Book Review: Secret History: the Story of Cryptology 71
benrothke writes "Narrating a compelling and interesting story about cryptography is not an easy endeavor. Many authors have tried and failed miserably; attempting to create better anecdotes about the adventure of Alice and Bob. David Kahn probably did the best job of it when wrote The Codebreakers: The story of secret writing in 1967 and set the gold standard on the information security narrative. Kahn's book was so provocative and groundbreaking that the US Government originally censored many parts of it. While Secret History: The Story of Cryptology is not as groundbreaking, it also has no government censorship. With that, the book is fascinating read that provides a combination of cryptographic history and the underlying mathematics behind it." Keep reading for the rest of Ben's review.
As a preface; the book has cryptology in its title, which is for the most part synonymous with cryptography. Since cryptography is more commonly used, I'll use it in this review. | Secret History: The Story of Cryptology | |
| author | Craig P. Bauer |
| pages | 620 |
| publisher | CRC Pres |
| rating | 9/10 |
| reviewer | Ben Rothke |
| ISBN | 978-1466561861 |
| summary | Excellent comprehensive and decipherable text on the history of cryptography |
Kahn himself wrote that he felt this book is by far the clearest and most comprehensive of the books dealing with the modern era of cryptography including classic ciphers and some of the important historical ones such as Enigma and Purple; but also newer systems such as AES and public-key cryptography.
The book claims that the mathematics detailed in it are accessible requiring minimal mathematical prerequisites. But the reality is that is does require at least a college level understanding, including algebra, calculus and more.
As an aside, nearly every book on encryption and cryptography that claims no advanced mathematical knowledge is needed doesn't meet that claim. With that, Bauer does a good job of separating the two narratives in the book (cryptography and history), so one who is not comfortable with the high-level math can easily parse through those sections.
Bauer brings an extensive pedigree to the book, as he is a former scholar-in-residence at the NSA Center for Cryptologic History. While Bauer has a Ph.D. in mathematics, that does not take away from his ability as an excellent story teller. And let's face it; telling the story of cryptography in a compelling and readable manner is not an easy task.
The 20 chapters in the book follow a chronological development of encryption and cryptography; from Roman times to current times. Each chapter has a set of exercises that can be accessed here. Besides being extremely well-researched, each chapter has numerous items for further reading and research.
Chapters 1-9 are focused on classical cryptology, with topics ranging from the Caesar cipher, Biblical cryptology, to a history of the Vigenère cipher, the ciphers of WW1 and WW2 and more.
In chapter 8 World War II: The Enigma of Germany, Bauer does a great job of detailing how the Enigma machine worked, including details regarding the cryptanalysis of the device, both in its rotor wirings and how recovering its daily keys ultimately lead to is being broken. The chapter also asked the question: what if Enigma had never been broken,and provides a provocative answer to that.
Chapter 8 opens with the famous quote from Ben Franklin that "three may keep a secret if two of them are dead". He notes that the best counterexample to that is of the 10,000 people that were involved in the project to break the Enigma. They all were able to maintain their silence about the project for decades; which clearly shows that large groups can indeed keep a secret. Bauer notes that it is often a reaction to conspiracy theories that large groups of people could never keep a secret for so long.
Chapter 9 provides a fascinating account of the Navajo code talkers. These were a group of Navajo Indians who were specially recruited during World War II by the Marines to serve in their communications units. Since the Navajo language was unknown to the Axis powers; it ensured that all communications were kept completely secret.
While part 1 is quite interesting; part 2, chapters 10-20 focuses on modern cryptology and is even more fascinating. Bauer does a fantastic job of encapsulating the last 60 years of cryptography, and covers everything from the origins of the NSA, the development of DES and AES, public key cryptography and much more.
The book was printed in March 2013 just before the NSA PRISM surveillance program became public knowledge. If there is any significant mistake in the book, it is in chapter 11 where Bauer writes that "everything I've seen and heard at the NSA has convinced me that the respect for the Constitution is a key component of the culture there".
Aside from the incorrect observation about how the NSA treats the Constitution, the book does an excellent job of integrating both the history of cryptography and the mathematical element. For those that aren't interested in to the mathematics, there is plenty of narrative in the book to keep them reading.
For those looking for a comprehensive and decipherable text on the history of cryptography, this is one of the best on the topic in many years.
Kahn's book laid the groundwork that made a book like this possible and Secret History: The Story of Cryptology is a worthy follow-up to that legendary text.
Reviewed by Ben Rothke
Alice and Bob (Score:5, Funny)
Re: (Score:2)
Alice and Bob work for NSA yo!
I'm not worried about them ... but I hear that Eve works there too.
Running key is dead... Long Live the One Time Pad (Score:2, Insightful)
I repeat, One Time Pad. Learn it, Use it. Love it.
Trade terabyte harddrives filled with noise with your friends and enjoy 100% perfect forward secrecy.
When you run out of pad, go meet in person and trade another drive after you confirm privacy.
One time pad is best for situations where you can get 100% private with someone, but have to leave that privacy later and still need to speak with them privately.
The NSA revelations tells me that all running key algorithms are dead. I prefer any key being allowed to d
Re: (Score:1)
They'll bust the door in, confiscate those terabytes of OTPs and decrypt everything you've ever sent. Besides, you'll make the OTPs wrong and then accidentally reuse them.
So you can repeat your One Time Pad mantra all you want. It won't work.
Re: (Score:3)
Not defending this obvious idiocy but, simply overwriting the pad blocks as you use them easily prevents both reuse, and confiscation as a means to decrypt previous messages. Of course, it does mean that you have to either save those messages in some other manner, or live with having them be "read once".
That said, I don't think its really the case that all stream ciphers are totally broken and not trustable. Nor do I expect that will be the case. The lavabit debacle indicates that the encryption itself is l
Re: (Score:2)
That said, I don't think its really the case that all stream ciphers are totally broken and not trustable. Nor do I expect that will be the case. The lavabit debacle indicates that the encryption itself is likely still good, or else, why bother trying to force key shenanigans?
There's several problems with these statements. First, there's no evidence that stream ciphers as an aggregate group are significantly less secure than block ciphers. You shouldn't have to 'expect' this to be the case -- the GP has failed to provide evidence for his claim, and there are studies and evidence to support yours that is common knowledge: Much of the internet is built on stream ciphers, and while particular implimentations have been shown to be faulty, few cryptography analysts have made the stat
Re: (Score:2)
So instead of busting the door in, you just pick the lock, copy the drive, and you're able to decrypt all future messages. I'd guess the NSA would prefer to be able to decrypt all future messages over being able to decrypt all past messages.
Door failure runs rampant (Score:1)
Re: (Score:2)
I keep hearing about how they'll but the door in. Doesn't anyone make decent doors anymore?
yes [businessinsider.com]
Re: (Score:1)
Re: (Score:2)
I always thought it would be interesting to try to create "perfect" compression of English (or any language, really). You create an encoding such that every possible message is a semantically and grammatically correct message. Then each and every decrypted message is equally valid.
Of course, this goal is impossible, but I bet we could get reasonably close. Close enough that a human would be required to check each decrypted message, making brute force attacks unrealistic.
A one time pad is simpler, of cour
Re: (Score:2)
The problem is that sentences rarely occur in isolation, making encryption harder and harder if you want a bijective mapping to *texts* that make sense. In fact, at some time in a context there might not be enough texts that make sense to encrypt to unless you're willing to introduce a lot of redundancy.
Re: (Score:2)
Ideally you'd combine the two tactics.
I actually don't think that's so impossible; you just need to rely as heavily as possible on context and put all sentences into a normalized form. English is a bit lame for this, but it should be trivial to do in a Lojban-like language that avoids all particles. As a trivial example: number all verbs and number all nouns separately. If a verb is transitive, then the next two numbers are its nouns, if not, then the next number is its subject and the number after that is
Re: (Score:1)
...because only if you understand the text, you can give halfway accurate probabilities for what comes next.
Browning turned to the lady saying: "Madam, when those lines were written two knew their meaning, God and Browning. Now only God Knows.
Re: (Score:2)
I repeat, One Time Pad.
I loled. Golf clap.
Re: (Score:2)
Use /dev/random and Monolith... dd from random into a file the same size as your cleartext, use Monolith to xor the files into a third file, secured file. The random file is essentially your key, so it must be kept separate from your secured file to be safe.
http://monolith.sourceforge.net/ [sourceforge.net]
Re:Running key is dead... Long Live the One Time P (Score:5, Interesting)
The math behind public key encryption is still secure. When PKI fails, it is due to bad key management. OTP has the same problem, pad management. The beauty of public key encryption is that it doesn't matter who eavesdrops on your public key, you don't have to prearrange anything with anyone. OTP does not have the same advantages, and keeping your pad secure is every bit as difficult as keeping your private key secure.
Re: (Score:2)
I repeat, One Time Pad. Learn it, Use it. Love it.
Trade terabyte harddrives filled with noise with your friends and enjoy 100% perfect forward secrecy.
Mr. Anderson, what good will terrabytes of random pads do if you have no secure operating systems with which to use them?
Re: (Score:2)
What we all want to know (Score:3)
Which chapters have the embedded NSA trapdoors?
Singh's "The Code Book" is very good (Score:1)
Highly recommended for the history part, not so much the math. But it's very well written.
Amazon link [amazon.com]
Re: (Score:1)
"All the masturbation, blow jobs from German spies, and casual visits to whore houses? Mostly what I remember about that book was all the masturbation, and something about cap'n crunch."
People tend to remember what's important for them.
Re: (Score:1)
Re: (Score:2)
A spelling book?
The NSA (Score:5, Insightful)
Bauer writes that "everything I've seen and heard at the NSA has convinced me that the respect for the Constitution is a key component of the culture there". Aside from the incorrect observation about how the NSA treats the Constitution...
There's no reason to suggest the NSA has any less respect for the Constitution now than it did at time of publication. Culture does not change that quickly in an organization; the "big reveal" of Snowden, et al., may be changing our perception of the NSA and our culture, but I see no reason to believe it has changed the NSA's internal culture significantly. Especially when you consider one of the NSA's central tenets is to assume that all its systems are already compromised. For them, this would simply be evidence in support of the prevailing opinion there.
Much of this radical expansion of surveillance of the internet and telecommunications wasn't initiated internally, but instead by external political pressures. The NSA is still a support agency, and its mandate is to assist the FBI, CIA, DHS, and other law enforcement agencies with their own intelligence needs. The NSA does not have a mandate to pursue things on its own initiative.
Much of this expansion started under the Bush Administration and has continued under Obama -- the changes in the NSA's operational budget and goals is directly tied to changes in political atmosphere. It would be intellectually dishonest to suggest the NSA is responsible for this; They are not the initiators of these activities, they are merely providing the service requested. This is akin to suggesting that tech support broke your computer when you call in... the NSA didn't "break" the Constitution, or the internet, etc. They're just the people executing the orders they're given.
It's not the NSA that is disrespecting the Constitution, but the people using the NSA. Directly, that's the FBI, CIA, DHS, and other major agencies they serve. And in turn, those agencies are following the mandates issued by their executive staff, which in turn reports directly to the President and to Congress.
If we're going to point fingers, point them at the source, not the destination. It is entirely possible to have respect for a thing, while simultaniously being forced into actions which are disrespectful to it. Examples like Snowden's defection demonstrate there is at least some dissent amongst the rank and file within the organization as to the legitimacy of these demands.
You may recall the KGB had similar defections throughout the Cold War, most notably Vasili Mitrokhin, the head librarian of the KGB and a pre-computerization counterpart to Snowden. The Mitrokhin Archive was a major intelligence coup for the United States, and it happened for very similar reasons to Snowden's defection: Disagreement with the leadership over the legitimacy of external political demands, and the leadership trying to meet those demands instead of resisting them.
That's all very well, but.. (Score:2)
.. the history aside, a far bigger, immediate and very real problem is that the vast majority of people don't even understand why they ought to care more about secrecy, partly because they are either unaware of where their communications are being intercepted, by whom, and then even more complex, how the data can and is being analyzed today and for what purpose, and even when it isn't being analyzed today for purposes that may concern them, the permanency of that data and the possibility of tomorrows uses.
W
Similar to Cryptography Decrypted by Mel and Baker (Score:1)
I really enjoyed Cryptography Decrypted [amazon.com] which takes a similar history-based approach. It's shorter and written in an entertaining way.
Re: (Score:2)
what does that mean?
(Invisible) College of the Rosy Cross?
DRM is applied (Score:3)
This reminds me... (Score:1)
No mention about the Code Book!! (Score:1)