Rotors of M-209 cipher machine.

Suggested Books About Cryptography

Suggested Further Reading

Here are some suggestions for further reading about cryptography. You can learn about the technology at an introductory or advanced level. You can also learn about its history.

Popular Introductions

"The Gold Bug", by Edgar Allan Poe, is probably the most readable explanation of how to break monoalphabetic substitution ciphers. But be warned: it's a good story with a useful illustration of early cryptanalysis, but it was written in 1843 and so it contains some unfortunately racist language.

"The Adventure of the Dancing Men", by Arthur Conan Doyle, is another late 1800s detective story in which a monoalphabetic substitution cipher is broken, although Poe's explanation is a more accurate and complete of fundamental cryptanalysis.

Simon Singh's 1999 The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, is a good overview of cryptography for a general audience. It covers the topic from ancient history to current research at the time of its writing. It has excellent descriptions of asymmetric algorithms, Diffie-Hellman key exchange, key management, etc.

Fundamentals / Basics

Cryptanalysis, by Helen Gaines, is probably the best place to start if you're interested in how learning to break crypto systems. It's also an important thing to read if you actually think you can design a crypto system! It shows you how to break combined substitution and transposition ciphers using pencil and paper.

Basic Cryptanalysis, U.S. Department of the Army Field Manual FM 34-40-2, is available for downloading.

Beware — the files you get from the download site, either the individual files or the tar archive, all have 5 lines of HTML header inserted before the actual PDF data! It's no problem to fix this with the following trick in Linux/UNIX/MacOS:

$ for F in *.pdf
> do 
>       tail +6 $F > tmp 
>       mv -f tmp $F 
> done 

Further Details / Advanced

The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet, by David Kahn, is enormous and fairly expensive, but it is the authoritative reference.

Applied Cryptography: Protocols, Algorithms, and Source Code in C, by Bruce Schneier, is used as the text for a graduate-level cryptography course at many universities. It contains detailed analysis of cryptographic theory. It also has practical calculations of the expected time to break various systems on reasonable hardware platforms.

Handbook of Applied Cryptography, by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, is more academic than Schneier's book. It's available for free download of PDF files.

Network Security with OpenSSL, by J. Viega et al, describes OpenSSL. The OpenSSL package provides what applications need for SSL/TLS connections between web servers and clients. But the package also provides a very wide range of command-line and C/C++ library functions for cryptography — encryption, decryption, cryptographic hashes, creation of digital signatures, and more.

Practical Cryptography is by Niels Ferguson and Bruce Schneier. I think that the greatest benefit of this book is that it should convince the reader that yes, this is extremely difficult to really get right, and you do have to be obsessively careful with the entire system design, and it would be easy to make some bold plans up front that are then difficult to fully carry through. Don't write your own code, get a good open-source system that has been checked out by many smart people. Read this book if you aren't convinced yet.

Some useful crypto tools are available from