Skip to main content

Book Review: “Cryptonomicon” by Neal Stephenson (1999)

Executive Summary

Cryptonomicon is the quintessential hacker novel. The author, Neal Stephenson, describes a story that is set around the intersection between the discovery of world-changing math insights and the incipient designs of our computer science founding fathers. Stephenson delights in explaining how all of these things go together. His collection of fictional and nonfictional characters orbits each other across a thousand pages and propels the reader through dual timelines of World War II and the dot-com startup decade of the 1990s. The result is a multigenerational treasure hunt worthy of an Indiana Jones adventure, but unlike Indiana Jones, this is not a light read. It is dense with ideas. You do not skim through this looking for the good parts, but if you take the time to savor the journey, you will not be disappointed. You will be fed cyber security history, rollicking adventure, heartbreaking tragedy, the pleasures and perils of a multigenerational family, and the awkwardness of several geek love stories all told from the hacker perspective. There is something for everyone here, and you owe yourself the pleasure of finding your favorite part. In other words, it is part of the canon. You should have read this by now.


Stephenson published Cryptonomicon in 1999, and it is the best hacker novel I have ever read. I use the word “hacker” here from the old-school definition -- not computer trolls who spend their time breaking into systems for fun and profit but technological wizards who have a genuine passion for learning about how things work and making the world a better place with that knowledge.

I admit it: I am a fan-boy of Mr. Stephenson. He has written several of my favorite hacker novels over the last two decades:
  • Snow Crash (1992) – A classic in the cyber punk genre[1]
  • The Baroque Cycle (2003) – A three-volume collection of historical fiction that weaves in some old-school hackers like Sir Isaac Newton[2] and Gottfried Wilhelm Leibniz[3] and whose fictional characters are related to the characters in Cryptonomicon
  • Reamde (2011) – A modern-day hacker novel that touches upon many of the same themes as Cryptonomicon
Stephenson uses Cryptonomicon as his personal petri dish to explore some wide-ranging ideas. He touches on everything from the impact of Allied code breaking during World War II, to the importance of Dudgeons & Dragons to modern-day geeks, to the jaw-dropping complexities of twentieth-century banking, to the necessity and procedures for getting the correct ratio of milk to Cap’n Crunch kernels in your morning cereal, to the horrors experienced by soldiers and civilians in the Philippines during WWII, to the significance of cryptological systems in our state-of-the-art world, to the excitement of a present-day treasure hunt, and, most importantly, to the beauty of family ties across numerous generations. Stephenson also manages to drop in cameo appearances from some historical figures that you would not normally associate with each other, such as Alan Turing[4], General Douglas MacArthur[5], Lieutenant Ronald Reagan[6], and Hermann Goering[7].

As you could expect, it is a dense read. One fan and author, Charles Yu, describes the book this way:
"A copy of Cryptonomicon has more information per unit volume than any other object in this universe. Any place that a copy of the book exists is, at that moment, the most information-rich region of space-time in the universe." [8]
You get the idea. It is not a novel you are going to get through in a weekend.

One of Stephenson’s great gifts is his ability to juggle many seemingly unrelated and interesting characters within a story and then surprise the reader about how they are all connected. He does it in Snow Crash, The Baroque Cycle, and Reamde. He crafts four main narrative arcs in Cryptonomicon and uses a parade of major and minor characters that intersects at key moments to propel the story. Three of the arcs happen during WWII, and the fourth happens during the Internet boom of the 1990s.

The Story

Team Bobby Shaftoe: Shaftoe is a US Marine who starts the story in the Philippines just before WWII begins, loses his Filipino fiancé because of the ravages of war, becomes one of the operating arms of the Allied code breakers at Bletchley Park,[9] and spends a good portion of the book working his way back to the Philippines to find his lost fiancé.

Team Goto Dengo: Dengo is a Japanese military engineer. He gets caught behind enemy lines, escapes & evades his way across New Guinea, and eventually ends up as the primary engineer to design and build one of the tombs in the Philippines that the Japanese leadership plans to use to store large amounts of pilfered gold.[11] The tomb is the object of the treasure hunt that binds the entire book together across multiple generations.

Team Lawrence Waterhouse: Lawrence is a US cryptologist in the Pacific theater of operations who spends his time breaking Japanese codes. He is friends with Alan Turing, and Stephenson uses this relationship to explore code breaking in general and the nuances of information theory[15] during a world war. The nuance here is diabolical. Because the Allies had broken the German Enigma encryption scheme[16] and pretty much knew the orders of the German field commanders before they did, how many times could they act on that intelligence to save lives before the German’s figured out that their system was broken? The implications of that question are heartbreaking. The word “Cryptonomicon,” from the book’s title, is a collection of code-breaking techniques that Lawrence inherits and develops throughout the story.

Team Randy Waterhouse: Randy is Lawrence’s direct descendent in the present day (1990s). He and a group of college buddies, who played Dungeons and Dragons during their school years, have banded together to form a start-up. They want to build something called the “Vault” in the Philippines, which is a sort of data haven that anybody can use to store whatever kind of digital information they want free and clear of government intervention. Along the way, Randy partners with the Shaftoe family (related to Team Shaftoe) who runs an underwater salvage company, helps build the vault, and becomes an essential partner in the treasure hunt. 

Just so you don’t think that this book is only about men and math and computers and commando operations, Cryptonomicon has three fairly decent love stories. I already highlighted Bobby Shaftoe’s epic journey to find his fiancé, but both Waterhouse boys get their share of romance too, especially Randy. It is amusing to watch these two brainiac math and computer wizards try to reduce the world to binary equations on one hand and, on the other, become completely befuddled with the mysteries of the opposite sex. It is sweet and funny and spot-on for how the Dungeons and Dragons crowd approaches girls. Well, at least I recognized myself in their bewilderment.

The Tech

While these orbiting characters bounce off of each other through the nearly 1,000 pages, Stephenson also tosses in a mix of some groundbreaking math ideas from the likes of Kurt Gödel and his incompleteness theorems[10], Alfred Whitehead and Bertrand Russell and their re-imagining of the math ecosystem in a book titled “Principia Mathematica,”[12] Alan Turing and his Turing Machine Thought Experiment that changed the world [13] and Bernhard Riemann and his zeta function.[14] Stephenson also dips his toes into modular arithmetic, probability distributions, information theory, and cryptanalysis. But don’t let the math scare you away. His intent here is to introduce these subjects to the uninitiated, and he is a pretty good teacher.


Cryptonomicon is the quintessential hacker novel. It is unique in that it qualifies in two different categories: “books for important historical context” and “novels that don’t exaggerate the genre.” For historical context, Stephenson describes a story that is set around the intersection between the discovery of world-changing math insights and the incipient designs of our computer science founding fathers. That intersection is ground zero for my chosen profession—cyber security—and the hacks that we see Team Randy Waterhouse perform are interesting and well within the realm of “the possible.” But with all of that, Cryptonomicon is not an easy read. It is dense with ideas. You do not skim through this looking for the good parts, but if you take the time to savor the journey, you will not be disappointed. There is something for everyone here, and you owe yourself the pleasure of finding your favorite part. In other words, you should have read this by now.


[1] "Book Review: Snow Crash by Neal Stephenson (1992)," by Rick Howard, Terebrate, 10 November 2013, Last Visited 19 November 2013,

[2] "S I R I S A A C N E W T O N," by Dr Robert A. Hatch, University of Florida, The Scientific Revolution Homepage, 1998, Last Visited 19 November 2013, 

[3] "Gottfried Wilhelm Leibniz," by Brandon C. Look, The Stanford Encyclopedia of Philosophy (Fall 2013 Edition), Edward N. Zalta (ed.), Last Visited 19 November 2013,

[4] "Alan Turing," by Andrew Hodges, The Stanford Encyclopedia of Philosophy (Winter 2013 Edition), Edward N. Zalta (ed.), Last Visited 19 November 2013,

[5] "People & Events: General Douglas MacArthur (1880-1964)," by American Experience, PBS, KERA North Texas, Last Visited 13 November 2013,

[6] "MILITARY SERVICE OF RONALD REAGAN," by the University of Texas, Last Visited 13 November 2013,

[7] "Hermann Goering," by Spartacus Educational, Last Visited 21 November 2013,

[8] "10 Science Fiction Novels You Pretend to Have Read (And Why You Should Actually Read Them)," by Charlie Jane Anders, io9, 10 July 2012, Last Visited 21 November 2013,

[9] "Bletchley Park codebreakers' secret world," by Craig Mclean, LUXURY, 3 November 2013, Last Visited 21 November 2013,

[10] "Gödel’s Incompleteness Theorem:The #1 Mathematical Discovery of the 20th Century," by Perry Marshall, Last Visited 21 November 2013,

[11] "Yamashita's Gold - Eyewitness Reveals Truth Of Fabulous WWII Hidden Treasure," by Sterling and Peggy Seagrave, South China Morning Post, 3 September 2001, Last Visited 13 November 2013,

[12] "Principia Mathematica," by the Stanford Encyclopedia of Philosophy, Last visited 21 November 2013,

[13] "Turing's Enduring Importance," by Simson Garfinkel, MIT Technology Review, 8 February 2012, Last Visited 21 November 2013,

[14] "Riemann's 1859 Manuscript," by The Clay Mathematics Institute, 2005, Last Visited 22 November 2013,

[15] "Claude E. Shannon: Founder of Information Theory," by Graham P. Collins, Scientific American, 14 October 2002, Last Visited 22 November 2013,

[16] "Breaking Germany's Enigma Code," by Andrew Lycett, BBC History, 17 February 2011, Last Visited 22 November 2013, 


"A Tale of Two Technothrillers . . .," by Barry A. Cipra, SIAM News, Volume 34, Number 4, Last Visited 24 November 2013,

"Book Review: Cryptonomicon," by Richard Behrens, The Modern World, 25 April 2001, Last Visited 21 November 2013,

"Cryptonomicon," by Jake Seliger, The Story's Story, 29 November 2006, Last Visited 13 November 2013,

"Review: Cryptonomicon," by Hemeos, 23 June 1999, Slashdot, Last Visited 21 November 2013,

"Your Picks: Top 100 Science-Fiction, Fantasy Books," by NPR, Summer 2011, Last Visited 21 November 2013,


Popular posts from this blog

Books You Should Have Read By Now

When I started Terebrate back in January 2010, I always intended it to be a place to put my book reviews on whatever I was reading. Since then, a lot has happened in my professional life. I changed jobs, twice. I presented my collection of cybersecurity book reviews at the annual RSA Conference and suggested that the cybersecurity community ought to have a list of books that we all should have read by now. My current employer, Palo Alto Networks, liked the idea so much that they decided to sponsor it. We ended up creating the the Rock and Roll Hall of Fame for cybersecurity books. We formed a committee of cybersecurity experts from journalists, CISOs, researchers and marketing people who were all passionate about reading. My collection became the the candidate list and for the past two years, the committee, with the help of community voting, has selected books from the candidate list to be inducted into something we are calling the Cybersecurity Canon. It has been very exciting.

This i…

Book Review: Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen (2011)

Executive Summary
Kingpin tells the story of the rise and fall of a hacker legend: Max Butler. Butler is most famous for his epic, hostile hacking takeover in August 2006 of four of the criminal underground’s prominent credit card forums. He is also tangentially associated with the TJX data breach of 2007. His downfall resulted from the famous FBI sting called Operation Firewall where agent Keith Mularski was able to infiltrate one of the four forums Butler had hacked: DarkMarket. But Butler’s transition from pure white-hat hacker into something gray—sometimes a white hat, sometimes a black hat—is a treatise on the cyber criminal world. The author of Kingpin, Kevin Poulsen, imbues the story with lush descriptions of how Butler hacked his way around the Internet and pulls the curtain back on how the cyber criminal world functions. In much the same way that Cuckoo's Egg reads like a spy novel, Kingpin reads like a crime novel. Cyber security professionals might know the highlights of…

Book Review: “We Are Anonymous: Inside the Hacker World of LulzSec, Anonymous and the Global Cyber Insurgency (2012)” by Parmy Olson

Executive Summary: 

This book is a must read for all cyber security professionals. It does not cover the entire Anonymous movement, but by focusing on the evolution of the Anonymous Franchise and the rise and fall of the LulzSec hacking group, Ms. Olson captures the essence of the hacktivist culture and what motivates its supporters. If you seek to understand the Hacktivist movement, this book is a primer.


The Anonymous Franchise really hit its stride between the years of 2010 and 2011. Hacktivism began earlier than that of course (1994 was the first documented case that I could find [12]), but it did not strike fear into the hearts of CEOs, CSOs and government officials until that two year run. It was the perfect storm of technology, disenfranchised youngish people, “Internet Pranks as an Art Form,” empowerment and the hacking culture that came together into a gigantic hairball of activity and energy that caused governments from around the world to double-clutch on some of th…