Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition

Years ago, Bruce was laid off from AT&T Bell Labs. Since then, Bruce has been using rubes like you to augment his salary. Let's face it; if Bruce were a Ken Thompson or a Claude Shannon, he'd probably still have his job at Bell Labs. But he isn't and he doesn't. Instead he wrote Applied Cryptography and touted himself as an expert. The problem is that most people believed him. Not many people actually know an active cryptographer who can dispel fact from fiction.

Applied Cryptography is just a tourists look at algorithms whose mathematical foundations, and use, are explained more effectively by other authors. Applied Cryptography may have been there first, but the industry has moved forward. Better books currently exist that are more rigorous, not to mention more lucid. This is strictly a "shelfware" book that you'd keep at your desk to impress your coworker's with, nothing more.

Recently I spoke with a PhD, from Brown, who performed decades of research in number theory. He recommended "Cryptography in C and C++," by Michael Welschenbach. He also said "I don't know why people think Applied Cryptography is such a good book. He [Schneier] doesn't seem to understand the mathematics very well." Pick up Applied Cryptography sometime and compare it side-by-side with Welschenbach's book. You'll see what that PhD was talking about.

What I find truly onerous about his books is the condescending tone that Schneier adopts when addressing the reader. It's if he's saying "I am so much more elite than you, I can't even begin to tell you." The truth is that Bruce Schneier is a lot of style without much substance. What he lacks in ability he makes up for with moxie. Having lived in Minneapolis, I'm more than familiar with the type of yuppie pretenders that live on Hennepin Avenue with their nose piercings and their tattoos. Bruce, that ponytail doesn't fool anybody. You're just another suit from the midwest with something to sell. Freakin' cake eaters...

Rating:
Summary: A bit out of date, but highly worth reading
Review: Bruce Schneier's APPLIED CRYPTOGRAPHY is an excellent book for anyone interested in cryptology from an amateur level to actually being involved in the development of new encryption mechanisms. Schneier's book begins with a simple discussion of what is cryptography, and then he proceeds through the history of various encryption algorithms and their functioning. The last portion of the book contains C code for several public-domain encryption algorithms.

A caveat: this is not a textbook of cryptography in the sense that it teaches everything necessary to understand the mathematical basis of the science. Schneier does not discuss number theory because he expects those who use the relevant chapters of the book will already have training in higher maths. Nonetheless, the book does contain a wealth of information even for the layman.

One helpful part of Schneier's book is his opinion of which encryption algorithms are already broken by the National Security Agency, thus letting the reader know which encryption programs to avoid. There will always be people who encrypt to 40-bit DES even though it is flimsy and nearly instantly breakable, but the readers of APPLIED CRYPTOGRAPHY can greatly improve the confidentiality of their messages and data with this book. Discussion of public-key web-of-trust is essential reading for anyone confused by how public-key signatures work.

APPLIED CRYPTOGRAPHY was published in 1995 and some parts are already out of date. It is ironic that he hardly mentions PGP, when PGP went on to become the most renowned military-strength encryption program available to the public, although it is being superseded by GnuPG. Another anachronism is Schneier's assurance that quantum computing is decades away. In the years since publication of APPLIED CRYPTOGRAPHY we have seen some strides in quantum computer, even the creation of a quantum computer that can factor the number 15. While this publicly known quantum computer is not at all anything to get excited about, it is certain that more powerful quantum computers are in development and classified by NSA. Because a quantum computer can break virtually any traditional cipher, hiding the message (steganography) is becoming more important than ever. In the era of Schneier's book steganography was unnecessary because ciphertext could withstand brute-force attacks, but with advances in computing power steganography is becoming vital to secure communications. It would be nice to see the book updated with this topic, because cryptography and steganography can no longer be regarded as two distinct fields.

All in all, in spite of its age, APPLIED CRYPTOGRAPHY is recommended to anyone interested in cryptography. It ranks among the essential books on the field, although an updated version is certainly hoped for.

Rating:
Summary: Only good for beginner
Review: If you have no knowledge on cryptography and want to get some information, this book is suit for you. If you are doing some actual work, it's not a good one. The book does not cover sufficient mathematic knowledge, and contains errors. E.g., the proof of RSA decryption is absolately wrong! Can't beleive!

Rating:
Summary: Great fun
Review: This book is readable introduction to real cryptography. It covers a wide range of topics (block and stream cyphers and hashing and random number generation algorithms) in enough depth, and with sufficient theoretical foundation, to give the reader an honest overview of the field. The last section contains code for many of the algorithms and electronic versions are available through Schneier's web site.

Throughout the book Schneier manages to include current references to the inevitable political and legal issues. These references are discussed in an engaging manner and without letting them hog the spotlight. On the other hand, in a fast-moving field like cryptography, they are beginning to get a bit long in the tooth. The book was originally published in 1996 and many of the remarks are noticeably dated (though, perhaps, historically interesting).

Printings before the fifth are also riddled with errors. Fortunately, good errata are available at Schneier's website. They are essential: if you find yourself thinking "That can't be right", it probably isn't.

Read this book first. Without some college level mathematics you may have to skim some of the chapters; still, you can probably curl up on your couch and read it cover to cover. If, afterwards, you get hooked into following up with Stinson's "Cryptograpy", or Menezes "Handbook of Applied Cryptography", don't say I didn't warn you!

Rating:
Summary: A practical cryptography reference for programmers.
Review: This is a good solid review of most current cryptography with source code available for software programmers. It does not go into mathematical proofs. I read the first version from cover to cover, however this edition, the second, is too large. It has become more of a reference book, although still very readable in parts. My only disappointment is the lack of good coverage of extremely high-speed cryptography like SEAL or MISTY or in depth explanations of secure computer network protocols like Novell's NetWare 4 RSA/GQ key exchange or Microsoft's NT hash-oriented key exchange. Also a more complete coverage of smart card technology would be nice. Basically this will get a competent engineer up to speed with 5 year old cryptography. This is still better than most alternatives like mathematics books or high-level overview books that are vague on details

Rating:
Summary: THE Cryptography book
Review: Most books that focus on cryptography tend to be academic and very dry reading. Not this one; Schneier has crafted an easy to read book that covers cryptographic techniques and issues.

The book is divided into four major sections: Cryptographic Protocols, Cryptographic Techniques, Cryptographic Algorithms, and a section called "The Real World" that discusses examples of how cryptographic protocols and algorithms are actually used. It also discusses political issues.

The book contains the source code (in printed form) to many of the algorithms discussed in the book. The algorithms include: DES, IDEA, Blowfish, RC5, SEAL and others.

Rating:
Summary: This book is a labor of love
Review: If you want to buy a book which is a wonderful introduction to cryptography, then you have just found it.
Many books suffer from excessive bloat where the author tries to be everything to everybody.
This book is not one of them.
It's lean and clean and it'll turn you into a mean cryptographic machine.

Some reviewrs seem to berate the author for:
a) losing his job
b) trying to make a buck by writing books
c) not writing a mathematical tome

Well, I have some news for you:
a) Anyone can get laid off from any job at any time - period.
b) All authors write books for money.
c) The author clearly states at the beginning of the book under the heading, How to read this book - 'I wrote Applied Cryptography to be both a lively introduction to the field of cryptography and a comprehensive reference...This book is not intended to be a mathematical text.'

Need I say more.

Rating:
Summary: Very well done
Review: Excellent introduction and explanation for both novice and professional cryptographers. Easy read with very detailed explanation. I Highly Recommend both this and Handbook of Applied Cryptography (for some of the mathematical algorithms) if you are planning on implementing your own cryptographic library.

Rating:
Summary: Definite Book for Professionals and also Newbies
Review: Bruce Scheier clear writing makes understandable the hard issues very well. If you want to know that what cryptography has been used and also can be used for real life. Like digital money, authentication systems , secret sharing etc...
This is not a theoric math book it explains the spirit of cryptography but and its usage.After reading it I recommend that get a mathematical oriented cryptography book like "Introduction to Cryptography with Coding Theory
"

Rating:
Summary: the classic text.
Review: You know that Applied Cryptography: Protocols, Algorithms, and Source Code in C is a classic, since anyone who write a book or article about crypto quotes and plagiarizes from Schneier.

But this is the text if you want to be a crypto guru.