HN Books @HNBooksMonth

The best books of Hacker News.

Hacker News Comments on
Applied Cryptography: Protocols, Algorithms, and Source Code in C

Bruce Schneier · 6 HN comments
HN Books has aggregated all Hacker News stories and comments that mention "Applied Cryptography: Protocols, Algorithms, and Source Code in C" by Bruce Schneier.
View on Amazon [↗]
HN Books may receive an affiliate commission when you make purchases on sites after clicking through links on this page.
Amazon Summary
". . .the best introduction to cryptography I've ever seen. . . .The book the National Security Agency wanted never to be published. . . ." -Wired Magazine ". . .monumental . . . fascinating . . . comprehensive . . . the definitive work on cryptography for computer programmers . . ." -Dr. Dobb's Journal ". . .easily ranks as one of the most authoritative in its field." -PC Magazine ". . .the bible of code hackers." -The Millennium Whole Earth Catalog This new edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography-the technique of enciphering and deciphering messages-to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems. What's new in the Second Edition? * New information on the Clipper Chip, including ways to defeat the key escrow mechanism * New encryption algorithms, including algorithms from the former Soviet Union and South Africa, and the RC4 stream cipher * The latest protocols for digital signatures, authentication, secure elections, digital cash, and more * More detailed information on key management and cryptographic implementations
HN Books Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this book.
I'm halfway though this book, and I'm pretty pleased. http://www.amazon.com/Applied-Cryptography-Protocols-Algorit...
When I worked with people who wrote hardware crypto for a living, the book they recommended was Brush Schneier's Applied Cryptography [1]. It's __excellent__. It's the best technical book I've ever read. It's more readable than the Perl cookbook.

The first third (half?) of the book is devoted to explaining (not with code) the various complex interactions between parties who need to trust one another -- lots of stuff on key exchange, and then only later on the different types of ciphers (block vs stream ciphers). The examples are clear and well-written, and VERY memorable. Bruce explains very well what the pitfalls are in each scenario, and all the ways in which malicious attackers can try to break your trust.

The second half of the book is implementation of most of the algorithms in C.

Other books may cover the topic be better, but I haven't read them. (Sorry.) I like that Applied Cryptography gives a good noob-friendly introduction, and builds from there, yet also has depth and source code.

1: http://www.amazon.com/Applied-Cryptography-Protocols-Algorit...

What - you mean like the Diety of Cryptography (Bruce Schneier) figured out how to do 10+ years ago ? http://www.amazon.com/gp/product/0471117099?ie=UTF8&tag=...
smanek
Where does applied crypto talk about anonymous currency?

I read Cryptography Engineering (its successor) last year, and don't think I remember anything about that ...

I'm sure it discusses standard public key crypto, but it's a huge leap to go from that to a truly anonymous digital currency. Even with blind signatures it's really hard to prevent the 'bank' from maintaining an audit trail. My understanding is that even Bitcoin maintains an auditable transaction trail, so it's still not as good as cash.

PS: s/diety/deity/

PPS: I'd consider it bad form to use an affiliate amazon link there

DanBC
(http://www.schneier.com/book-applied-toc.html#chap6)

    Chapter 6: Esoteric Protocols 
    * SECURE ELECTIONS
    * Secure Multiparty Computation
    * Anonymous Message Broadcast
    * DIGITAL CASH
The following are books from my student days. These are sources from which I happened to learn the "everything in an hour, but longer to absorb" subject matter. I'd recommend Applied Cryptography as excellent, the other is just good.

Algorithms: Introduction to Algorithms (Cormen, Leiserson, & Rivest) http://amzn.com/0262033844

Security: Applied Cryptography (Schneier) http://amzn.com/0471117099

I cannot find my automata book just now. It's down in the garage, and I want to stay inside where it is warm now. As for concurrency, I got part of that from the Tannenbaum OS book:

http://amzn.com/0131429388

But the rest, I actually got from a coworker on the job! We did cover databases and ACID transactions in school, but that wasn't taught very well and I didn't really get it until I was doing real work.

Do some assembly language. It will give you a key advantage over everyone who is too scared to touch it.

Write a compiler and/or interpreter. This can actually be pretty small, and it will also give you an advantage over those too scared of something so seemingly "esoteric."

tom_b
Shining my tptacek light re: Applied Cryptography

http://news.ycombinator.com/item?id=639786

Thomas recommends Practical Cryptography instead.

stcredzero
I actually read Applied Cryptography when it first came out. My experience is that it convinced me that crypto is hard to do right not that it's easy.

"Practical" will be my next technical read.

tptacek
It came out in, like, 1995 didn't it? I remember that because all my IRC friends immediately got to work on crazy crypto tools with algorithms and ideas cadged from that book. It definitely didn't teach them that crypto was hard.
stcredzero
It came out in, like, 1995 didn't it?

That would be about right.

I remember that because all my IRC friends immediately got to work on crazy crypto tools with algorithms and ideas cadged from that book. It definitely didn't teach them that crypto was hard.

It's one thing to do some fun project. It's another thing to do something for production. It's yet another thing to read such a book and realize it means there's people who know a lot more about this than you. At the same time, it is a fun read for a techie.

Here's the long answer to the question: what could anyone learn from rearranging the digits of an integer?

First off, it's helpful to know that the integers (denoted {Z}) are the canonical example of what's called ring structure, which basically means + and * work normally, but you aren't guaranteed clean division. Since they're simple, mathematicians sometimes use {Z} as a stand-in for more persnickety structures in the same way they use n-dimensional Euclidean space as a proxy for thinking about infinite-dimensional vector spaces. Articles like this one usually get written when an algebraist or number theorist publishes an epic proof, and the only way to make it comprehensible to a lay audience is to project it down into toy examples in a simple space. That's kind of a "trust me" answer by itself, of course. So without further ado, the math:

There are two notable things about rings. You can make polynomials with + and * in them, and division generally leaves you with remainders. Remainders are okay, though, because they let you define new rings. {Z mod 12 Z}, for example, is shorthand for "integers mod 12," or more formally, "map the integers to a new space where all the multiples of 12 get sent to zero," so {1, 2, ..., 11 } act normal, 12 is actually zero, 13=12+1=0+1=1 and so on.

It turns out that this is all you need to represent numbers in place-value notation. A number N in base r has a representation of n digits:

N = (A_n)(r^n) + ... + (A_2)(r^2) + (A_1)r + A_0

which is just a polynomial whose coefficients are members of the ring {Z mod r*Z}. If you map that back to the integers, plug in the actual value of r, and crunch the numbers, you get your original value of N back.

So, "rearranging the digits of an integer" is actually "permuting the coefficients of polynomials with coefficients mod r."

Now, suppose you have an email message that's 12000 characters long. You can think of that message as the polynomial representation, modulo 256, of a really big number. Mapping that number into different modular spaces, or permuting the coefficients of its various representations so that you can get it back later ("encrypting the message") forms the basis of the field of cryptography, which in turn is closely related to information theory and the theory of ergodic processes, etc, etc, etc.

For more details, you might start with:

http://www.amazon.com/Applied-Cryptography-Protocols-Algorit...

http://www.inference.phy.cam.ac.uk/mackay/itila/book.html

HN Books is an independent project and is not operated by Y Combinator or Amazon.com.
~ yaj@
;laksdfhjdhksalkfj more things
yahnd.com ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.