]".

Page 270: "Karn." Third paragraph. Last sentence:
"append C_r

to C to produce" should be "append C_r to C_l to
produce".

Page 270-1: "Luby-Rackoff." Step (4), equation should
be:

"L_1 = L_0 XOR H(K_r,R_1)"

In step (6), equation should be:

"L_2 = L_1 XOR H(K_r,R_2)"

Page 271: Middle of the page: "(for example, MD2, MD5,
Snefru"

should be "(for example, MD2, MD4, Snefru".

Page 272: Second to last line: "But it is be analyzed"
should

be "but it is being analyzed".

Page 275: Second to last paragraph: "Using 1028 bits"
should be

"using 1024 bits".

Page 277: First lines: The correct street address is "310 N

Mary Avenue" and the correct telephone number is "(408)

735-5893".

Page 278: Second to last line: "greater than the largest
number

in the sequence" should be "greater than the sum of all
the

numbers in the sequence". The example on page 279 is also
wrong.

Page 281: Third paragraph: The correct street address is
"310 N

Mary Avenue" and the correct telephone number is "(408)

735-5893".

Page 283: Table 12.2: "PRIVATE KEY: d e^(-1)" should be

"PRIVATE KEY: d = e^(-1)".

Page 284: Fifth line should be:

"c = 1570 2756 2091 2276 2423 158".

Page 286: Third paragraph: "Eve gets Alice to sign y,"
"y"

should be italicized. Second to last line: "Eve wants to
Alice

to" should be "Eve wants Alice to".

Page 287: Last line: Wiener's attack is misstated. If d is

less than one-quarter the length of the modulus, then the attack

can use e and n to find d quickly.

Page 288: The correct street address is "310 N Mary
Avenue" and

the correct telephone number is "(408) 735-5893".

Page 289: The correct street address is "310 N Mary
Avenue" and

the correct telephone number is "(408) 735-5893".

Page 291: Fourth line: "factoring, and it" should be

"factoring. However, it".
"Feige-Fiat-Shamir," second

paragraph: "all foreign nationals" should be "all
foreign

citizens".

Page 292: Fifth line: "sqrt(x/v)" should be
"sqrt(1/v)".

Page 294: Second and third lines: "Bob" should be
"Victor."

Page 295: First line: "t random integers fewer than n"
should

be "t random numbers less than n".

Page 297: Last line: "when" should be
"where".

Page 301: Middle of the page: Delete the sentence "Since the

math is all correct, they do this step."

Page 302: Fourth line from bottom: "a" should be in
italics.

Page 303: "Authentication Protocol," step (1): Add
"She sends x

to Victor."

Page 305: Third paragraph, parenthetical remark: "NIST
claimed

that having DES meant that both that both the algorithm and the

standard were too confusing" should be "NIST claimed
that having

DES mean both the algorithm and the standard was too
confusing".

Page 306: Eighth line: "cryptographers' paranoia"
should be

"paranoia".

Page 307: "Description of the Algorithm": "p = a
prime number

2^L bits long" should be "p = a prime number L bits
long". "g =

h^((p-1)/q)" should be "g = h^((p-1)/q) mod p".

Page 309: Third line: "random k values and then precompute r

values" should be "random k-values and then precompute
r-values".

Page 313: "Subliminal Channel in DSS": "see
Section 16.7"

should be "see Section 16.6".

Page 314: Protocol, step (1): "when" should be
"where".

Page 316: Third and fourth paragraphs: "k'" and
"n'" should be

"k" and "n".

Page 318: "Other Public-Key Algorithms," third
paragraph:

"methods for factorizing polynomials was invented"
should be

"methods for factoring polynomials were invented".

Page 319: There should be a blank line before "discrete

logarithm:" and another before "factoring:".
Fourth line from

the bottom: "depends more on the" should be
"depends on more

than the".

Page 321: Third line: "when h" should be "where
h".

Page 322: Second paragraph: "over 500 pairs of people"
should

be "253 pairs of people".

Page 326: In the definition of h_i, "H_(i-1)" should be
"h_(i-

1)".

Page 330: Definitions of FF, GG, HH, and II are wrong. These

are correct:

FF: "a = b + ((a + F(b,c,d) + M_j + t_i) <<<
s)"

GG: "a = b + ((a + G(b,c,d) + M_j + t_i) <<<
s)"

HH: "a = b + ((a + H(b,c,d) + M_j + t_i) <<<
s)"

II: "a = b + ((a + I(b,c,d) + M_j + t_i) <<<
s)"

Page 332: Round 4, second entry: "0x411aff97" should be

"0x411aff97".

Page 335: Fifth line should be:

"K_t = CA62C1D6, for the fourth 20 operations".

Eleventh line: "represents a left shift" should be
"represents a

circular left shift".

Page 336: "HAVAL," sixth line: "160, 92, 224"
should be "160,

192, 224".

Page 339: "LOKI Single Block": In computation of Hi,
drop final

"XOR M_i".

Page 340: "Modified Davies-Meyer": In computation of
H_i, "M_i"

should be subscripted.

Page 342: "Tandem Davies-Meyer": In computation of W_i,
"M_i"

should be subscripted.

Page 345: "Stream Cipher Mac", first line:"
"A truly elegant

MDC" should be "A truly elegant MAC".

Page 347: Formula: "aX_(n1)" should be
"aX_(n-1)". Second

paragraph: "(For example, m should be chosen to be a prime

number.)" should be "(For example, b and m should be
relatively

prime.)"

Page 351: Second line of text: "they hold current"
should be

"they hold the current".

Page 353: Third line: ">> 7" should be
">> 31". Fourth line:

">> 5" should be ">> 6". Fifth
line: ">> 3" should be ">> 4".

Eighth line: "(ShiftRegister)" should be
"(ShiftRegister))".

Tenth line: "< 31" should be "<<
31". Second paragraph: "are

often used from stream-cipher" should be "are often
used for

stream-cipher".

Page 356: Source code: "ShiftRegister = (ShiftRegister ^
(mask

>> 1))" should be "ShiftRegister =
((ShiftRegister ^ mask) >>

1)".

Page 360: Equation should not be "l(2^1-1)^(n-1)", but
"l(2^l-

1)^(n-1)". (A letter, not a number.)

Page 362: Figure 15.10: "LFSR-B" should be
"LFSR-A" and vice

versa. The second "a(t+n-1)" should be
"a(t+n-2)", and the

second "b(t+n-1)" should be "b(t+n-2)".

Page 363: Fourth paragraph: "cellular automaton, such as an

CSPRNG" should be "cellular automaton as a
CSPRNG".

Page 365: "Blum-Micali Generator." In the equation,
"x_i"

should be an exponent of a, not a subscript.

Page 367: Sixth paragraph: "Ingmar" should be
"Ingemar".

Page 370: "Using "Random Noise." Second paragraph,
last line:

"output 2 as the event" should be "output 0 as the
event".

Page 371: Sixth line: "access/modify times of/dev/tty"
should

be "access/modify times of /dev/tty".

Page 371: "Biases and Correlations," third line:
"but there

many types" should be "but there are many types".

Page 374: "Generating Random Permutations." Note that
the

obvious way of shuffling, using random (n-1) instead of random

(i) so that every position is swapped with a random position,

does not give a random distribution.

Page 376: Seventh line: "send a message, M" should be
"send a

message, P".

Page 380: Step (4): "K(R_B)" should be
"K(R_A)".

Page 383 and 386: "LaGrange" should be
"Lagrange".

Page 391: Second protocol, step (1): "in his implementation
of

DES" should be "in his implementation of DSS".
Next sentence:

"such that r is either q quadratic" should be
"such that r is

either a quadratic".

Page 401: Second to last line: "and x is randomly
chosen"

should be "and x is secret".

Page 402: Step (1): "when all values of r are" should
be "where

all r_i are". Step (2): "for all values of r"
should be "for

all values of i". Step (4): "when j is the lowest value
of i

for which b_i = 1" should be "when j is the lowest
value for

which b_j = 1". Line 18: "2^t" should be
"2^(-t)".

Page 406: Step (5): "i<j" should be i>j".

Page 409: Third paragraph: "measuring them destroys"
should be

"measuring it destroys". Fifth paragraph: "it has
no

probability" should be "it has zero probability".

Page 410: Third line from bottom: "British Telcom"
should be

"British Telecom".

Page 417: Last paragraph: "Kerberos is a service Kerberos on

the network" should be "Kerberos is a service on the
network".

Page 421: Figure 17.2: In the top message "C" should be
lower

case.

Page 428: "Privacy Enhanced Mail": First line:
"adapted by the

Internet" should be "adopted by the Internet".

Page 435: "RIPEM": "Mark Riorden" should be
"Mark Riordan".

Page 436: "Pretty Good Privacy," third paragraph:
Delete fourth

sentence: "After verifying the signature...."

Page 436: Pretty Good Privacy is not in the public domain. It

is copyrighted by Philip Zimmermann and available for free under

the "Copyleft" General Public License from the Free
Software

Foundation.

Page 437: Fifth line: Delete "assess your own trust
level".

"Clipper," second paragraph: reference should be

"[473]". Fourth paragraph: references should be

"[473,654,876,271,57]".

Page 438: Middle of page: reference should be "[654]".

"Capstone," first paragraph: reference should be
"[655]".

Page 445: The IACR is not the "International Association of

Cryptographic Research," but the "International
Association for

Cryptologic Research." This is also wrong in the table of

contents and the index.

Source Code: The decrement operator, "--", was
inadvertently

typesetted as an m-dash, "-". This error is on pages
496, 510,

511, 523, 527, 528, 540, and 541. There may be other places as

well.

Page 472: Third line: "2, 18, 11" should be "22,
18, 11".

Eighteenth line: "for( i = 0; i<<16; i++ )"
should be "for( i =

0; i<16; i++ )".

Page 473: Function "cpkey(into)". "while (from
endp)" should be

"while (from < endp)".

Page 478: Fourth line: "leftt > 4" should be
"leftt >> 4".

Seventh line: "leftt > 16" should be "leftt
>> 16". Twentieth

line: "leftt > 31" should be "leftt >>
31".

Page 508: Line 8: "union U_INTseed" should be
"union U_INT

seed".

Page 531: "for( i = 0; i<; i++ )" should be
"for( i = 0; i<2;

i++ )".

Page 558: "#defineBOOLEAN int" should be "#define
BOOLEAN int",

"#defineFALSE0" should be "#define FALSE 0",
and

"#defineTRUE(1==1)" should be "#define TRUE
(1==1)".

Page 564: "#define BOOLEANint" should be "#define
BOOLEAN int",

"#define FALSE0" should be "#define FALSE 0",
and

"#defineTRUE(1==1)" should be "#define TRUE
(1==1)".

Page 569: "rand() > 11" should be "rand()
>> 11".

Page 569: In "G13.H", "#define G13int" should
be "#define G13

int".

Page 571: Reference [14: "Hopcraft" should be
"Hopcroft".

Page 572: Reference [45]: "Haglen" should be
"Hagelin".

Page 576: References [136] and [137]: "Branstead"
should be

"Branstad."

Page 576: Reference [148]: The authors should be G. Brassard,

C. Crepeau, and J.-M. Robert.

Page 578: Reference [184] "Proof that DES Is Not a
Group"

should be "DES Is Not a Group." The correct page
numbers are

512-520.

Page 582: Reference [286]: The article appeared CRYPTO '89

Proceedings.

Page 589: Reference [475]: The publisher should be E.S. Mittler

und Sohn, and the publication date should be 1863.

Page 601: References [835] and [836]: "Branstead"
should be

"Branstad."

Page 602: Reference [842]: "Solvay" should be
"Solovay".

Page 603: Reference [878]: "Weiner" should be
"Wiener."

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..