Rating: 
Summary: An *EXCELLENT* reference book on cryptography!
Review: If you have *ANY* interest whatsoever in cryptography (public keys, private keys, RSA, government policies (sic), etc), then this is *THE* book for you. Bruce does a very good job of explaining a very difficult subject. The book covers *EVERYTHING*, from A-Z on the subject,so if you want to understand how public keys work, you can read up on that, similarly, if you want to understand how linear feedback shift registers work, there is a section on that also.
Bruce does *NOT* have a very high opinion of our exalted leaders in Washington, which shows in the book, and the style is very conversational, with a number of humorous lines and comments thrown in. This kept me wide awake through all 700 pages.
The bibliography is extensive, and even includes some good books on WWII cryptography and the Enigma machine used by the Germans.
If you only buy 1 book on cryptography, buy this one!
Rating:
Summary: Schneier is to crypto like Fowler is to English
Review: The mathematics, not to say sheer logic,
is likely to scare a lot of people.
I find when I lend the book that most people go
through quickly and read what might be
called the cryptographic purple patches --
pure prose sections, summing up which
ciphers are weak and which aren't, some of
the history, and such things. The rest they
leave. I've found myself in the position of
trying to explain all this stuff to CEOs and
other execs. It is hard. I wrote a CEO-friendly
summary (www.viacorp.com/crypto.html) and it
worked fairly well. The people who need to
know this are also the hardest to get into the
topic. Maybe Bruce Schneier would like to
try writing a non-mathematical summary for
the intelligent layman -- like Einstein did
in The Evolution of Physics.
Rating:
Summary: Summary of Applied Cryptography by Bruce Schneier
Review: I believe that if anyone is looking for a book on encryption that tells about everything. This would be the book to get
Rating:
Summary: Definitive introduction to Cryptography
Review: I cannot praise this book too much. It explains, in terms that any computer programmer can understand, the issues surrounding the development and use of cryptographic algorithms and protocols. You MUST read this book before trying to develop or implement encryption systems
Rating:
Summary: The most comprehensive text on computer-era cryptology.
Review: Habitues of sci.crypt will be familiar with Bruce Schneier's *Applied Cryptography*; if any of them have but one text on crypto for reference, it will almost certainly be *Applied Cryptography*. It is the de facto standard reference on modern cryptography as well as serving as an excellent introduction to the subject.
The art is very old - Julius Caesar was the first recorded user of cryptography for military purposes - and reached a watershed when computers were put to work in order to break German and Japanese ciphers. Indeed, that was the first *real* application of electronic computers. A natural development was the use of computers for the development of cryptographic systems.
That is where Bruce Schneier's remarkable book begins. It is notable for two reasons: the breadth and depth of coverage, and the high standard of technical communication.
As a reference its scope is encyclopaedic, providing descriptions and assessments of just about every non-military crypto system developed since computers were first applied to the purpose. There are also military-cum-government algorithms amongst the collection, some from the old Soviet Union and others from South Africa. It is not just an A-Z procession of algorithms; the author progresses in a logical manner through the many technical aspects of cryptography.
It is common to find that masters of mysterious technical arts are poor communicators. Bruce Schneier demonstrates exceptional skill as a technical communicator. Here is a book about an esoteric subject - one built on a foundation of theoretical mathematics - that ordinary folk can read. Sure, one needs to be motivated by an interest in the subject, and the technical level sometimes requires a more than ordinary background in number theory and the like - but a degree in theoretical mathematics is not necessary to derive pleasure and profit from reading *Applied Cryptography*.
A thirty-page chapter provides a brief, but lucid account of the necessary mathematical background, spanning information theory, complexity theory, number theory, factoring, prime number generation, and modular arithmetic. Even if one needs no other information than a useful description of modular arithmetic the book is worth looking at; I can't think of any better source outside full-blown mathematical texts, and the author does it without being obscure.
The book is divided into parts, beginning with protocols (the introductory chapter is an excellent overview of crypto as it is presently applied) from the basic kind through to the esoteric that find application in digital cash transactions. Public key encryption, the second - and most significant - watershed in cryptography, is introduced with an explanation of how it is used in hybrid systems.
Part II deals with cryptographic techniques and discusses the important issues of key length, key management, and algorithm types. The strength of a crypto system relies very heavily on the length of the key, the way in which it is generated, and key management. A chapter is devoted to the practical aspects of using algorithms (which one, public-key as against symmetric crypto, hardware versus software) for various purposes (such as communications and data storage).
Part III is about particular algorithms, providing for each one a background of its development, a description, its security, and how it is likely to stand up to attack. The algorithms are divided into classes: block (some twenty-one are described); pseudo-random-sequence generators and stream ciphers (PKZIP is a stream cipher); real random-sequence generators; one-way hash functions; public-key; public-key digital signature; identification schemes; key-exchange algorithms; and other special algorithms. Many specific algorithms are described with information about covering patents.
Part IV is entitled, The Real World; in the words of the author, "It's one thing to design protocols and algorithms, but another thing to field them in operational systems. In theory, theory and practice are the same; in practice they are different". A chapter discusses a number of implementations, including IBM Secret-Key Management Protocol, Mitrenet (an early public-key system), ISDN Packet Data Security Overlay, STU-III, Kerberos, KryptoKnight, Sesame, PEM, PGP, MSP, smart cards, universal electronic payment system, and Clipper.
Another chapter discusses politics and puts the problems of US export restrictions into context and deals with patents. It also has information about bodies with an interest in public access to cryptography and standards, and legal issues.
An afterword by Matt Blaze should be required reading by everyone who thinks a good cryptosystem is all that one needs for security; the human factor can undo the strongest system.
A final part contains C source code for DES, LOKI91, IDEA, GOST, Blowfish, 3-Way, RC5, A5, and SEAL. North American readers can obtain a 3-disk set containing code for some forty-one algorithms, four complete systems, source code for some other utilities, text files, errata, and notes on new protocols and algorithms.
Who, apart from crypto professionals and aficionados, is likely to find *Applied Cryptography* of interest? Anyone with an intelligent interest in the art, and who wants something more substantial than a quasi adventure account of modern crypto; anyone with a responsibility for protecting data and/or communications; network administrators; builders of firewalls; students and teachers of computer science; programmers; and anyone with a serious interest in theoretical mathematics - I'm sure the list could be expanded considerably. Apart from a book to be read, it is the most complete and up-to-date resource and reference presently available. The list of references (1653 of them) is a resource in its own right. An essential acquisition for libraries.
The book, of necessity, contains highly technical material, but it can be read. The publishers, Wiley's, are to be congratulated.
Reviewed by Major Keary majkeary@netspace.net.au
DISCLAIMER: The opinions expressed are my own. I have no interest, financial or otherwise, in the success or failure of this book, and - apart from a review copy - I have received no compensation from anyone who has.
Rating:
Summary: Essential reference for any programmer
Review: Over the long term, this is the applied math book that I come back to most often. The first quarter of the book may come as a surprise. It's not about encryption, it's about secure protocols. This is great stuff. It includes secure key exchange, where you and I can agree on an encryption key in a public conversation, but none of the other listeners know what we agreed on. It includes zero-knowledge proofs, ways of establishing authorization without releasing your identity. It includes lots more, as well. The next brief section discusses different modes for using encryption algorithms, key management, and other logistics. The third section is what you might have expected: detailed descriptions of many encryption schemes, taking up at least half the book. That includes public key schemes, private key codes, secure hashing algorithms, and all the other details needed for implementing the algorithms. One of the most useful subsections here is a set of pseudorandom number generators. It's not exhaustive, by any means - it omits the Mersenne Twister, for example. Still, it gives a fair set of algorithms, some of which are "cryptographically secure". That means the generator's output strongly resists attempts to find regularities, just the way a truly random sequence would. The last two chapters give a brief summary of the practice, legalities, and even culture around cryptography. This won't make you into a crypto professional. Despite its 600+ pages, it barely introduces the world of crypto and certainly doesn't release anything from the "closed" world of government agencies. It will, however, give you useful algorithms, a basic background, and an appreciation of just what real crypto is about. That last may be the most important part. Too many people think inventing a good code is like making love: anyone can do it, and they instinctively do it better than most people. Wrong! Real crypto is not for dabblers, and this book gives some sense of what is involved. The first edition of "Applied Cryptography" was a landmark text, but the second edition is even better. It's so much better that, if you just have the first edition, you really should upgrade to the second, and I've never said that about any other book.
Rating:
Summary: The Comprehensive Crytography Book
Review: If you need a cryptography book, this is the one to get. It is perfect for begineers and intermediates.
It covers a range of topics and indeed algorithms, giving precise clear explanations and examples for each algorithm.
This book helped me immensely for my final year project.
Rating:
Summary: Excellent Text - Not Too Mathematical
Review: This book provides excellent coverage of the mayor cryptography algorithms. It is a must have (for academic study or implementation), if only for the completeness of coverage and the comprehensive references. The C code provided is adequate, but reasonable programming skills are assumed. The book is not overly mathematical (which many of the other cryptography texts are - this is great for me, as I am more intereseted in practice). There is also good information on assessing / comparing the merits of different algorithms. Great for the practictioner or student taking a first course (it's still not bedtime reading). Mathematicians will look for more ......
Rating: 
Summary: A tour of algorithms by an outsider
Review: Excellent introduction and explanation for both novice and professional cryptographers. Easy read with very detailed explanation. I Highly Recommend both this and Handbook of Applied Cryptography (for some of the mathematical algorithms) if you are planning on implementing your own cryptographic library.
|
