There are two kinds of cryptography in this world: cryptography that will stop your kid sister from
reading your files, and cryptography that will stop major governments from reading your files. This
book is about the latter.
If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the
letter, that’s not security. That’s obscurity. On the other hand, if I take a letter and lock it in a safe,
and then give you the safe along with the design specifications of the safe and a hundred identical
safes with their combinations so that you and the world’s best safecrackers can study the locking
mechanism—and you still can’t open the safe and read the letter—that’s security.
For many years, this sort of cryptography was the exclusive domain of the military. The United
States’ National Security Agency (NSA), and its counterparts in the former Soviet Union, England,
France, Israel, and elsewhere, have spent billions of dollars in the very serious game of securing their
own communications while trying to break everyone else’s. Private individuals, with far less
expertise and budget, have been powerless to protect their own privacy against these governments.
During the last 20 years, public academic research in cryptography has exploded. While classical
cryptography has been long used by ordinary citizens, computer cryptography was the exclusive
domain of the world’s militaries since World War II. Today, state–of–the–art computer cryptography
is practiced outside the secured walls of the military agencies. The layperson can now employ
security practices that can protect against the most powerful of adversaries—security that may
protect against military agencies for years to come.
Do average people really need this kind of security? Yes. They may be planning a political
campaign, discussing taxes, or having an illicit affair. They may be designing a new product,
discussing a marketing strategy, or planning a hostile business takeover. Or they may be living in a
country that does not respect the rights of privacy of its citizens. They may be doing something that
they feel shouldn’t be illegal, but is. For whatever reason, the data and communications are personal,
private, and no one else’s business.