antipaucity

fighting the lack of good ideas

applied cryptography, 2d ed by bruce schneier

As recently promised, here is my review of Bruce Schneier’s seminal work, Applied Cryptography (2d edition).

I received my now-signed copy of Applied Cryptography (2d ed) for my 16th birthday – about a year after it was published.

Of all the “odd” books I asked-for when I was younger, this single volume had to take the cake for being both the most expensive, and the least-likely-to-be-read of any.

Bruce Schneier is a world-renowned cryptographer, researcher, and generally Smart Guy™. He has written several other books (many of which I have read (Beyond Fear, Practical Cryptography, Secrets and Lies), and several I own). I also follow on an intermittent basis his blog: schneier.com.

A warning before I go any further – since this book has not been updated in 15+ years, many of the technologies outlined now look incredibly dated or quaint (a 100Mhz processor being “top of the line”, for example). Likewise, measuring computational feasibilities in MIPS-years seems bizarre to me… then again, I’ve never used a MIPS processor.

Back to the book. A lot of time and space is spent on the mathematics and theory behind crypto systems: which is quite cool… except when you don’t understand any of it (as I didn’t a dozen+ years ago [and still don’t to some extent now]). Protocols for a variety of “interesting” activities are discussed: key exchange, digital cash, contract signing, digital signatures, etc.

The most interesting part of the book is the appendix containing C code for several of the algorithms in the book.

Schneier’s writing mixes the highly technical with the amusing (eg p157):

Another biological approach is to use genetically engineered cryptanalytic algae that are capable of performing brute-force attacks against cryptographic algorithms. These organisms would make it possible to construct a distributed machine with more processors because they could cover a larger area. The plaintext/ciphertext pair could be broadcast by satellite. If an organism found the result, it could induce the nearby cells to change color to communicate the solution back to the satellite.

Assume the typical algae cell is the size of a cube 10 microns on a side (this is probably a large estimate), then 1015 of them can fill a cubic meter. Pump them into the ocean and cover 200 square miles (518 square kilometers) of water to a meter deep (you figure out how to do it – I’m just the idea man).

In the intervening time, AES has been adopted as a national standard, replacing DES. We all rely on encryption in daily life on the web (https) when banking, making purchases, or even reading our facebook and twitter accounts. Cryptography has become ubiquitous and invisible to most of us. The product I work most heavily with relies on certificate-based https for all of its internal communication.

In my opinion, this book is still of immense value – though in a different way than it was in the mid 90s: now it’s to serve as a warning about relying on technology and not considering the source, rather than upon how to implement and promulgate that technology.

  • Quality of writing: 4/5
  • Quality of content:  5/5
  • Readability: 3/5 (if you’re unfamiliar with the terminology)
  • Historicity: 5/5
  • Overall: 4/5