Applied Cryptography 2nd ed. - B. Schneier
- Applied Cryptography, Second Edition: Protocols, Algorthms, and Source
- Code in C (cloth)
- (Publisher: John Wiley & Sons, Inc.)
- Author(s): Bruce Schneier
- ISBN: 0471128457
- Publication Date: 01/01/96
There are two kinds of cryptography in this world: cryptography that will stop
your kid sister from reading your files, and cryptography that will stop major
governments from reading your files. This book is about the latter.
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then
tell you to read the letter, that’s not security. That’s obscurity. On the other
hand, if I take a letter and lock it in a safe, and then give you the safe along
with the design specifications of the safe and a hundred identical safes with
their combinations so that you and the world’s best safecrackers can study the
locking mechanism—and you still can’t open the safe and read the
letter—that’s security.
For many years, this sort of cryptography was the exclusive domain of the
military. The United States’ National Security Agency (NSA), and its
counterparts in the former Soviet Union, England, France, Israel, and
elsewhere, have spent billions of dollars in the very serious game of securing
their own communications while trying to break everyone else’s. Private
individuals, with far less expertise and budget, have been powerless to protect
their own privacy against these governments.
During the last 20 years, public academic research in cryptography has
exploded. While classical cryptography has been long used by ordinary
citizens, computer cryptography was the exclusive domain of the world’s
militaries since World War II. Today, state–of–the–art computer cryptography
is practiced outside the secured walls of the military agencies. The layperson
can now employ security practices that can protect against the most powerful
of adversaries—security that may protect against military agencies for years to
come.
Do average people really need this kind of security? Yes. They may be
planning a political campaign, discussing taxes, or having an illicit affair. They
may be designing a new product, discussing a marketing strategy, or planning
a hostile business takeover. Or they may be living in a country that does not
respect the rights of privacy of its citizens. They may be doing something that
they feel shouldn’t be illegal, but is. For whatever reason, the data and
communications are personal, private, and no one else’s business.
This book is being published in a tumultuous time. In 1994, the Clinton
administration approved the Escrowed Encryption Standard (including the
Clipper chip and Fortezza card) and signed the Digital Telephony bill into law.
Both of these initiatives try to ensure the government’s ability to conduct
electronic surveillance.
Some dangerously Orwellian assumptions are at work here: that the
government has the right to listen to private communications, and that there is
something wrong with a private citizen trying to keep a secret from the
government. Law enforcement has always been able to conduct
court–authorized surveillance if possible, but this is the first time that the
people have been forced to take active measures to make themselves available
for surveillance. These initiatives are not simply government proposals in
some obscure area; they are preemptive and unilateral attempts to usurp
powers that previously belonged to the people.
Clipper and Digital Telephony do not protect privacy; they force individuals to
unconditionally trust that the government will respect their privacy. The same
law enforcement authorities who illegally tapped Martin Luther King Jr.’s
phones can easily tap a phone protected with Clipper. In the recent past, local
police authorities have either been charged criminally or sued civilly in
numerous jurisdictions—Maryland, Connecticut, Vermont, Georgia, Missouri,
and Nevada—for conducting illegal wiretaps. It’s a poor idea to deploy a
technology that could some day facilitate a police state.
The lesson here is that it is insufficient to protect ourselves with laws; we need
to protect ourselves with mathematics. Encryption is too important to be left
solely to governments.
This book gives you the tools you need to protect your own privacy;
cryptography products may be declared illegal, but the information will never
be.