Reviews of APPLIED CRYPTOGRAPHY

Bruce Schneier schneier at chinet.com
Mon Apr 11 10:42:18 PDT 1994



.................................................................
                          One-Stop Cypher Shop

Once and for all, there's a book that collects the history and
truth about data encryption and presents it in a no-bullshit, easy-
to-understand English.  It's the book that the National Security
Agency wanted never to be published.

Author Bruce Schneier's premise is a simple one:  Good encryption
should be available to all.  Just as people have the right to hide
their letters in whatever kind of vault they wish, he reasons, so
too should they have the right to protect their digital information
with the most impenetrable cryptography.  The federal government
certainly isn't going to provide citizens with strong encryption
tools (the Clipper chip fracas proves that), so Schneier felt a
duty to provide a single sourcebook of useful algorithms for people
who wish to keep their private business private.

The first hundred pages Applied Cryptography contain the best
introduction to cryptography I've ever seen.  Part two teaches the
techniques and tricks necessary to tell a good crypto-system from
a bad one.  Part three is the down-and-dirty description of each
algorithm.  And part covers political issues.

Roughly a hundred pages of the book is devoted to source code for
the most important crypto systems.  Anybody seriously interested in
cryptography, though, should get the two-disk set for $30 and save
all that typing.

Because we have a First Amendment in this country, Schneier's book
can be printed and exported, despite how the National Security
Agency might feel.  But, incredibly, since the First Amendment
doesn't cover books on floppy disks, it's a federal crime for
Schneier to mail the source code on his floppies outside the US. 
Go figure.

                                  --Simson L. Garfinkel, 
                                    Wired v 2 n 4 (Apr 94).
.................................................................
                          Applied Cryptography

Here at OpenVision's security branch (formerly Greer-Zolot Assoc.),
we recently got a copy of Bruce Schneier's new book, Applied
Cryptography: Protocols, Algorithms and Source Code in C.  We
immediately ordered two more copies, because our security jocks (me
included) didn't want to share it.  It is encyclopedic, quite
readable, and well-informed, and it more or less picks up where
Dorothy Denning's classic Cryptography and Data Security (Addison-
Wesley, '82) takes off a dozen years ago.  I've often wished lately
that such a reference as Schneier's existed.

Schneier covers those topics in data security that touch most
closely on the encryption algorithms themselves.  Thus, the book
doesn't discuss authorization, audit, firewalls, or the recent
formal logics for proving protocols correct.  As far as I can tell,
it does cover everything about authentication and key-distribution-
-everything.  Of the recent flurry of books and articles on data
security that I've seen, including some by my old colleagues from
Project Athena, and including a couple of others that are still in
press, this one has the clearest and most accurate treatment of
kerberos.

The book is structured like a reference, but written like an
undergraduate text.  Thus, you can enter anywhere and make sense of
what you find, even if you don't already know the material well. 
It does not include exercises or end-of-chapter summaries, but does
include a bibliography of 908 references.  This makes it a good
place to go, before you dive into the literature on a topic like
zero-knowledge proofs and protocols.  Schneier also includes
licensing and sourcing addresses for encryption algorithms.  The
index, unfortunately, is a bit weak (though it is available from
the author on the net: schneier at chinet.com).  This book would be a
bargain at twice the price.

                                  --Donald T. Davis, 
                                    ;login: v 19 n 2 (Mar/Apr 94).
.................................................................
                          Applied Cryptography

Winner:  1993 Software Development Productivity Award

         Cryptography may not be of interest to everyone, but this book
is the definitive text on the subject.  From one-way hash functions
to a slew of public-key encryption algorithms, Schneier combines
clear descriptions with pseudocode and fully working examples in C.

                                  --Software Development v 2 n 5 (May 94).
.................................................................
                          Levels of Secrecy

The opening sentence in the preface of Applied Cryptography says it
all--I have to quote it:  "There are two kinds of cryptography in
this world: cryptography that will stop your kid sister from
reading your files, and cryptography that will stop major
governments from reading your files.  This book is about the
latter."

This is a book you can use for more than one purpose.  You can read
it as an introduction to the mathematics of cryptography, as a
resource of course code for encryption algorithms or as a guide to
how traffic on the information superhighway might remain secure
even as the highway (supposedly) becomes more accessible.

Cryptography isn't restricted to studying the means by which a
digital document is securely encoded for purposes of transmission. 
It can cover activities as wellþactivities once carried out via the
transfer of paperwork, but now carried out by transactions across
a network.  Take digital signatures, for example.  Bank A sends a
transaction to Bank B.  The transaction is encoded, of course.  But
how can the clerk at bank B be sure that the transaction was
authorized by the proper officer at bank A prior to being encoded
and transmitted?

This is one of the topics of perhaps my favorite section of the
book: cryptographic protocols.  It begins with the fundamentals
(e.g., authentication and public key cryptography), builds through
intermediate protocols (e.g., digital signatures and subliminal
channels), and moves to more advanced protocols (e.g., blind
signatures).  The best material, however, appears in the concluding
topic: esoteric protocols.  Here, you'll find step-by-step
procedures for such operations as secure elections and digital
cash.

Some of the protocols read like descriptions of Rube Goldberg
machines.  I followed in fascination the step-by-step process of
Alice (a hypothetical character) could use to accomplish the audit-
trail-free transfer of digital cash.  Alice could send a campaign
contribution to her favorite senator, and no one could trace where
the money had come from.  It gets worse: Alice shows up pages later
using digital cash to commit a perfect kidnapping.

It also gets better.  In a later chapter, we're given a brief
glimpse of--no kidding--"quantum cryptography."  All it takes it
some polarized light and a fiber-optic link; the message is encoded
in the polarization angle of the light.  What you get is an
untappable link--since tapping would require measuring a quantum
variable, which affects the outcome of any subsequent measurements. 
Sender and receiver can compare partial messages and verify the
presence or absence of an eavesdropper.

Finally, if you want code, you've got it.  Not only are code
fragments smattered throughout, the rear of the book contains
listing after well-documented listing (all in C) of cipher
routines, secure hash functions, and so forth.  If you want to
avoid typist's cramp, you can send $30 to the author and get the
disk set that includes all the source code from the book, plus
updates and new algorithms.  Once more, don't let the presence of
so much source code frighten you from the book.  The descriptions
of the exchange protocolsþintricate though they may beþmake good
reading for anyone interested in cryptography.

                                  --Rick Grehan
                                    Byte v 19 n 6 (Jun 94).
.................................................................

Applied Cryptography was also reviewed in the May 1994 issue of Dr.
Dobbs Journal.  It is a three-page review, so I won't reprint it
all.  However, here are some choice excerpts:

         "It is the definitive work on cryptography for computer
         programmers....  Although Applied Cryptography describes
         itself as a reference book, it also serves as a wall-to-wall
         tutorial on cryptography....  Applied Cryptography represents
         a monumental body of knowledge, particularly to the
         programmer.  I do not know of another work that encapsulates
         as much information about cryptography and then supplies the
         computer code to implement the algorithms that it describes. 
         Even a programmer who is only mildly interested in
         cryptography will find this book fascinating....  No matter
         how you use the book, though, Applied Cryptography is an
         interesting and comprehensive explanation of an enigmatic
         subject, and well worth the time you will spend with it."

>From the Mar/Apr 1994 issue of The Cryptogram (the journal of the
American Cryptogram Association):

         "A comprehensive review of the latest developments in
         practical cryptographic techniques....  It is an encyclopedic
         work with more than 900 references...."

And from the National Computer Security Association News, Nov/Dec
93:

         "[A] complete guide to using cryptography to maintain data
         security...."

And finally, from Computer Literacy Bookshops' New Book Bulletin,
Spring 1994:

         "Unquestionably the most modern, popular and up-to-date
         cryptographic reference....  Highly recommended."

My publisher expects to sell out of the second printing sometime in
June.

Bruce



More information about the cypherpunks-legacy mailing list