Additional Reading

Schneier’s Applied Cryptography (John Wiley & Sons, 1995) remains the best generally available work on cryptographic algorithms and protocols. There are many other good texts on the subject, but this is probably the most complete. I recommend it very highly if you’re interested in cryptography or cryptology.

Bauer’s Decrypted Secrets (Springer-Verlag, 2002) might be more approachable than Schneier’s book; it’s quite a bit shorter, and it includes a wealth of interesting historical anecdotes and facts.

Smith’s Internet Cryptography (Addison-Wesley, 1997) describes SSL/TLS, S/MIME, IPsec, and other network-oriented cryptographic security protocols clearly, but in great detail.

The Kerberos protocol is described in Internet RFC 1510 (http://www.ietf.org/rfc/rfc1510.txt). Microsoft’s TechNet site (http://technet.microsoft.com) has a wealth of useful information on Kerberos and Microsoft’s Windows implementation of the services described in the RFC. In particular, there’s a good white paper, “Windows 2000 Kerberos Authentication,” that describes in great detail how Windows uses Kerberos authentication.

The Cryptography Frequently Asked Questions list (http://www.rsasecurity.com/rsalabs/faq/index.html), maintained by RSA Data Security, thoroughly covers a variety of questions, including some that you might not have thought of.

The amusingly named Big Book of IPsec RFCs by Loshin (Morgan Kaufmann Publishers, 1999) collects all of the IPsec RFCs into a single, neatly bound, well-indexed volume. If you’re really interested in learning about IPsec, this is a valuable reference.