BKDECSEC.RVW 20020520 "Decrypted Secrets", F. L. Bauer, 2002, 3-540-42674-4, U$44.95 %A F. L. Bauer %C 175 Fifth Ave., New York, NY 10010 %D 2002 %G 3-540-42674-4 %I Springer-Verlag %O U$44.95 212-460-1500 800-777-4643 rjohnson@springer-ny.com %O http://www.amazon.com/exec/obidos/ASIN/3540426744/robsladesinterne %P 474 p. %T "Decrypted Secrets: Methods and Maxims of Cryptology, 3rd Ed." Cryptology is the study of the technologies of taking plain, readable text, turning it into an incomprehensible mishmash, and then recovering the initial information. There are two sides to this study. Cryptography is the part that lets you garble something, and then recover it if you have the key. Cryptanalysis is usually seen as the "dark side" of the operation, because it is the attempt to get at the original meaning when you *don't* have the key. Most current and popular works on cryptology actually only speak about cryptography. For one thing, nobody wants to get into trouble by telling people how to break encryption. However, it is also much easier to blithely talk about key lengths and algorithms and pretend to know what you are doing than it is to demonstrate a sufficient mastery of mathematics to enable you to go about cracking a particular cipher. Bauer examines both sides, which is an important plus. If you need to decide how strong an encryption algorithm or system is, it is important to know how difficult it might be to break it. Chapter one looks at steganography, the science of hiding in plain sight, or concealing the fact that a message exists at all. In this he first demonstrates a wide ranging historical background which is quite fascinating in its own right. Basic encryption concepts are introduced by the same historical background, but move on to a very dense mathematical discussion of cryptographic characteristics in chapter two. Encryption functions are started in chapter three, and it is delightful to have examples other than Julius Caesar's substitution code. Polygraphic substitutions are in chapter four and the math for advanced substitutions is in chapter five. Chapter six introduces transpositions. Families of alphabets, and rotor encryptors such as ENIGMA, are reviewed in chapter seven. Keys are discussed in chapter eight, ending with a brief look at key management. Chapter nine covers the combination of methods resulting in systems such as DES (Data Encryption Standard). The basics of public key encryption are introduced in chapter ten. The relative security of encryption is introduced in chapter eleven, leading to part two. However, Chapter eleven also ends with a discussion of cryptology and human rights, concentrating mainly, although not exclusively, on the US public policy debates. Part two examines the limits of functions used in cryptography, and thus the points of attack on encryption systems. Chapter twelve calculates complexity, and thus the size of brute force attacks. Known plaintext attacks are the basis of chapters thirteen to fifteen, looking first at general patterns, then at probable words, and finally at frequencies. Frequency leads to a discussion of invariance in chapter sixteen. Chapter seventeen follows with a look at key periodicity. Alignment of alphabets is covered in chapter eighteen. Of course, cryptographic users sometimes make mistakes, and chapter nineteen reviews the different errors and various ways to take advantage of them. Chapter twenty one looks at anagrams as an effective attack on transposition ciphers. The concluding chapter muses on the relative effectiveness of attacks and of cryptanalysis overall. Those seriously interested in cryptology will really *need* to be serious: brush up on your number theory if you want to use this book for anything. This third edition is essentially and structurally unchanged from its predecessors, although it has been updated to reflect the latest algorithms and technologies. Bauer's history and vignettes from the story of codes and the codebreakers are interesting, amusing, and accessible to anyone. copyright Robert M. Slade, 1998, 2002 BKDECSEC.RVW 20020520