• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Book Review - Applied Cryptography

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles

View previous topic :: View next topic  
Author Message
UziMonkey
SF Reviewer
SF Reviewer


Joined: 19 Dec 2003
Posts: 5


Offline

PostPosted: Tue May 10, 2005 11:44 pm    Post subject: Book Review - Applied Cryptography Reply with quote

Applied Cryptography

Author(s): Bruce Schneier
Publisher: Wiley http://www.wiley.com/
Date Published: 1996
Book Specifications: Softcover, 758 of pages
Category: Cryprography/Programming/Security
Publisher's Suggested User Level: Not Rated
Reviewer's Recommended User Level: Intermediate/Advanced
Suggested Publisher Price: $60.00 US / $93.50 CDN
ISBN: 0-471-11709-9
Amazon.com: Amazon.com
Amazon.co.uk: Amazon.co.uk




Blurb from back cover:
This new edition of the cryptography classic provides you with a comprehensive survey of modern cryptograpy. The book details how programmers and electronic communications professionals can use cryptography --the technique of enciphering and deciphering messages-- to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks and storage systems how they can build security into their software and systems.

Introduction
If there's one word that describes this book, that one word is comprehensive. Applied Cryptography is an introduction to the field of cryptography only assuming basic mathematic and programming skills. Having never read anything serious about cryptography before, I was eager to dig in. It wasn't until I saw the table of contents and started reading did I realize there was so much to it. No stone is left unturned, no topic is left undiscussed.

There are four sections; Cryptographic Protocols, Cryptographic Techniques, Cryptographic Algorithms and one simply called The Real World. Cryptographic Protocols lays the basic foundation of everything that is to come, introducing subjects like hashes, digital signatures and key exchanges. Cryptographic Techniques begins getting more concrete, there is extensive discussion of key length, key management and the proper use of ciphers. The Cryptographic Algorithms takes the final step from theory into practice and (as the title implies), application. Many ciphers, hashing algorithms, random sequence generators and public key algorithms are examined, explained and picked apart. This was the most interesting part of the book, for me at least. The Real World is short compared to the other sections, but real-world implications are often discussed throughout the rest of the sections. Also of interest is source code (in C) of various algorithms in the back of the book.

Bruce Schneier himself is a big picture person. As can be seen in his monthly Cryto-gram newsletter, on his Blog and in his two latest books, Beyond Fear and Secrets and Lies, he understands security as a whole, not as a purely mathematical process. After all, what use are secure key exchange protocols, solid cryptographic ciphers and careful key management when users of the system will give up their keys for a bar of chocolate? Though Applied Cryptography is mostly mathematical and scientific, the real-world discussions are welcome, but to get the whole picture, you'll probably have to read his later books. In his words, "The error of Applied Cryptography is that I didn't talk at all about the context. I talked about cryptography as if it were The Answer. I was pretty naive."

Review Comments
Applied Cryptography balances theory and practice well. There are plenty of "Alice and Bob" examples, flowcharts and diagrams, but also solid discussion of how everything applies to real world cryptography. Source code for many algorithms is presented, but it's relegated to the back section of the book. This works well since the implementation of the algorightms is not overly important except to illustrate the discussion of its inner-workings. Of particular interest is Schneier's real-world attitude; cryptography is definately not something that operates in a clean room, discussion of how this applies to the real world is abundant.

It's hard to grasp just how comprehensive this book really is. To give you an idea, the References section is 66 pages long and lists 1655 works referenced throughout the book. Topics covered range from basic cryptographic protocols and techniques to esoteric or academic protocols, implementation challenges, cryptography's impact on society and politics, cryptanalysis and implementation challenges. Though this is a definite strength, Applied Cryptography is not a book you'll get through in a weekend.

Style and Detail
Everything about this book is professional. The layout is consistent, the diagrams and charts are simple and functional and there are no obnoxious cartoon charaters popping out and talking down to you. Schneier's style is clear, even when juggling computer and mathematical terms and symbols. The layout is logical and well-planned, but I found the most interesting parts toward the end where there is plenty of room for hands-on experimentation.

Because of the content, much of the material here can be pretty dry. 5 chapters on protocols in a row, which are nothing but theory and all tend to blend together, can get tiring. This can't be avoided, but you aren't forced to read the book in order, you can always go back and look something up later. Comprehensiveness has its downsides, but I would rather have the information there than having to search other material for it.

Conclusion
Applied Cryptography is a must read for anyone in the security field. Cryptography is an integral part of information security, and though you may know how to use the software, understanding how it works is key to knowing how to use it effectively. Even if you already know some things about cryptography, even if you only use it to get a secure shell, read this book, it should be required reading before doing any security work at all.

I have nothing bad to say about this book at all. Just imagining the amount of time spent writing this book, not to mention the time spent scouring the over 1600 references for information, is boggling.

This book receives an outstanding SFDC Rating of 10/10.



Keywords: cryptography, security

This review is copyright 2005 by the author and Security-Forums Dot Com, and may not be reproduced in any form in any media without the express permission of the author, or Security-Forums Dot Com.
Back to top
View user's profile Send private message Visit poster's website
data
Forum Fanatic
Forum Fanatic


Joined: 08 May 2004
Posts: 16777211
Location: India

Offline

PostPosted: Wed May 11, 2005 2:46 pm    Post subject: Reply with quote

hi,

Its an excellent book though its not hardcore mathematical. Nice, you reviewed it for SDFC.

Sarad.
Back to top
View user's profile Send private message Visit poster's website Yahoo Messenger
DCLXVI
Just Arrived
Just Arrived


Joined: 27 Mar 2005
Posts: 4


Offline

PostPosted: Wed May 11, 2005 6:02 pm    Post subject: Reply with quote

It's not exactly a book I'd read from beginning to end, it's more of a reference manual for when you need to refresh your memory on the basics of some crypto protocol, kind of like a crypto encyclopaedia.

A good book to have around.
Back to top
View user's profile Send private message
Tom Bair
SF Boss
SF Boss


Joined: 10 Aug 2002
Posts: 16776955
Location: Portland, Oregon USA

Offline

PostPosted: Thu May 12, 2005 3:05 am    Post subject: Reply with quote

Thank you for both for your comments. They are invaluable and will help the membership in deciding if this book is for them.
Back to top
View user's profile Send private message Visit poster's website
JustinT
Trusted SF Member
Trusted SF Member


Joined: 17 Apr 2003
Posts: 16777215
Location: Asheville, NC, US / Uberlāndia, MG, Brazil

Offline

PostPosted: Thu May 12, 2005 8:44 am    Post subject: Good work. Reply with quote

Most of my thoughts on Applied Cryptography, as well as those contained in the embedded links, can be found here, in a recent thread. It's a decent primer, and reference, provided that the audience can differentiate between the more concrete design fundamentals and terminology, as opposed to the more volatile-prone security advice, much of which has changed since the time of it being published. An excellent evaluation of a seminal encyclopaedia, nonetheless. Good work.
Back to top
View user's profile Send private message Visit poster's website
Jmorin
Just Arrived
Just Arrived


Joined: 17 Mar 2005
Posts: 1


Offline

PostPosted: Sat Oct 08, 2005 11:51 pm    Post subject: Re: Book Review - Applied Cryptography Reply with quote

[MODE NOTE: Please do not quote entire reviews in order to reply, it's unecessary and has been removed from this post - zeedo]


Dont forget about the second book to this, Practical Cryptography.
http://search.barnesandnoble.com/booksearch/isbnInquiry.asp?userid=lp2OdAKCSp&isbn=0471223573&itm=1
Back to top
View user's profile Send private message
phreakre
Just Arrived
Just Arrived


Joined: 30 Sep 2005
Posts: 2
Location: The Death Star

Offline

PostPosted: Sun Oct 09, 2005 12:11 am    Post subject: Reply with quote

From the intermediate perspective [neither purely beginner ( especially mathmatically) nor supremely advanced ] this book is very understandable and easy to follow. I like the layout as some sections are unnecessary to any reader coming to it with experience and it makes an easy "flip through" style book where you can find what you're looking for rather quickly.

I agree 100% with the 10/10 score, one of the better books out there on this subject.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> News // Columns // Articles All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register