内容旧了,脱离当前的密码学实用现状,
对椭圆曲线ECC一笔带过,对AES完全没有涉及,GCM模式也没有,AEAD也没有,OTR也没有。
基本上是上个世纪的密码学历史故事集。
翻译自:
http://blog.cryptographyengineering.com/2011/11/in-defense-of-applied-cryptography.html
"此书误导了一些读者,让一些读者误以为自己已经能够专业地实现密码学算法了,导致他们的商业产品充满了可怕,滑稽,破损的密码学算法。
例如一个 Diebold voting machine, circa 2003,其中的码农可悲地用了lcg作为PRNG
"
"
Unfortunately, some readers, abetted by Bruce's detailed explanations and convenient source code examples, felt that they were now ready to implement crypto professionally. Inevitably their code made its way into commercial products, which shipped full of horribly ridiculous, broken crypto implementations. This is the part that was not so good. We're probably still dealing with the blowback today.
Just for one modest example, take this fragment of code spotted in a Diebold voting machine, circa 2003:
// LCG - Linear Conguential Generator - used to generate ballot serial numbers
// A psuedo-random-sequence generator
// (per Applied Cryptography, by Bruce Schneier, Wiley, 1996)
#define LCG_MULTIPLIER 1366
#define LCG_INCREMENTOR 150889 ...
Thanks to Applied Cryptography, the Diebold coders were able to write a perfectly functional Linear Congruential Generator in no time at all. You certainly can't blame Bruce for anything here -- the LCG code is fine. It's certainly not his fault that Diebold missed the part where he warned never to use LCGs for security applications. Whoops!
Although it's all said with love, some people really do blame Applied Cryptography for this sort of thing. Even Bruce has at various points himself apologized for this aspect of the book.
(Not coincidentally, you'll notice that his more recent books are nowhere near as brazenly useful as AC. Where Practical Cryptography is all crapped up with grave warnings about the dangers of rolling your own crypto implementations, Applied Cryptography just laid it all out there sans apology, like a copy of the Anarchist Cookbook left open in a middle school library.)
"
"What's magical about Applied Cryptography is really two things.
First of all, it's an incredible historical document. If there's a cipher that was used in the period 1970-1996, you'll read about it in Applied Cryptography. Even if the cipher was based on the cryptographic equivalent of an abacus, even if it was broken in the same conference in which it was published, Bruce will still give you a full design description and the address of the guy who owns the patent.
"
内容有点旧
《应用密码学》热门书评
-
经典!
7有用 1无用 魏理布赫 2008-07-03
这本书原书其实也不是象楼上说的那么老,95年左右吧。我好像是2001左右买的。密码学不光是算法,协议也许更重要!算法随着时间的过去,技术的发展,会变得过时(易破解),但是协议是相对稳定的。现在,RSA从理论上,可以在多项式复杂度内破解(量子算法,量子快速傅里叶变换)。...
-
这本书评分的误导-不适合入门
4有用 0无用 皇家狗蛋 2013-11-18
这本书的作者在序言里承认,这本书的广博性取代了它的可读性。事实是这本书尽管资料齐全(在那个年代),但是可读性非常差(大量资料的堆砌而非有序讲解)。这本书更多的可以当成一本查阅的工具书,而绝对不是入门学习读物,而豆瓣的评分一向对于枯燥的工具书比较偏爱(事实编写工具书也更有难度和考验编写者的水平),所以...
-
内容有点旧
4有用 0无用 windydays 2015-01-10
内容旧了,脱离当前的密码学实用现状,对椭圆曲线ECC一笔带过,对AES完全没有涉及,GCM模式也没有,AEAD也没有,OTR也没有。基本上是上个世纪的密码学历史故事集。翻译自:http://blog.cryptographyengineering.com/2011/11/in-defense-of-...
-
没有代码提供让人很残念...
2有用 4无用 伊卡洛斯 2010-01-06
这本书算是集大成者,换句话说里面的任何东西都不能真正的作为应用,虽然很尴尬。但是的确就是事实,就像把《加密与解密》看完了不可能对里面任何一个方面都了解得很细。比如说序列密码,Hash的彩虹链,,完美信息交换这些东西只有真正的高人去研究了。...
-
信息安全专业学生必备
1有用 0无用 Boyee ZaZa 2012-05-15
对于从事信息安全工作尤其是密码学方向的,绝对是一本不可多得的入门书籍。不过真的是需要一定的数论基础才能看得下去。非常给力的书。对于从事信息安全工作尤其是密码学方向的,绝对是一本不可多得的入门书籍。不过真的是需要一定的数论基础才能看得下去。非常给力的书。...
书名: 应用密码学
作者: [美] Bruce Schneier
出版社: 机械工业出版社
原作名: Applied Cryptography: Protocols, Algorithms, and Source Code in C
副标题: 协议、算法与C源程序
译者: 吴世忠
出版年: 2000-1-1
页数: 545
定价: 49.00元
装帧: 平装
ISBN: 9787111075882