Schneier on Security

The rapid growth of computer technology, especially the Internet, as the preferred method of transferring information has lead to a sudden increase in public awareness of the need for privacy and secrecy. In just a few years, we have moved from having to safeguard physical materials (e.g., checks, ledgers, currency, and gold bullion) to needing to protect electronic signals that not only travel on many unguarded public wires but can be detected as they escape from the confines of our computers into the ether. Security is no longer a matter of installing a sufficiently strong safe and entrusting the keys to a faithful armed guard. Security in the information age has become a matter of scrambling data in such a way that prevents unauthorized recipients from understanding it, yet allows authorized receivers to make use of it…

The first version of Bruce Schneier’s Applied Cryptography was called “the book that the National Security Agency wanted never to be published.” Maybe because it was full of programming code and instructions on how to apply powerful means to encode information so that no one—not even the government—could read it. Now comes the book’s second edition (Wiley, $49.95), fat as a phone book and loaded with new and improved crypto systems, including a method for defeating the “key escrow” mechanism in the government’s much maligned Clipper Chip. Cypher-punks will likely spam Santa’s e-mail box with requests for it…

This is a book about modern cryptography—that is, it treats its subjects in a modern context. For example, the subject of symmetric cryptography is completed in little more than a page in chapter two; then the substance of the book begins. Many of the ideas covered are less than ten years old and most are less than twenty years old.

Audience

In his preface to this book, Whitfield Diffie notes that there was a hiatus in publishing on cryptography from the end of World War I until the publication of David Kahn’s history, The Codebreakers. Although Diffie is silent on the cause of this, it was the result of government policy. During the late 1960s, events began to conspire against the silence. Perhaps the most important event was the emergence of the automated teller machine, an application that simply could not be done in the clear. Whatever the cause, during the last twenty-five years thousands of papers, and dozens of books have been published on the subject…

With the world accelerating onto the information superhighway, protection of data’s secrecy and correctness takes on increasing importance. The best tool for that protection is cryptography, a very old tool. Despite the importance and maturity of cryptography, few good reference books accessible to nontheorists have been published. This book is a great resource for the software professional who wants to know more about the subject.

Bruce Schneier covers three cryptographic topics of interest to the software professional: protocols, techniques, and algorithms. Additionally, the book contains C source code for many of the algorithms. Few software professionals will want to read the 600-page book cover to cover, but cryptography is so subtle and interconnected that it is worthwhile to at least skim the entire book and then return to study the parts of most immediate interest…