books tagged “crypto”

If the National Security Agency (NSA) had wanted to make sure that strong encryption would reach the masses, it couldn't have done much better than to tell the cranky geniuses of the world not to do it. Author Steven Levy, deservedly famous for his enlightening Hackers, tells the story of the cypherpunks, their foes, and their allies in Crypto: How the Code Rebels Beat the Government. From the determined research of Whitfield Diffie and Marty Hellman, in the face of the NSA's decades-old security lock, to the commercial world's turn-of-the-century embrace of encrypted e-commerce, Levy finds drama and intellectual challenge everywhere he looks. Although he writes, "Behind every great cryptographer, it seems, there is a driving pathology," his respect for the mathematicians and programmers who spearheaded public key encryption as the solution to Information Age privacy invasion shines throughout. Even the governmental bad guys are presented more as hapless control fetishists who lack the prescience to see the inevitability of strong encryption as more than a conspiracy of evil.

Each cryptological advance that was made outside the confines of the NSA's Fort Meade complex was met with increasing legislative and judicial resistance. Levy's storytelling acumen tugs the reader along through mathematical and legal hassles that would stop most narratives in their tracks--his words make even the depressingly silly Clipper chip fiasco vibrant. Hardcore privacy nerds will value Crypto as a review of 30 years of wrangling; those readers with less familiarity with the subject will find it a terrific and well-documented launching pad for further research. From notables like Phil Zimmerman to obscure but important figures like James Ellis, Crypto dishes the dirt on folks who know how to keep a secret. --Rob Lightner [via]

Author Steven Levy, deservedly famous for his enlightening Hackers, tells the story of the cypherpunks, their foes, and their allies in Crypto; if the National Security Agency (NSA) had wanted to make sure that strong encryption would reach the masses, it couldn't have done much better than to tell the cranky geniuses of the world not to do it.

From the determined research of Whitfield Diffie and Marty Hellman, in the face of the NSA's decades-old security lock, to the commercial world's turn-of-the-century embrace of encrypted e-commerce, Levy finds drama and intellectual challenge everywhere he looks. Although he writes, "Behind every great cryptographer, it seems, there is a driving pathology", his respect for the mathematicians and programmers who spearheaded public key encryption as the solution to Information Age privacy invasion shines throughout. Even the governmental bad guys are presented more as hapless control fetishists who lack the prescience to see the inevitability of strong encryption as more than a conspiracy of evil.

Each cryptological advance that was made outside the confines of the NSA's Fort Meade complex was met with increasing legislative and judicial resistance. Levy's storytelling acumen tugs the reader along through mathematical and legal hassles that would stop most narratives in their tracks--his words make even the depressingly silly Clipper chip fiasco vibrant. Hardcore privacy nerds will value Crypto as a review of 30 years of wrangling; those readers with less familiarity with the subject will find it a terrific and well-documented launching pad for further research. From notables like Phil Zimmerman to obscure but important figures like James Ellis, Crypto dishes the dirt on folks who know how to keep a secret. --Rob Lightner [via]

Douglas R. Stinson's Cryptography: Theory and Practice is a mathematically intensive examination of cryptography, including ciphers, the Data Encryption Standard (DES), public key cryptography, one-way hash functions, and digital signatures. Stinson's explication of "zero-sum proofs"--a process by which one person lets another person know that he or she has a password without actually revealing any information--is especially good.

If you are new to the math behind cryptography but want to tackle it, the author covers all of the required background to understand the real mathematics here. Cryptography includes extensive exercises with each chapter and makes an ideal introduction for any math-literate person willing to get acquainted with this material. [via]

Neal Stephenson enjoys cult status among science fiction fans and techie types thanks to Snow Crash, which so completely redefined conventional notions of the high-tech future that it became a self-fulfilling prophecy. But if his cyberpunk classic was big, Cryptonomicon is huge... gargantuan... massive, not just in size (a hefty 918 pages including appendices) but in scope and appeal. It's the hip, readable heir to Gravity's Rainbow and the Illuminatus trilogy. And it's only the first of a proposed series--for more information, read our interview with Stephenson.

Cryptonomicon zooms all over the world, careening conspiratorially back and forth between two time periods--World War II and the present. Our 1940s heroes are the brilliant mathematician Lawrence Waterhouse, cryptanalyst extraordinaire, and gung ho, morphine-addicted marine Bobby Shaftoe. They're part of Detachment 2702, an Allied group trying to break Axis communication codes while simultaneously preventing the enemy from figuring out that their codes have been broken. Their job boils down to layer upon layer of deception. Dr. Alan Turing is also a member of 2702, and he explains the unit's strange workings to Waterhouse. "When we want to sink a convoy, we send out an observation plane first.... Of course, to observe is not its real duty--we already know exactly where the convoy is. Its real duty is to be observed.... Then, when we come round and sink them, the Germans will not find it suspicious."

All of this secrecy resonates in the present-day story line, in which the grandchildren of the WWII heroes--inimitable programming geek Randy Waterhouse and the lovely and powerful Amy Shaftoe--team up to help create an offshore data haven in Southeast Asia and maybe uncover some gold once destined for Nazi coffers. To top off the paranoiac tone of the book, the mysterious Enoch Root, key member of Detachment 2702 and the Societas Eruditorum, pops up with an unbreakable encryption scheme left over from WWII to befuddle the 1990s protagonists with conspiratorial ties.

Cryptonomicon is vintage Stephenson from start to finish: short on plot, but long on detail so precise it's exhausting. Every page has a math problem, a quotable in-joke, an amazing idea, or a bit of sharp prose. Cryptonomicon is also packed with truly weird characters, funky tech, and crypto--all the crypto you'll ever need, in fact, not to mention all the computer jargon of the moment. A word to the wise: if you read this book in one sitting, you may die of information overload (and starvation). --Therese Littleton [via]

A sentimental favorite, The Cuckoo's Egg seems to have inspired a whole category of books exploring the quest to capture computer criminals. Still, even several years after its initial publication and after much imitation, the book remains a good read with an engaging story line and a critical outlook, as Clifford Stoll becomes, almost unwillingly, a one-man security force trying to track down faceless criminals who've invaded the university computer lab he stewards. What first appears as a 75-cent accounting error in a computer log is eventually revealed to be a ring of industrial espionage, primarily thanks to Stoll's persistence and intellectual tenacity. [via]

Cliff stoll was an astronomer turned systems manager at lawrence berkeley lab when a 75-cent accounting error alerted him to the presence of an unauthorized users on his system. The hacker's code name was "hunter"-- a mystery invader hiding inside a twisting electronic labyrinth, breaking into u.s. Computer systems and stealing sensitive military and security information. Stoll began a one-man hunt of his own, spying on the spy-- and plunging into an incredible international probe that finally gained the attention of top u.s. Counter-intelligence agents. "the cuckoo's egg" is his wild and suspenseful true story-- a year of deception, broken codes, satellites, missile bases and the ultimate sting operation-- and how one ingenious american trapped a spy ring paid in cash and cocaine, and reporting to the kgb [via]

With The Da Vinci Code, Dan Brown masterfully concocts an intelligent and lucid thriller that marries the gusto of an international murder mystery with a collection of fascinating esoterica culled from 2,000 years of Western history. A murder in the silent after-hours halls of the Louvre museum reveals a sinister plot to uncover a secret that has been protected by a clandestine society since the days of Christ. The victim is a high-ranking agent of this ancient society who, in the moments before his death, manages to leave gruesome clues at the scene that only his granddaughter, noted cryptographer Sophie Neveu, and Robert Langdon, a famed symbologist, can untangle.

The duo become both suspects and detectives searching not only for Neveu's grandfather's murderer, but also the stunning secret of the ages he was charged to protect. Mere steps ahead of the authorities and the deadly competition, the mystery leads Neveu and Langdon on a breathless flight through France, England and history itself. Brown has created a page-turning thriller that also provides an amazing interpretation of Western history. Brown's hero and heroine embark on a lofty and intriguing exploration of some of Western culture's greatest mysteries--from the nature of the Mona Lisa's smile to the secret of the Holy Grail. Though some will quibble with the veracity of Brown's conjectures, therein lies the fun. The Da Vinci Code is an enthralling read that provides rich food for thought. --Jeremy Pugh, Amazon.com [via]

Cryptology, for millennia a "secret science", is rapidly gaining in practical importance for the protection of communication channels, databases, and software. Beside its role in computerized information systems (public key systems), more and more applications inside computer systems and networks are appearing, which also extend to access rights and source file protection. The first part of this book treats secret codes and their uses - cryptography. The second part deals with the process of covertly decrypting a secret code - cryptanalysis - where in particular advice on assessing methods is given. The book presupposes only elementary mathematical knowledge. Spiced with a wealth of exciting, amusing, and sometimes personal stories from the history of cryptology, it will also interest general readers. [via]

In most thrillers, "hardware" consists of big guns, airplanes, military vehicles, and weapons that make things explode. Dan Brown has written a thriller for those of us who like our hardware with disc drives and who rate our heroes by big brainpower rather than big firepower. It's an Internet user's spy novel where the good guys and bad guys struggle over secrets somewhat more intellectual than just where the secret formula is hidden--they have to gain understanding of what the secret formula actually is.

In this case, the secret formula is a new means of encryption, capable of changing the balance of international power. Part of the fun is that the book takes the reader along into an understanding of encryption technologies. You'll find yourself better understanding the political battles over such real-life technologies as the Clipper Chip and PGP (Pretty Good Privacy) software even though the book looks at the issues through the eyes of fiction.

Although there's enough globehopping in this book for James Bond, the real battleground is cyberspace, because that's where the "bomb" (or rather, the new encryption algorithm) will explode. Yes, there are a few flaws in the plot if you look too closely, but the cleverness and the sheer fun of it all more than make up for them. There are enough twists and turns to keep you guessing and a lot of high, gee-whiz-level information about encryption, code breaking, and the role they play in international politics. Set aside the whole afternoon and evening for it and have finger food on hand for supper--you may want to read this one straight through. [via]

In most thrillers, "hardware" consists of big guns, airplanes, military vehicles, and weapons that make things explode. Dan Brown has written a thriller for those of us who like our hardware with disc drives and who rate our heroes by big brainpower rather than big firepower. It's an Internet user's spy novel where the good guys and bad guys struggle over secrets somewhat more intellectual than just where the secret formula is hidden--they have to gain understanding of what the secret formula actually is.

In this case, the secret formula is a new means of encryption, capable of changing the balance of international power. Part of the fun is that the book takes the reader along into an understanding of encryption technologies. You'll find yourself better understanding the political battles over such real-life technologies as the Clipper Chip and PGP (Pretty Good Privacy) software even though the book looks at the issues through the eyes of fiction.

Although there's enough globehopping in this book for James Bond, the real battleground is cyberspace, because that's where the "bomb" (or rather, the new encryption algorithm) will explode. Yes, there are a few flaws in the plot if you look too closely, but the cleverness and the sheer fun of it all more than make up for them. There are enough twists and turns to keep you guessing and a lot of high, gee-whiz-level information about encryption, code breaking, and the role they play in international politics. Set aside the whole afternoon and evening for it and have finger food on hand for supper--you may want to read this one straight through. [via]

While Allied Forces understandably pursued a "Europe-first" policy in the Second World War, the Japanese threat in the Far East grew with every month. Popular history credits the Americans with breaking Japanese codes and saving perhaps two years of conflict. This is not Michael Smith's view. Building on the success of Station X, which heralded British success in cracking the German Enigma cipher, The Emperor's Codes uses recently released British archive records to fill in the details of British and Australian involvement in the Far East. In fact, Smith goes further, and controversially concludes that internal bickering in the US military, compounded by a less than open exchange of information with the British, "must have cost many lives, the majority of them American". In addition, he observes that the Allies knew a Japanese "unconditional surrender", dependent on Emperor Hirohito remaining on the throne, was on the cards before the atomic bombs were dropped on Hiroshima and Nagasaki, throwing into considerable doubt the need for such demonstratively horrific tactics.

As well as major players such as John Tiltman, Eric Nave and Joe Rochefort, Smith plays out the controversy, as well as the intricacies of cryptography, through recourse to witness statements from the "ordinary" men and women slavishly dedicated to "stripping"--that is, removing the cipher additive. The urgencies and peculiarities of war saw numerous marriages, Oxbridge linguists learning Japanese in six months (experts had predicted five years), a radio broadcast of a concert from Britain's most secret location and an over-optimistic colour-coded ticket scheme at Bletchley Park for meals; bread and butter, so to speak, for the hungry workers. Charting efforts in Ceylon, Singapore, India, Kenya, Australia and, of course, Bletchley Park, Smith's revisionist reading gives proper due to the grass roots co-operation between Allied intelligence which, though unable to prevent the Japanese attack on Pearl Harbour, helped accelerate Hirohito's surrender. As he makes plain, that it succeeded more in spite of than due to senior US Navy command scathingly undermines the conventional heroic narrative the American military was so quick to proclaim. It's a damning conclusion, but an enthralling read. --David Vincent [via]

From Pearl Harbor on December 7, 1941, whose devastating loss was due in large measure to our inability to decode messages about the forthcoming attack, to the Battle of Midway, code-breaking played a key role in the Pacific war. Moving across the world from Bletchley Park outside London to Pearl Harbor, from Singapore to Colombo, from Mombassa to Melbourne, The Emperor's Code reveals how the Japanese codes - of which there were several - were broken, and we discover in detail who were the (often quirky) geniuses behind the desperate effort. Unlike the German codes, where similarities of language made decrypting at least possible, the vast differences between English and Japanese made this far more daunting. [via]

Alan Turing, Enigma ist die Biographie des legendären britischen Mathematikers, Logikers, Kryptoanalytikers und Computerkonstrukteurs Alan Mathison Turing (1912-1954). Turing war einer der bedeutendsten Mathematiker dieses Jahrhunderts und eine höchst exzentrische Persönlichkeit. Er gilt seit seiner 1937 erschienenen Arbeit "On Computable Numbers", in der er das Prinzip des abstrakten Universalrechners entwickelte, als der Erfinder des Computers. Er legte auch die Grundlagen für das heute "Künstliche Intelligenz" genannte Forschungsgebiet. Turings zentrale Frage "Kann eine Maschine denken?" war das Motiv seiner Arbeit und wird die Schlüsselfrage des Umgangs mit dem Computer werden. Die bis 1975 geheimgehaltene Tätigkeit Turings für den britischen Geheimdienst, die zur Entschlüsselung des deutschen Funkverkehrs führte, trug entscheidend zum Verlauf und Ausgang des Zweiten Weltkriegs bei. [via]

Due to the rapid growth of digital communication and electronic data exchange, information security has become a crucial issue in industry, business, and administration. Modern cryptography provides essential techniques for securing information and protecting data.

In the first part, this book covers the key concepts of cryptography on an undergraduate level, from encryption and digital signatures to cryptographic protocols. Essential techniques are demonstrated in protocols for key exchange, user identification, electronic elections and digital cash. In the second part, more advanced topics are addressed, such as the bit security of one-way functions and computationally perfect pseudorandom bit generators. The security of cryptographic schemes is a central topic. Typical examples of provably secure encryption and signature schemes and their security proofs are given. Though particular attention is given to the mathematical foundations, no special background in mathematics is presumed. The necessary algebra, number theory and probability theory are included in the appendix. Each chapter closes with a collection of exercises.

The second edition contains corrections, revisions and new material, including a complete description of the AES, an extended section on cryptographic hash functions, a new section on random oracle proofs, and a new section on public-key encryption schemes that are provably secure against adaptively-chosen-ciphertext attacks.

This book is an introduction to the algorithmic aspects of number theory and its applications to cryptography, with special emphasis on the RSA cryptosys-tem. It covers many of the familiar topics of elementary number theory, all with an algorithmic twist. The text also includes many interesting historical notes. [via]

Kaffia Lang's an experienced hacker. She's cautious, but her inability to turn down any network cracking challenge often leads her and anyone with her into danger. Alex, a geeky skater, new at school, works his way into the mysterious technological world she's created. He doesn't know whether he loves her or fears her, but he's forced to choose when he finds himself caught in a tangle of revenge, and Kaffia's life hangs on every decision he makes.

Nanowhere...is a love story with all the usual elements: rogue soldiers, computer hacking, tyranny, cryptography, hit-men with an affinity for rolled adhesives, rebellious skateboarders, and sentient billion-node self-organizing nanotech ghosts.

"Chris Howard has released an...interesting and well-written..sf thriller called Nanowhere along with a bunch of supplementary materials that purports to be the lab notes and publications of one of the book's characters..."
    --Cory Doctorow, BoingBoing [via]

Security is the number one concern for businesses worldwide. The gold standard for attaining security is cryptography because it provides the most reliable tools for storing or transmitting digital information. Written by Niels Ferguson, lead cryptographer for Counterpane, Bruce Schneier's security company, and Bruce Schneier himself, this is the much anticipated follow-up book to Schneier's seminal encyclopedic reference, Applied Cryptography, Second Edition (0-471-11709-9), which has sold more than 150,000 copies.
Niels Ferguson (Amsterdam, Netherlands) is a cryptographic engineer and consultant at Counterpane Internet Security. He has extensive experience in the creation and design of security algorithms, protocols, and multinational security infrastructures. Previously, Ferguson was a cryptographer for DigiCash and CWI. At CWI he developed the first generation of off-line payment protocols. He has published numerous scientific papers.
Bruce Schneier (Minneapolis, MN) is Founder and Chief Technical Officer at Counterpane Internet Security, a managed-security monitoring company. He is also the author of Secrets and Lies: Digital Security in a Networked World (0-471-25311-1). [via]

Cryptography, secret writing, is enjoying a scientific renaissance following the seminal discovery in 1977 of public-key cryptography and applications in computers and communications. This book gives a broad overview of public-key cryptography - its essence and advantages, various public-key cryptosystems, and protocols - as well as a comprehensive introduction to classical cryptography and cryptoanalysis. The second edition has been revised and enlarged especially in its treatment of cryptographic protocols. From a review of the first edition: "This is a comprehensive review ... there can be no doubt that this will be accepted as a standard text. At the same time, it is clearly and entertainingly written ... and can certainly stand alone." Alex M. Andrew, Kybernetes, March 1992 [via]

In 1947, the governments of the United States, the United Kingdom, Canada, Australia, and New Zealand signed a secret treaty in which they agreed to cooperate in matters of signals intelligence. In effect, the governments agreed to pool their geographic and technological assets in order to listen in on the electronic communications of China, the Soviet Union, and other Cold War bad guys--all in the interest of truth, justice, and the American Way, naturally. The thing is, the system apparently catches everything. Government security services, led by the U.S. National Security Agency, screen a large part (and perhaps all) of the voice and data traffic that flows over the global communications network. Fifty years later, the European Union is investigating possible violations of its citizens' privacy rights by the NSA, and the Electronic Privacy Information Center, a public advocacy group, has filed suit against the NSA, alleging that the organization has illegally spied on U.S. citizens.

Being a super-secret spy agency and all, it's tough to get a handle on what's really going on at the NSA. However, James Bamford has done great work in documenting the agency's origins and Cold War exploits in The Puzzle Palace. Beginning with the earliest days of cryptography (code-making and code-breaking are large parts of the NSA's mission), Bamford explains how the agency's predecessors helped win World War II by breaking the German Enigma machine and defeating the Japanese Purple cipher. He also documents signals intelligence technology, ranging from the usual collection of spy satellites to a great big antenna in the West Virginia woods that listened to radio signals as they bounced back from the surface of the moon.

Bamford backs his serious historical and technical material (this is a carefully researched work of nonfiction) with warnings about how easily the NSA's technology could work against the democracies of the world. Bamford quotes U.S. Senator Frank Church: "If this government ever became a tyranny ... the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government ... is within the reach of the government to know." This is scary stuff. --David Wall [via]

In 1947, the governments of the United States, the United Kingdom, Canada, Australia, and New Zealand signed a secret treaty in which they agreed to cooperate in matters of signals intelligence. In effect, the governments agreed to pool their geographic and technological assets in order to listen in on the electronic communications of China, the Soviet Union, and other Cold War bad guys--all in the interest of truth, justice, and the American Way, naturally. The thing is, the system apparently catches everything. Government security services, led by the U.S. National Security Agency, screen a large part (and perhaps all) of the voice and data traffic that flows over the global communications network. Fifty years later, the European Union is investigating possible violations of its citizens' privacy rights by the NSA, and the Electronic Privacy Information Center, a public advocacy group, has filed suit against the NSA, alleging that the organization has illegally spied on U.S. citizens.

Being a super-secret spy agency and all, it's tough to get a handle on what's really going on at the NSA. However, James Bamford has done great work in documenting the agency's origins and Cold War exploits in The Puzzle Palace. Beginning with the earliest days of cryptography (code-making and code-breaking are large parts of the NSA's mission), Bamford explains how the agency's predecessors helped win World War II by breaking the German Enigma machine and defeating the Japanese Purple cipher. He also documents signals intelligence technology, ranging from the usual collection of spy satellites to a great big antenna in the West Virginia woods that listened to radio signals as they bounced back from the surface of the moon.

Bamford backs his serious historical and technical material (this is a carefully researched work of nonfiction) with warnings about how easily the NSA's technology could work against the democracies of the world. Bamford quotes U.S. Senator Frank Church: "If this government ever became a tyranny ... the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government ... is within the reach of the government to know." This is scary stuff. --David Wall [via]

In 1947, the governments of the United States, the United Kingdom, Canada, Australia, and New Zealand signed a secret treaty in which they agreed to cooperate in matters of signals intelligence. In effect, the governments agreed to pool their geographic and technological assets in order to listen in on the electronic communications of China, the Soviet Union, and other Cold War bad guys--all in the interest of truth, justice, and the American Way, naturally. The thing is, the system apparently catches everything. Government security services, led by the U.S. National Security Agency, screen a large part (and perhaps all) of the voice and data traffic that flows over the global communications network. Fifty years later, the European Union is investigating possible violations of its citizens' privacy rights by the NSA, and the Electronic Privacy Information Center, a public advocacy group, has filed suit against the NSA, alleging that the organization has illegally spied on U.S. citizens.

Being a super-secret spy agency and all, it's tough to get a handle on what's really going on at the NSA. However, James Bamford has done great work in documenting the agency's origins and Cold War exploits in The Puzzle Palace. Beginning with the earliest days of cryptography (code-making and code-breaking are large parts of the NSA's mission), Bamford explains how the agency's predecessors helped win World War II by breaking the German Enigma machine and defeating the Japanese Purple cipher. He also documents signals intelligence technology, ranging from the usual collection of spy satellites to a great big antenna in the West Virginia woods that listened to radio signals as they bounced back from the surface of the moon.

Bamford backs his serious historical and technical material (this is a carefully researched work of nonfiction) with warnings about how easily the NSA's technology could work against the democracies of the world. Bamford quotes U.S. Senator Frank Church: "If this government ever became a tyranny ... the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government ... is within the reach of the government to know." This is scary stuff. --David Wall [via]

Wem kann man heute noch trauen? Bruce Schneier ist sicher einen Versuch wert -- seine Fähigkeit, den gesunden Menschenverstand anzusprechen, macht sein Buch Secrets & Lies. IT-Sicherheit in einer vernetzten Welt sowohl zu einer Offenbarung als auch zu einem praktischen Ratgeber. Schon seit Jahren arbeitet er im Bereich der Kryptographie und der elektronischen Sicherheit, und kam dabei zu der ernüchternden Erkenntnis, dass selbst die intelligenteste Programmierung und die sicherste Hardware keinen Schutz vor Angriffen darstellt, die auf menschliche Schwächen zielen.

Das Buch ist übersichtlich in drei Teile gegliedert: am Anfang ein Überblick über aktuelle Systeme und Bedrohungen, es folgen Techniken mit denen Daten geschützt und abgefangen werden können und zuletzt Strategien für die optimale Einrichtung von Sicherheitssystemen. Ohne sich blind auf vorbeugende Sicherheitsmaßnahmen zu verlassen, befürwortet Schneier Vorgehensweisen zur schnellen Aufdeckung und Reaktion auf einen Angriff, während man sich Amateure mit Firewalls und anderen Gateways vom Leib hält.

Neueinsteiger in die Welt von Schneier werden erstaunt sein, wie unterhaltsam er vor allem bei Themen sein kann, die allgemein als trocken und langweilig betrachtet werden. Egal ob er das Sicherheitsproblem von Rebellen und Todesstern in Star Wars analysiert oder sich über die großen Software- und E-Commerce-Unternehmen lustig macht, die ständig die Sicherheit ihrer Systeme für neue Modeanwendungen aufs Spiel setzen -- Schneier ist einer der wenigen Technik-Autoren, die den Leser unentwegt zum Lachen bringen.

Zwar ist er was die Zukunft der Systemsicherheit betrifft einigermaßen pessimistisch, aber er nimmt dem Leser die Angst, indem er unsere Welt der Elektronik mit der uns vertrauten, ebenso unsicheren Welt des Papiers vergleicht. Was macht da schon ein kleiner Kreditkartenbetrug aus. Trotz einer unglücklich platzierten (wenn auch kurzen) Schleichwerbung für seine Beratungsfirma im Nachwort des Buches, kann man sich darauf verlassen, dass Schneier in Secrets & Lies. IT-Sicherheit in einer vernetzten Welt" gute Arbeit leistet. --Rob Lightner [via]

At the moment, it seems that hardly a day passes without fresh news of some glaring Internet security breach; online banks, of all things, seem to be particularly vulnerable at the moment. All of which will come as no great surprise to network security cum cryptography guru, Bruce Schnier. His latest book, Secrets and Lies, paints a very gloomy overview of the true state of network security. Schnier, founder of Counterpane Internet Security, has some harsh words to say about the state of network security, though, to be fair, his criticisms are directed far and wide; not one scapegoat, (not even Microsoft) is singled out for special attention. Depressingly, the words "fundamentally flawed" crop up time and time again in this absorbing book.

Secrets and Lies is a thorough backgrounder in all aspects of network security, an extremely wide remit that stretches from passwords to encryption, passing through authentication and attack trees along the way. The book is divided in to three broad categories, The Landscape, which covers attacks, adversaries and the need for security; Technologies, which discusses cryptography, authentication, network security, secure hardware and security tricks; and concludes with Strategies, which looks at vulnerabilities, risk assessment, security policies and the future of security. Mercifully there's a dim light at the end of this tunnel and Schnier ultimately remains upbeat about maintaining computer security and details a way forward in his conclusion.

Although working in a necessarily techie environment, Schnier's book is surprisingly jargon-free and easy to understand, even if you're not au fait with the inner workings of TCP/IP--it's common-sense, practical style makes a potentially dense and arcane subject accessible by just about anybody. It's also bang up to date, which makes for a pleasant change. Secrets and Lies is never less than thought-provoking and should be essential reading for every network administrator in the land. Be afraid, be very afraid! --Roger Gann [via]

Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorised use and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading, and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions upon.

Be aware: this is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenuous ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the Cold War brought on a decline in defences against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say) and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity and always use common sense in defending valuables. It is a terrific read for security professionals and general readers alike. --David Wall

Topics covered: how some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the US Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology and legal matters. [via]

SSL is Secure Sockets Layer, the most common security protocol used in networks around the world. TLS is Transport Layer Security, its more modern counterpart. Although its primary use is securing Web traffic, SSL (along with TLS) is suitable for and widely used to secure other services, including LDAP (directory access) and e-mail. Securing all this traffic has highlighted sophisticated security problems and their solutions, and so a thorough understanding of SSL and TLS is essential for the construction of secure systems.

SSL and TLS: Designing and Building Secure Systems offers clear and comprehensive descriptions of these security protocols and their implementation, and also provides "designs"--tried and true templates that suit various scenarios. Armed with this book, you can become well versed in the importance of SSL and TLS, be able to work with them to provide solutions, and furthermore identify an appropriate tested "design" that will solve the security problems of a proposed new network installation.

The book starts with an excellent summary of cryptography, and clarifies what the threat to security is. The next five chapters introduce and elucidate SSL itself, in detail but with great care to carry even the neophyte along, keeping comprehension high. Diagrams and examples are plentiful. The author provides information about how to obtain free tools, including his own helpful "ssldump" which significantly aids the person who wishes to learn how to use, interpret, program and plan implementation of this protocol.

Though SSL and TLS is aimed at the professional who expects to be in constant use of network equipment, this book can be used as a good introduction to security issues confronting computer users, even if you never plan to touch a coax cable. --Wilf Hey [via]

The first and only guide to one of today's most important new cryptography algorithms The Twofish Encryption Algorithm A symmetric block cipher that accepts keys of any length, up to 256 bits, Twofish is among the new encryption algorithms being considered by the National Institute of Science and Technology (NIST) as a replacement for the DES algorithm. Highly secure and flexible, Twofish works extremely well with large microprocessors, 8-bit smart card microprocessors, and dedicated hardware. Now from the team who developed Twofish, this book provides you with your first detailed look at:
* All aspects of Twofish's design and anatomy
* Twofish performance and testing results
* Step-by-step instructions on how to use it in your systems
* Complete source code, in C, for implementing Twofish
On the companion Web site you'll find:
* A direct link to Counterpane Systems for updates on Twofish
* A link to the National Institute of Science and Technology (NIST) for ongoing information about the competing technologies being considered for the Advanced Encryption Standard (AES) for the next millennium
For updates on Twofish and the AES process, visit these sites:
* www.wiley.com/compbooks/schneier
* www.counterpane.com
* www.nist.gov/aes
Wiley Computer Publishing Timely.Practical.Reliable Visit our Web site at www.wiley.com/compbooks/ Visit the companion Web site at www.wiley.com/compbooks/schneier [via]