Applied Cryptography: Protocols, Algorithms, and Source Code in C

by Bruce Schneier

"…the best introduction to cryptography I've ever seen. … The book the National Security Agency wanted never to be published." –Wired Magazine

"…monumental… fascinating… comprehensive… the definitive work on cryptography for computer programmers…" –Dr. Dobb's Journal

"…easily ranks as one of the most authoritative in its field." —PC Magazine

"…the bible of code hackers." –The Millennium Whole Earth Catalog

This new edition of the cryptography classic provides you with a comprehensive survey of modern cryptography. The book details how programmers and electronic communications professionals can use cryptography—the technique of enciphering and deciphering messages-to maintain the privacy of computer data. It describes dozens of cryptography algorithms, gives practical advice on how to implement them into cryptographic software, and shows how they can be used to solve security problems. Covering the latest developments in practical cryptographic techniques, this new edition shows programmers who design computer applications, networks, and storage systems how they can build security into their software and systems.
What's new in the Second Edition?
* New information on the Clipper Chip, including ways to defeat the key escrow mechanism
* New encryption algorithms, including algorithms from the former Soviet Union and South Africa, and the RC4 stream cipher
* The latest protocols for digital signatures, authentication, secure elections, digital cash, and more
* More detailed information on key management and cryptographic implementations

Genres: Computer Science, Programming, Nonfiction, Technical, Technology, Reference, Science

784 pages, Hardcover

First published November 10, 1993

About the author

Bruce Schneier is a renowned security technologist, called a “security guru” by the Economist. He has written more than one dozen books, including the New York Times bestseller Data and Goliath (2014) and Click Here to Kill Everybody (2018). He teaches at the Harvard Kennedy School and lives in Cambridge, Massachusetts.

Reviews

[Pablo · Rating 1 out of 5]

I think this book might have been great, but today, it shouldn't be considered more than a historical document. Even though a 20-year anniversary version was released, it has no changes but a new introduction and in it, Bruce Schneier says:

"For those who want a more current book, I recommend Cryptography Engineering, which I wrote in 2010 with Niels Ferguson and Tadayoshi Kohno. But for a review of those heady times of the mid-1990s, and an introduction to what has become an essential technology of the Internet, Applied Cryptography still holds up surprisingly well."

[Koen Crolla · Rating 5 out of 5]

Getting hold of a copy of Applied Cryptography took some effort (maybe the crypto export controls it makes such a big deal about have something to do with it, but incompetence is more likely to blame), but it's everything I expected it to be: a rock-solid book about cryptography as she is practised, with enough theoretical background to be relevant and links to an endless amount more.

However, the first edition of this book came out in 1994, and this second edition in 1996, and that's a long time ago. How long? The URL the book lists for the NIST is a gopher address: gopher://csrc.ncsl.nist.gov. Large swathes of it just don't apply anymore, and only serve as historical curiosity—and there's not always an easy way to tell which those are.
Much of the book focuses on DES, which is now well and truly buried as far as anyone except Hiroyuki Nishimura is concerned, and the expanding Internet has created whole new areas of consideration, including routine password storage (slow hashes aren't mentioned at all; crypt(3) is, but its deliberate slowness isn't even remarked upon).

Presumably one of Schneier's later books (like Practical Cryptography, though that's over a decade old now too) would be a better choice for people interested in the current situation, but Applied Cryptography is still more than excellent for historical context or for people who are interested in any of the specific algorithms or protocols discussed.

[G · Rating 5 out of 5]

Essential to any developer. Will teach you the basics which have become the 80/20 for me to understand cryptography in general.

[Colin Jones · Rating 4 out of 5]

Lots of detail on algorithms that are now out of date, but the opening chapters on crypto protocols were terrific. By far the largest bibliography I recall seeing - over 1500 entries. I'd recommend Practical Cryptography (or its later edition, Cryptography Engineering) above this one, even though (and partially *because*) it lacks the level of implementation / algorithm detail here.

[Thomas Hansen · Rating 5 out of 5]

Great read! As this book is almost 25years old it is not up to date on the latest crypto algorithms, but how often can you read a technical book and check with wikipedia or google and look 25 years into the future?

[TΞΞL❍CK Mith!lesh · Rating 5 out of 5]

As security needs evolve, methodologies adapt. A primary example of this occurring can be found in the shift towards cyber warfare. Advanced protection measures are needed to secure online activity on a regular basis. This book dissects the coding skills that are revolutionized the field of encrypted communications. The text is highly relatable, especially for information security jobs.

[Brian Powell · Rating 4 out of 5]

A solid compendium of all things cryptography. Probably not a book to read cover-to-cover, this sprawling reference touches almost every corner of the subject. Schneier treats the theory behind, and the algorithmic implementations of, all the major cryptographic primitives (pre-AES, though); this is the meat and potatoes found in virtually all crypto texts. But Schneier also covers all the connective tissue -- the stuff you need in order to implement cryptographic solutions in the real world, things like key management and exchange, and a wide range of cryptographic protocols for authentication, establishing identity, and for the actual deployment of ciphers in real applications. Nothing is covered with exquisite depth (except for DES, which gets its own chapter), but the treatment is heavily-referenced and buoyed by Schneier's sharp commentary. This is a good resource for those seeing this material for the first time, or for those looking for references so they can dig deeper.

[Amy · Rating 2 out of 5]

Let's get real. I did not finish this book. While it may be a classic of cryptography, it is not written for the layperson at all. I stuck with it for as long as I could and did learn some things at the start, but it quickly moved beyond my level of comprehension. Still, I'm glad to know why every explanation of cryptography talks about Alice, Bob, and Eve!

[Jeff Yoak · Rating 5 out of 5]

This is a classic, foundational book in cryptography. It helped me along quite a bit early in my career.

[Alexander · Rating 4 out of 5]

I read the 20th anniversary edition. As the preface admits, the book is dated; it does cover some of the algorithms that are still in use today (RSA, Diffie-Hellman, SHA-1, MD5, Kerberos), but it also describes a ton of stuff that has no practical meaning anymore. If you're looking for cryptography as it is applied today, look elsewhere. (The preface suggests Cryptography Engineering by Schneier, Ferguson, and Kohno; I haven't read it yet.)

However, this book is more than an algorithms list, and that's what keeps it relevant. You see, there are a lot of stuff around cryptography, and it turns out to be just as important as the algorithms you pick! The fact that you're using an industry-standard RSA doesn't mean you're safe; it means your security hinges on the security of the key. How do you generate it? How do you store it? How do you transmit it? (Should you even?) How do you rotate it? How do you destroy it? It's not enough to be a skillful builder who picks good building blocks; you also got to be an architect and ensure that the structure won't fall over in a light breeze.

Schneier also lists a lot of broken algorithms. At first, I thought it's a waste of space, but the purpose gradually became clear: he demonstrates why people shouldn't roll their own crypto. He quips that anyone can design a cipher they themselves cannot break, but also provides abundant evidence that most of the stuff that can be imagined can also be broken. From this day on, I'd have a paranoia fit every time I have to combine cryptography-related functions together; you just never know, even if you're a PhD and know everything there is to know.

Finally, and somewhat predictably, the book is still good at explaining basics. As noted above, you shouldn't use them to construct anything yourself, but it at least enables you to satisfy your curiosity and make sense of Wikipedia articles.

I'm not a cryptographer, nor an infosec specialist, so I'm not in a position to give recommendations. But I got some new insights from reading this book, and I certainly got a "map" of cryptography as a field, so there's that.

[Marija · Rating 1 out of 5]

This part is stollen from the book If tomorrow comes by Sidney Sheldon:
"Here's how Alice, who doesn't even know the rules to chess, can defeat a grandmaster. (This is sometimes called the Chess Grandmaster Problem.) She challenges both Gary Kasparov and Anatoly Karpov to a game, at the same time and place, but in separate rooms. She plays white against Kasparov and black against Karpov. Neither grandmaster knows about the other. Karpov, as white, makes his first move. Alice records the move and walks into the room with Kasparov. Playing white, she makes the same move against Kasparov. Kasparov makes his first move as black. Alice records the move, walks into the room with Karpov, and makes the same move. This continues, until she wins one game and loses the other, or both games end in a draw."

[Peter House · Rating 4 out of 5]

Applied Cryptography is a lengthy and in depth survey of its namesake. Detail oriented with bits of temporal or political observations, Bruce Schnier’s book takes the reader through weak and strong crypto protocols and algorithms. This book also brings a fair amount of history along with it. The history, for example, of DES is fascinating in its own right. What was NSA doing? What were their intentions? Was it a happy coincidence of missed expectations? By its very secretive nature, the reader is left to make their own conclusions based on a limited set of facts.

This kind of book will, more than likely, appeal to a very specific crowd. But if you like mathematics, computer science, and secrets, then this is for you (if you haven’t read it already). Enjoy!

[Nelson Minar · Rating 5 out of 5]

What a wonderful book! I studied some crypto in college (public key and zero knowledge proofs) and found the field almost incomprehensible: lots of very specific number theories, very little overview information. Applied Cryptography fills this vital gap very successfully, going from completely introductory information to some fairly specific details on particular systems. The 2000 or so references in the back are great when you need to follow up on particular details. It's good this book was published when it was, right at the time that the US government is trying to censor net traffic and stop people from using strong cryptosystems.

[James · Rating 5 out of 5]

This book bring back fond memories, from several hops ago.

When the dinosaurs roamed the earth, an invitation was given out to all employees, for a class on cryptography with FREE pizza during lunch break. Who can resist free food.

The content didn't make a whole lot of sense at the time, skimmed thru the book on all the buzzwords. but it sure does now. Very dense reading. since SSL/TLS is in everything! It helps to understand the underlying principles.

[Monzenn · Rating 5 out of 5]

Both informative and witty. Despite being thirty years old, the book still thoroughly discusses a lot of the seminal cryptographic methods, alongside their actual implementations (the "applied" part). The best part is that for a (great) textbook, the author's voice was prominent without being distracting.

[Pendulum Swings · Rating 5 out of 5]

Schneider predicted so much about the advanced methods of cryptography that would be used in modern network servers that one could easily believe the man was a master of (11) DIVINATION.
Not only that, it gave me new ideas about how one might hide messages (3) AND information in the source code of another person's website. Will have to consider using that in the future.

[Warren Mcpherson · Rating 3 out of 5]

An extensive review of cryptographic protocols, techniques, algorithms, and implementations. The book makes a good reference for specific technologies. It gives you a sense of the number of ideas that have been tried and how careful one needs to be to make effective use of cryptography.

[Ben · Rating 5 out of 5]

Secrets Secrets Secrets

This was a spectacular book on cryptography.

I can see why this book was tried to be prevented to be published - it outlines a lot.

Would highly recommend this for anyone into cybersecurity or crypto.

4.8/5

[James Temple · Rating 5 out of 5]

Excellent insight into practical applications of cryptography - particularly for computer programming, but not exclusively

[Madhu · Rating 5 out of 5]

It's woonder full book on who wants to learn about cryptography

[Martin Stoller · Rating 5 out of 5]

THE book on applied cryptography. Period.

[Michal Zima · Rating 5 out of 5]

Great overview of cryptography till the mid of 90s

[Eddy Vermeulen · Rating 4 out of 5]

A bit on the heavy side for amateurs like me but it gives a very thorough in-depth understanding of cryptography.

[REGIS DESMEULES · Rating 3 out of 5]

deep technical content for understand cyber

[Maurizio Codogno · Rating 5 out of 5]

621 pagine di libro (listati esclusi, che tanto non è che vengano letti), ben densi. Non è certo una lettura di quelle da farsi prima di andare a dormire, a meno che non si soffra di insonnia forte e si cerchi qualcosa di veramente efficace.
Però il libro merita di essere letto da cima a fondo, e non solo usato come testo di riferimento: perché oltre ad avere una panoramica di tutti i metodi noti di crittografia e dei problemi relativi si ha anche una trattazione delle debolezze dei vari metodi, e in genere una storia non romanzata ma pratica della lotta tra chi vuole nascondere le cose e chi cerca di scoprirle.
Inutile spiegare chi è Schneier: uno tra gli esperti principali - e più taglienti - nel campo della crittografia. Se insomma avete un interesse non solo teorico per la materia, questo libro è il migliore investimento che potete fare.

[Zeeshan · Rating 5 out of 5]

This is the mother of all cryptographic books ever published, explaining each & every encryption algorithm EVER designed on this planet. Its an exhaustive list of algorithms, explaining each in detail, with their strengths and weaknesses, in a practical manner. The book is highly mathematical, and security people who deal only with codes and networks might have difficulties in the esoteric level of maths involved. All in All, Applied Cryptography is a great book, a must have on every security/network specialist who's got to deal with encryption.

[Sean · Rating 5 out of 5]

For its time, it was amazing, not just for the subject matter but the clarity of its explanation. For me, it helped me understand a lot of the mathematical background and the pitfalls. I think he was already beginning to focus on the security implications of protocols over cryptographic implementation and the combination of the two subjects is powerful. Yes, a lot is dated, but the same mistakes keep being made. Learn from it and then find a more current text for implementations.

[Cameron · Rating 4 out of 5]

This is an excellent book on all the mainstream and not so mainstream encryption algorithms(as of several years ago). It does not include the new AES, or recent issues with md5, but Schneier has given some recommendations/predictions in this book that are in line with recent news.

I would have given this 5 start, but it is several years old, and needs to be updated.

[Rakesh · Rating 4 out of 5]

I instantly had bought this one after I heard a lot from Internet sources about Bruce and his work. I have only skimmed through the book; looks good as an introductory text. Bruce Schneier is well known for his contributions in the field of cryptography and computer security; his ideas and writings have ignited many minds. I hope this one does good too. :)

[Gil · Rating 4 out of 5]

If you need to write encryption applications, or, want to understand how encryption works, see the math, algorithms, source code so you can analyze in your favourite debugger, then this book is for you. Schneier is a master of Cryptography and doesn't disappoint.
However, be aware that a certain level of understanding is required to navigate through the content.
Happy computing!