View previous topic :: View next topic |
Author |
Message |
UziMonkey SF Reviewer
Joined: 19 Dec 2003 Posts: 5
|
Posted: Tue May 10, 2005 11:44 pm Post subject: Book Review - Applied Cryptography |
|
|
Applied Cryptography
Author(s): Bruce Schneier
Publisher: Wiley http://www.wiley.com/
Date Published: 1996
Book Specifications: Softcover, 758 of pages
Category: Cryprography/Programming/Security
Publisher's Suggested User Level: Not Rated
Reviewer's Recommended User Level: Intermediate/Advanced
Suggested Publisher Price: $60.00 US / $93.50 CDN
ISBN: 0-471-11709-9
Amazon.com: Amazon.com
Amazon.co.uk: Amazon.co.uk
Blurb from back cover:
This new edition of the cryptography classic provides you with a comprehensive survey of modern cryptograpy. The book details how programmers and electronic communications professionals can use cryptography --the technique of enciphering and deciphering messages-- to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks and storage systems how they can build security into their software and systems.
Introduction
If there's one word that describes this book, that one word is comprehensive. Applied Cryptography is an introduction to the field of cryptography only assuming basic mathematic and programming skills. Having never read anything serious about cryptography before, I was eager to dig in. It wasn't until I saw the table of contents and started reading did I realize there was so much to it. No stone is left unturned, no topic is left undiscussed.
There are four sections; Cryptographic Protocols, Cryptographic Techniques, Cryptographic Algorithms and one simply called The Real World. Cryptographic Protocols lays the basic foundation of everything that is to come, introducing subjects like hashes, digital signatures and key exchanges. Cryptographic Techniques begins getting more concrete, there is extensive discussion of key length, key management and the proper use of ciphers. The Cryptographic Algorithms takes the final step from theory into practice and (as the title implies), application. Many ciphers, hashing algorithms, random sequence generators and public key algorithms are examined, explained and picked apart. This was the most interesting part of the book, for me at least. The Real World is short compared to the other sections, but real-world implications are often discussed throughout the rest of the sections. Also of interest is source code (in C) of various algorithms in the back of the book.
Bruce Schneier himself is a big picture person. As can be seen in his monthly Cryto-gram newsletter, on his Blog and in his two latest books, Beyond Fear and Secrets and Lies, he understands security as a whole, not as a purely mathematical process. After all, what use are secure key exchange protocols, solid cryptographic ciphers and careful key management when users of the system will give up their keys for a bar of chocolate? Though Applied Cryptography is mostly mathematical and scientific, the real-world discussions are welcome, but to get the whole picture, you'll probably have to read his later books. In his words, "The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The Answer. I was pretty naive."
Review Comments
Applied Cryptography balances theory and practice well. There are plenty of "Alice and Bob" examples, flowcharts and diagrams, but also solid discussion of how everything applies to real world cryptography. Source code for many algorithms is presented, but it's relegated to the back section of the book. This works well since the implementation of the algorightms is not overly important except to illustrate the discussion of its inner-workings. Of particular interest is Schneier's real-world attitude; cryptography is definately not something that operates in a clean room, discussion of how this applies to the real world is abundant.
It's hard to grasp just how comprehensive this book really is. To give you an idea, the References section is 66 pages long and lists 1655 works referenced throughout the book. Topics covered range from basic cryptographic protocols and techniques to esoteric or academic protocols, implementation challenges, cryptography's impact on society and politics, cryptanalysis and implementation challenges. Though this is a definite strength, Applied Cryptography is not a book you'll get through in a weekend.
Style and Detail
Everything about this book is professional. The layout is consistent, the diagrams and charts are simple and functional and there are no obnoxious cartoon charaters popping out and talking down to you. Schneier's style is clear, even when juggling computer and mathematical terms and symbols. The layout is logical and well-planned, but I found the most interesting parts toward the end where there is plenty of room for hands-on experimentation.
Because of the content, much of the material here can be pretty dry. 5 chapters on protocols in a row, which are nothing but theory and all tend to blend together, can get tiring. This can't be avoided, but you aren't forced to read the book in order, you can always go back and look something up later. Comprehensiveness has its downsides, but I would rather have the information there than having to search other material for it.
Conclusion
Applied Cryptography is a must read for anyone in the security field. Cryptography is an integral part of information security, and though you may know how to use the software, understanding how it works is key to knowing how to use it effectively. Even if you already know some things about cryptography, even if you only use it to get a secure shell, read this book, it should be required reading before doing any security work at all.
I have nothing bad to say about this book at all. Just imagining the amount of time spent writing this book, not to mention the time spent scouring the over 1600 references for information, is boggling.
This book receives an outstanding SFDC Rating of 10/10.
Keywords: cryptography, security
This review is copyright 2005 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
|
|
Back to top |
|
|
data Forum Fanatic
Joined: 08 May 2004 Posts: 16777211 Location: India
|
Posted: Wed May 11, 2005 2:46 pm Post subject: |
|
|
hi,
Its an excellent book though its not hardcore mathematical. Nice, you reviewed it for SDFC.
Sarad.
|
|
Back to top |
|
|
DCLXVI Just Arrived
Joined: 27 Mar 2005 Posts: 4
|
Posted: Wed May 11, 2005 6:02 pm Post subject: |
|
|
It's not exactly a book I'd read from beginning to end, it's more of a reference manual for when you need to refresh your memory on the basics of some crypto protocol, kind of like a crypto encyclopaedia.
A good book to have around.
|
|
Back to top |
|
|
Tom Bair SF Boss
Joined: 10 Aug 2002 Posts: 16776955 Location: Portland, Oregon USA
|
Posted: Thu May 12, 2005 3:05 am Post subject: |
|
|
Thank you for both for your comments. They are invaluable and will help the membership in deciding if this book is for them.
|
|
Back to top |
|
|
JustinT Trusted SF Member
Joined: 17 Apr 2003 Posts: 16777215 Location: Asheville, NC, US / Uberlāndia, MG, Brazil
|
Posted: Thu May 12, 2005 8:44 am Post subject: Good work. |
|
|
Most of my thoughts on Applied Cryptography, as well as those contained in the embedded links, can be found here, in a recent thread. It's a decent primer, and reference, provided that the audience can differentiate between the more concrete design fundamentals and terminology, as opposed to the more volatile-prone security advice, much of which has changed since the time of it being published. An excellent evaluation of a seminal encyclopaedia, nonetheless. Good work.
|
|
Back to top |
|
|
Jmorin Just Arrived
Joined: 17 Mar 2005 Posts: 1
|
|
Back to top |
|
|
phreakre Just Arrived
Joined: 30 Sep 2005 Posts: 2 Location: The Death Star
|
Posted: Sun Oct 09, 2005 12:11 am Post subject: |
|
|
From the intermediate perspective [neither purely beginner ( especially mathmatically) nor supremely advanced ] this book is very understandable and easy to follow. I like the layout as some sections are unnecessary to any reader coming to it with experience and it makes an easy "flip through" style book where you can find what you're looking for rather quickly.
I agree 100% with the 10/10 score, one of the better books out there on this subject.
|
|
Back to top |
|
|
|