Applied Cryptography: Protocols, Algorithms, and Source Code in C (Anglais) Broché – 16 novembre 1995
|Neuf à partir de||Occasion à partir de|
Les clients ayant acheté cet article ont également acheté
Descriptions du produit
Revue de presse
Présentation de l'éditeur
". . .monumental . . . fascinating . . . comprehensive . . . the definitive work on cryptography for computer programmers . . ." –Dr. Dobb′s Journal
". . .easily ranks as one of the most authoritative in its field." –PC Magazine
". . .the bible of code hackers." –The Millennium Whole Earth Catalog
This new edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography–the technique of enciphering and deciphering messages–to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems.
What′s new in the Second Edition?
∗ New information on the Clipper Chip, including ways to defeat the key escrow mechanism
∗ New encryption algorithms, including algorithms from the former Soviet Union and South Africa, and the RC4 stream cipher
∗ The latest protocols for digital signatures, authentication, secure elections, digital cash, and more
∗ More detailed information on key management and cryptographic implementations
Aucun appareil Kindle n'est requis. Téléchargez l'une des applis Kindle gratuites et commencez à lire les livres Kindle sur votre smartphone, tablette ou ordinateur.
Pour obtenir l'appli gratuite, saisissez votre adresse e-mail ou numéro de téléphone mobile.
Détails sur le produit
En savoir plus sur l'auteur
Dans ce livre(En savoir plus)
Quels sont les autres articles que les clients achètent après avoir regardé cet article?
Commentaires en ligne
Meilleurs commentaires des clients
Pour leur utilisation, je vous recommande le livre "Cryptography Engineering" de Niels Ferguson et al...
Commentaires client les plus utiles sur Amazon.com (beta)
A caveat: this is not a textbook of cryptography in the sense that it teaches everything necessary to understand the mathematical basis of the science. Schneier does not discuss number theory because he expects those who use the relevant chapters of the book will already have training in higher maths. Nonetheless, the book does contain a wealth of information even for the layman.
One helpful part of Schneier's book is his opinion of which encryption algorithms are already broken by the National Security Agency, thus letting the reader know which encryption programs to avoid. There will always be people who encrypt to 40-bit DES even though it is flimsy and nearly instantly breakable, but the readers of APPLIED CRYPTOGRAPHY can greatly improve the confidentiality of their messages and data with this book. Discussion of public-key web-of-trust is essential reading for anyone confused by how public-key signatures work.
APPLIED CRYPTOGRAPHY was published in 1995 and some parts are already out of date. It is ironic that he hardly mentions PGP, when PGP went on to become the most renowned military-strength encryption program available to the public, although it is being superseded by GnuPG. Another anachronism is Schneier's assurance that quantum computing is decades away. In the years since publication of APPLIED CRYPTOGRAPHY we have seen some strides in quantum computer, even the creation of a quantum computer that can factor the number 15. While this publicly known quantum computer is not at all anything to get excited about, it is certain that more powerful quantum computers are in development and classified by NSA. Because a quantum computer can break virtually any traditional cipher, hiding the message (steganography) is becoming more important than ever. In the era of Schneier's book steganography was unnecessary because ciphertext could withstand brute-force attacks, but with advances in computing power steganography is becoming vital to secure communications. It would be nice to see the book updated with this topic, because cryptography and steganography can no longer be regarded as two distinct fields.
All in all, in spite of its age, APPLIED CRYPTOGRAPHY is recommended to anyone interested in cryptography. It ranks among the essential books on the field, although an updated version is certainly hoped for.
*Applied Cryptography*; if any of them have but one text on crypto
for reference, it will almost certainly be *Applied Cryptography*.
It is the de facto standard reference on modern cryptography as
well as serving as an excellent introduction to the subject.
The art is very old - Julius Caesar was the first recorded user of
cryptography for military purposes - and reached a watershed when
computers were put to work in order to break German and Japanese
ciphers. Indeed, that was the first *real* application of electronic
computers. A natural development was the use of computers for the
development of cryptographic systems.
That is where Bruce Schneier's remarkable book begins. It is notable
for two reasons: the breadth and depth of coverage, and the high
standard of technical communication.
As a reference its scope is encyclopaedic, providing descriptions
and assessments of just about every non-military crypto system
developed since computers were first applied to the purpose. There
are also military-cum-government algorithms amongst the collection,
some from the old Soviet Union and others from South Africa. It is
not just an A-Z procession of algorithms; the author progresses
in a logical manner through the many technical aspects of cryptography.
It is common to find that masters of mysterious technical arts are
poor communicators. Bruce Schneier demonstrates exceptional skill
as a technical communicator. Here is a book about an esoteric
subject - one built on a foundation of theoretical mathematics - that
ordinary folk can read. Sure, one needs to be motivated by an interest
in the subject, and the technical level sometimes requires a more than
ordinary background in number theory and the like - but a degree in
theoretical mathematics is not necessary to derive pleasure and profit
from reading *Applied Cryptography*.
A thirty-page chapter provides a brief, but lucid account of the
necessary mathematical background, spanning information theory,
complexity theory, number theory, factoring, prime number generation,
and modular arithmetic. Even if one needs no other information than
a useful description of modular arithmetic the book is worth looking
at; I can't think of any better source outside full-blown mathematical
texts, and the author does it without being obscure.
The book is divided into parts, beginning with protocols (the
introductory chapter is an excellent overview of crypto as it
is presently applied) from the basic kind through to the esoteric
that find application in digital cash transactions. Public key
encryption, the second - and most significant - watershed in cryptography, is introduced with an explanation of how it is used
in hybrid systems.
Part II deals with cryptographic techniques and discusses the
important issues of key length, key management, and algorithm
types. The strength of a crypto system relies very heavily on the
length of the key, the way in which it is generated, and key
management. A chapter is devoted to the practical aspects of using
algorithms (which one, public-key as against symmetric crypto,
hardware versus software) for various purposes (such as
communications and data storage).
Part III is about particular algorithms, providing for each one
a background of its development, a description, its security, and
how it is likely to stand up to attack. The algorithms are divided
into classes: block (some twenty-one are described);
pseudo-random-sequence generators and stream ciphers (PKZIP is a
stream cipher); real random-sequence generators; one-way hash
functions; public-key; public-key digital signature; identification
schemes; key-exchange algorithms; and other special algorithms.
Many specific algorithms are described with information about
Part IV is entitled, The Real World; in the words of the author,
"It's one thing to design protocols and algorithms, but another
thing to field them in operational systems. In theory, theory
and practice are the same; in practice they are different".
A chapter discusses a number of implementations, including IBM
Secret-Key Management Protocol, Mitrenet (an early public-key
system), ISDN Packet Data Security Overlay, STU-III, Kerberos,
KryptoKnight, Sesame, PEM, PGP, MSP, smart cards, universal
electronic payment system, and Clipper.
Another chapter discusses politics and puts the problems of US
export restrictions into context and deals with patents. It also
has information about bodies with an interest in public access to
cryptography and standards, and legal issues.
An afterword by Matt Blaze should be required reading by everyone
who thinks a good cryptosystem is all that one needs for security;
the human factor can undo the strongest system.
A final part contains C source code for DES, LOKI91, IDEA, GOST,
Blowfish, 3-Way, RC5, A5, and SEAL. North American readers can
obtain a 3-disk set containing code for some forty-one algorithms,
four complete systems, source code for some other utilities,
text files, errata, and notes on new protocols and algorithms.
Who, apart from crypto professionals and aficionados, is likely
to find *Applied Cryptography* of interest? Anyone with an
intelligent interest in the art, and who wants something more
substantial than a quasi adventure account of modern crypto;
anyone with a responsibility for protecting data and/or
communications; network administrators; builders of firewalls;
students and teachers of computer science; programmers; and
anyone with a serious interest in theoretical mathematics - I'm
sure the list could be expanded considerably.
Apart from a book to be read, it is the most complete and up-to-date
resource and reference presently available. The list of references
(1653 of them) is a resource in its own right. An essential
acquisition for libraries.
The book, of necessity, contains highly technical material, but it
can be read. The publishers, Wiley's, are to be congratulated.
Reviewed by Major Keary firstname.lastname@example.org
DISCLAIMER: The opinions expressed are my own. I have no interest,
financial or otherwise, in the success or failure of this book,
and - apart from a review copy - I have received no compensation
from anyone who has.
The vast array of topics covered by the book is truly astounding in is depth and breadth. There is hardly a single cryptological concept, either minor or major, that the book does not cover. It is not possible to detail everything Applied Cryptography covers. But a few of the topics are: Foundations of cryptography, Protocols, Protocol Building Blocks, Key Lengths, key exchange, key management, Algorithms, the mathematical of cryptography, DES, RSA, One-Way Hash Functions, Symmetric vs. Public-Key cryptography, Public-Key Digital Signature Algorithms, Substitution Ciphers and Transposition Ciphers, Digital Signatures, Random and Pseudo-Random Sequence Generation, PGP, Authentication, Advanced security Protocols, Cryptographic Techniques, Identification Schemes, the politics of cryptography and much (much!) more.
Applied Cryptography also includes the source code for DES, IDEA, BLOWFISH, RC5 and other algorithms. It even covers encryption algorithms from the former Soviet Union, including GOST.
The magnificence of Applied Cryptography is that Schneier is able to take very complex, abstract ideas and express them in an extremely comprehensible manner. Applied Cryptography therefore lacks the dryness that plagues a lot of textbooks. Schneier is able to take both theoretical and academic ideas, and mold them into practical real-world intelligible book. All in all, Applied Cryptography makes for some very enjoyable and occasionally humorous reading.
One thing I really liked about Applied Cryptography is its index. Rather than using the traditional cumbersome citations such as RIV92b or GOL88 that often take a while to locate, Schneier simply uses numbers. In light that he references over 1600 sources, it makes looking up the sources an incredible time saver. What is extremely impressive about Applied Cryptography is that Schneier quotes from every imaginable source. From general security periodicals, scholarly academic journals, conference proceedings, government publications and official standards, Schneier has been there.
Schneier writes at length about whether a crypto customer should choose an algorithm for that is publicly published algorithm (i.e., DES, RSA, Blowfish) or to use a proprietary algorithm that belongs to a specific manufacturer. With a proprietary algorithm, Schneier writes that it is impossible to determine how truly secure the algorithm is, given that the owners do not generally make their code available for open inspection. There is even the possibility that the manufacturer (or government, if under federal contract) has put in a back door into the algorithm. Schneier states that: "Putting your trust in a single manufacturer, consultant, or government is asking for trouble. The NSA has some of the world's best cryptographers working for it, but it is hard to know if they're telling you all you know."
This idea then segues into the (in)famous Clipper chip and concept of key escrow. As a world class cryptographer, Schneier has major issues with the concept of Clipper, calling it "Orwellian" Schneier feels that encryption is too important to be left to the government and Clipper advances the power of the government over the right of the people.
In conclusion, Applied Cryptography is a must have book for anyone involved with encryption and security.
Because this is essentially an introductory text, generality is the name of the game. Pretty much everything is covered, but to a low, or medium at best, degree of depth. (Only DES is covered thoroughly.) However, the reference list in the back is huge, and you can use it to easily track down any more detailed information that you're after.