Photo by rtitoun.
In my quest for more knowledge of cryptography, I’ve started reading actual
books (instead of just reading API reference documents.) If you’re like me,
and you’ve decided that going deeper than just making the code work is a good
thing, read on.
Today, I’m going to talk briefly about An Introduction to
Cryptography by Jon Callas. The book is distributed by Symantec with the PGP
Desktop. It is also available from their web site if you’re willing to dig
Jon Callas is a very intelligent fellow and an articulate communicator. As
evidence of the former, I refer you to his page dedicated to cat pictures.
For the latter, you’ll have to read one of his books. If you don’t want to
bother with that, you can read a recent interview he did with the folks over
As you would expect with any introduction to a topic, Callas begins (chapter
two) with a list of reasons to use encryption. He touches on the obvious
(protection of proprietary databases), the less obvious (protection of data on
laptops which get lost or stolen) and the nearly unknown (protection for
regulatory compliance.) He also notes that there have been limitations on the
use of cryptography but describes them as a thing of the past. I contend that
his final point is not as accurate as it ought to be. The reality is that
the use of cryptography in many nations is overlooked when it is convenient
(e.g., in web browsers,) but still regulated or outlawed for more direct
applications (e.g., file or message encryption.)
Chapter three is “An Inadequate History of Cryptography”. It is both
entertaining (“on occasions puckish”) and a good introduction to the
backstories for machine and computer cryptography, and the DES, 3DES and AES
algorithms. He finishes with a bit about The Crypto Wars which seems overly
dramatic. Perhaps it’s easier for me to say that since I didn’t live it.
The fourth chapter is the meat of the book. This is the part that is
interesting if you’re trying to sort out the difference between ciphers and
hash functions or MACs and signatures. There is also a useful discussion of
trust (which is to be expected when PGP is in the story.) He finishes with the
basic recipes for encryption and decryption, which are useful for
understanding how real-world implementations actually work.
The last chapter of the book is forward-looking. Callas discusses potential
social changes brought about by the ubiquity of cryptography. Perhaps his most
important point of this chapter is that cryptography is useful, but not a
panacea. Again, this is an entertaining read, with references to space aliens
and losing luggage.
If you find yourself fascinated by the world of cryptography, yet find yourself
struggling to understand the basic concepts, An Introduction to Cryptography
is an approachable and useful read. I suggest that any engineer within
spitting distance of a cryptographic system should take half of a day to read
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.