 |
 |
Applied Cryptography: Protocols, Algorithms, and Source Code in C
Schneier, Bruce. 1995, 2nd edition. 784 pages.
Categories: Programming, Reference |
Applied Cryptography is the must have tome for all would-be cryptographers.
It's an encyclopedia (758 pages) of algorithms, techniques, politics, and source code.
One could write code simply from the explanations of the algorithms, however
it is fairly non-techy and good humored. While intended to be a reference book,
it is enjoyable when read straight through. It is, of course, showing its age.
|
|
|
 |
|
Art of Computer Programming Volume 2, The: Seminumerical Algorithms
Knuth, Donald E. 1998, 3rd edition. 762 pages.
Categories: Mathematics, Programming, Reference |
Having been called the "father of algorithms", Knuth is well respected for formalizing much of computer science. The Art of Programming Volume 2 explores topics relevant to cryptography, such as randomness (193 pages!), modular arithmetic, the Chinese remainder theorem, the extended Euclidian algorithm, factoring, prime numbers, and much more.
The book is becoming dated, in that there have been many advances in the mathematical/algorithmic topic areas covered in this book, and most books don’t write their source code examples in assembly language these days. However, it is still a phenomenal work.
|
|
|
 |
|
Code Breakers, The: The Comprehensive History of Secret Communication from Ancient Times to the Internet
Kahn, David. 1996, Revised edition. 1181 pages.
Categories: History, Reference, Top Picks |
The Code Breakers is the Bible of historical cryptography (1900 BC to 1965 AD), weighing in at 1181
pages. While the revised edition briefly covers more recent encryption (two key systems, etc) it's
sort of an unnecessary tag on to this great work. I recommend this book for people already
interested in cryptography. No technical background is required.
|
|
|
 |
|
Cryptography Decrypted
Mel, H. X. / Baker, Doris. 2001. 352 pages.
Categories: Reference, Top Picks |
Cryptography Decrypted is perhaps the best introduction to current cryptography available. It
covers everything you'd expect from a cryptography book (symmetric key, public key, MACs,
SSL, IPsec) but does so using pictures. Nearly every page has a friendly diagram explaining
otherwise complicated details, all without cheapening the content. No mathematical background
is required, but you'll pick up some number theory by the time you've finished reading it.
A co-worker of mine who bought the book said "My spouse could understand this!". Cryptography
Decrypted is for anyone who likes to learn on their own, or for security folks that find
themselves regularly explaining cryptography to less technical individuals.
|
|
|
 |
|
Cryptography: Theory and Practice
Stinson, Douglas. 1995. 448 pages.
Note: I have not read the newer 2nd edition (release date February 2002).
Categories: Reference |
Cryptography Theory and Practice is a great book for those who want a formalized
and mathematically rigorous approach to cryptography. It covers the usual
stuff: classic ciphers, popular symmetric/asymmetric key algorithms, signature schemes,
hash functions, key distribution, authentication codes, secret sharing, pseudo-random
number generation, and zero-knowledge proofs. Assumes that you have had some exposure
to set theory and linear algebra, but still readable.
|
|
|
 |
|
Cryptography and Data Security
Denning, Dorthy. 1982 (Currently out of print). 400 pages.
Categories: Reference |
Considered by many to be the classic text on cryptography (in other words, they used this book
in college during the early 80's). Out of date in many respects, but still worth tracking
down a copy if you can. In addition to the standard stuff, contains worthwhile readings on
information/complexity/number theory, theory of access control, and means of protecting
arbitrary security systems from statistical analysis attacks.
|
|
|
 |
|
Cryptography and Network Security: Principles and Practice
Stallings, William. 1999, 2nd edition. 569 pages.
Categories: Reference |
This is a great book. Starting with low level encryption, it works its way up to email, IP, and
web security. The book is formal, without feeling formal, which makes for a nice reference.
It was written to be used as an introductory graduate-level text. Answers to the questions at the end of each
section are not provided.
|
|
|
 |
 |
Electronic Privacy Papers, The: Documents on the Battle for Privacy in the Age of Surveillance
Schneier, Bruce / Banisar, David. 1997. 747 pages.
Categories: Politics and Organizations, Reference |
The authors explain the politics and history of modern encryption in the US by amassing a huge paper trail
of government and legal documents. Much of the controversy is already out of date (ie the clipper chip),
but it's still a nice reference. It's always fun browsing sanitized (black marker, then photo copied)
documents obtained by the Freedom of Information Act.
|
|
|
 |
|
Handbook of Applied Cryptography
Menezes, Alfred J. / van Oorschot, Paul C. / Vanstone, Scott A. 1997. 816 pages.
Categories: Reference, Top Picks |
This large volume is more of an exhaustive reference than it is a handbook (as the title suggests).
It differs from Schneier's "Applied Cryptography" in that it is far more academic (rigorous and
formalized), and less hands-on (no source code is given). Like a good handbook, it gives a very
modular treatment of each topic. This book is an essential addition to your cryptography library, but
it is not a tutorial.
|
|
|
 |
|
Handbook of Theoretical Computer Science Volume A: Algorithms and Complexity
Leeuwen, J. van (Editor). 1994. 996 pages.
Categories: Mathematics, Programming, Reference |
Extensive coverage of complexity theory, number theory, and a good deal of crypto to
boot. In my opinion, volumes A and B are far more useful,
and up to date than the three book series "The Art of Computer Programming" by Knuth,
at least a far as crypto is concerned. Ronald Rivest wrote the crypto section.
|
|
|
 |
|
Internet Security Protocols: Protecting IP Traffic
Black, Uyless. 2000. 286 pages.
Categories: Reference |
I'm not sure it's useful to start off the book explaining things like denial of service attacks, salami
attacks, viruses, worms, and Trojan horses, and then not talk about technology that addresses these
concerns in the remainder of the book. Additionally, this book entitled "Internet Security
Protocols", but SSL is not covered at all (it's not even in the index) and TLS gets only about
a page worth of coverage. I don't really understand why some obscure topics were beaten to
death, while other topics (some worthy) were completely ignored.
Even so, the book gives nice coverage of RADIUS, DIAMETER, and IPSec. The ISAKMP
and IKE read a bit too much like RFCs.
|
|
|
 |
|
Introduction to Algorithms
Cormen, Thomas H. / Leiserson, Charles E. / Rivest, Ronald L. 1990, 1st edition. 1028 pages.
Note: I have not read the newer 2nd edition (release date September 2001).
Categories: Programming, Reference |
In this book, Rivest (the "R" in RSA) supplies the section on number-theoretic
algorithms, including the RSA cryptosystem. Also discussed is the Chinese remainder
theorem, primality testing, integer factorization, and a good sized section on complexity
theory. This is a strong reference book. I have not yet seen the second edition (published
September 2001), and I'm eager to see what they've included from the last ten years.
|
|
|
 |
|
Security In Computing
Pfleeger, Charles P. / Pfleeger, Shari Lawrence. 1997, 2nd edition. 569 pages.
Note: I have not read the newer 3rd edition (release date December 2002).
Categories: Cryptanalysis, Reference |
An Ivory Tower approach to computer security. Chapters 2 through 4 are provide a
very good (but fast paced) treatment on cryptography and cryptanalysis. The remaining
chapters deal with secure systems (Orange book mentality), database security (such
as preventing the inference of sensitive data from non-sensitive data, a la
Denning), and network security. The security section has a traditional academic
flavor to it -- nothing like the "Hacking Exposed" book.
|
