Applied Cryptography: Protocols, Algorithms, and Source Code in C

I read the twentieth anniversary edition. As the foreword admits, the book is dated ; it does cover some of the algorithm that are hush in function today ( RSA, Diffie-Hellman, SHA-1, MD5, Kerberos ), but it besides describes a long ton of stuff that has no virtual entail anymore. If you ‘re looking for cryptanalysis as it is applied today, look elsewhere. ( The foreword suggests Cryptography Engineering by Schneier, Ferguson, and Kohno ; I have n’t read it however. )

however, this book is more than an algorithm tilt, and

I read the twentieth anniversary version. As the precede admits, the book is dated ; it does cover some of the algorithm that are however in use today ( RSA, Diffie-Hellman, SHA-1, MD5, Kerberos ), but it besides describes a short ton of farce that has no practical meaning anymore. If you ‘re looking for cryptanalysis as it is applied today, look elsewhere. ( The precede suggests Cryptography Engineering by Schneier, Ferguson, and Kohno ; I have n’t read it however. )

however, this reserve is more than an algorithm tilt, and that ‘s what keeps it relevant. You see, there are a draw of gorge around cryptanalysis, and it turns out to be just arsenic important as the algorithm you pick ! The fact that you ‘re using an industry-standard RSA does n’t mean you ‘re safe ; it means your security hinges on the security of the keystone. How do you generate it ? How do you store it ? How do you transmit it ? ( Should you flush ? ) How do you rotate it ? How do you destroy it ? It ‘s not enough to be a adept builder who picks full building blocks ; you besides got to be an architect and ensure that the structure wo n’t fall over in a alight breeze.

Schneier besides lists a distribute of interrupt algorithm. At first, I thought it ‘s a pine away of quad, but the aim gradually became clear : he demonstrates why people should n’t roll their own crypto. He quips that anyone can design a code they themselves can not break, but besides provides abundant evidence that most of the gorge that can be imagined can besides be broken. From this day on, I ‘d have a paranoia fit every clock time I have to combine cryptography-related functions together ; you good never know, even if you ‘re a PhD and know everything there is to know.

Finally, and slightly predictably, the book is inactive good at explaining basics. As note above, you should n’t use them to construct anything yourself, but it at least enables you to satisfy your curiosity and make common sense of Wikipedia articles.

I ‘m not a cryptanalyst, nor an infosec specialist, so I ‘m not in a situation to give recommendations. But I got some newly insights from reading this reserve, and I surely got a “ map ” of cryptography as a field, so there ‘s that.

…more

Leave a Reply

Your email address will not be published.