Crypto

Click the banner for the site map of NoticeBored.com, the information security awareness service

Books on crypto

The Codebreakers: the Comprehensive History of Secret Writing from Ancient Times to the Internet by David Kahn (1996, ~US$48 from Amazon) is a classic historical reference. Its pages are filled with fascinating stories, and some great historical scholarship. However, it predates essentially all of modern cryptography (such as DES and asymmetric crypto) so it to shows its age. It’s a bit funny to read descriptions of the Soviet Union as if it still existed in his chapter on ‘current’ cryptography (in the fifties and sixties). You have to keep remembering that the crypto ‘devices’ aren't digital and the ‘networks’ use Telex. Additional chapters cover commercial and criminal codes, ciphers that people have imposed upon mysterious material (like something out of “The Da Vinci Code”), decipherment of dead (and interstellar) languages, and random aspects of cryptanalysis. These magazine-like articles fall outside the historical structure of the bulk of the book. Although Kahn states that he wanted to produce a complete history of cryptology (combining both cryptography and cryptanalysis) it is obvious that his heart is in cryptanalysis, although paradoxically his explanations of cryptanalytic techniques are rather weak and assume a lot of the reader, perhaps due to his over-familiarity with the subject. This book is fascinating for anyone with the remotest interest in cryptology . For those seriously working in the field it makes great reading material and is a salient reminder of some important points that often get lost in the technology - just don’t plan to use it to craft your PKI!

Cryptography Decrypted by H. X. Mel and Doris Baker (2001, ~US$32 from Amazon) successfully portrays most of the core concepts in cryptography without delving too deeply into the technical details and mathematics. It is readable and generally accurate within its scope. For non-specialists including security professionals who are not directly involved with cryptographic systems, it is a reasonable introduction. However, the lack of detail in the explanations of the theory is a weakness: it would have been more convincing with more background.

Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier (1996, ~US$31 from Amazon) is a technical textbook that predates Bruce’s more populist books such as Beyond Fear and Secrets and Lies. Schneier always has been a supreme communicator with a pragmatic outlook on security. Anyone studying cryptography can save a lot of time and effort with this book. From the simple Caesar cipher to RSA and beyond, nothing is left untouched. Protocols, techniques, algorithms, and even source code are included. Schneier notes that his is not a mathematical text (glancing at some of the chapters you might doubt this but don't worry: if you don't like math, skip those sections - the concepts are explained elsewhere). For those who need more rigorous treatments of specific topics, the bibliography lists almost two thousand references, all of which are duly described and cited within the text. The work is both encyclopedic and readable. Schneier has done marvelously well with what is normally a dead and dry topic. His examples are ludicrously absurd, and therefore lucid and memorable (even using Monty Python’s immortal phrase, “My hovercraft is full of eels” in one illustration!).

Cryptanalysis: A Study of Ciphers and Their Solution by Helen Fouche Gaines (originally published as ‘Elementary Cryptanalysis’ in 1939, this edition published in 1989, ~US$10 from Amazon), despite its age, is widely regarded as an excellent, readily understood explanation of the fundamental methods of cryptanalysis . Although naturally it does not address modern cryptography and algorithms, it is a valuable and interesting guide to some of the history of cryptography, general conceptual points and practical examples of the basic operations and principles of cryptanalysis. Cracking modern algorithms is complicated and mathematically intensive but uses the same ideas and approaches. If you want to have fun with the variations on cryptography through history, this is a terrific guide to both the ciphers and how to defeat them.

Between Silk and Cyanide: A Codemaker’s War, 1941-1945 by Leo Marks (1998, ~US$13 from Amazon) isn't really about crypto per se, although it does note the extensive (and possibly fatal) reliance on memorized running key ciphers during World War II. It's really about people. Those who already know about cryptography may find the book rather frustrating: there is just enough material to hint at the underlying crypto techniques, but at the point you think you are going to get down to details the text takes off on another tack or delivers a weak analogy. Read as a story about people and their reactions to new situations and technologies, the book is both entertaining and informing. And ultimately (as we know), security is all about people, anyway.

Cartoon Guide to Statistics by Larry Gonick and Woollcott Smith (1993, ~US$13 from Amazon) is an accessible, readable book on such a difficult subject. Despite the format, this is quite definitely an adult book; the material takes effort to comprehend, the cartoons just make the learning process a bit more fun.

Practical Cryptography by Bruce Schneier and Niels Ferguson (2003, ~US$32 from Amazon) points out that cryptography has done more harm than good in terms of securing information systems, not because of failures in the cryptography per se but, rather, due to the improper use or implementation of the technology. The knowledgeable authors provide concrete advice and significant guidance to those designing and implementing cryptographic systems who find themselves laboring on the guts of a cryptosystem.

Algebraic Aspects of Cryptography by Neal Koblitz (2001, ~US$129 from Amazon) covers a difficult and complex topic at the heart of cryptology, namely the underlying mathematical foundations that make it all work. The book does not address specific programs, standards, or even algorithms but deals with the number theory used to construct and test algorithms. This is no lightweight introduction; it is a textbook intended for advanced undergraduate or graduate work and requires a solid background in mathematics or engineering. For those seriously interested in cryptography, though, it is worth the effort.

Decrypted Secrets: Methods and Maxims of Cryptology by F. L. Bauer (2002 3rd edition, ~US$129 from Amazon) examines both cryptography and cryptanalysis, whereas most current and popular works on cryptology only speak about the former. If you need to decide how strong an encryption algorithm or system is, it is important to know how difficult it might be to break it. While the history and vignettes from the story of codes and the codebreakers are interesting, amusing, and accessible to anyone, you will need to brush up on your number theory if you want to use this book for anything serious.

Information Security: Principles and Practice by Mark Stamp (2006, ~US$68 from Amazon) aims to cover formal concepts relating to cryptography, access controls and software issues, and offer real-world advice. While incompletely addressing security, this book presents excellent material on the subjects it covers. Stamp's writing is clear and frequently amusing. The cryptography section is particularly good. The references are well chosen and a great many are available on the Web, furnishing a rich source of items for further study. It makes good points with regard to software security as well.

Other crypto resources

Wikipedia provides very accessible information about cryptography.

The ground breaking but ultra secret cryptanalysis work performed at Bletchley Park during WWII makes it an absolutely fascinating place to visit today. It’s more than just a museum with a number of working exhibits including a recreation of the bombes and Colossus computers used to crack wartime codes.

NIST has a special interest group on cryptography. Read about FIPS 140-2 products and more.

Books on crypto

Other crypto resources

Related NoticeBored links collections