Schneier on Security

This book has been, without a doubt, crucial in aiding my understanding of cryptosystems and why things are the way they are, and how do these cryptic crypto algorithms even work. If you are interested in learning how to develop software that are ‘correct’ and secure, then this is a great book to understand what are the primitives of information security, what algorithms already exist and which ones to use in what scenario.

So the motivation to pursue a thorough understanding of cryptography and to gain the ability and knowledge required to make a secure cryptosystem came sometime after college ended, when I and Kunal were working on a terminal chat application that would support end-to-end encryption. At that time, I hardly knew what I had gotten myself into (which is similar to a lot of things in my life), as the application development part seemed very simple. We got done with the application part, terminal app and the backend, and then came the encryption part, and that is when the knowledge about existing techniques and understanding of basic crypto primitives fell short. And that is when I started reading about cryptography and stumbled upon this book…

This is the next entry in the series of Russ reading books that he bought years ago and never got around to reading. Thankfully, this time, the book has aged somewhat better.

This review is for the second edition of Applied Cryptography, published in 1996. Given how important computer security has become, and how central cryptography is to computer security, one might think that the passage of 17 years would make a book effectively obsolete. This turns out not to be the case. Yes, Rijndael (the current AES standard and the most widely-used block cipher), Camellia (the up-and-comer in the block cipher world), and the SHA-2 hash postdate this book and aren’t discussed. Yes, there have been some further developments in elliptic-curve public-key cryptography. And yes, much of the political information in this book, as well as the patent situation for public-key cryptosystems, is now mostly of historical interest. But a surprising amount of this book still applies directly…

Over the weekend I found myself re-reading a few bits of Bruce Schneier’s Applied Cryptography for a historical research project, and it reminded me what a fantastically wonderful, completely insane piece of writing it is. I’m sure Bruce Schneier needs no additional validation in his life, but I do think it’s worth saying a few words about the book—and why we need more works like it in our field.

I should preface this all by saying that Applied Cryptography is probably one of the most influential crypto books ever written. It certainly played a part in getting me interested in the field. If you don’t own a copy, you should, if only to be awed by Bruce’s knowledge of bizarre, historical ciphers and all of the ways they’ve been broken. (Though the most recent edition is from 1996, so don’t go looking for up to date information in it.)…

Abstract

Though two years old, Bruce Schneier’s Applied Cryptography, Second Edition still stands as the definitive work on its subject. It attempts to explain why cryptography has to be so complex and mystifying, and bring clarity to this complex topic, even for the nontechnical reader. (2,200 words)

Two months ago, I made the assertion that there is no book on cryptography that is both readable and nontrivial. I even offered a prize to the reader who could convince me otherwise. The responses I got were a bit embarrassing, because I was clearly unaware of a work that an overwhelming number of …

If you are seriously interested in computer security, then Applied Cryptography by Bruce Schneier is a must-read. The book is exceptionally literate and accessible. Schneier keeps your attention with statements like, “It is insufficient to protect ourselves with laws; we need to protect ourselves with mathematics.”

The book is both an introduction to the field and a comprehensive reference. Although some areas could have been covered in more detail, that might have turned Applied Cryptography into an encyclopedia (the book is 758 pages long). Schneier manages a fine balance between conveying information and covering all important topics. The five parts of the book cover cryptographic protocols, including public key, digital signatures, key exchange, and digital cash; cryptographic techniques such as key length, key management, algorithm types, and hardware encryption; cryptographic algorithms including block ciphers like DES, public key, key exchange, and identification schemes; the real world including example algorithms and politics; and source code…

The rapid growth of computer technology, especially the Internet, as the preferred method of transferring information has lead to a sudden increase in public awareness of the need for privacy and secrecy. In just a few years, we have moved from having to safeguard physical materials (e.g., checks, ledgers, currency, and gold bullion) to needing to protect electronic signals that not only travel on many unguarded public wires but can be detected as they escape from the confines of our computers into the ether. Security is no longer a matter of installing a sufficiently strong safe and entrusting the keys to a faithful armed guard. Security in the information age has become a matter of scrambling data in such a way that prevents unauthorized recipients from understanding it, yet allows authorized receivers to make use of it…

The first version of Bruce Schneier’s Applied Cryptography was called “the book that the National Security Agency wanted never to be published.” Maybe because it was full of programming code and instructions on how to apply powerful means to encode information so that no one—not even the government—could read it. Now comes the book’s second edition (Wiley, $49.95), fat as a phone book and loaded with new and improved crypto systems, including a method for defeating the “key escrow” mechanism in the government’s much maligned Clipper Chip. Cypher-punks will likely spam Santa’s e-mail box with requests for it…

This is a book about modern cryptography—that is, it treats its subjects in a modern context. For example, the subject of symmetric cryptography is completed in little more than a page in chapter two; then the substance of the book begins. Many of the ideas covered are less than ten years old and most are less than twenty years old.

Audience

In his preface to this book, Whitfield Diffie notes that there was a hiatus in publishing on cryptography from the end of World War I until the publication of David Kahn’s history, The Codebreakers. Although Diffie is silent on the cause of this, it was the result of government policy. During the late 1960s, events began to conspire against the silence. Perhaps the most important event was the emergence of the automated teller machine, an application that simply could not be done in the clear. Whatever the cause, during the last twenty-five years thousands of papers, and dozens of books have been published on the subject…