In my quest for more knowledge of cryptography, I’ve started reading actual books (instead of just reading API reference documents.) If you’re like me, and you’ve decided that going deeper than just making the code work is a good thing, read on.
Today, I’m going to talk briefly about An Introduction to Cryptography by Jon Callas. The book is distributed by Symantec with the PGP Desktop. It is also available from their web site if you’re willing to dig deeply enough.
Jon Callas is a very intelligent fellow and an articulate communicator. As evidence of the former, I refer you to his page dedicated to cat pictures. For the latter, you’ll have to read one of his books. If you don’t want to bother with that, you can read a recent interview he did with the folks over at SpiderOak.
As you would expect with any introduction to a topic, Callas begins (chapter two) with a list of reasons to use encryption. He touches on the obvious (protection of proprietary databases), the less obvious (protection of data on laptops which get lost or stolen) and the nearly unknown (protection for regulatory compliance.) He also notes that there have been limitations on the use of cryptography but describes them as a thing of the past. I contend that his final point is not as accurate as it ought to be. The reality is that the use of cryptography in many nations is overlooked when it is convenient (e.g., in web browsers,) but still regulated or outlawed for more direct applications (e.g., file or message encryption.)
Chapter three is “An Inadequate History of Cryptography”. It is both entertaining (“on occasions puckish”) and a good introduction to the backstories for machine and computer cryptography, and the DES, 3DES and AES algorithms. He finishes with a bit about The Crypto Wars which seems overly dramatic. Perhaps it’s easier for me to say that since I didn’t live it.
The fourth chapter is the meat of the book. This is the part that is interesting if you’re trying to sort out the difference between ciphers and hash functions or MACs and signatures. There is also a useful discussion of trust (which is to be expected when PGP is in the story.) He finishes with the basic recipes for encryption and decryption, which are useful for understanding how real-world implementations actually work.
The last chapter of the book is forward-looking. Callas discusses potential social changes brought about by the ubiquity of cryptography. Perhaps his most important point of this chapter is that cryptography is useful, but not a panacea. Again, this is an entertaining read, with references to space aliens and losing luggage.
If you find yourself fascinated by the world of cryptography, yet find yourself struggling to understand the basic concepts, An Introduction to Cryptography is an approachable and useful read. I suggest that any engineer within spitting distance of a cryptographic system should take half of a day to readit.