on January 21, 2001
Levy is one of my favorite essayists. He finds a compelling story, researches it exhaustively, and then shares his excitement. The history of Internet cryptography is a perfect subject for Levy, who delights in recounting stories about technoradicals with new ideas who see them through to fruition.
Encryption truly is one of the most critical technologies necessary for a smoothly functioning virtual world, and is very much the case that the U.S. Federal Government successfully delayed the general availability of strong encryption for at least a decade. (Future economists may point back to the last two decades of the 20th century and show how this failed government policy was responsible for the loss of U.S. dominance in the high-tech market.)
It would have been easy to take the politically correct road and portray the Feds as being evil conspirators, bent on maintaining their own power and pride at the expense of the entire world. Levy chooses a more balanced approach, depicting the NSA in nearly heroic terms. He is especially sympathetic towards Clint Brooks (a name I did not know), an NSA lifer who developed the key escrow concept as a compromise that would allow widespread public utilization of strong encryption while still allowing law enforcement (and of course, intelligence agencies), the ability to intercept communications under controlled circumstances. If both the NSA and their philosophical opponents are heroes with noble goals, a tragic ending is inevitable, which adds an element of pathos to this triumph of democracy.
As a former software vendor, I've been totally frustrated by both the crypto export laws and by the NSA attitude of "If you only knew what we knew, you wouldn't even ask that question." That argument turned out to be just as specious now as everyone thought it was at the time, but the marvelous aspect of this book is that Levy is able to make a cynic like me accept that the people within the Puzzle Palace have legitimate motivations. (He is much harsher on the FBI, and creates an especially unflattering portrayal of Louie Freeh). It's a well-balanced approach to a very contentious subject, which adds considerably to the author's credibility.
Personalities loom large in a history like this one, and Levy is a master at drawing them out of their personal shells and detailing aspects of their private lives to explain their motivations and feelings. Whitfield Diffie is the old master who had the vision to conceive of a new model for encryption that would meet the unprecedented needs of a network society. Ron Rivest was the energy behind the development of the most significant public key algorithm, created by an unlikely trio of inventors. Jim Bidzos was a young playboy who found the commercialization of the RSA technology to be the challenge he needed in his hitherto shallow life of world travel, hot cars and fast women. Like Diffie, Phil Zimmerman marches to a drummer that only he can hear, yet this amateur programmer succeeded in popularizing strong encryption long before RSA and its millions in venture cap money did. Given his ten years of personal research and interviews of the people he chronicles, Levy's will probably be the definitive written account on many of these quirky visionaries.
The book is a quick read, but a good one. Technically, it is very accurate, with one unfortunate mistake on page 178 where it reads "Then he uses the hash function to recreate Alice's message from the digest..." Hash functions are 1-way functions, and cannot be reversed. If it read instead, "Then he uses the hash function to recreate Alice's message digest..." it would be more accurate. In order to verify a digital signature, the encrypted hash value provided by the sender is decrypted by their public key, which is then compared to another hash value generated by the verifying party (see p. 38 of "Applied Cryptography, 2nd Edition" by Bruce Schneier). Other than this confusion over how digital signatures are verified, the book does an excellent job of presenting the concepts of public key encryption to a non-technical reader. Besides being an enjoyable tale of business and technology history, this book could also be considered an executive-level introduction to the need for encryption on the Internet and the ways in which modern implementations provide it.
If you want to know what is happening when that little lock icon at the bottom of your web browser closes, you'll find a conceptual answer in this book. You'll not only learn the sequence of events that led to the development of SSL, but you'll also read the history of the first successful attempt to crack SSL security, and its significance to you as a customer of sites like Amazon. "Crypto" should appeal not only to those who are interested in the history of technology, but anyone wanting to understand more about the history and personal and commercial use of encryption on the Internet. Anyone involved in an e-commerce project or with an interest in information security would find this an interesting and accessible book. It is not a technology book per se, but I think most technically-oriented people will enjoy reading about how people like them had the drive and vision to change the world-especially when the odds were so heavily stacked against them.
This is a compelling and important story that needs to be told and understood. Levy is neither the first to undertake this telling, and undoubtedly won't be the last, but I'm convinced that this will become a classic of technology history-even more so than his earlier books. His thoroughness, extensive research, and evenhanded approach will make this book an important source for future researchers.
on February 7, 2001
Steve Levy presents an accurate picture of the events surrounding todays crypto debate in his book "Crypto." Unfortunately, he does it with the same narrative style he uses for his magazine articles. The result is that the events are correct, but the story unfolds more like a textbook, not a novel.
Overall, it is an interesting (if dry) read, and, at times will add words (a la Neal Stephenson in Cryptonomicon) to your vocabulary. If you are interested in the history of todays debates on cryptography, I recommend it. If you want to know more about cyphers and other code making/breaking, I would recommend something like Simon Singh's "The Code Book."
on May 13, 2001
This book is an entertaining account of many of the people and episodes involved in making cryptography and cryptanalysis a respectable and important topic of work for scientists and engineers not affiliated with any government agency. The incidents recounted that I happen to know about personally are well and accurately described here. But there are a couple of gaps.
First, some of the key players "on the outside" are not mentioned; this may well be because most of those who aren't mentioned by now are "insiders." But this results in some of this book being a bit misleading. For example, serious work on cryptanalysis by outsiders, including one piece of work that Admiral Inman, when head of NSA, described as "the most brilliant piece of civilian cryptanalysis since World War II", was already going on by the late 1970s; this had serious national security implications, and helps to explain why NSA was so ambivalent about "outsiders" engaging in *any* crypto research. Overall, although NSA goofed badly several times, I think they managed to keep a more balanced view on the issue than I might have expected. The fact that Levy doesn't mention some of the key "outsider" work suggests to me that he may not have talked with (or at least didn't gain the confidence of) such people as Cipher Deavours and David Kahn, who could have given him perspective on the "outsider" work that he doesn't discuss.
Secondly, I infer that he was unable to get any of the NSA side of the story from NSA itself. This is a pity. It's presumably not Levy's fault; NSA only talks to people it decides to talk to, and then says only what it decides needs to be said. I assume that Levy tried to get information from NSA and failed; I don't know. But if NSA stonewalled Levy, it's because he didn't make the right contacts to get in touch with somebody who would have been willing to talk with him about NSA's viewpoint on various issues Levy discusses that are not sensitive in NSA's view. That extra information would have helped make Levy's book clearer and more complete. In spite of this, Levy is quite fair to NSA, which speaks well of his thoughtfulness and balance.
So, overall I regard this as a good book, well worth reading, provided one keeps in mind that it's not the complete story.
on April 29, 2001
This easy-to-ready short history by writer Steven Levy, who has written numerous articles for Wired, is a very well-researched volume on the human side of public-key cryptography.
Levy has interviewed all of the major players: Diffie, Adleman, Chaum, Zimmerman, and others; he's done nearly a decade of research on the subject, and monitored the sci.crypt.* newsgroups. Clearly, this is an authoritative account of the short 30-year history of public key.
The main theme of the book is how the NSA tried to stifle new developments by the researchers, placing secrecy orders and classifying their patents and papers. Throughout the book, as Levy draws out the characters, it's the crypto community vs. the government, until ultimately the cypherpunks win out.
This book doesn't contain a single diagram; no photos, and no equations at all. So if you're looking for a technical introduction to crypto, look elsewhere; this is purely an informally-written account on the people behind the scenes.
Five stars, for what it is; sure, Levy writes with magazine-style prose, but this fits the high-level view he takes on the subject. Most importantly, this volume was exhaustively researched and has the collaboration of all of the key players, which lends Levy's account great credibility.
on January 17, 2001
Riveting true stories that are well researched. Levy weaves an intriguing account of cryptography's "eccentric patriots" and their dedication to the craft. It is primarily a story of people and the government politics that tried to ensnare them, not a treatise on ciphers and hashing algorithms. Explanations of cryptography are lucid, even if math wasn't your best subject.
It's an excellent addition to American historical literature that we've sorely lacked after 50 years of Cold War stifled journalists from reporting details about anything that might threaten national security.
Non-fiction literature buffs and researchers will appreciate the copious endnotes, glossary, and index. While it also includes an extensive bibliography, Levy conducted many interviews to write this original work.
on April 21, 2002
Cryptography has become one of the most important technologies in a secure digital world. It makes possible digital signatures, protection of confidential information, protection against tampering--or at least provides notification that tampering has occurred--and secure authentication of users. In an age when the simplest security breeches of highly visible dot-coms makes the front page of the popular press, cryptography and related technologies are making their ways into almost all of the software products we use daily.
But it's easy to forget that only recently did cryptography become available for non-government users. Reaching this point was a long and hard battle with what used to be the most secret of government organizations, the National Security Agency (NSA). Bit by bit, researchers outside the agency made fundamental discoveries that eroded NSA's ability to control cryptography. Until finally the government was forced to come to terms with the digital age where the secrets could make their way around the globe in seconds.
This is the story that Steven Levy tells. Although the book tends to portray researchers outside the NSA as skillful and lucky heroes, and those inside the NSA as pompous but brilliant ideologues, it's a compelling story. The book is roughly chronological, starting with Whit Diffie's independent discovery of public key cryptography, one of the major breakthroughs that made the field feasible, the story of RSA, the ill-fated Clipper chip, and concessions the NSA was forced into against overwhelming pressure.
The author outlines the development of a people's cryptography and its collision with the U.S. government. The book is about privacy in the information age and about the people who saw many years ago that the Internet's greatest virtue was its greatest drawback: free access to information that leads to a loss of privacy.
From a developer's standpoint, the story is interesting because it explains many of the features of cryptography as we know it today, making it easier to put them to efficient use. For example, what was the big deal with keys longer than 40-bits that the government restricted them from export? And just how much safer are 128-bit keys? Sure, we all have heard the number of hours or millennia today's computers take to break such keys, but why those specific numbers?
As with most complex controversies, both the government and the outsiders make compelling arguments for their case. Cryptography has long been the province of governments, and wars have been won and lost on the success of keeping secrets secret. But in a demographic society, individual privacy is almost sacrosanct, even though it is not explicitly guaranteed in any of the documents on which the U.S. is founded. Crypto tells the story of how these conflicting interests have been sorted out to the current state of affairs.
on January 24, 2001
I'm a computer engineering professional, and am currently reading everything I can on data security, encryption, securing messages between two points, etc. I am in the middle of reading 2 technical books on security protocols, and deployment of these protocols and procedures in an e-commerce environment. I got Mr. Levy's book, because I hoped it would help me understand the soft side of these technologies, the intention of them, and not just how to install them. I've read Hackers and Artificial Life, and enjoyed both these books. But, I found Crypto to be too involved in the personalities of the original inventors. Maybe that's the point of the book. But, I was hoping to get a solid understanding of what goes on in Cryptography and Security, as well as being introduced to the inventors. I was hoping for something like Gilder's 'Telecosm', which explains the technology as well as the people behind it. Crypto doesn't attempt to explain the technology, and that's where I'm left wanting.
on January 12, 2001
If you liked Hackers, you'll love Crypto. It's written in the same spirit, celebrating cryptographers in the same way Levy celebrated hackers, and along the way makes a really strong case for private freedoms over government intervention. It's a great story, very newsworthy, and Levy really knows his stuff. And if you haven't read Hackers, try that one, too. You won't be disappointed!
on May 12, 2015
Fascinating book. Recommended for anyone who is interested in how great ideas get to market and how they can be smothered in their crib by government and, frankly, just bad management decisions. Some of the descriptions of encryption techniques get a bit heavy, but a) I was interested in that part too and b) if that is not your thing, jump ahead.
on July 17, 2010
Steven Levy's "Crypto" is a fascinating look at part of the story of modern cryptography, at least from the point of view of key non-government cryptographers. The author clearly conducted plenty of research into the lives of certain individuals, such as Whit Diffie and Marty Hellmen, the RSA trio, and other entrepreneurs. Unlike some other reviewers, I thought the text was lively enough and the book kept my attention throughout. My only real concern is the obvious bias against the concerns of government cryptographers. If you doubt the bias, it starts on the cover: "How the Code Rebels Beat the Government - Saving Privacy in the Digital Age." Regardless, if you are a security professional or just have an interest in digital privacy, you will enjoy reading Crypto.
After reading Crypto I felt a certain amount of gratitude to the non-government cryptographers who fought to put encryption algorithms and tools in my possession. While reading the book a friend asked me to sign his PGP key, so I reflected that it would not have been possible without Phil Zimmerman's persistence and courage. I also had lunch with Whit Diffie at a security conference just before reading the book; I wish I had read it first and brought the book to get it signed!
My primary criticism is that the author too quickly dismisses the concerns of government cryptographers and security officials. I agree with the idea that "when crypto is outlawed, only outlaws will have crypto." However, our military, intelligence, and law enforcement entities truly do try to combat adversaries and keep the public safe. Unfortunately, the DoD-CI-LEO triangle doesn't tell its story very well, or not at all, so I don't fault Levy too much for his attitude or coverage.
I'd like to briefly mention three points that struck me. First, on p 81 Ralph Merkle notes "how the [academic paper] publication process was tuned to incremental improvements, but was very bad at handling something that is fundamentally different." I thought that spoke volumes about the possible chilling effect of the peer-reviewed academic publishing process on ground-breaking research. Second, on pp 127-9 the author describes Leonard Adleman performing a life demo to break the Merkle knapsack scheme in front of a crypto conference. It reminded me of past Black Hat or Def Con conferences, where a speaker would show obtaining root access on a target, followed by applause from the audience. Finally, I realized that much of the crypto wars were fought because interceptors feared encountering encrypted data in transit. No one in the book considered the problem of compromised endpoints, where encrypted content must be deciphered in order to be useful. Own the endpoint and all the crypto in the world is useless -- and that is how intruders of all types operate today.