Book Review: Secret History: the Story of Cryptology 71
benrothke writes "Narrating a compelling and interesting story about cryptography is not an easy endeavor. Many authors have tried and failed miserably; attempting to create better anecdotes about the adventure of Alice and Bob. David Kahn probably did the best job of it when wrote The Codebreakers: The story of secret writing in 1967 and set the gold standard on the information security narrative. Kahn's book was so provocative and groundbreaking that the US Government originally censored many parts of it. While Secret History: The Story of Cryptology is not as groundbreaking, it also has no government censorship. With that, the book is fascinating read that provides a combination of cryptographic history and the underlying mathematics behind it." Keep reading for the rest of Ben's review.
As a preface; the book has cryptology in its title, which is for the most part synonymous with cryptography. Since cryptography is more commonly used, I'll use it in this review. Secret History: The Story of Cryptology | |
author | Craig P. Bauer |
pages | 620 |
publisher | CRC Pres |
rating | 9/10 |
reviewer | Ben Rothke |
ISBN | 978-1466561861 |
summary | Excellent comprehensive and decipherable text on the history of cryptography |
Kahn himself wrote that he felt this book is by far the clearest and most comprehensive of the books dealing with the modern era of cryptography including classic ciphers and some of the important historical ones such as Enigma and Purple; but also newer systems such as AES and public-key cryptography.
The book claims that the mathematics detailed in it are accessible requiring minimal mathematical prerequisites. But the reality is that is does require at least a college level understanding, including algebra, calculus and more.
As an aside, nearly every book on encryption and cryptography that claims no advanced mathematical knowledge is needed doesn't meet that claim. With that, Bauer does a good job of separating the two narratives in the book (cryptography and history), so one who is not comfortable with the high-level math can easily parse through those sections.
Bauer brings an extensive pedigree to the book, as he is a former scholar-in-residence at the NSA Center for Cryptologic History. While Bauer has a Ph.D. in mathematics, that does not take away from his ability as an excellent story teller. And let's face it; telling the story of cryptography in a compelling and readable manner is not an easy task.
The 20 chapters in the book follow a chronological development of encryption and cryptography; from Roman times to current times. Each chapter has a set of exercises that can be accessed here. Besides being extremely well-researched, each chapter has numerous items for further reading and research.
Chapters 1-9 are focused on classical cryptology, with topics ranging from the Caesar cipher, Biblical cryptology, to a history of the Vigenère cipher, the ciphers of WW1 and WW2 and more.
In chapter 8 World War II: The Enigma of Germany, Bauer does a great job of detailing how the Enigma machine worked, including details regarding the cryptanalysis of the device, both in its rotor wirings and how recovering its daily keys ultimately lead to is being broken. The chapter also asked the question: what if Enigma had never been broken,and provides a provocative answer to that.
Chapter 8 opens with the famous quote from Ben Franklin that "three may keep a secret if two of them are dead". He notes that the best counterexample to that is of the 10,000 people that were involved in the project to break the Enigma. They all were able to maintain their silence about the project for decades; which clearly shows that large groups can indeed keep a secret. Bauer notes that it is often a reaction to conspiracy theories that large groups of people could never keep a secret for so long.
Chapter 9 provides a fascinating account of the Navajo code talkers. These were a group of Navajo Indians who were specially recruited during World War II by the Marines to serve in their communications units. Since the Navajo language was unknown to the Axis powers; it ensured that all communications were kept completely secret.
While part 1 is quite interesting; part 2, chapters 10-20 focuses on modern cryptology and is even more fascinating. Bauer does a fantastic job of encapsulating the last 60 years of cryptography, and covers everything from the origins of the NSA, the development of DES and AES, public key cryptography and much more.
The book was printed in March 2013 just before the NSA PRISM surveillance program became public knowledge. If there is any significant mistake in the book, it is in chapter 11 where Bauer writes that "everything I've seen and heard at the NSA has convinced me that the respect for the Constitution is a key component of the culture there".
Aside from the incorrect observation about how the NSA treats the Constitution, the book does an excellent job of integrating both the history of cryptography and the mathematical element. For those that aren't interested in to the mathematics, there is plenty of narrative in the book to keep them reading.
For those looking for a comprehensive and decipherable text on the history of cryptography, this is one of the best on the topic in many years.
Kahn's book laid the groundwork that made a book like this possible and Secret History: The Story of Cryptology is a worthy follow-up to that legendary text.
Reviewed by Ben Rothke
Running key is dead... Long Live the One Time Pad (Score:2, Insightful)
I repeat, One Time Pad. Learn it, Use it. Love it.
Trade terabyte harddrives filled with noise with your friends and enjoy 100% perfect forward secrecy.
When you run out of pad, go meet in person and trade another drive after you confirm privacy.
One time pad is best for situations where you can get 100% private with someone, but have to leave that privacy later and still need to speak with them privately.
The NSA revelations tells me that all running key algorithms are dead. I prefer any key being allowed to decrypt any message from my ciphertext. with running key, only one output looks legible, and the others are all gibberish. Thus they can work and slowly attack your crypto using known plaintext attacks and such.
If you write "BAD THING A" they will decrypt various "tries" and get "SADFSAFSADF" or "SAFDFDBERTGSD" or "BAD THING A". Looks obvious when you find the right answer.
With one time pad. Your key is as long as the message so changing the decryption key only changes that one letter. So any possible key could be made to make any possible message. The key "ABC" could decrypt to "KILL EVERYONE" or the key "ZYX" could decrypt the same message to say "SAVE CHILDREN". Harder to know when you've got the right key.
The NSA (Score:5, Insightful)
Bauer writes that "everything I've seen and heard at the NSA has convinced me that the respect for the Constitution is a key component of the culture there". Aside from the incorrect observation about how the NSA treats the Constitution...
There's no reason to suggest the NSA has any less respect for the Constitution now than it did at time of publication. Culture does not change that quickly in an organization; the "big reveal" of Snowden, et al., may be changing our perception of the NSA and our culture, but I see no reason to believe it has changed the NSA's internal culture significantly. Especially when you consider one of the NSA's central tenets is to assume that all its systems are already compromised. For them, this would simply be evidence in support of the prevailing opinion there.
Much of this radical expansion of surveillance of the internet and telecommunications wasn't initiated internally, but instead by external political pressures. The NSA is still a support agency, and its mandate is to assist the FBI, CIA, DHS, and other law enforcement agencies with their own intelligence needs. The NSA does not have a mandate to pursue things on its own initiative.
Much of this expansion started under the Bush Administration and has continued under Obama -- the changes in the NSA's operational budget and goals is directly tied to changes in political atmosphere. It would be intellectually dishonest to suggest the NSA is responsible for this; They are not the initiators of these activities, they are merely providing the service requested. This is akin to suggesting that tech support broke your computer when you call in... the NSA didn't "break" the Constitution, or the internet, etc. They're just the people executing the orders they're given.
It's not the NSA that is disrespecting the Constitution, but the people using the NSA. Directly, that's the FBI, CIA, DHS, and other major agencies they serve. And in turn, those agencies are following the mandates issued by their executive staff, which in turn reports directly to the President and to Congress.
If we're going to point fingers, point them at the source, not the destination. It is entirely possible to have respect for a thing, while simultaniously being forced into actions which are disrespectful to it. Examples like Snowden's defection demonstrate there is at least some dissent amongst the rank and file within the organization as to the legitimacy of these demands.
You may recall the KGB had similar defections throughout the Cold War, most notably Vasili Mitrokhin, the head librarian of the KGB and a pre-computerization counterpart to Snowden. The Mitrokhin Archive was a major intelligence coup for the United States, and it happened for very similar reasons to Snowden's defection: Disagreement with the leadership over the legitimacy of external political demands, and the leadership trying to meet those demands instead of resisting them.