Slashdot Mirror
Practical Cryptography
Schneier is one of the world's foremost experts, not just on cryptography, but also on security. It was as he delved deeper into the security of cryptographic systems that he realised that even though - theoretically at least - cryptography could be made arbitrarily secure, this was one of the more tractable problems in the security puzzle. For this reason, his company, Counterpane repositioned itself as a managed security company, rather than continuing to focus solely on cryptography. This transition was also reflected in his publication of Secrets and Lies (SL), which is very different in tone and focus from Applied Cryptography (AC). So where does Practical Cryptography (PC) fit in, and what does it offer? For me, the answer is that it lies pretty much squarely in the middle of the line reaching from AC to SL.
There is no shortage of products in the cryptography arena, but the vast majority of these attract undisguised scorn from professional cryptographers (at least those who can be bothered to comment on them), and although I am only an amateur in this field, I take it as axiomatic that only peer-reviewed cryptosystems (algorithms, protocols, etc) which have stood the test of time are worth taking even a preliminary peek at. This includes many that are described in AC. However, One of the problems with AC, openly acknowledged by the author, is that it contains essentially no implementation details. Furthermore, the cryptographic field has moved on since its publication, most notably with the adoption of Rijndael as the Advanced Encryption Standard, now a mandated Federal Information Processing Standard.
The source code to AC has been available from pretty much the moment of the book's publication, but one of the problems which faced a would-be cryptographic coder, is how to produce a working cryptographic product based on the routines that one could lay one's hands on. Merely incorporating the source code in a program does not a cryptosystem make: as Schneier points out cryptography is hard. And this is where this new book is invaluable: it tells you in great detail how hard it is, what the hardest parts are, and how you can maximise the return on the effort you may invest in developing cryptographic software.
The book pulls no punches, and does not gloss over any issues relating to implementing cryptographic systems. It deals with all the major components of a practical cryptosystem: the book's major sections are titled Message Security, Key Negotiation, Key Management and Miscellaneous.
Within each of these sections there are several chapters, covering virtually all the salient points imaginable, right down to the fundamentals. For example, the first chapter of the Key Management section deals with the clock. It explains from first principles the need for a clock: "At first glance, [a clock] is a decidedly un-cryptographic primitive, but because the current time is often used in cryptographic systems, we need a reliable clock." It is this sort of attention to particular implementation details that turns PC from a mere recipe book into an invaluable reference and a true cookbook.
Another invaluable feature is the generous use of pseudocode snippets, not only for algorithmic details, such as MACs and block cyphers, but also for higher-level operations like sending and receiving messages.
Ferguson and Schneier are refreshingly frank, too. Where they believe strongly in something, they let you know it. For example, the first paragraph of chapter 23, Standards, contains the statement that "[s]ecurity standards rarely work," while the authors go even further when dealing with X.509 certificates, stating on p.339, "[w]hatever you do, stay away from X.509 certificates. If you need a reason, read [40] and weep". This candour is refreshing, especially when juxtaposed with the weasel words that so many consultants and software vendors seem to rely on. However, this advice is not just given in curmudgeonly fashion, and when the authors discuss the matter of X.509 in a different context, they add, humorously, "[i]f you must use X.509, you have out condolences."
I am tempted to continue to analyse the book at great length, but to save space I will just highlight some further jewels from this work:
- Implementation issues such as swap files, language-specific memory handling behaviour, caches, etc. are covered in enough detail for you to understand how to do things, and more importantly, how not to do things.
- Randomness, pseudo-randomness and entropy are covered in enough depth for an implementor to avoid pitfalls, and pseudocode examples are given.
- Mathematical topics such as prime numbers, groups and large integer arithmetic are described in excellent detail.
- PKI, its promise, and failure are covered with wit and wisdom.
Is there anything I didn't like about the book? Frankly, no. Some might complain that it is priced too high (it lists at USD50 for the softcover, and USD70 for the hardcover), but it is printed on acid-free paper, and the density of useful advice is such that it outstrips in value many works which cost half the price or less.
If you are interested in crypto, do yourself a favour: buy this book.
You can purchase Practical Cryptography from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Isn't this review a violation of the DMCA?
I'm not joking...if you take the wording of the law literally?
Why do I h8 apple?
It's probably bad form to be FPer to one's own review, but just to let you know there is an oopsie in my review concerning experts. A paragraph got lost (my fault). Schneier and Ferguson start their chapter with the warning about self-proclaimed experts I mention, but they realldo do recommend using experts: just be careful that they really ARE experts, not flim-flam artists.
Call me old fashioned, but I like a dump to be as memorable as it is devastating - Bender
This book is, sort of an executive summary of Applied Cryptography (AC), with some updates. It touches upon the insights that Scheneier mentioned in Secret and Lies (like crypto is the easy part and that won't solve security). It mentions some newer material, notably AES related stuff. The description is, in effect, a simplified version of AC. Also, it doesn't try to cover everything, and yes, some explanations about the practical applications are stressed slightly more than in AC.
So if you want to be practical, just go over the essential and latest stuff, this is a good book to read. But I must say that it's not as fun to read as AC. Not as many jokes, and absolutely no crazy stuff (like bio-computing and the significance of dark matters). Oh well, maybe that's what being practical means... But it doesn't give you the feeling of throughness that AC gave. Maybe this comes from my reading AC too much in detail (I actually translated the whole book into Japanese), but I think it is inherent in the book itself. In trying to cover as much ground as possible, the book hurries a lot.
So if you are in a hurry to cover just enough important stuff, get this book. And if you need some explanation on the newer stuff, get this. But I also recommend getting AC as well.
Jakb sdf aksvbmk aklsdfj alksjd SjkczLzeq adjskf sdkimz zoikjp ead!
Stop by my site where I write about ERP systems & more
Cryptography supports terrorism.
Reading about implementing cryptography supports terrorism.
Reading reviews about books about implementing cryptography supports terrorism.
Now turn off the computer, stand over there in the corner and we'll be by to pick you up in a little while. And remember, running supports terrorism.
Hopefully this helps the good guys more then the bad ones though...
Go calculate something.
I've always liked the tagline on the back of the Applied Cryptography book:
"The Book the National Security Agency wanted never to be published..."
M@
Krispy Cream is people
Applied Cryptography is a must read. Few books invoke the proper fear and respect cryptology deserves, with example after example of why your l33t encryption should not be used for anything more valuable than your Slashdot UID. Great examples, solid code, lots of history... If this is even half the book Applied Cryptography was, get your checkbook ready.
+++ UGUCAUCGUAUUUCU
Is there anything I didn't like about the book? Frankly, no. Some might complain that it is priced too high (it lists at USD50 for the softcover, and USD70 for the hardcover), but it is printed on acid-free paper, and the density of useful advice is such that it outstrips in value many works which cost half the price or less.
Taking a look at my paperback copy of Applied Cryptography, it's listed at $55, so I hardly consider that any more expensive. And I paid full cover price for this bugger, as opposed to getting it online for a song, like I should have.
I don't think Applied Cryptography had a hardcover edition available, at least of the Second Edition. I certainly may consider picking that thing up. Hopefully it'll be able to stick together for awhile.
And on another note, what isn't printed on acid-free paper these days? Aside from little paperback novels, etc. I thought that was all done away with.
His book, Applied Cryptography is widely regarded as the most accessible, and one of the most important books on cryptographic algorithms ever published. "A colleague once told me that the world was full of bad security systems designed by people who read Applied Cryptography" - Bruce Schneier (author of Applied Cryptography). Quote from Secrets & Lies.
"If anything can go wrong, it will." - Murphy
I'd rather see a review like: "This book was so impenetrable that teams of scientists in academia and the NSA, working with the online computing grid will take many times the age of the universe to understand the first chapter alone."
taken! (by Davidleeroth) Thanks Bingo Foo!
I'm really glad this is printed on acid-free paper. Because, you know, I'm really likely to be wanting to read this book fifty years from now.
Before you worry about finding a storage medium which will survive for a long time, think about how long the information you're storing will be useful.
Tarsnap: Online backups for the truly paranoid
I can't comment on Practical Cryptography as Wiley haven't yet shipped my pre-ordered copy of the book, grumble.....
BUT I can recommed 2 books that any person interested in implementing cryptography should have on their shelf:
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
I too will be paying for this with cash.
At the bottom of the X.509 certificates link
An engineer, a chemist, and a standards designer are stranded on a desert island with absolutely nothing on it. One of them finds a can of spam washed up by the waves.
The engineer says "Taking the strength of the seams into account, we can calculate that bashing it against a rock with a given force will open it up without destroying the contents".
The chemist says "Taking the type of metal the can is made of into account, we can calculate that further immersion in salt water will corrode it enough to allow it to be easily opened after a day".
The standards designer gives the other two a condescending look, gazes into the middle distance, and begins "Assuming we have an electric can opener...".
SCO to Hell
A bit OT, but I've always thought it would be intersting to see a cryptology book released in electronic form .... encrypted. Kind of a "you must be at least this tall to ride this ride" kind of thing.
Did you write your own compiler? No, well have you read every line of gcc? Especially all of the complicated optimizer that makes the binary run faster? Even if you wrote a very dumb BN library that was easier to read, you would still have to worry about an "overflow on line 8 billion of some underlying library" (your compiler in this case).
I agree that OpenSSL's BN library could be better documented internally, but I don't think they should unoptimize it for clarity. People want transparent crypto, meaning they don't like experiencing 100-fold slowdowns when they add crypto to their application. BN optimization is critical in minimizing this slowdown (CRT, Montgomery reduction, sliding windows, Karatsuba, etc.).
Applied Crypto is certainly a quality, wide-ranging tome on crypto. For years though, there have been a couple very good books with more implementation details. The Handbook of Applied Crypto from Menezes, et al comes immediately to mind. Either of the two books by Neal Koblitz are excellent. I also like to recommend Decrypted Secrets from Bauer. The Handbook of Applied Crypto is available as a free download from the author's site:
> Jakb sdf aksvbmk aklsdfj alksjd SjkczLzeq adjskf sdkimz zoikjp ead!
Jakbs dfaks vbmka klsdf jalks jdSjk czLze qadjs kfsdk imzzo ikjpe adxxx
3.243F6A8885A308D313
A classic for cryptographers is Handbook of Applied Cryptography by Menzenes, Van Oorschot and Vanstone. Very accessible imho. You can even download it and read it completely before you buy it.
Has Slashdot considered adding a little about the credentials of book reviewers, especially on more technical topics?
I am not in any way passing judgement on "jpetts" here. He, or she, is quite articulate, but could be anywhere from an expert with years of experience to someone who's "read a book or two" and talks a very good game.
Generally I try to assess a writer by coherence and consistency when I don't know the subject material myself. But that only gets one so far - and I usually spot some discrepancies when I do know the subject material.
So the rough outlines of the writer's experience would add (or subtract, as the case may be) a little confidence in their accuracy.
Check out reviews of LOTS of cryptography books here -- most with an associated set of prerequisite book reading, math, and computer language skills.
I put the 'fun' in fundamentalism
It's fun reading!
I think it needs to be applied 13 times before the data is sufficiently encrypted.
Applying it 26 times has to be twice as good. Has to be!
With at least your sample key, it is very easy to brute force this, I only have to try slightly over 1 million keys.
There are two problems with this, first is the relatively small number of Irrational numbers that are likely to be used (unless there is a large and easy to mine font of these I am not aware of).
The source of security of most encryption systems is that the "random streams" created by the initial key are extraordinarially large.
Changing the starting point in 1 given or even a handful of given streams, leaves you open to a simple sliding window against a previously stored length of strings.
It would become every more problematic the bigger the number Z (yours example would be trivially easy).
With a LARGE z it would take your encryption program a long time to get there (Except for PI), and the decryptor would also have a long time to get to the starting position.
Most professional decryptors are going to have most of the stream prestored, unless z is REALLY BIG).
I suspect that you can use really large Z numbers with t = PI and it would take a long time to brute force your answer. (This would be from the algorithm that lets you calculate any given position of PI).
Yeah, it is easily breakable, in the sense that it is open to the same type of problems that beset one-time pads-- secure communication of the key.
The fact that there are many t's and z's to choose from doesn't change the fact that you still need a secure channel to transmit t and z from Alice to Bob. And if you have that secure channel, what's the point of the encryption? Why not just pass the plaintext over the secure channel?
I've read about 1/3 of the book, and based upon that feel the book is worth recommending. Aside from the good points I'll mention below, my biggest problem with the book is lack of depth. I've been doing applied cryptography for over 15 years now, so I'm probably not the typical reader (I'm not a cryptographer in the formal sense, but I design protocols and use cryptographic constructs on a regular basis).
The writing is clear and does a good job of presenting information, and doing that well for a dense subject like cryptography should not be underestimated. The book is strongly opinionated, and I think that is a strength since the authors try [and for the most part succeed] in explaining how those opinions were formed. The topics are fairly comprehensive, and the material seems to be well organized (from what I've read so far).
For the knowledgeable, it is a bit disappointing. I did not expect to learn tons of new stuff, but was still disappointed at the depth. In many ways, the book was only a half-notch deeper than reading Schneier's Cryptogram essays, where perhaps I was hoping for something more like his papers. The good use of footnotes and references helps offset things a little.
There were clearly areas where the authors were more interested in than others, often corresponding to previous work (CTR block-cipher mode, PRNG). Other areas were less inspired, for example in the MAC (message-authentication-code) chapter they offer the advice "Do not output any of the intermediate values." This sounds good at first glance, but it totally impractical except under special circumstances (if the MAC routine allows variable length messages, and almost all do, intermediate values can be calculated by simply feeding the parts of the message into the routine - thus this advice has no real world value).
Another nitpick, is that I would have liked to see the various "rules" and advice formulated into check lists. That would have made the book much more valuable for crypto system designers, be they novice or expert.
On the balance, I feel that the book is worthwhile to anyone interested in the subject of cryptography, or who has to use [or design, test] a system that has cryptography. It won't make you an expert (funny how some people still think reading a book could do this), but at least it raises an awareness of the types of problems that derail cryptographic systems designs. It is easy to read and informative.