Crypto 29
| Crypto | |
| author | Steven Levy |
| pages | 356 |
| publisher | Viking/Penguin |
| rating | 9/10 |
| reviewer | Michael Sims, drfalken, topeka |
| ISBN | 0-670-85950-8 |
| summary | A history of the people involved in developing modern cryptography |
Several people were interested in reviewing this book. We try to be accomodating, so this is a mega-review by myself and slashdot readers drfalken and topeka. I'll try to be brief.
Michael's review:
I didn't expect to like Crypto. I was frankly put off by the subtitle on the front cover: "How the Code Rebels Beat the Government -- Saving Privacy in the Digital Age." Every time I send an unencrypted email (because none of my correspondents use encryption, because it isn't built-in) or think about the law (CALEA) which requires my ISP and telephone company to accomodate the government in wire-tapping my communications, I realize that this just isn't true. While the cryptographers thought they were winning battles, the government has so far been winning the war. From the sub-title, I expected the book to be a rah-rah cheerleading history of these noble crypto-knights wielding their ciphersabers with gleeful abandon against the fascist, corrupt, and evil Big Brother.
It turns out to be a much better book than I had expected. The author has collected most of his information through personal interviews, and it ends up being a very readable and very personal account of the past 30 years of cryptographic research and commercial development -- both in the public sphere, and, to some extent, in U.S. and British intelligence agencies. The author treats his subjects fairly - the government is not demonized as I expected, and the cryptographers are not idolized (much). There is essentially no math in this book, beyond the bare minimum necessary to understand the main concepts of cryptography. Together with, say, The Codebreakers for early history and Applied Cryptography for the math, it would make a comprehensive and thorough look at the history and science of cryptography.
drfalken's review:
The ubiquity of encryption technology employed by everything from bank machines to e-tailers is now taken for granted. Most people fail to realize, though, the profound impact that this component of the digital world has had on the Information Age. Illumination of this point is the formidable task of Crypto.The renowned author of Hackers and Insanely Great remains true to form, transforming an obscure, dry and complex subject into an addictive page-turning thriller. He takes us from the hippie culture of academic math research in the 70s, through the dark underworld of government intelligence, into the development of the modern information age. Each step emphasizes the central conflict of the story: American national security vs. the right to individual privacy.
While this conflict has largely been resolved, the story contains important lessons that can be applied to the contemporary struggles over technologies like DeCSS and peer-to-peer media 'sharing.' Levy doesn't make any such connections in the book, but it is impossible to read Crypto without seeing how history is repeating itself in these other areas. This makes Crypto and important book to read. Everyone from the RIAA to 2600 subscribers can learn a lot from this well organized retelling of the past 30 years of crypto history. There's a certain futility involved in trying to put the genie of progress back in a bottle. There's also a case to be made for the management of progress so that it is used with the greatest benefit and smallest detriment to all. Perhaps the most remarkable revelation in the book is how the adversarial nature of 'the geeks' vs. 'the spooks' allowed for the maturation of a sensitive technology in a safe and thoughtful manner.
Anyone who has read Wired or Newsweek over the past 5 years will have read excerpts from Crypto. Levy spent a long time researching this book, which makes sense considering the story he is telling is one that was developing during his period of research. Many of the events he recounts are ones he covered as a journalist at the time that they happened. Some time spent in the Wired archives shows the extent to which he has been one of the journalists closest to the crypto revolution since the release of PGP and the popularization of the Internet.
The book begins with the story of Whit Diffie and his wild ambition to simply learn more about the black art of electronic cryptography. In the early 70s the government monopoly on information relating to serious crypto was nearly complete. Coming from the mindset of the Open Source community, Levy's tale of the early crypto research climate describes a cathedral that makes Microsoft look like the Debian project. The resulting story, therefore, highlights the magnificence of the public key breakthrough, the boldness of the RSA discovery and the daring of Paul Zimmermann's PGP.
If you're looking for a history of Cryptography, get The Code Book by Simon Singh, or Codebreakers by David Kahn instead of this book. Crypto is a contained story dealing exclusively with the American Cryptographic Experience from Diffie-Hellman, through RSA, and PGP. It is effectively a collection of short, intertwined biographies of the saviors of privacy, from Adleman to Zimmermann. This is not to say that Levy ignores the math; on the contrary, his explanation of the magnitude of the public key concept hits home even harder than the impressive work by Simon Singh.
Especially in light of recent Slashdot stories, Crypto is highly recommended, for novices and Cypherpunks alike. It's a coming of age story for American technology, and a great addition to the bookshelf of modern American history.
topeka's review:
The first time I heard the term "elegant" applied to a technical problem was a bit of a revelation for me. Until then, elegance, to me, was a visual quality that could only be achieved by painters and poets. When I began to see the elegance in solutions to technical and mathematical problems, I was hooked into a world of intellectual curiosity. Cryptography immediately filled the mold of a highly complex and technical problem with a beautiful and elegant solution when it was first explained to me several years ago. The idea clicked again when I read Raymond's The Cathedral and the Bazaar and equated that elegance to "scratching a particular itch". This intellectual curiosity seems to drive the open source community.
However, in 1967, when James Ellis (of the secret British agency, GCHQ) first came up with the idea of public key cryptography, his theory was buried. Until then, solutions to cryptographic problems were a dirty process. If it was easy to create a cipher, than it was just as easy to break it. As such, Ellis's breakthrough was simply too pretty to be trusted and as a result, it lay locked away until 1997. Steven Levy's new book, Crypto is the story of the individuals who transformed cryptography from a dirty art, which only the most elite governments dabbled in, to an elegant mathematical solution available to the public in hundreds of different forms. It was all done by a community of individuals who preached openness and sought out clean solutions to tough, technical problems.
Levy starts out his story in the same place as he started with an earlier famous work, at the Massachusetts Institute of Technology. He narrates the story of Whitfield Diffie, the co-creator of public key cryptography. Starting in 1969 as Diffie sought shelter from the Vietnam war working for a defense contractor, Levy discusses Diffie's transformation from examining ideas about cryptography as merely a hobby, to an all out obsession. Diffie is transformed from a man thinking about cryptography on the weekends to a man criss-crossing the country in one run-down Datsun after another, searching for any and every piece of information about cryptography. Diffie would not broach the wall of cryptography until he was pointed to another researcher in California, who seemed to be investigating the same concepts. Levy chronicles the fateful partnership that occurred with Marty Hellman and the subsequent invention of public key cryptography, at least its theory.
At this time, there were few works published on the subject of cryptography. In fact, only government agents and a few privileged defense contractors were able to expend meaningful resources on crypto research. It seems that while Levy's work is a story of the people who waged a war to bring crypto to the public, it is also the story of that wars' enemy, the National Security Agency. The cryptography bureaucracy, gaining most of its resources during the Second World War, had built quite a palace around anything that involved codes. In the years to come, the NSA would fiercely defend its position of strength. From its early attempts to classify David Kahn's famous work, The Codebreakers, to its involvement in the creation of the Digital Encryption Standard and its invention of the Clipper Chip. As Crypto defines it, the spooks were able to keep their lock on cryptography by invoking a mentality of "if only you knew what I know..." in classified briefings to politicians and contract negotiations with defense contractors like IBM. What the NSA never expected, was for anyone to try and find out what it was that they knew. With the publishing of the Diffie-Hellman paper, "New Directions in Cryptography," one of the NSA's most viable opponents would begin their work where Diffie and Hellman's theories left off, implementation.
Ron Rivest, Adi Shamir and Leonard Adleman, through a four-month period of intense brainstorming, would eventually implement and patent the Diffie-Hellman concept of public key cryptography while working as faculty at MIT. As Levy chronicles it, the algorithm, which would become popularly known as RSA, was named for the order in which each mathematician gave to the project. Rivest, who spearheaded the search for the implementation was listed first and Adelman, who merely poked holes in Rivest and Shamir's proposals, had to be convinced that he had even contributed enough to the project to be listed on the paper. Until this point, the description of cryptographic algorithms in scientific texts had always been done using letters of the alphabet to depict members in a cryptographic exchange. The creators of RSA introduced the now famous cryptographic characters, Alice, Bob and the unruly Eve, to describe their new breed of algorithms. Levy is able to highlight the mentality of the three mathematicians, some of which at first, thought the problem was nothing more than a clever puzzle and too grounded in the real world to be successfully dealt with by mathematicians. He shows their transformation to the church of cryptography, as the elegance of the new algorithms would prove as beautiful as the theorems of Gauss and Euclid.
The story continues with RSA Data Security, the vehicle Rivest would use to commercialize his algorithm. To talk about RSA Data Security is to talk about patent use. Both the Diffie-Hellman algorithm, as well as RSA, were actually patented by Stanford University and MIT, respectively. When the patents were granted, those Universities then had the option to either free the patents or restrict them. As history has painfully shown, they did not choose to free them. RSA Data security was built on this decision -- an MIT patent. It was sometimes difficult to read this section of the book with the same exuberance that Levy writes about it. Nonetheless, it is a reminder of the state of our intellectual property laws today in the United States.
Levy's narration eventually leaves the story of RSA to tell that of Phil Zimmerman, someone who could rightly be called a crypto-anarchist. Once again we are treated to an in depth discussion of the motivation that created Pretty Good Privacy. Levy contrasts the use of legal patents by RSA Data Security to bring encryption to the masses, to the complete ignorance of them by Zimmerman in his creation of PGP to achieve the same goal.
Finally, in my favorite section of the book, Levy discusses the controversy that surrounded a device known as the Clipper Chip. It was originally invented by the NSA as a complete key-escrow system, named the Capstone Chip. Later, as AT&T attempted to market the first encrypted telephone device, the Capstone chip became the Clipper Chip as the FBI and other Executive branch officers rushed to implement a brain-dead subset of the original system before the AT&T device made it to market. An entirely amusing fiasco, Levy lays the entire story out from beginning to end.
Lastly, includes an epilogue telling the story of the British agents at GHCQ, who beat Whitfield-Diffie and RSA -- a story that the GCHQ refused to let surface until the mid 1990s.
Levy tells a story about people. If you are looking for a technical discussion of the different aspects of cryptography then you would be better off with Schneier's Applied Cryptography or Singh's The Code Book. However, to understand the freedom that cryptographic technologies bring us, we must understand the history that it stands on. This is what Levy provides. A comprehensive history of the events that took cryptography out of the hands of the NSA and into the hands of political dissidents, CEOs, Nazis, you and me (not to mention mozilla, pgp, ssh, and gpg).
You can purchase Crypto at ThinkGeek.
Re:Whatever... (Score:1)
Re:Whatever... (Score:1)
I've often wondered, what tastes best poured over a fine encryption algorithm? Heinz? Thousand Island? Or some white wine?
"Paul" Zimmermann? (Score:2)
- The resulting story, therefore, highlights the magnificence of the public key breakthrough, the boldness of the RSA discovery and the daring of Paul Zimmermann's PGP.
I presume you mean Phil Zimmermann [hush.com], eh?Alex Bischoff
---
Re:PKI not "out" 'til '97?? (Score:2)
Encrypted email (Score:1)
The real challenge was getting it to work thru a proxy server, but that turned out to be trivial too.
email your secrets to: chuck@schiller.tzo.com
key at pgpkeys.mit.edu
Good book! (Score:2)
topic wouldn't last 300 some pages, but the
personalities of the participants were fascinating.
It is the classic case of big-brother versus
individual genius. Not one instance, but over
and over again as the NSA/CIA pulls the wool over
our eyes.
Well worth reading (Score:2)
I strongly recommend reading Whit Diffie and Susan Landau's excellent Privacy on the Line in conjunction with Steven's book. And Simon Singh's book is another good companion, since it has much more of the pre-World War II history of crypto and secret writing.
We are very fortunate that someone like Whit Diffie did the right thing technically for the right reasons ethically. It is making a huge difference.
-------
Re:More publicity on the need for Crypto (Score:1)
--
Re:More publicity on the need for Crypto (Score:1)
(*slap!* stupid! stupid!)
--
Enticing, but flawed (Score:1)
Re:"Paul" Zimmermann? (Score:1)
Thanks.
Elliot.
----------------------------
Re:Crypto vs Codebreakers (Score:1)
I expect to be finished by the end of next month (if I'm lucky).
----------------------------
interesting subject, slow read (Score:2)
I wish it were so. I'm reading the book right now, actually, and although the information contained in it (especially the many funny anecdotes about the development of public key crypto) is absolutely fascinating, the book itself is not that well written, IMHO. I haven't ready the author's earlier works, but compared to other true-life-drama books (and I'm thinking particularly of _When Genius Failed_ which I also just read) it falls a bit short. Most of the outcomes are heavily foreshadowed, and for those of us who know which algorithms are now widely used, there is little to no suspsense.
Still, an enjoyable book - just not as good as the reviews make it out to be.
Re:More publicity on the need for Crypto (Score:1)
More publicity on the need for Crypto (Score:3)
It's always good to see this getting public exposure, and they did a good job of raising the standard privacy concerns (doctors and patients need privacy and therefore encryption, for one), although the article wasn't as enthusiastic about encryption as I would have liked.
PKI not "out" 'til '97?? (Score:1)
This reads as if PK cryptography wasn't public knowledge until '97. This isn't the case, of course, as those of us who followed Phil Zimmerman's excellent work from '91 (first PGP release, IIRC) onwards.
Re:Slight innacuracy in topeka's review (Score:1)
My grandfather worked in counter-intelligence for the US in Berlin during the beginning of the Cold War. He only told me two stories before he passed (last year).
The first, regarded the capture of an East German spy in the US-controlled area of Berlin. The spy was attempting to recruit during the interrogation -- even though he was treated to smokes instead of the firing squad if the roles had been reversed. That particularly incensed my granddad. Oh, and I learn from his story that they did indeed have underground "city" with car-sized elevators in residential garages.
The second story was about planting a bug in an apartment shared by a US Colonel and a known East German spy (female). Anyway, they sent a team in while the couple went to dinner (why bother going out? Anyway...) and since the woman had a dog the team brought a piece of steak to calm it down. Turned out the dog was friendly. Upon leaving the apartment and checking that everything was back in place they signalled to drop back from following the couple. Minutes later the team screamed to regain contact -- they forgot the steak! "Hunny, did you put that steak there or are we being watched?"
That's it. Oh, he did describe the inside of the regional FEMA nuke hide out -- that only he and not even my grandmother had access to in case of nuclear attack. I remember that everything was on springs -- including the pictures (they had pictures on walls for use when everone topside would fry? Enjoy that Van Gough!) and the toilets.
It must be the culture. He just didn't talk about his experiences. As far as I know those secrets made it undiscovered to the grave with him.
Oh, damn you, Hassen.
Re:Whatever... (Score:2)
Doh, I was halfway through writing my own review! (Score:4)
I guess I'll drop that idea now ;) Anyway, I think the reviewers missed out on a couple of things I found most interesting:
If you haven't got this book, and you're interested in crypto then I'd highly recommend it. It mentions the contributions of virtually every well known personality involved with modern cryptography: Tuchman, Horst Feistel, Coppersmith, Rivest, Diffie, Hellman, Chaum, Meyer, Gilmore, Schnorr, Eli Biham, Bruce Schneier, Jeff Schiller, Adam Back, Daniel Bernstein, Matt Blaze, Dorothy Denning, PRZ etc etc etc
I've read most decent crypto books, and Crypto is like a more up to date version of The Code by David Kahn...Coverage on the NSA follows neatly on from Bamfords The Puzzle Palace.
Slight innacuracy in topeka's review (Score:4)
As a side note, my grandfather worked for GCHQ for many, many years as a computer operator and programmer, both in the UK and Hong Kong, and of course he told me precisely nothing about what they did there. The only story he ever related to me was regarding a mainframe training course they went on at Lucas Engineering for some IBM beast of a machine. More interesting than the humorous anecdote related there (the instructor telling my grandfather "please don't speak the hallowed name of Thomas J. Watson while urinating") was the fact that GCHQ was behind the curve on the hardware front when compared to British industry; the whole reason for going to Lucas was that they already had the mainframe themselves.
I'm sure he had many more, and better, stories. Unfortunately, He's no longer with us to share them.
A couple of eye-rollers... (Score:3)
"Mary didn't like Whitfield Diffey. But she just hadn't decoded him yet."
That being said, the book was a great read. Don't buy it if you want an in-depth analysis of modern crytography -- it is NOTHING of the sort. You basically get the soap opera that went into the making of public key -- RSA vs. NSA, RSA vs. Phil Z., Phil Z. vs. the world.
Why? (Score:1)
Best crypto is what is not expected (Score:1)
What worries me is that crypto will become accepted by the public, making it harder for law enforcement officials to find the criminals before they hurt innocent people
In case you haven't noticed this is a troll :-)
Re:Encrypted email (Score:1)
reviews, biographies (Score:1)
It is an enjoyable read, a light quick read in the genre which might be described as "group biography". Similiar to Hackers.
I would describe it as a light-weight version of a book that picks up where The Codebreakers by David Kahn left off. Following the events myself since the early 90's I found I learnt a pleasant amount about the people, making the topic more humane as opposited to a technical or flamewar discussion.
my review (Score:1)
cryptic reviews and rants (Score:3)
Apparently he may have not known where exactly to look for information, cryptographic published articles were rare, and due to the time frame with no internet, it doesn't mean that they weren't available, solely harder to come across. There are documents dating back to ancient Egyptian times regarding crytpo, its the mathematics I guess is what may have been meant here.
This is likely to be Venona and what took place with the Enigma machines. Government of course is going to attempt to be the fundamental leader in technology at this time, as it is a highly stressful time of war, and the NSA was trying to gain ground on the Germans, to think they're the enemy is a bit of a misstatement, sure we can hate them, but the NSA is solely doing what they're told.
Sorry to say, but in order to give a fair and just look at the whole scenario I would have preferred non "tech-racist" terms such as a spook. Sure we know what a spook is (those into security and technology), but to judge an agency while writing a book shows a dislike for government, and while I like them as much as I like mad cow disease, I think some views may be biased, which is not a fair rendition of the full spectrum of it all.
I just think I'll go out and buy the book for clarity's sake instead of rambling on.
CIA vs. Soviets [antioffline.com] (top secret declassified docs)
Related Fiction (Score:1)
I haven't read Crypto.. but I did recently read Neal Stephenson's Cryptonomicon. A big fat book but worth reading if you want a gripping story with lot's of crypto references thrown in.
Crypto vs Codebreakers (Score:2)
While I like both of them I think that Crypto is much more accessable. Hopefully non-techies will read it and the interest in crypto will grow. I think the biggest problem right now is that most people don't understand how crypto can help them.
Has anyone else finished reading The Codebreakers? How do the two compare where their accounts overlap?