Practical Cryptography

jpetts writes "If you have an interest in cryptography and spend even a small amount of time looking at the subject on the Internet, you will almost certainly have come across the name Bruce Schneier. His book, Applied Cryptography is widely regarded as the most accessible, and one of the most important books on cryptographic algorithms ever published. Schneier has also published other books, including the less technical Secrets and Lies, an thought-provoking book aimed at getting people to think about the whole of the security landscape, not just cryptography. Now, together with Niels Ferguson, renowned cryptographic expert, and longtime collaborator, another immensely valuable book on security has just appeared." Read on for the rest of jpetts' review. Practical Cryptography author Neils Ferguson and Bruce Schneier pages xx + 410 publisher Wiley rating 10/10 reviewer James Petts ISBN 0471223573 summary Pure Hands-On Cryptographic Gold; invaluable guide for cryptographers.

Schneier is one of the world's foremost experts, not just on cryptography, but also on security. It was as he delved deeper into the security of cryptographic systems that he realised that even though - theoretically at least - cryptography could be made arbitrarily secure, this was one of the more tractable problems in the security puzzle. For this reason, his company, Counterpane repositioned itself as a managed security company, rather than continuing to focus solely on cryptography. This transition was also reflected in his publication of Secrets and Lies (SL), which is very different in tone and focus from Applied Cryptography (AC). So where does Practical Cryptography (PC) fit in, and what does it offer? For me, the answer is that it lies pretty much squarely in the middle of the line reaching from AC to SL.

There is no shortage of products in the cryptography arena, but the vast majority of these attract undisguised scorn from professional cryptographers (at least those who can be bothered to comment on them), and although I am only an amateur in this field, I take it as axiomatic that only peer-reviewed cryptosystems (algorithms, protocols, etc) which have stood the test of time are worth taking even a preliminary peek at. This includes many that are described in AC. However, One of the problems with AC, openly acknowledged by the author, is that it contains essentially no implementation details. Furthermore, the cryptographic field has moved on since its publication, most notably with the adoption of Rijndael as the Advanced Encryption Standard, now a mandated Federal Information Processing Standard.

The source code to AC has been available from pretty much the moment of the book's publication, but one of the problems which faced a would-be cryptographic coder, is how to produce a working cryptographic product based on the routines that one could lay one's hands on. Merely incorporating the source code in a program does not a cryptosystem make: as Schneier points out cryptography is hard. And this is where this new book is invaluable: it tells you in great detail how hard it is, what the hardest parts are, and how you can maximise the return on the effort you may invest in developing cryptographic software.

The book pulls no punches, and does not gloss over any issues relating to implementing cryptographic systems. It deals with all the major components of a practical cryptosystem: the book's major sections are titled Message Security, Key Negotiation, Key Management and Miscellaneous.

Within each of these sections there are several chapters, covering virtually all the salient points imaginable, right down to the fundamentals. For example, the first chapter of the Key Management section deals with the clock. It explains from first principles the need for a clock: "At first glance, [a clock] is a decidedly un-cryptographic primitive, but because the current time is often used in cryptographic systems, we need a reliable clock." It is this sort of attention to particular implementation details that turns PC from a mere recipe book into an invaluable reference and a true cookbook.

Another invaluable feature is the generous use of pseudocode snippets, not only for algorithmic details, such as MACs and block cyphers, but also for higher-level operations like sending and receiving messages.

Ferguson and Schneier are refreshingly frank, too. Where they believe strongly in something, they let you know it. For example, the first paragraph of chapter 23, Standards, contains the statement that "[s]ecurity standards rarely work," while the authors go even further when dealing with X.509 certificates, stating on p.339, "[w]hatever you do, stay away from X.509 certificates. If you need a reason, read [40] and weep". This candour is refreshing, especially when juxtaposed with the weasel words that so many consultants and software vendors seem to rely on. However, this advice is not just given in curmudgeonly fashion, and when the authors discuss the matter of X.509 in a different context, they add, humorously, "[i]f you must use X.509, you have out condolences."

I am tempted to continue to analyse the book at great length, but to save space I will just highlight some further jewels from this work:

• Implementation issues such as swap files, language-specific memory handling behaviour, caches, etc. are covered in enough detail for you to understand how to do things, and more importantly, how not to do things.
• Randomness, pseudo-randomness and entropy are covered in enough depth for an implementor to avoid pitfalls, and pseudocode examples are given.
• Mathematical topics such as prime numbers, groups and large integer arithmetic are described in excellent detail.
• PKI, its promise, and failure are covered with wit and wisdom.

As you can probably guess from the above description, I believe that the real value of this book lies in the fact that two renowned experts, in both theory and practice, are sharing what works, and more importantly what you should avoid like the plague when working with cryptosystems. This information has until now generally only been available by listening to people like Schneier and Ferguson talk, either one-to-one or at conferences. Even then, the authors point out that even talking to "experts" is not without danger: chapter 25 begins "There is something strange about cryptography: everybody thinks they know enough about it to design and build their own system. We never ask a second-year physics student to design a nuclear power plant. We wouldn't let a trainee nurse who claims to have found a revolutionary method for heart surgery operate on us. Yet people who have read a book or two think they can design their own cryptographic system. Worse still, they are sometimes able to convince management, venture capitalists, and even some customers that their design is the neatest thing since sliced bread." Given this statement, some people might claim that this book is a little hubristic, but I disagree. Paranoia, self evaluation and a healthy scepticism are pre-requisites for assessing, deploying and implementing cryptosystems, but since a sine qua non of reliable crypto is open examination and peer evaluation, I believe that the authors are here simply offering advice, which once you understand more about the issues surrounding crypto, is merely common sense. Schneier and Ferguson have both "earned their bones" in the glaring light of crypto, and this book admirably fills an obvious gap in the literature of the field. There is not, to my knowledge, another book like it on the subject, and had it been published at around the same time as AC, I am sure that it would have been regarded by the NSA as even more dangerous than that book. After all, it is frighteningly easy for the uninformed to take good cryptographic algorithms and protocols, and through ignorance turn them into worse-than-useless crypto products.

Is there anything I didn't like about the book? Frankly, no. Some might complain that it is priced too high (it lists at USD50 for the softcover, and USD70 for the hardcover), but it is printed on acid-free paper, and the density of useful advice is such that it outstrips in value many works which cost half the price or less.

If you are interested in crypto, do yourself a favour: buy this book.

You can purchase Practical Cryptography from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

I'll tell ya what I think...

[TopShelf]

Jakb sdf aksvbmk aklsdfj alksjd SjkczLzeq adjskf sdkimz zoikjp ead!

But please keep in mind:

[burgburgburg]

All of this is now officially illegal.
Cryptography supports terrorism.
Reading about implementing cryptography supports terrorism.
Reading reviews about books about implementing cryptography supports terrorism.

Now turn off the computer, stand over there in the corner and we'll be by to pick you up in a little while. And remember, running supports terrorism.

Re:But please keep in mind:

[sapped]

And remember, running supports terrorism.

No, driving off in your SUV supports terrorism.

Re:But please keep in mind:

[(54)T-Dub]

Posting a warning to terrorists about their impending arrest is Definitely supporting terrorism.

Re:FP

[B3ryllium]

Whenever I'm contracted as a security expert, I *always* highly recommend ROT13.

I'm looking into this thing called a "caesar cipher", but it's slow going. I think it needs to be applied 13 times before the data is sufficiently encrypted.

At the very least...

[Ratphace]

...you can look forward to your name being recorded with the FBI when you visit the local library to check this book out along with a copy of 'the catcher in the rye'

Re:At the very least...

[jpetts]

you can look forward to your name being recorded with the FBI when you visit the local library to check this book out along with a copy of 'the catcher in the rye'

Hmmm, maybe the PATRIOT Act is a ploy by authors to make sure we BUY their books (with cash, natch...), instead of checking 'em out from libraries...

Applied Cryptography

[Prof.Phreak]

His book, Applied Cryptography is widely regarded as the most accessible, and one of the most important books on cryptographic algorithms ever published. "A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography" - Bruce Schneier (author of Applied Cryptography). Quote from Secrets & Lies.

Accessible?

[Bingo+Foo]

Calling the book "accessible" is hardly a compliment for a book on crypography, isnt' it?

I'd rather see a review like: "This book was so impenetrable that teams of scientists in academia and the NSA, working with the online computing grid will take many times the age of the universe to understand the first chapter alone."

Re:Practical vs Applied

[flynt]

Schneir is actually releasing a followup to AC centered around actually using crypto in everyday applications. He mentioned it in this month Cryptogram.

In case you hadn't noticed, the Slashdot story you just posted about your comment to is a review of that book.

Acid-free paper?

[cperciva]

I'm really glad this is printed on acid-free paper. Because, you know, I'm really likely to be wanting to read this book fifty years from now.

Before you worry about finding a storage medium which will survive for a long time, think about how long the information you're storing will be useful.

Re:FP

[Bingo+Foo]

I'm looking into this thing called a "caesar cipher"

Beware: it comes undone on March 15.

Re:you know,

[exhilaration]

Especially if you're non-white, non-Christian, and of foreign descent.

I too will be paying for this with cash.

Re:DMCA

[ShadowBottle]

OMG! He is going to get SO busted. Everybody got their lighters ready for a crypto-book burning session? Always remember, security comes after the wants and needs of the power-mad robber barons of the DMCA. NOOOBODY EXPECTS THE DMCA! Our Cheif Weapon is Ignorance, Ignorance and fear.. no no no our TWO cheif weapons are ignorance, fear and a ruthless abandon from the ways of free thought.. no no no our THREE cheif weapons are ignorance, fear, a ruthless abandondon of free though and ignorance again.. yes.. OUR FOUR CHEIF WEAPONS ARE... Fear that which you cannot understand. ( C; And yeah.. /. is going to get nailed for providing information about where to get information on information that involves circuitous ways of securing information. Fscking rat bastards. May they all burn in hell... securely. ( C: ShadowBottle

I like the joke at the bottom of the X.509 link

[ralico]

At the bottom of the X.509 certificates link

An engineer, a chemist, and a standards designer are stranded on a desert island with absolutely nothing on it. One of them finds a can of spam washed up by the waves.

The engineer says "Taking the strength of the seams into account, we can calculate that bashing it against a rock with a given force will open it up without destroying the contents".

The chemist says "Taking the type of metal the can is made of into account, we can calculate that further immersion in salt water will corrode it enough to allow it to be easily opened after a day".

The standards designer gives the other two a condescending look, gazes into the middle distance, and begins "Assuming we have an electric can opener...".

Worst. Whoring. Ever.

So you get 3 karma points for submitting an article and THEN in the comments section you add something you "forgot" to include in your review and get modded up +5. How can I get in on this scam?

I've always thought...

[mattsucks]

A bit OT, but I've always thought it would be intersting to see a cryptology book released in electronic form .... encrypted. Kind of a "you must be at least this tall to ride this ride" kind of thing.

Remember to format the ciphertext, dude

[apankrat]

> Jakb sdf aksvbmk aklsdfj alksjd SjkczLzeq adjskf sdkimz zoikjp ead!

Jakbs dfaks vbmka klsdf jalks jdSjk czLze qadjs kfsdk imzzo ikjpe adxxx

Book Review, Reprint

[drgroove]

(Using md5() ... )

f828955ca01f9c03a726acf5cc2dbe65 a2a551a6458a8de22446cc76d639a9e9 f97c5d29941bfb1b2fdab0874906ab82 8bf8854bebe108183caeb845c7676ae4 8fc42c6ddf9966db3b09e84365034357 ff5cabab0a5c826fdef2e562e6eb600a 79a352706fc69e70b68a457015ccaf0f d31ed91ae4198835d730482e66e6f58a d529e941509eb9e9b9cfaeae1fe7ca23 8134b84030cca5285ed0e0b31ba06f10 ed2b5c0139cec8ad2873829dc1117d50 d581a916de79aa75cc53096b385c9751 37598dad8f8805ce708ba8c4f67ce367 07ccfe360dce69b84595428e2ec1c1cc ed2b5c0139cec8ad2873829dc1117d50 5452e83a743c0fccd85d322daf053e43 6e57d6c47d23024e41f4a1aac73a3ea9 a77b3598941cb803eac0fcdafe44fac9 f970e2767d0cfe75876ea857f92e319b 6f96cfdfe5ccc627cadf24b41725caa4 9e327d39a0b27bf040f1693e140f3a35 c376109ef8d15c46a24936b7d0e0b560 b971be0e2e7176b90d5501eca32a0226 8fc42c6ddf9966db3b09e84365034357 e91e6348157868de9dd8b25c81aebfb9 8bf8854bebe108183caeb845c7676ae4 52e5783fb2be233a7219dabe6d7f8056 b31df235e8aee38fd08600c353af2b52 21582c6c30be1217322cdb9aebaf4a59 6f96cfdfe5ccc627cadf24b41725caa4 c6e76a72f258857bed843acfbd216ae5 21582c6c30be1217322cdb9aebaf4a59 cc935c5faf4c8f7a0468d7552a9b8138 23f9c1b08ef269ebf4b403ed833a5b03 336d5ebc5436534e61d16e63ddfca327 a2d4bfc626b142774660d5deb9a7f0a7 7d0db380a5b95a8ba1da0bca241abda1 8451fc653eaa269664a6d9b46a238424 336d5ebc5436534e61d16e63ddfca327 e0d00b9f337d357c6faa2f8ceae4a60d f0441366488bd123be0e5fb7d6c03c2b 910955a907e739b81ec8855763108a29 4ab8710d781ba5b13aaf561cafd896b7 ca97d7fcd88d424065b3fb8b1b63495b 6dbdba779ddf6dd053c3785e6bd9d035 9e925e9341b490bfd3b4c4ca3b0c1ef2 a77b3598941cb803eac0fcdafe44fac9 f97c5d29941bfb1b2fdab0874906ab82 8bf8854bebe108183caeb845c7676ae4 8fc42c6ddf9966db3b09e84365034357 addec426932e71323700afa1911f8f1c f3e9e0675feca77f67a7e32898b75dc2 8d8a1b73876ca678cc3afa372e5199de 13b5bfe96f3e2fe411c9f66f4a582adf 8fc42c6ddf9966db3b09e84365034357 e91e6348157868de9dd8b25c81aebfb9 9176a98110716496410503c80b9d1af5 39e61d57e9209611edd4f884e9e47c11 9e925e9341b490bfd3b4c4ca3b0c1ef2 e23ee923e08a2bceae9b0e0d2d3eba80 65b50b04a6af50bb2f174db30a8c6dad ff0cb426c0698739bc5e410313a00f7e 2c843f3bf026929da412897f5c9e7b8e 41a23ff0e62bc39c571d717b71cc6d54 53d8f4d1e2b5be0d0abfde443f017359 f970e2767d0cfe75876ea857f92e319b 0cc175b9c0f1b6a831c399e269772661 6ce207e8f7bc1afc40ba5e1d8a181478 e91e6348157868de9dd8b25c81aebfb9 ff0cb426c0698739bc5e410313a00f7e 7c67f7869117923c58b29eee5f760c5f 7761127a460aaf290ed953098284dd1a 791b0c20a65a95dc903f4928be58156c 01b6e20344b68835c5ed1ddedf20d531 1818d506396d77b3d035f719885c4cd1 26eb20e01947f0cc7bbc2cdb458a499b ed2b5c0139cec8ad2873829dc1117d50 c48d7856c321faa3bf30956cfff0217a 77631ca4f0e08419b70726a447333ab6 1e3057527650f36abc8cfa0131920cda a77b3598941cb803eac0fcdafe44fac9 07ccfe360dce69b84595428e2ec1c1cc 17b9b0dd34a74166f3b3c4b11fc1bd8e 13b5bfe96f3e2fe411c9f66f4a582adf 65b50b04a6af50bb2f174db30a8c6dad e16704d9e243b23b4f4e557748d6eef6 8bf8854bebe108183caeb845c7676ae4 ffb85bfe93f1d2f1654a7048b87f0403 be5d5d37542d75f93a87094459f76678 b8b1ddae9aafe82ed29b973cf9f0b031 4a9e308719d8ca12ef4532207f77a801 8b7af514f25f1f9456dcd10d2337f753 a2a551a6458a8de22446cc76d639a9e9 f016441d00c16c9b912d05e9d81d894d 29e4b66fa8076de4d7a26c727b8dbdfa 13b5bfe96f3e2fe411c9f66f4a582adf f303f9a15cddbe8ee0296511a8b04b30 be5d5d37542d75f93a87094459f76678 1818d506396d77b3d035f719885c4cd1 d98a07f84921b24ee30f86fd8cd85c3c 733d43480c8589b1368e5def6b480415 64ef07ce3e4b420c334227eecb3b3f4c 34207c34eb6aad72ecc67c7d0f2ff324 e2e0ab9c9510bf61fd17296bae8d3d24 567904efe9e64d9faf3e41ef402cb568 5440e70c43cc02aba90d879c888e6e09 bba95533b6f582e295b52fffd93cbb7c 64ef07ce3e4b420c334227eecb3b3f4c aef17870e6a01b4873b45c988b05243f 1977c9daa1d67de51a4651abdb160c09 b208dbc3701c54737a24ac451d75b324 be5d5d37542d75f93a87094459f76678 4a2028eceac5e1f4d252ea13c71ecec6 5440e70c43cc02aba90d879c888e6e09 0d149b90e7394297301c90191ae775f0 aaffefb077c8b53e5895bc6a47b4c2c4 39e61d57e9209611edd4f884e9e47c11 f51712e8f064b4d2080adbe9721c69ed 8fc42c6ddf9966db3b09e84365034357 a363b8d13575101a0226e8d0d054f2e7 a2a551a6458a8de22446cc76d639a9e9 21582c6c30be1217322cdb9aebaf4a59 0d149b90e7394297301c901

You call yourself an expert?

I think it needs to be applied 13 times before the data is sufficiently encrypted.

Applying it 26 times has to be twice as good. Has to be!