on November 24, 2003
According to the flyleaf, David Kahn (who wrote "The
Codebreakers") said of this book that "Steven Levy has written
cryptography's 'The Soul of a New Machine'". There may be some
truth to that, but mostly it implies a level of prose that is not
in evidence in this book. Steven Levy is no Tracy Kidder, aside
from an occasional tendency to let his prose override his
writing. What Levy is, however, is a pretty good technology
journalist, and the book is at its best when it trades on that
background. Indeed, Levy used a great deal of research in this
book which doesn't appear to have been used for his earlier
magazine articles. While the book is not footnoted, there is an
extensive "notes" section at the end. There is also a
bibiliography, and an index.
One thing that Levy fails to do is make his "characters" come
across as fascinating individuals. This is not for lack of
trying -- clearly he finds them fascinating himself. However,
his prose fails him, particularly when trying to raise what a
journalist would call "human interest."
The strength of the book is not in its revelations of fact
either. The events described are already well-known to anybody
with an interest in the subject (in a number of cases,
particularly for events over the last decade, this is due to
Levy's own journalism in "Wired" and elsewhere). Aside from
filling in the history for those previously unaware of it, Levy's
interviewing skills turn up new evidence of the answers to one of
the most frequently repeated questions in the history of open
cryptography: "what were they thinking?"
For me, that is both the most important and the most interesting
question that Levy needed to face, and he takes it head-on. In
particular, he adds considerable scope (although little depth) to
describing the history of the Clipper chip. What were the NSA
(and the politicians) thinking? Well, as Levy describes it, the
key was the conflict between the FBI and the NSA, and the
illogical government approach was largely driven by the resulting
schizophrenia. Conspiracy nuts won't like that conclusion, but
it makes more sense than believing that the government really
expected it could put the crypto genie back into its bottle.
For those who don't appreciate the importance of crypto in the
Internet-connected age, this book is the best education in that
area. There is room for a better one to replace it, but it
doesn't exist now, and likely won't be written.
on July 24, 2002
This book is a contribution to the History of crypto and computing, assuming that this history changes very much our everyday life even if we are not into computer field.
It focuses on the story of the people who opened the crypto Pandora's box, allowing todays e-business long before the word was even invented. It starts with Whit Diffie (Diffie-Hellman) in the late 60's, through Rivest, Shamir and Adleman (RSA) and ends with Zimmerman (Pgp) and Helsingius (remailer). It also follows other conributors to crypto and business people (eg. : from RSA, Lotus) as well as some politicians and people involved at the NSA.
The author describes the oppositions between the pro-crypto-for-everyone and the US government, the government self-contradictions and oppositions with the tech firms. This includes facts about the NSA, the Clipper Chip issue, the patents problems, etc. These are always seen from the viewpoint of the various people involved at that time.
It is easy to read and does not need any technical or maths background. If focuses on the people. It does not discuss the subject : it tells us the story.
If you are looking for a book about crypto in order to understand "how it works", forget this book. If you want to understand how people with one obsession can change the world, just read it.
The author manages suspens very well, from the beginning to the end. This book is hard to close : you really want to get to the next page.
So why not 5 stars ? Because I think this book could have been perfect with just a few diagrams showing the crypto algorithm (eg. : differences between Diffie-Hellman and RSA are not clear). Ok... ok... I give 5 stars only to books which change my life. This one is exciting, informative and well written, but not to that point.
on April 21, 2002
Cryptography has become one of the most important technologies in a secure digital world. It makes possible digital signatures, protection of confidential information, protection against tampering--or at least provides notification that tampering has occurred--and secure authentication of users. In an age when the simplest security breeches of highly visible dot-coms makes the front page of the popular press, cryptography and related technologies are making their ways into almost all of the software products we use daily.
But it's easy to forget that only recently did cryptography become available for non-government users. Reaching this point was a long and hard battle with what used to be the most secret of government organizations, the National Security Agency (NSA). Bit by bit, researchers outside the agency made fundamental discoveries that eroded NSA's ability to control cryptography. Until finally the government was forced to come to terms with the digital age where the secrets could make their way around the globe in seconds.
This is the story that Steven Levy tells. Although the book tends to portray researchers outside the NSA as skillful and lucky heroes, and those inside the NSA as pompous but brilliant ideologues, it's a compelling story. The book is roughly chronological, starting with Whit Diffie's independent discovery of public key cryptography, one of the major breakthroughs that made the field feasible, the story of RSA, the ill-fated Clipper chip, and concessions the NSA was forced into against overwhelming pressure.
The author outlines the development of a people's cryptography and its collision with the U.S. government. The book is about privacy in the information age and about the people who saw many years ago that the Internet's greatest virtue was its greatest drawback: free access to information that leads to a loss of privacy.
From a developer's standpoint, the story is interesting because it explains many of the features of cryptography as we know it today, making it easier to put them to efficient use. For example, what was the big deal with keys longer than 40-bits that the government restricted them from export? And just how much safer are 128-bit keys? Sure, we all have heard the number of hours or millennia today's computers take to break such keys, but why those specific numbers?
As with most complex controversies, both the government and the outsiders make compelling arguments for their case. Cryptography has long been the province of governments, and wars have been won and lost on the success of keeping secrets secret. But in a demographic society, individual privacy is almost sacrosanct, even though it is not explicitly guaranteed in any of the documents on which the U.S. is founded. Crypto tells the story of how these conflicting interests have been sorted out to the current state of affairs.
on December 18, 2001
This is a book about people, very bright idealistic and forward looking people based principally in the beginning at MIT and Stanford. It tells how their ideas and struggles with NSA over a period of several decades unleashed the genie of strong encryption from government shackles. The pages are based on a distillation of extensive personal interviews by the author of the prime movers in the new cryptography conducted over a period of several years. The account is chronological and gives a real sense of the actors as people including their doubts, fears, exhalted moments, business failures, victories. It deftly intertwines explanations of the underlying principles of cryptography as the concepts arise in the flow of the work. Reading the book you feel like you are in the meeting, or the place or the dilemma as the tale unfolds. The author always strives for balance and you hear both sides of the debates, disagreements, and controversies that arise. This is a very timely book, well-written, nicely paced, and readable without any special technical background. You can really get a sense of the main characters as they lead their daily lives as well as the importance of their work to society and the evolution of web commerce. The author clearly had the trust and support of the players. Highly Recommended.
on May 13, 2001
This book is an entertaining account of many of the people and episodes involved in making cryptography and cryptanalysis a respectable and important topic of work for scientists and engineers not affiliated with any government agency. The incidents recounted that I happen to know about personally are well and accurately described here. But there are a couple of gaps.
First, some of the key players "on the outside" are not mentioned; this may well be because most of those who aren't mentioned by now are "insiders." But this results in some of this book being a bit misleading. For example, serious work on cryptanalysis by outsiders, including one piece of work that Admiral Inman, when head of NSA, described as "the most brilliant piece of civilian cryptanalysis since World War II", was already going on by the late 1970s; this had serious national security implications, and helps to explain why NSA was so ambivalent about "outsiders" engaging in *any* crypto research. Overall, although NSA goofed badly several times, I think they managed to keep a more balanced view on the issue than I might have expected. The fact that Levy doesn't mention some of the key "outsider" work suggests to me that he may not have talked with (or at least didn't gain the confidence of) such people as Cipher Deavours and David Kahn, who could have given him perspective on the "outsider" work that he doesn't discuss.
Secondly, I infer that he was unable to get any of the NSA side of the story from NSA itself. This is a pity. It's presumably not Levy's fault; NSA only talks to people it decides to talk to, and then says only what it decides needs to be said. I assume that Levy tried to get information from NSA and failed; I don't know. But if NSA stonewalled Levy, it's because he didn't make the right contacts to get in touch with somebody who would have been willing to talk with him about NSA's viewpoint on various issues Levy discusses that are not sensitive in NSA's view. That extra information would have helped make Levy's book clearer and more complete. In spite of this, Levy is quite fair to NSA, which speaks well of his thoughtfulness and balance.
So, overall I regard this as a good book, well worth reading, provided one keeps in mind that it's not the complete story.
on April 29, 2001
This easy-to-ready short history by writer Steven Levy, who has written numerous articles for Wired, is a very well-researched volume on the human side of public-key cryptography.
Levy has interviewed all of the major players: Diffie, Adleman, Chaum, Zimmerman, and others; he's done nearly a decade of research on the subject, and monitored the sci.crypt.* newsgroups. Clearly, this is an authoritative account of the short 30-year history of public key.
The main theme of the book is how the NSA tried to stifle new developments by the researchers, placing secrecy orders and classifying their patents and papers. Throughout the book, as Levy draws out the characters, it's the crypto community vs. the government, until ultimately the cypherpunks win out.
This book doesn't contain a single diagram; no photos, and no equations at all. So if you're looking for a technical introduction to crypto, look elsewhere; this is purely an informally-written account on the people behind the scenes.
Five stars, for what it is; sure, Levy writes with magazine-style prose, but this fits the high-level view he takes on the subject. Most importantly, this volume was exhaustively researched and has the collaboration of all of the key players, which lends Levy's account great credibility.
on April 23, 2001
Steven Levy is not a good writer, but he desperately wants to be a popular one. "Crypto" sees him fawn all over the cypherpunks in a way that would do the likes of Barbara Walters proud. The book suffers in two ways because of this: not only is Levy intent on brown-nosing his libertarian pals, but he can't be much bothered painting their opponents as more than paranoid pencil pushers. If you're looking for two-dimensional characters with just enough personality to flesh out a 500-word magazine story, you've come to the right place.
As if this weren't enough, Levy's history as a hack working for the likes of Newsweek and Wired has lent his prose a hyperbolic air. Almost every one of his sentences wants to have an exclamation mark at its end! And many do!
Worse, his technical descriptions manage to be both condescending and often incorrect (he completely misses the invalidity of non-repudiation in public-key cryptosystems, for example). Simon Singh's "Code Book" does a much better job of describing technical details of cryptography without making the reader feel like a semi-literate Newsweek reader.
Singh's "Code Book" drifts off into incoherence in describing the technology and politics of the last few decades of crypto history, in what is otherwise an excellent book. This weakness of Singh's should be Levy's strength, since it is the entire focus of "Crypto". Levy, with his undeniable ability to butter people up and get them talking, and several hundred more pages to spare than did Singh in his closing chapters, ought to be capable of an excellent job of filling in the missing details.
Unfortunately, Levy is happy to settle for a cast of characters and set of plotlines that would do more justice to a "Superfriends" comic book. The libertarian crypto geeks use their magical mathematical powers to fight the evil government control droids, and win!
Levy has turned a truly fascinating tale into a breathless pile of twaddle. If anyone takes this book seriously, they're missing out on a far more complex and compelling story that has yet to be told with the care and detail it deserves.
on April 1, 2001
... is Stephen Levy.
I am not myself a CypherPunk (a term self-chosen by the community, not a perjorative assigned to them by outsiders), but I am a member of the DC-CypherPunks mailing list. Many people on this list are real CypherPunks. We've even got a couple of real-world cryptographers, a world-respected net.journalist (Declan McCullough), and an acknowledged net.author (Dave Banisar).
We had a party to celebrate the expiration of the Diffie-Hellman patent, and we were honored to have Whit Diffie himself attending. While I wasn't there thirty years ago, I have personally met some of the people who were, and who have been in the trenches during the ensuing battle.
Every single person on the list who has expressed an opinion on the subject says that Stephen Levy is the only author they trust to tell the story the way it is (and was).
I don't actually have my copy yet, but I have read excerpts, and I have heard nothing but the best from the people who've actually been there. I'd give it three thumbs-up, if I had an extra.
on January 24, 2001
I'm a computer engineering professional, and am currently reading everything I can on data security, encryption, securing messages between two points, etc. I am in the middle of reading 2 technical books on security protocols, and deployment of these protocols and procedures in an e-commerce environment. I got Mr. Levy's book, because I hoped it would help me understand the soft side of these technologies, the intention of them, and not just how to install them. I've read Hackers and Artificial Life, and enjoyed both these books. But, I found Crypto to be too involved in the personalities of the original inventors. Maybe that's the point of the book. But, I was hoping to get a solid understanding of what goes on in Cryptography and Security, as well as being introduced to the inventors. I was hoping for something like Gilder's 'Telecosm', which explains the technology as well as the people behind it. Crypto doesn't attempt to explain the technology, and that's where I'm left wanting.
on January 21, 2001
Levy is one of my favorite essayists. He finds a compelling story, researches it exhaustively, and then shares his excitement. The history of Internet cryptography is a perfect subject for Levy, who delights in recounting stories about technoradicals with new ideas who see them through to fruition.
Encryption truly is one of the most critical technologies necessary for a smoothly functioning virtual world, and is very much the case that the U.S. Federal Government successfully delayed the general availability of strong encryption for at least a decade. (Future economists may point back to the last two decades of the 20th century and show how this failed government policy was responsible for the loss of U.S. dominance in the high-tech market.)
It would have been easy to take the politically correct road and portray the Feds as being evil conspirators, bent on maintaining their own power and pride at the expense of the entire world. Levy chooses a more balanced approach, depicting the NSA in nearly heroic terms. He is especially sympathetic towards Clint Brooks (a name I did not know), an NSA lifer who developed the key escrow concept as a compromise that would allow widespread public utilization of strong encryption while still allowing law enforcement (and of course, intelligence agencies), the ability to intercept communications under controlled circumstances. If both the NSA and their philosophical opponents are heroes with noble goals, a tragic ending is inevitable, which adds an element of pathos to this triumph of democracy.
As a former software vendor, I've been totally frustrated by both the crypto export laws and by the NSA attitude of "If you only knew what we knew, you wouldn't even ask that question." That argument turned out to be just as specious now as everyone thought it was at the time, but the marvelous aspect of this book is that Levy is able to make a cynic like me accept that the people within the Puzzle Palace have legitimate motivations. (He is much harsher on the FBI, and creates an especially unflattering portrayal of Louie Freeh). It's a well-balanced approach to a very contentious subject, which adds considerably to the author's credibility.
Personalities loom large in a history like this one, and Levy is a master at drawing them out of their personal shells and detailing aspects of their private lives to explain their motivations and feelings. Whitfield Diffie is the old master who had the vision to conceive of a new model for encryption that would meet the unprecedented needs of a network society. Ron Rivest was the energy behind the development of the most significant public key algorithm, created by an unlikely trio of inventors. Jim Bidzos was a young playboy who found the commercialization of the RSA technology to be the challenge he needed in his hitherto shallow life of world travel, hot cars and fast women. Like Diffie, Phil Zimmerman marches to a drummer that only he can hear, yet this amateur programmer succeeded in popularizing strong encryption long before RSA and its millions in venture cap money did. Given his ten years of personal research and interviews of the people he chronicles, Levy's will probably be the definitive written account on many of these quirky visionaries.
The book is a quick read, but a good one. Technically, it is very accurate, with one unfortunate mistake on page 178 where it reads "Then he uses the hash function to recreate Alice's message from the digest..." Hash functions are 1-way functions, and cannot be reversed. If it read instead, "Then he uses the hash function to recreate Alice's message digest..." it would be more accurate. In order to verify a digital signature, the encrypted hash value provided by the sender is decrypted by their public key, which is then compared to another hash value generated by the verifying party (see p. 38 of "Applied Cryptography, 2nd Edition" by Bruce Schneier). Other than this confusion over how digital signatures are verified, the book does an excellent job of presenting the concepts of public key encryption to a non-technical reader. Besides being an enjoyable tale of business and technology history, this book could also be considered an executive-level introduction to the need for encryption on the Internet and the ways in which modern implementations provide it.
If you want to know what is happening when that little lock icon at the bottom of your web browser closes, you'll find a conceptual answer in this book. You'll not only learn the sequence of events that led to the development of SSL, but you'll also read the history of the first successful attempt to crack SSL security, and its significance to you as a customer of sites like Amazon. "Crypto" should appeal not only to those who are interested in the history of technology, but anyone wanting to understand more about the history and personal and commercial use of encryption on the Internet. Anyone involved in an e-commerce project or with an interest in information security would find this an interesting and accessible book. It is not a technology book per se, but I think most technically-oriented people will enjoy reading about how people like them had the drive and vision to change the world-especially when the odds were so heavily stacked against them.
This is a compelling and important story that needs to be told and understood. Levy is neither the first to undertake this telling, and undoubtedly won't be the last, but I'm convinced that this will become a classic of technology history-even more so than his earlier books. His thoroughness, extensive research, and evenhanded approach will make this book an important source for future researchers.