REVIEW: "The Codebreakers", David Kahn

BKCDBRKS.RVW 20090703

"The Codebreakers", David Kahn, 1996, 0-684-83130-9, U$75.00
%A David Kahn
%C 5 Maxwell Dr., Clifton Park, NY 12065-2919
%D 1967, 1993, 1996
%G 0-684-83130-9
%I Charles Scribner's Sons/MacMillan/Delmar Cengage Learning
%O U$75.00 800-354-9706 www.cengage.com
%O http://www.amazon.com/exec/obidos/AS...bsladesinterne
http://www.amazon.co.uk/exec/obidos/...bsladesinte-21
%O http://www.amazon.ca/exec/obidos/ASI...bsladesin03-20
%O Audience n+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P 1200 p.
%T "The Codebreakers"

It seems that no work on cryptography is complete without some
reference to Kahn's great historical reference. For a long time I'd
been meaning to find a copy and get it into the series. Its pages are
filled with fascinating stories, and some great historical
scholarship.

But almost nothing that you'd be asked on the CISSP (Certified
Information Systems Security Professional) exam.

The thing is, Kahn's work was originally written before the invention
of DES (the Data Encryption Standard) or any of the other now commonly
used symmetric block ciphers. (Although Feistel must have been
working on the predecessor to Lucifer at the time the first edition of
the book was published.) Whether you credit Diffie and Hellman,
Merkle, or GCHQ, asymmetric encryption wasn't even a gleam on the
horizon. So all of modern cryptography came after Kahn produced his
primary version.

Some of the historical material is relevant, to be sure. The fact
that implementation details always trip you up is demonstrated time
and again. The truisms of Kerckhoffs' Law, Marcel Givierge's advice
to "[e]ncode well or do not encode at all. In transmitting cleartext,
you give only a piece of information to the enemy, and you know what
it is; in encoding badly, you permit him to read all your
"correspondence and that of your friends," and even Charles Babbage's
assertion that "[o]ne of the most singular characteristics of the art
of deciphering is the strong conviction possessed by every person,
even moderately acquainted with it, that he is able to construct a
cipher which nobody else can decipher. I have also observed that the
cleverer the person, the more intimate is his conviction" are all
supported time and time again. The importance of key changes, the
concept of perfect forward secrecy, and many more important
cryptological factors are all illustrated here.

At great length. This is definitely a bedtime book. It's got a lot
of material, and it demands diligent attention from the reader. Look
away for a second, and you'll find that we have jumped from the third
to the seventeenth century, and turned from transposition ciphers to
nomenclators.

Well, no, it isn't that bad. Kahn is a good writer, and his text will
keep you engaged, but you do have to pay attention. The historical
stories are complex and intertwined, and you will have to make
frequent reference to the index to re-read the specifics of particular
writers or ciphers. Up until the twentieth century, however, the
content progresses in a fairly straightforward manner. (By the time
of the world wars we start to suffer from an embarrassment of riches,
and the timeline rewinds many times through different countries and
agencies.)

When we get past the second world war, the material does start to show
its age. Kahn admits, in the preface to the second edition, that he
only added one (very brief) chapter to bring things up to date (mostly
concerned with the Ultra project revelations that came to light in the
1970s), and didn't bother to check and update the previous material.
So it's a bit funny to find mentions, in his chapter on "current"
cryptography in the fifties and sixties, descriptions of the Soviet
Union as if it still existed. You have to keep remembering that the
crypto "devices" aren't digital, and the "networks" are Telex.

There are some additional chapters covering commercial and criminal
codes, ciphers that people have imposed upon mysterious material (like
something out of "The Da Vinci Code"), decipherment of dead (and
interstellar) languages, and random aspects of cryptanalysis. These
read like magazine articles that have been thrown into the work at the
last minute, and are outside the historical structure of the bulk of
the book. There are still interesting tidbits, but Kahn also feels
freer to opine in this section.

Although Kahn states that he wanted to produce a complete history of
cryptology (combining both cryptography and cryptanalysis) it is
obvious that his heart is in cryptanalysis. Thus is it rather strange
that the weakest areas of the text involve his explanations of
cryptanalytic techniques. As Kahn is an amateur cryptanalyst himself,
this is possibly due to an overfamiliarity with the subject. The
explanations frequently seem to assume a more extensive background on
the part of the reader.

This is a work of solid historical scholarship. It will be
fascinating for anyone with the remotest interest in cryptology. For
anyone seriously working in the field it makes great reading material
and is a salient reminder of some important points that often get lost
in the technology.

Just don't plan to use it to craft your public key infrastructure.

copyright Robert M. Slade, 2009 BKCDBRKS.RVW 20090703

--
======================

"Dictionary of Information Security," Syngress 1597491152
http://blogs.securiteam.com/index.ph...ves/author/p1/
http://blog.isc2.org/isc2_blog/slade/index.html
http://twitter.com/rslade http://twitter.com/NoticeBored
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
Book reviews: [Base URL]mnbk.htm
Review mailing list: send mail to techbooks-
or techbooks-

Rob Slade, doting grandpa of Ryan and Trevor