The Bookstore: Applied Cryptography

If you are seriously interested in computer security, then Applied Cryptography by Bruce Schneier is a must-read. The book is exceptionally literate and accessible. Schneier keeps your attention with statements like, “It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.”

The book is both an introduction to the field and a comprehensive reference. Although some areas could have been covered in more detail, that might have turned Applied Cryptography into an encyclopedia (the book is 758 pages long). Schneier manages a fine balance between conveying information and covering all important topics. The five parts of the book cover cryptographic protocols, including public key, digital signatures, key exchange, and digital cash; cryptographic techniques such as key length, key management, algorithm types, and hardware encryption; cryptographic algorithms including block ciphers like DES, public key, key exchange, and identification schemes; the real world including example algorithms and politics; and source code.

Schneier didn’t seem to have enough space to include source code as often as we’d have liked it. Floppy disks with source code are available for $40 a set, but only within the U.S. and Canada due to governmental export restrictions.

The book references other publications extensively. Which makes it a terrific starting point for further exploration of cryptography. Unfortunately, all the reference numbers interfere with the book’s flow.

Still, Schneier manages to maintain interest in spite of all the references. For example, algorithms are not just presented as mathematics. Their history, development, politics, and attack resistance are included. And the algorithms themselves are covered in detail through figures and walk-throughs. The coverage of DES, for instance, states that the publication of the algorithm was probably a mistake by the NSA. If they had known it would be published such that others could implement it in software, they probably never would have help develop it and declare it secure. “It was no accident that the next standard algorithm, Skipjack, was classified,” Schneier writes. (Skipjack is the algorithm for the Clipper chip.)

If you want to understand encryption, how it is used or how to use it, this is the book. It is one of those books that you can pick up and start reading at any point, and have a hard time putting down. Definitely more than you would expect for a book on cryptography.

Categories: Applied Cryptography, Text

Sidebar photo of Bruce Schneier by Joe MacInnis.