The first quarter of the book may come as a surprise. It's not about encryption, it's about secure protocols. This is great stuff. It includes secure key exchange, where you and I can agree on an encryption key in a public conversation, but none of the other listeners know what we agreed on. It includes zero-knowledge proofs, ways of establishing authorization without releasing your identity. It includes lots more, as well. The next brief section discusses different modes for using encryption algorithms, key management, and other logistics.

The third section is what you might have expected: detailed descriptions of many encryption schemes, taking up at least half the book. That includes public key schemes, private key codes, secure hashing algorithms, and all the other details needed for implementing the algorithms. One of the most useful subsections here is a set of pseudorandom number generators. It's not exhaustive, by any means - it omits the Mersenne Twister, for example. Still, it gives a fair set of algorithms, some of which are "cryptographically secure". That means the generator's output strongly resists attempts to find regularities, just the way a truly random sequence would.

The last two chapters give a brief summary of the practice, legalities, and even culture around cryptography.

This won't make you into a crypto professional. Despite its 600+ pages, it barely introduces the world of crypto and certainly doesn't release anything from the "closed" world of government agencies. It will, however, give you useful algorithms, a basic background, and an appreciation of just what real crypto is about. That last may be the most important part. Too many people think inventing a good code is like making love: anyone can do it, and they instinctively do it better than most people. Wrong! Real crypto is not for dabblers, and this book gives some sense of what is involved.

The first edition of "Applied Cryptography" was a landmark text, but the second edition is even better. It's so much better that, if you just have the first edition, you really should upgrade to the second, and I've never said that about any other book.

Some reviewrs seem to berate the author for:
a) losing his job
b) trying to make a buck by writing books
c) not writing a mathematical tome

Well, I have some news for you:
a) Anyone can get laid off from any job at any time - period.
b) All authors write books for money.
c) The author clearly states at the beginning of the book under the heading, How to read this book - 'I wrote Applied Cryptography to be both a lively introduction to the field of cryptography and a comprehensive reference...This book is not intended to be a mathematical text.'

Need I say more.

Years ago, Bruce was laid off from AT&T Bell Labs. Since then, Bruce has been using rubes like you to augment his salary. Let's face it; if Bruce were a Ken Thompson or a Claude Shannon, he'd probably still have his job at Bell Labs. But he isn't and he doesn't. Instead he wrote Applied Cryptography and touted himself as an expert. The problem is that most people believed him. Not many people actually know an active cryptographer who can dispel fact from fiction.

Applied Cryptography is just a tourists look at algorithms whose mathematical foundations, and use, are explained more effectively by other authors. Applied Cryptography may have been there first, but the industry has moved forward. Better books currently exist that are more rigorous, not to mention more lucid. This is strictly a "shelfware" book that you'd keep at your desk to impress your coworker's with, nothing more.

Recently I spoke with a PhD, from Brown, who performed decades of research in number theory. He recommended "Cryptography in C and C++," by Michael Welschenbach. He also said "I don't know why people think Applied Cryptography is such a good book. He [Schneier] doesn't seem to understand the mathematics very well." Pick up Applied Cryptography sometime and compare it side-by-side with Welschenbach's book. You'll see what that PhD was talking about.

What I find truly onerous about his books is the condescending tone that Schneier adopts when addressing the reader. It's if he's saying "I am so much more elite than you, I can't even begin to tell you." The truth is that Bruce Schneier is a lot of style without much substance. What he lacks in ability he makes up for with moxie. Having lived in Minneapolis, I'm more than familiar with the type of yuppie pretenders that live on Hennepin Avenue with their nose piercings and their tattoos. Bruce, that ponytail doesn't fool anybody. You're just another suit from the midwest with something to sell. Freakin' cake eaters...