Unknown security. Page 319: In line 11, Section "25.13" should be "25.14". Page 607: In Table 25.4, the column headers are reversed. 12: Data Encryption Standard Ch. Page 481: Second-to-last line, delete the word "a". HAVAL-BA.ZIP Author : Paulo Barreto Date : 07 Apr 97 Version : 1.1 Description: HAVAL algorithm. Page 609: Second to last line, the "Census Office" should be the "Patent Office". LIBRAND.ZIP Author : Matt Blaze Date : Jun 97 Description: Truerand is a dubious, unproven hack for generating "true" random numbers in software. 4. The voter does not send all the blinding factors in step (2). There are two algorithms used in GSM: A5/1 and A5/2. The x^n term of the polynomial stands for the input being fed into the left end." The next paragraph is wrong, as is the code and the figure. Bottom line: "departmental of agency" should be "departmental or agency". This is the gap that Bruce Schneier's Applied Cryptography has come to fill. PEGWITJ.ZIP Author : George Barwood Reference : http://ds.dial.pipex.com/george.barwood/v8/pegwit.htm Date : Jun 97 Description: Same as above, Java version. Page 420: Table 17.3, the speed should be in kilobytes/second. BFSH-LAC.ZIP Author : Dutra de Lacerda Date : 07 Jun 97 Version : 1.5b Description: Pascal implementation of Blowfish in CBC mode. PEGWITC.ZIP Author : George Barwood Reference : http://ds.dial.pipex.com/george.barwood/v8/pegwit.htm Date : Jun 97 Version : 8 Description: Pegwit is a C program for performing public key encryption and authentication. Page 252: In the 4th line from the bottom, the comment should read "/* by Definition 2 */". DHPRIME.ZIP Author : Phil Karn Date : 18 Apr 94 Description: Program for generating Diffie-Hellman primes; i.e., p and (p-1)/2 are prime. John Wiley & Sons, 2003, ISBN: 0-471-22357-3. Date : 1992 Description: MD4 algorithm. At this theoretical level, energy requirements for exhaustive cryptanalysis are therefore linear in the key length, not exponential. Reverse-engineered Sboxes from the program Excellence. payments, security aspects of mobile communications, key escrow schemes. Page 112: Step (1) should read "Alice takes the document and multiplies it by a random value.", Page 116: The protocol could be worded better. Page 202: Third to last line, toggling individual bits does not affect subsequent bits in a synchronous stream cipher. BNLIB11.ZIP Author : Colin Plumb Date : 1995 Version : 1.1 Description: Bnlib integer math package. Page 11: Line 18, the reference should be "[703]" and not "[699]". PRV-ANMT.ZIP Author : L. Detweiler Date : 09 May 93 Version : 1.0 Description: "Privacy and Anonymity on the Internet": comprehensive summary. Page 586: Seventh line, "revokation" should be spelled "revocation". Page 316: In Table 13.2, P2 should be "379" and P16should be "499". Unknown security. CRYPT1.ZIP Description: UNIX crypt(1) command: a one-rotor machine designed along the lines of Enigma, but considerably trivialized. TIGER.ZIP Authors : Ross Anderson and Eli Biham Reference : http://www.cs.technion.ac.il/~biham/Reports/Tiger Description: Hash function designed by Ross Anderson and Eli Biham. Page 166: Fifth line, "183" should be "253". Page 717: In reference 1041, the pages should be "114-116". 2FSHJAVA.ZIP Author : Bruce Schneier Reference : https://www.schneier.com/twofish.html Description: Java implementation of the Twofish algorithm. Source code submitted to NIST for AES. In line 25, "first step" should be "second step". Page 136: Lines 14-15; technically Alice and Bob get no additional information about the other's numbers. Lucre.zip Authors : Ben Laurie and Adam Laurie Date : Aug 2000 Description: lucre is an implementation (in C++ and Java) of David Wagner's Diffie-Hellman variant on Chaumian blinding. The source code here has been collected from a variety of places. A5 is the privacy algorithm. Page 195: In line 13, the reference number should be [402]. 4: Intermediate Protocols Ch. The structure of the LEAF is "EKF(U,EKU(KS),C)", where U is the 32-bit unit ID, KS is the 80-bit session key, and C is a 16-bit checksum of KSand the IV (and possibly other material) used by the receiving chip to ensure that it has a valid LEAF. This is an excellent book, and omitting it was an oversight. LCRNG-T.ZIP Author : R.A. O'Keefe Date : 1992 Description: Simple block transposition cipher based on a linear congruential random number generator.

