Applied Cryptography: Protocols, Algorithms, and Source Code in C

Bruce Schneier's APPLIED CRYPTOGRAPHY is an excellent book for anyone interested in cryptology from an amateur level to actually being involved in the development of new encryption mechanisms. Schneier's book begins with a simple discussion of what is cryptography, and then he proceeds through the history of various encryption algorithms and their functioning. The last portion of the book contains C code for several public-domain encryption algorithms.A caveat: this is not a textbook of cryptography in the sense that it teaches everything necessary to understand the mathematical basis of the science. Schneier does not discuss number theory because he expects those who use the relevant chapters of the book will already have training in higher maths. Nonetheless, the book does contain a wealth of information even for the layman.One helpful part of Schneier's book is his opinion of which encryption algorithms are already broken by the National Security Agency, thus letting the reader know which encryption programs to avoid. There will always be people who encrypt to 40-bit DES even though it is flimsy and nearly instantly breakable, but the readers of APPLIED CRYPTOGRAPHY can greatly improve the confidentiality of their messages and data with this book. Discussion of public-key web-of-trust is essential reading for anyone confused by how public-key signatures work.APPLIED CRYPTOGRAPHY was published in 1995 and some parts are already out of date. It is ironic that he hardly mentions PGP, when PGP went on to become the most renowned military-strength encryption program available to the public, although it is being superseded by GnuPG. Another anachronism is Schneier's assurance that quantum computing is decades away. In the years since publication of APPLIED CRYPTOGRAPHY we have seen some strides in quantum computer, even the creation of a quantum computer that can factor the number 15. While this publicly known quantum computer is not at all anything to get excited about, it is certain that more powerful quantum computers are in development and classified by NSA. Because a quantum computer can break virtually any traditional cipher, hiding the message (steganography) is becoming more important than ever. In the era of Schneier's book steganography was unnecessary because ciphertext could withstand brute-force attacks, but with advances in computing power steganography is becoming vital to secure communications. It would be nice to see the book updated with this topic, because cryptography and steganography can no longer be regarded as two distinct fields.All in all, in spite of its age, APPLIED CRYPTOGRAPHY is recommended to anyone interested in cryptography. It ranks among the essential books on the field, although an updated version is certainly hoped for.

Applied Cryptography is quite simply the quintessential guidebook for information about cryptography. It also is one of the finest computer security books ever written. Bruce Schneier is a cryptologist who has a passion for cryptography, and it shows in his masterpiece. Instant classic is an often used oxymoron, yet that term is most appropriate to describe Applied Cryptography. If you have any interest with security and encryption, Applied Cryptography is clearly the definitive publication to reference and the most comprehensive text available about security and encryption. It might sound as if via my high praise for this book that I am getting some type of endorsement, that is not the case. It is just that Applied Cryptography is quite simply the most comprehensive, up-to-date work about cryptography.The vast array of topics covered by the book is truly astounding in is depth and breadth. There is hardly a single cryptological concept, either minor or major, that the book does not cover. It is not possible to detail everything Applied Cryptography covers. But a few of the topics are: Foundations of cryptography, Protocols, Protocol Building Blocks, Key Lengths, key exchange, key management, Algorithms, the mathematical of cryptography, DES, RSA, One-Way Hash Functions, Symmetric vs. Public-Key cryptography, Public-Key Digital Signature Algorithms, Substitution Ciphers and Transposition Ciphers, Digital Signatures, Random and Pseudo-Random Sequence Generation, PGP, Authentication, Advanced security Protocols, Cryptographic Techniques, Identification Schemes, the politics of cryptography and much (much!) more.Applied Cryptography also includes the source code for DES, IDEA, BLOWFISH, RC5 and other algorithms. It even covers encryption algorithms from the former Soviet Union, including GOST.The magnificence of Applied Cryptography is that Schneier is able to take very complex, abstract ideas and express them in an extremely comprehensible manner. Applied Cryptography therefore lacks the dryness that plagues a lot of textbooks. Schneier is able to take both theoretical and academic ideas, and mold them into practical real-world intelligible book. All in all, Applied Cryptography makes for some very enjoyable and occasionally humorous reading.One thing I really liked about Applied Cryptography is its index. Rather than using the traditional cumbersome citations such as RIV92b or GOL88 that often take a while to locate, Schneier simply uses numbers. In light that he references over 1600 sources, it makes looking up the sources an incredible time saver. What is extremely impressive about Applied Cryptography is that Schneier quotes from every imaginable source. From general security periodicals, scholarly academic journals, conference proceedings, government publications and official standards, Schneier has been there. Schneier writes at length about whether a crypto customer should choose an algorithm for that is publicly publis

The book is maybe 15% theory, just enough to give you a grounding in what's going on, the rest is in-the-trenches crypto. As the author says, it is for programmers and engineers, not math grad students...

An excellent, informative and entertaining introduction to this field.The first third covers, in reasonably technical detail, the theory and mathematical implementation of cryptosystems. Much of this isn't necessary for the casual reader, but its the clearest explanation of this arcane stuff you're going to find anywhere.The second third covers real-world applications of cryptosystems - electronic voting, cyber-money, key management and a thousand other inventive uses. Sufficiently non-technical for even a salesman to understand.The last third covers the politics of modern encryption, and is more intriguing, exciting and informative than any Tom Clancy novel. This last part alone is worth the price of the book.Schneier's writing style is informal, informative and often humourous. It's hard to believe anyone can write about such a (potentially) dry subject and yet include some genuine jokes!Buy this book.

Habitues of sci.crypt will be familiar with Bruce Schneier's *Applied Cryptography*; if any of them have but one text on crypto for reference, it will almost certainly be *Applied Cryptography*. It is the de facto standard reference on modern cryptography as well as serving as an excellent introduction to the subject. The art is very old - Julius Caesar was the first recorded user of cryptography for military purposes - and reached a watershed when computers were put to work in order to break German and Japanese ciphers. Indeed, that was the first *real* application of electronic computers. A natural development was the use of computers for the development of cryptographic systems. That is where Bruce Schneier's remarkable book begins. It is notable for two reasons: the breadth and depth of coverage, and the high standard of technical communication. As a reference its scope is encyclopaedic, providing descriptions and assessments of just about every non-military crypto system developed since computers were first applied to the purpose. There are also military-cum-government algorithms amongst the collection, some from the old Soviet Union and others from South Africa. It is not just an A-Z procession of algorithms; the author progresses in a logical manner through the many technical aspects of cryptography. It is common to find that masters of mysterious technical arts are poor communicators. Bruce Schneier demonstrates exceptional skill as a technical communicator. Here is a book about an esoteric subject - one built on a foundation of theoretical mathematics - that ordinary folk can read. Sure, one needs to be motivated by an interest in the subject, and the technical level sometimes requires a more than ordinary background in number theory and the like - but a degree in theoretical mathematics is not necessary to derive pleasure and profit from reading *Applied Cryptography*. A thirty-page chapter provides a brief, but lucid account of the necessary mathematical background, spanning information theory, complexity theory, number theory, factoring, prime number generation, and modular arithmetic. Even if one needs no other information than a useful description of modular arithmetic the book is worth looking at; I can't think of any better source outside full-blown mathematical texts, and the author does it without being obscure. The book is divided into parts, beginning with protocols (the introductory chapter is an excellent overview of crypto as it is presently applied) from the basic kind through to the esoteric that find application in digital cash transactions. Public key encryption, the second - and most significant - watershed in cryptography, is introduced with an explanation of how it is used in hybrid systems. Part II deals with cryptographic techniques and discusses the important issues of key length, key management, and algorithm type