Suggested Further Reading
Here are some suggestions for further reading about cryptography. You can learn about the technology at an introductory or advanced level. You can also learn about its history.
"The Gold Bug", by Edgar Allan Poe, is probably the most readable explanation of how to break monoalphabetic substitution ciphers. But be warned: it's a good story with a useful illustration of early cryptanalysis, but it was written in 1843 and so it contains some unfortunately racist language.
"The Adventure of the Dancing Men", by Arthur Conan Doyle, is another late 1800s detective story in which a monoalphabetic substitution cipher is broken, although Poe's explanation is a more accurate and complete of fundamental cryptanalysis.
Simon Singh's 1999 The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography, is a good overview of cryptography for a general audience. It covers the topic from ancient history to current research at the time of its writing. It has excellent descriptions of asymmetric algorithms, Diffie-Hellman key exchange, key management, etc.
Fundamentals / Basics
Cryptanalysis, by Helen Gaines, is probably the best place to start if you're interested in how learning to break crypto systems. It's also an important thing to read if you actually think you can design a crypto system! It shows you how to break combined substitution and transposition ciphers using pencil and paper.
Basic Cryptanalysis, U.S. Department of the Army Field Manual FM 34-40-2, is available for downloading.
Beware — the files
you get from
the download site,
either the individual files or the
all have 5 lines of HTML header inserted
before the actual PDF data!
It's no problem to fix this with the following
trick in Linux/UNIX/macOS:
$ for F in *.pdf > do > tail -n +6 $F > tmp > mv -f tmp $F > done
Further Details / Advanced
The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet, by David Kahn, is enormous and fairly expensive, but it is the authoritative reference.
Applied Cryptography: Protocols, Algorithms, and Source Code in C, by Bruce Schneier, has been used as the text for a graduate-level cryptography course at many universities. It contains detailed analysis of cryptographic theory. It also has practical calculations of the expected time to break various systems on reasonable hardware platforms.
Handbook of Applied Cryptography, by Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, is more academic than Schneier's book. It's available for free download of PDF files.
Network Security with OpenSSL, by J. Viega et al, describes OpenSSL. The OpenSSL package provides what applications need for SSL/TLS connections between web servers and clients. But the package also provides a very wide range of command-line and C/C++ library functions for cryptography — encryption, decryption, cryptographic hashes, creation of digital signatures, and more.
Practical Cryptography is by Niels Ferguson and Bruce Schneier. I think that the greatest benefit of this book is that it should convince the reader that yes, this is extremely difficult to really get right, and you do have to be obsessively careful with the entire system design, and it would be easy to make some bold plans up front that are then difficult to fully carry through. Don't write your own code, get a good open-source system that has been checked out by many smart people. Read this book if you aren't convinced yet.
Some useful crypto tools are available from http://www.und.nodak.edu/org/crypto/crypto/resources.html