Schneier - Applied cryptography: protocols, algorithms, and source code in C

from reviews of the first edition of

the definitive text on the subject.

Software Development Magazine

good reading for anyone interested in cryptography.

BYTE

This book should be on the shelf of any computer professional involved in the use or implementation of cryptography.

IEEE Software

dazzling fascinating. This book absolutely must be on your bookshelf

PC Techniques

comprehensive an encyclopedic work

The Cryptogram

a fantastic book on cryptography today. It belongs in the library of anyone interested in cryptography or anyone who deals with information security and cryptographic systems.

Computers & Security

An encyclopedic survey could well have been subtitled The Joy of Encrypting a useful addition to the library of any active or would-be security practitioner.

Cryptologia

encyclopedic readable well-informed picks up where Dorothy Dennings classic Cryptography and Data Security left off a dozen years ago. This book would be a bargain at twice the price.

;login:

This is a marvelous resourcethe best book on cryptography and its application available today.

Dorothy Denning
Georgetown University

Schneiers book is an indispensable reference and resource. I recommend it highly.

Martin Hellman
Stanford University

Applied Cryptography: Protocols, Algorithms and Source Code in C

Published by
John Wiley & Sons, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com

Copyright 1996 by Bruce Schneier. All rights reserved.

New foreword copyright 2015 by Bruce Schneier. All rights reserved.

Published by John Wiley & Sons, Inc.

Published simultaneously in Canada

ISBN: 978-1-119-09672-6

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make. Further, readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2015932956

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

I first wrote Applied Cryptography in 1993. Two years later, I wrote the greatly expanded second edition. At this vantage point of two decades later, it can be hard to remember how heady cryptographys promise was back then. These were the early days of the Internet. Most of my friends had e-mail, but that was because most of my friends were techies. Few of us used the World Wide Web. There was nothing yet called electronic commerce.

Cryptography was being used by the few who cared. We could encrypt our e-mail with PGP, but mostly we didnt. We could encrypt sensitive files, but mostly we didnt. I dont remember having the option of a usable full-disk encryption product, at least one that I would trust to be reliable.

What we did have were ideasresearch and engineering ideasand that was the point of Applied Cryptography. My goal in writing the book was to collect all the good ideas of academic cryptography under one cover and in a form that non-mathematicians could read and use.

What we also had, more important than ideas, was the unshakable belief that technology trumped politics. You can see it in John Perry Barlows 1996 Declaration of the Independence of Cyberspace, where he told governments, You have no moral right to rule us, nor do you possess any methods of enforcement that we have reason to fear. You can see it three years earlier in cypherpunk John Gilmores famous quote: The Net interprets censorship as damage and routes around it. You can see it in the pages of Applied Cryptography. The first paragraph of the Preface, which I wrote in 1993, says, There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. This book is about the latter.

This was the promise of cryptography. It was the promise behind everythingfrom file and e-mail encryption to digital signatures, digital certified mail, secure election protocols, and digital cash. The math would give us all power and security, because math trumps everything else. It would topple everything from government sovereignty to the music industrys attempts at stopping file sharing.

The natural law of cryptography is that its much easier to use than it is to break. To take a hand-waving example, think about basic encryption. Adding a single bit to a key, say from a 64-bit key to a 65-bit key, adds at most a small amount of work to encrypt and decrypt. But it doubles the amount of work to break. Or, more mathematically, encryption and decryption work grows linearly with key length, but cryptanalysis work grows exponentially. Its always easier for the communicators than the eavesdropper.