BKCDBRKS.RVW 20090703 "The Codebreakers", David Kahn, 1996, 0-684-83130-9, U$75.00 %A David Kahn %C 5 Maxwell Dr., Clifton Park, NY 12065-2919 %D 1967, 1993, 1996 %G 0-684-83130-9 %I Charles Scribner's Sons/MacMillan/Delmar Cengage Learning %O U$75.00 800-354-9706 www.cengage.com %O http://www.amazon.com/exec/obidos/ASIN/0684831309/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0684831309/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0684831309/robsladesin03-20 %O Audience n+ Tech 2 Writing 2 (see revfaq.htm for explanation) %P 1200 p. %T "The Codebreakers" It seems that no work on cryptography is complete without some reference to Kahn's great historical reference. For a long time I'd been meaning to find a copy and get it into the series. Its pages are filled with fascinating stories, and some great historical scholarship. But almost nothing that you'd be asked on the CISSP (Certified Information Systems Security Professional) exam. The thing is, Kahn's work was originally written before the invention of DES (the Data Encryption Standard) or any of the other now commonly used symmetric block ciphers. (Although Feistel must have been working on the predecessor to Lucifer at the time the first edition of the book was published.) Whether you credit Diffie and Hellman, Merkle, or GCHQ, asymmetric encryption wasn't even a gleam on the horizon. So all of modern cryptography came after Kahn produced his primary version. Some of the historical material is relevant, to be sure. The fact that implementation details always trip you up is demonstrated time and again. The truisms of Kerckhoffs' Law, Marcel Givierge's advice to "[e]ncode well or do not encode at all. In transmitting cleartext, you give only a piece of information to the enemy, and you know what it is; in encoding badly, you permit him to read all your "correspondence and that of your friends," and even Charles Babbage's assertion that "[o]ne of the most singular characteristics of the art of deciphering is the strong conviction possessed by every person, even moderately acquainted with it, that he is able to construct a cipher which nobody else can decipher. I have also observed that the cleverer the person, the more intimate is his conviction" are all supported time and time again. The importance of key changes, the concept of perfect forward secrecy, and many more important cryptological factors are all illustrated here. At great length. This is definitely a bedtime book. It's got a lot of material, and it demands diligent attention from the reader. Look away for a second, and you'll find that we have jumped from the third to the seventeenth century, and turned from transposition ciphers to nomenclators. Well, no, it isn't that bad. Kahn is a good writer, and his text will keep you engaged, but you do have to pay attention. The historical stories are complex and intertwined, and you will have to make frequent reference to the index to re-read the specifics of particular writers or ciphers. Up until the twentieth century, however, the content progresses in a fairly straightforward manner. (By the time of the world wars we start to suffer from an embarrassment of riches, and the timeline rewinds many times through different countries and agencies.) When we get past the second world war, the material does start to show its age. Kahn admits, in the preface to the second edition, that he only added one (very brief) chapter to bring things up to date (mostly concerned with the Ultra project revelations that came to light in the 1970s), and didn't bother to check and update the previous material. So it's a bit funny to find mentions, in his chapter on "current" cryptography in the fifties and sixties, descriptions of the Soviet Union as if it still existed. You have to keep remembering that the crypto "devices" aren't digital, and the "networks" are Telex. There are some additional chapters covering commercial and criminal codes, ciphers that people have imposed upon mysterious material (like something out of "The Da Vinci Code"), decipherment of dead (and interstellar) languages, and random aspects of cryptanalysis. These read like magazine articles that have been thrown into the work at the last minute, and are outside the historical structure of the bulk of the book. There are still interesting tidbits, but Kahn also feels freer to opine in this section. Although Kahn states that he wanted to produce a complete history of cryptology (combining both cryptography and cryptanalysis) it is obvious that his heart is in cryptanalysis. Thus is it rather strange that the weakest areas of the text involve his explanations of cryptanalytic techniques. As Kahn is an amateur cryptanalyst himself, this is possibly due to an overfamiliarity with the subject. The explanations frequently seem to assume a more extensive background on the part of the reader. This is a work of solid historical scholarship. It will be fascinating for anyone with the remotest interest in cryptology. For anyone seriously working in the field it makes great reading material and is a salient reminder of some important points that often get lost in the technology. Just don't plan to use it to craft your public key infrastructure. copyright Robert M. Slade, 2009 BKCDBRKS.RVW 20090703