For Those who will miss the lectures!
Applied Cryptography
Book View : http://www.schneier.com/book-applied-toc.html
Applied Cryptography
Second Edition
By Bruce Schneier
PREFACE
There are two kinds of cryptography in this world: cryptography that
will stop your kid sister from reading your files, and cryptography
that will stop major governments from reading your files. This book is
about the latter.
If I take a letter, lock it in a safe, hide the safe somewhere in New
York, and then tell you to read the letter, that's not security.
That's obscurity. On the other hand, if I take a letter and lock it in
a safe, and then give you the safe along with the design
specifications of the safe and a hundred identical safes with their
combinations so that you and the world's best safecrackers can study
the locking mechanism--and you still can't open the safe and read the
letter, that's security.
For many years, this sort of cryptography was the exclusive domain of
the military. The United States' National Security Agency (NSA), and
their counterparts in the former Soviet Union, England, France,
Israel, and elsewhere, have spent billions of dollars in the very
serious game of securing their own communications while trying to
break everyone else's. Private individuals, with far less expertise
and budget, have been powerless to protect their own privacy against
these governments.
During the last 20 years, public academic research in cryptography has
exploded. While classical cryptography has been long used by ordinary
citizens, since World War II computer cryptography was the exclusive
domain of the world's militaries. Today, state-of-the-art computer
cryptography is practiced outside the secured walls of the military
agencies. The layperson can now employ security practices that can
protect against the most powerful of adversaries--security that may
protect against military agencies for years to come.
Do average people really need this kind of security? Yes. They may be
planning a political campaign, discussing taxes, or having an illicit
affair. They may be designing a new product, discussing a marketing
strategy, or planning a hostile business takeover. Or they may be
living in a country that does not respect the rights of privacy of its
citizens. They may be doing something that they feel shouldn't be
illegal, but is. For whatever reason, the data and communications are
personal, private, and no one else's business.
This book is being published in a tumultuous time. In 1994, the
Clinton administration approved the Escrowed Encryption Standard
(including the Clipper chip) and signed the Digital Telephony bill
into law. Both of these initiatives try to ensure the government's
ability to conduct electronic surveillance.
Some dangerously Orwellian assumptions are at work here: that the
government has right to listen to private communications, and that
there is something wrong with a private citizen trying to keep a
secret from the government. Law enforcement has always been able to
conduct court authorized surveillance if possible, but this is the
first time that the people have been forced to take active measures to
make themselves available for surveillance. These initiatives are not
simply government proposals in some obscure area; they are preemptive
and unilateral attempts to usurp powers that previously belonged to
the people.
Clipper and Digital Telephony do not protect privacy; they force
individuals to unconditionally trust that the government will respect
their privacy. The same law enforcement authorities who illegally
tapped Martin Luther King Jr.'s phones can easily tap a phone
protected with Clipper. In the recent past, local police authorities
have either been charged criminally or sued civilly in numerous
jurisdictions--Maryland, Connecticut, Vermont, Georgia, Missouri, and
Nevada--for conducting illegal wiretaps. It's a poor idea to deploy a
technology that could some day facilitate a police state.
The lesson here is that it is insufficient to protect ourselves with
laws; we need to protect ourselves with mathematics. Encryption is too
important to be left solely to governments. This book gives you the
tools you need to protect your own privacy; cryptography products may
be declared illegal, but the information will never be.
How to Read This Book
I wrote Applied Cryptography to be a both a lively introduction to the
field of cryptography and a comprehensive reference work. I have tried
to keep the text readable without sacrificing accuracy. This book is
not intended to be a mathematical text. Although I have not
deliberately given any false information, I do play fast and loose
with theory. For those interested in formalism, there are copious
references to the academic literature.
Chapter 1 introduces cryptography, defines many terms, and briefly
discusses precomputer cryptography.
Chapters 2 through 6 (Part I) describe cryptographic protocols: what
people can do with cryptography.