Security References

Welcome Page

SecurNET Team

Consulting Services

Portfolio

Resource Library

Info Center

Join Our Team

Security Architecture

Security References

Site Certification

Cheap SSL Certs

Site Auditing

S e c u r i t y R e f e r e n c e s

The following are some interesting resources we have found while wandering around on the net. If there's anything which needs updating or correcting, please let us know. Because of its large size, we only update the online version of the page every few months, so please be patient when waiting for updates to reported changes to appear.

Security and Encryption-related

Crypto Link Farms

Alexander Geschonneck's security page: Security related papers, pages, X.509 information, publications, network security and firewall vendors, security FAQ's.
Anonymity, privacy, security.: Very nicely done collection of links to anonymity, privacy, and security resources.
Bellare - Crypto links: More link farms, conferences, organizations, electronic commerce, IETF, key forfeiture, crypto people.
Comprehensive list of Public Key Infrastructure (PKI) links: Links to PKI documents, specifications, CA's, and sites with PKI-related useful information.
Coast Security Archive - Category Index: A large archive of security software, publications, and technical information.
COAST Hotlist Contents: Gene Spaffords crypto and security link farm.
Crypto-Log: Internet Guide to Cryptography: Algorithms and mathematics, FTP archives, bibliographies, key escrow, disk, file, and mail encryption, crypto laws, internet security, newsgroups and mailing lists, protocols and standards, steganography, voice encryption, security problems.
Cryptography: PGP, encryption algorithms, legal issues.
Cryptography: The Study of Encryption: Crypto newsgroups, papers, cypherpunks, crypto policy, digital cash, and other information sources.
Cryptography Technical Report Server (CTRS): Various crypto-related tech reports.
Cryptography URL: Encryption standards, FAQ's, and FTP sites.
Datacomms Technologies cryptography archive: Encryption software, text files and information, resources and links.
Email security, cryptography and related stuff: PEM, MIME, and MOSS RFCs, links to CA's, implementations, literature, PGP.
European Cryptography Resources: Recommendations, drafts, papers, new items, official bodies, research, and government meddling.
Firewall Security Jump Page: Links and summaries of a wide variety of firewall products.
Gateway to Information Security Home Page: Links to a large number of security-related sites, books, journals, and related information (imagine this page, but not all lumped together on one page).
Home-Page of Markus Hübner: Security, cryptography, hacking, business on the Internet, security software, satellite hacking.
International Cryptographic Software Pages for Encryption, Decryption, Cryptanalysis, Steganography, and Related Methods: Algorithms, software packages, protocols and standards, books, journals, conferences, newsgroups, mailing lists, crypto links.
Links Related to Terrorism, Intelligence, and Crime: A large number of intelligence, security, law enforcement, disaster planning, terrorism, crime, military, and defense agencies and organizations.
Luca Venuti's Home Page - TPC: Electronic privacy links, organisations, newsgroups.
No Big Brother Page: Links to remailers, anon proxies, crypto and stego software, file wiping tools, privacy and anti-privacy organisations.
NCSA Hot Links: Anti-virus software, firewalls, general security vendors, general infosec links, parental control, privacy, law, and ethics.
Neil's Security and Privacy Resources: Encryption, steganography, special events, research, documents, news, security archives, security organizations.
Network/Computer Security Technology: Current events, security web pages, commercial security tools, newsgroups, mailing lists, FAQ's, incident bulletins, conferences/seminars/workshops.
PGP Resources: Resources related to PGP such as mailer add-ons and front-ends, key servers, and related information.
PGP-Users Mailing List Home Page: PGP-related information, remailers, privacy information, security and crypto links.
Pointers to sites with encryption material: Links to FTP sites with email, voice, disk, file, comms encryption, and general crypto toolkits and libraries.
Richard Pinch: Cryptography page: Links to research groups, associations, publications, companies, government institutions, standards, e-commerce, elliptic curves and factoring, historical, newsgroups and publications.
Security and Privacy Issues: Research, PGP, cypherpunks, SHTTP, crypto software, online banking.
Spanish Crypto Resources: Spanish crypto and security-related companies, magazines, and events.
Steganography: Stego papers, references, research groups, related resources.
Technical Information - Cryptography: Links to other crypto sites, source code archives, companies and organisations, peope, and reference information.
The Rotherwick Firewall Resource - Point of Attack: Firewall basics, white papers, products, manufacturers, books, papers, training, mailing lists, links to other firewall-related resources.
Tom Dunigan's Security page: PGP, S/Key, Kerberos, crypto API's, secure applications, commercial providers, government agencies, intrusion detection, vulnerabilities.
TSA (Law Enforcement and Intelligence) Links: More links to law enforcement and intelligence agencies.
Uni-GH Siegen - Security-Server: Encryption algorithms, data protection, steganography, ecash, Internet security, viruses, conferences, security standards, newsgroups and mailing lists, RFC, journals.
Vince Cate's Cryptorebel/Cypherpunk Page: Cypherpunks resources, remailers, digital cash, PGP, and Clipper.
Vinnie's Crypto Links: Crypto overviews and FAQ's, link farms, encrypted comms, e-commerce, crypto libraries.

Crypto FTP Archives

FUNET crypto archive: PGP, symmetric and asymmetric encryption, crypto libraries, papers.
North American Cryptography Archives: Archive of crypto software, only available from the US and Canada.
Oxford Uni crypto archives: DES, SSL, cryptanalysis, documentation, PGP, miscellaneous.
Replay crypto/security archives: Apache, Applied Crypto files, encryption, Java, PGP, remailers, security, voice encryption files.
University of Hamburg crypto archive: Disk and file encryption, PGP, stego, voice encryption.
University of Oslo PGP archive: PGP and PGP-related software.
UREC archive: French archive of CERT bulletins, dictionaries, PC, Unix, VMS security software (mostly anti-virus and access control rather than crypto).

Crypto Social Issues

[1997] 1 Web JCLI: Analysis of the UK governments policy on encryption.
Additional Comments of Philip R. Karn, Jr.: Phil Karn rebuts inaccurate and bizarre government claims in congressional testimony (this is an example of the kind of misinformation which government advisors often provide to their governments).
Americans for Computer Privacy: Computer privacy issues.
BBC News - Encryption: BBC news stories on encryption, including "UK Government dithers on encryption regulation".
Big Brother Incorporated: Companies which supply surveillance technology to non-democratic regimes.
Brookings Policy Brief No.21.: Brookings Institute study of crypto policy (pro-GAK).
Canada's export controls: Summary of the Canadian crypto export situation.
Cato Handbook for Congress: Freedom on the Internet and Other Computer Networks: Cato Institute study of crypto policy (anti-GAK).
Centre for Democracy and Technology Crypto Page: CDT information on current US crypto policy
Clipper Roadshow: US government policy laundering on key escrow.
CNET features - digital life - privacy in the digital age: Digital privacy (or more specifically, the lack thereof).
Codex Surveillance & Privacy Page: Surveillance, stalking, privacy invasion, eavesdropping, and anything else related to these categories.
Comments on Encryption Transfers: Comments on new US export regulations.
Comments on Encryption Transfers - HTML: Easier-to-handle HTML versions of the above.
Crypto AG - Der Spiegel (German): Allegations of intelligence agencies subverting Crypto AG product security.
Crypto AG: The NSA's Trojan Whore?: Possible rigging of Crypto AG hardware by the NSA.
Crypto Law Survey: A survey of crypto laws in various countries.
Crypto regulation in Europe: The state of crypto regulation plans in Europe as of May 1997.
Cryptography's Role in Securing the Information Society: National Academy of Sciences report on cryptography policy.
Cyberspace Law for Non-Lawyers: Privacy laws and the Internet.
DTI/UK Encryption Policy: Reply to the DTI Consultation Paper on Licensing of Trusted Third Parties for the Provision of Encryption Services.
Echelon: Exposing the Global Surveillance System: Covert Action Quarterly article on wordlwide NSA surveillance.
EE Times - White Paper: White paper on hackers.
Emerging Japanese Encryption Policy: How Japan, Inc, handles encryption policy (a real contrast to the US governments attitude).
Encryption Policy and Market Trends: Dorothy Dennings 1997 GAK forecast.
EPIC Cryptography Policy: EPIC information on current US crypto policy.
EPIC Privacy Links: EPIC privacy resources.
export-a-crypto-system sig: Diminuitive crypto hacks (well-known algorithms in a few lines of Perl, Python, or C) and how to use them to poke fun at export laws.
Exposing the Global Surveillance System: Extracts from Nicky Hager's book "Secret Power".
FinCen: Big Brother for financial information.
Former Secrets: Declassified US government machinations to ban/restrict crypto.
FUD! Home Page - Crypto legislation: Contents of and discussion over various US crypto bills.
GILC -- Cryptography and Liberty: Survey of encryption policy worldwide.
GNN on Crypto: Global Network Navigator web review: The NSA vs The Net.
Government, Cryptography, and the Right to Privacy: Paper documenting the overt and covert regulation and restriction of cryptography by governments.
GR Design Principles: GAK-resistant crypto protocol design guidelines.
Gray Areas Magazine: Essays and articles on the computer underground (and all sorts of other things).
Information About PGP & Encryption: Information on the creeping takeover of GAK.
Interception: Technical details on large-scale GSM and ISDN interception techniques.
Internet Privacy Coalition: Attempts to ensure privacy on the internet.
Interview with David Herson - SOGIS: Interview on European crypto policy.
ITAR Civil Disobedience: Click on this form to become an international arms trafficker.
Key Recovery Study: The risks of key recovery, key escrow, and trusted third party encryption.
KRISIS Home Page: GAK/EuroClipper home page.
NSA's Influence on New Zealand Crypto Policy: NSA influence on New Zealand export policy.
No Chance for Key Recovery: Paper on key recovery (GAK) vs human and political rights.
Phone Tapping: Information and resources on government phone tapping plans.
Privacy, Inc.: Various resources related to the (lack of) privacy, including access to databases and online information search facilities.
Privacy International Home Page: Privacy reports, interntional agreements on privacy and human rights, surveillance technologies, ID cards, privacy-related conferences.
Privacy on the Net: Practical Issues: Links and information on various privacy-related issues (cryptography, anonymity, secure communications).
Remailer list: List of anonymous remailers.
Roger Clarke's Privacy Page: Data surveillance and information privacy information publications, and legislation.
Roger Clarke's Public Interests on the Electronic Frontier: Paper discussing various freedoms and rights such as the right to privacy.
Roxen's General Export Application for Strong 128-bit Encrypted Denied: Swedish government refusal of export permit for 128-bit SSL.
RSA as a MIDI file: RSA encoded as a MIDI file. Technically this is a program and therefore unexportable from the US.
Self Incrimination and Cryptographic Keys: Richmond Journal of Law and Technology article on forced disclosure of crypto keys.
Services Available from Offshore Information Services Ltd.: Offshore internet services and accounts in Anguilla.
SOFTWAR Information Security: Declassified papers and resources on Clipper and key escrow, voice and mail encryption software.
Telekommunikationsgesetz: East German surveillance state-style laws being applied in the unified Germany.
The Age - Computers: DSD meddling in Australian crypto exports.
Threat and Vulnerability Model for Key Recovery: NSA report on why GAK is bad (yes, you read that right).
Tools For Privacy: Version 1: An online book covering threats to privacy, cryptography, PGP, and related issues.
TruePosition Wireless Location System Home Page: Cellular phone tracking.
Updated UK Proposals for Licensing Encryption Services: Critique of UK crypto licensing/GAK proposal.
U.S. Electronic Espionage: A Memoir: First exposure of the NSA and Echelon
Walsh Report: Report on Australian crypto policy, originally suppressed by the government, then released after a judicial review.
What your Browser is Sending: See what information your web browser is sending to remote servers.

Crypto Software

Advanced Cryptography Tool: Crypto tool using PGP 2.6.3i with triple DES and SHA-1.
Ambient Empire: Vigenere cipher cracker, Windows port scanner.
Apache HTTP Server Project: Apache secure web server.
BSAFEeay, a public domain implementation of the BSAFE API: BSAFE API wrapper around SSLeay.
Canadian Cryptographic/cryptanalytic software: Canadian encryption software and companies.
CAP: Cryptographic analysis program (automatically analyse and break simple ciphers).
Cedomir Igaly's SSH Page: Free SSH for Windows.
CIPE: Crypto IP encapsulation - encrypting IP routers using Linux.
Cisco Systems ISAKMP Distribution: A reference implementation of the IETF's ISAKMP protocol.
CRASHME: Random input testing.: Tests resistance of programs to random input.
cryptiX: X.509 security package written in Java (page requires a Java-enabled browser to view).
Cryptix Mirror Index: Cryptix Java crypto library.
cryptlib Information: Encryption library supporting both low-level direct access to a large number of algorithms and high-level access to functions like cryptGetKey() and cryptCreateSignature().
Crypto Kong: PGP-like program using elliptic curve crypto.
Cryptographic Libraries: A comparison: Comparison of various free (and free-world) crypto libraries.
Cryptographic software: Elliptic curve and RSA public-key encryption software.
Cryptographic tools for Visual Basic: Elliptic curve OLE extension for VB.
CTC - PGP-compatible encryption software: PGP-compatible C library and Mac application.
Delphi crypto software: Various pieces of crypto software written in, and for, Delphi.
Disk/File Wiping Utilities: Programs to wipe files, free disk space, slack space, the Windows swap file.
Encrypted PDFs: Code to work with encrypted PDF's (intended mainly for use with Ghostscript).
Enabling Network Security with SSLeay: Security projects based on SSLeay.
Enigma: PGP-compatible plugin written in Java.
Error Correcting Codes (ECC) Home Page: C source code and information on ECC's (the techniques employed are closely related to encryption techniques).
ESP Reference: Encrypted socket protocol (an open protocol for TCP/IP secure transmissions).
FastCAST's Homepage: P5-optimised code for CAST-128/CAST5.
Fortify for Netscape - Home Page: Free 128-bit SSL browser proxy,
Frank O'Dwyer's Homepage - Security Code: DES in Java, C++ firewall class library.
Fresh Free FiSSH!: Free SSH client for Win'95 and NT.
Fuzzy Logic: Cryptography: The GNU encryption project.
G10 - A Free PGP Replacement: GPL'd PGP clone.
GMD Security Technology - SecuDE: Security toolkit for RSA, DSA, DES, DH, X.509, PKCS, PEM, X.500, and BYOG.
Hamradio page of Thomas M. Sailer, HB9JNX: All sorts of neat stuff for software decoding of various radio signals.
Hassop Cottage PGP Page: PGP sites, key servers, remailers.
Heimdal: Non-US Kerberos 5 implementation.
IAIK - Javasecurity Homepage: Java cryptography extensions from the free world.
International PGP Home Page: How to get PGP, documentation, foreign-language support, PGP-related products and services, and other PGP resources.
Internet Locations for Materials on the Disks for Applied Cryptography: Site #1.
Internet Locations for Materials on the Disks for Applied Cryptography: Site #2.
IRDU PGP Page: PGP information, software, key management, key server interface, PGP links.
JGSS Package Distribution Page: Kerberos in Java.
Keytrap Home Page: Dcyphers keyboard sniffer.
libch's Homepage: P5-optimised code for various hash algorithms.
LInteger: C++ bignum library.
Linux FreeS/WAN Project: IPSEC, ISAKMP/Oakley and DNSSEC software for Linux.
Linux Packet Sniffer: IP packet sniffer for Linux.
Microsoft CryptoAPI: Microsoft's attempt at a cryptograhpy API. This page moves a lot, you may need to try a search from MS's developer pages.
Ming-Ching Tiew Home Page: PGP key manager, PGP netscape plugin, Motif and Win32 file encrypter using cryptlib, cryptlib Java wrappers.
Mozilla Crypto Group: Putting the crypto back into Netscape/Mozilla.
Nautilus Homepage: Speech encryption (with a neat anti-Clipper graphic).
Package Acme.Crypto: Various Java crypto classes.
PC Security Software & Sources: Brief descriptions of various security programs.
PGP Tools: PGP function library.
PGPLIB: DLL which implements various PGP functions.
PGPNet Server: A dummy home page for the www.pgp.net domain (incomplete).
Private Idaho User's Manual: Documentation for Private Idaho.
RC4 Stream Cipher Library: RC4 ActiveX control.
RIPEM: RIPEM source code and information.
RSA Free Utilities: RSA key generation and encryption for Linux.
RSAEURO - Cryptography For The World: European RSAREF providing full source-code compatibility with the original.
Secure FileSystem Information: The world's best transparent disk encryption software for DOS and Windows (this has nothing to do with the fact the I'm the author :-).
Security: File wiping: Links to various file wiping utilities.
Sir Winston Rayburn - Crypto/Politico: Various encryption reoutines.
S/MIME Freeware Library: S/MIME freeware library (export-controlled, US only).
SNOW Home Page: Whitespace steganography software.
spDES Encryption Control: ActiveX DES control.
Ssh (Secure Shell) Home Page: Very good encrypted, digital-signature-authentication remote access software (replaces the r* utilities, allows X11 and TCP port redirection over the encrypted connection).
SSLeay and SSLapps FAQ: Very nice, free SSL implementation (like Netscape's SSL, but without the bugs and crippled encryption).
Speak Freely for Windows: Encrypted voice communications over the internet.
SRP: Secure Password Authentication for the Net: Secure password-based authentication over insecure networks.
Systemics Software Archive: Crypto extensions for perl and Java.
The Cryptography and PGP Page: Classic ciphers, links to crypto sites, explanations of the maths behind PGP and RSA, privacy issues.
Tiny Encryption Algorithm: Description and C source code.
Transparent Cryptographic File System
TSS PGPWord... Real Security, Real Easy: PGP encryption integrated into Word for Windows.
Uni-GH Siegen - Security-Server - Kryptographie: Pointers to information on and implementations of a number of conventional, public-key, and hash algorithms.
Vitas DownLoad area: Windows'95 password (.PWL) viewer.
Wei Dai's Crypto++: C++ class library of cryptographic primitives.
WinPGP(tm) Home Page: Windows front-end for PGP.
Wipe 0.02: Heavy-duty file wiper for Linux.
XPDF additions: Add-on to allow XPDF to decrypt encrypted PDF files.

Miscellaneous Security Items

Cypherpunks and Cryptorebels PGP Keyserver Interface WWW interface to the PGP keyservers.
Public Key Infrastructure Analysing State Digital Signature Legislation Analysis and comparison of various states' digital signature laws. ARCANVS CA licensed under the Utah Digital Signature Act. Australia Post - KeyPOST Australian CA. BelSign Belgium and Luxemburg CA. BiNARY SuRGEONS: Certification Services South African CA. C=EE, O=ESTONIAN NATIONAL PCA Estonian CA. CA-CERT Spanish CA. Carynet Security Certificate Authority Asian(?) CA. Certificates Australia Australian CA. GAK alert: This CA escrows all encryption keys. Certificates shipped with Netscape Extracting certs from Netscape's .db files. Certification Authority Survey (DGXV Project) List of CA's worldwide. certifikacni stranka DATANETu Czech DATANET CA. CERTISIGN Brazilian CA. Columbia Certification Authority Columbia University (not country) CA. Columbian Draft Proposal of Law on Electronic Commerce Columbian draft digital signature legislation. CompuSource Certificate Authorities Home Page South African CA. Digital Signature Guidelines American Bar Association digital signature guidelines, available as WordPerfect and Word documents. Digital Signature Trust (DST) Home Page CA licensed under the Utah Digital Signature Act. Dunkel Certification Authority German CA. European Framework for Digital Signatures And Encryption Proposed EC framework for digital signatures and encryption. Florida Digital Signatures - Final Report Final report on the Florida digital signature guidelines. European ICE-TEL Project PKI for Europe Global Trust Register Global trust register for public keys in molecular form. GTE CyberTrust Home GTE CA. IAIK - ICE-TEL Information Service Austrian CA. IBM Registry and World Registry IBM CA and PKI products. ICAT Home Page Japanese CA. ICE-TEL Portuguese CA. ICE-TEL Certification Infrastructure European CA. IKS Zertifizierungsinstanz IKS CA. Individual Network IN certification authority. Installing certificates and root keys in Internet Explorer 3.0 & IIS 3.0 Instructions on installing certificates into MSIE. Introducing SSL and Certificates using SSLeay Nice introduction to cryptographic techniques, certificates, SSL, and SSLeay. Internet PCA Registration Authority IPCA public key. IPS Seguridad Spanish CA. Keyserver.de Web-based PGP keyserver. Keywitness Canada Canadian CA. Legislating Market Winners Paper which examines problems with existing PKI legislation. MA.US/ITD/LEGAL Massachusetts digital siganture and online commerce guidelines and information. MC Home Page The meta-certificate group (an alternative to X.509/PKIX-type certificates). OnWatch Service - Public Key & Security Ref. Bell Sygma CA. OpenPathCA Siemans CA toolkit. PGP Public Key Server One of several web-based PGP key servers. Politecnico di Torino: ICE-TEL Italian CA. Public Key Authentication Framework: Tutorial A tutorial on PKI. Public Key Infrastructure NIST's PKI information page - interoperability guidelines, PKI panels and overviews, PKI documents. Public-Key Infrastructure (PKIX) home page Home page of the PKIX working group. Public-Key Infrastructure Standards Slides from a talk on PKI standards and work in progress. Roger Clarke's PKI Position Statement PKI position statement including links to papers on the dangers of a PKI becoming a SurveillanceI. SEIS Secure Electronic Information in Society (SEIS) project in Sweden. SI-CA Slovenian CA. Signet ID Home Page Australian CA. SISCER Spanish CA. SoftForum Certifying Center Korean CA (all text is in Korean). SPKI Certificate Documentation Documentation and links for SPKI certs. SPKI Requirements Simple public-key infrastructure requirements. SSLEAY 0.8.1 and MSIE 4.0 X509 certificates Setting up an email certification environment with SSLeay and MSIE 4.x. SSLeay PKCS#12 patch FAQ Guide to hacking things so Netscape and MSIE will recognise certs generated by other software. Summary of Digital Signature and Electronic Signature Legislation McBride Baker & Coles summary of worldwide digital signature legislation. Telecom Italia Certification Authority Italian CA (in Italian). TradeAuthority General CA. UK Academic PCA UK CA. UNI-C PCA Danish CA. UNINETT Certification Authority - UNISA Norwegian CA. VeriSign, Inc. Major worldwide CA. Verisign Repository Information on digital ID's and certificates, certificate practices, and FAQ's. Weaving a Web of Trust Trust management on the WWW. WebVision Developers Corner CA toolkit and guide ("low-budget CA"). World Wide Wedlin CA Swedish CA. X.509 Sample Certificates Various sample certificates including oddball fields and types.
Random Numbers Aware Electronics Corp. PC Geiger counters (great random data sources). CME's Random Number Conditioning Page Information on sources of strong random numbers. Computer Generated Random Numbers Techniques for analyzing PRNG's. DIEHARD George Marsaglia's RNG test suite. HotBits: Genuine Random Numbers Build-it-yourself radioactive-decay based random number generator (perfect for Chernobyl residents). Ideas for an RNG_DEVICE standard Proposed standard for random-number generation devices. Lavarand! Random number generation using lava lamps. Noisemaker schematic Hardware RNG. Numerical Recipes Home Page CDROM contains ~1/4GB of random numbers. ORION RNG Serial-port hardware RNG. Protegrity Incorporated Cryptographically strong random number generator. Random Number Generation, Taygeta Scientific Inc. Papers and software for PRNG's. Random number generators -- The pLab Project Home Page Theory and practice of random number generation. Random number generators Analyses of hardware and software randomg number generators. Random Number Generators (RNGs) Web sites and references for RNG information, information on various PRNG's. Randomness Resources Resources on secure random-number generation and the problems of insecure random number generation. RBG1210 Cryptographically strong random number generator. SG100 Hardware random number generator. Using and Creating Cryptographic-Quality Random Numbers Randomness-gathering techniques. Wayne's Random Noise Generator PN-junction based hardware RNG sampled using a sound card.
Security Books, Journals, and Bibliographies, and miscellaneous short publications A Survey of The Electronic Payment Industry Brief survey of some of the major e-payment industry players as of early 1997. ACM Transactions on Information and System Security (Just a call for papers at the moment). Aegean Park Press Historical books on cryptography, intelligence, military history, and related topics. An Analysis of Security Incidents on the Internet 1989-1995 PhD thesis analysing 4,300 Internet security incidents. An Introduction to Cryptography Online book on cryptography (only the initial section is complete). ATDL US army field manuals, schools, strategies and systems. Authentication, Key Agreement, and Key Exchange Protocols Bibliography of key agreement protocols with links to authors and online papers. Bibliography of Molecular Computation and Splicing Sytems Bibliography on molecular computing, including attacking encryption systems using molecular computers. Block Cipher Lounge List of block ciphers, characteristics, and known attacks. CAST Encryption Algorithm Publications pertaining to the CAST encryption algorithm. CEE VAR News Central and East European Secure Systems Strategies (online security journal). CHACS Publications Centre for high-assurance computer systems publications. Charles Blair's Notes on Cryptography Number theory, public-key encryption, RNG's. Code Signing for Java Applets Howto for Java code signing for Netscape and MS products. Collection of Computer Science Bibliographies About 1000 CS bibliographies with around 800,000 references. Computer Science Technical Reports Archive Sites Links to sites which distribute CS tech reports. Computer Services : Administrator's Pages : NT stuff Installing a student-proof NT setup. Computer Virus Handbook Seven Locks' online virus handbook. Counterpane Homepage Bruce Schneier's "Applied Cryptography" information. Credit Card Transactions: Home Page Overview of CC terms and mechanisms, including discussion of various online CC processing methods. cryp.to -- The Cryptographic WWW Server Various PGP developers list archives. Crypt Newsletter Homepage Various reports from the computer underground on hacking, security, viruses, hackers, and related issues. Crypto Glossary Terry Ritter's crypto glossary (long). Cryptography Good overview of cryptography, digital signatures, certificates, and trust management. Cryptography and Number Theory for Digital Cash Introduction to crypto and number theory for digital cash. Cryptography: some important points for beginners Crypto FAQ for beginners. Cryptologia. Cryptosystems Journal Home Page CSL Bulletins NIST Computer Science Laboratory bulletins CSPP - Reports Computer Systems Policy Project reports, including several covering encryption and e-commerce. CuD "Computer Underground E-Publications - Top Level" Archive Cypherpunks Archive Index Cypherpunks mailing list archive. Cypherpunks Archive Searchable archive of the cypherpunks mailing list. Data Security by Design Designing buildings to thwart electronic eavesdropping. Dave's Crypto Index Collection of misc.papers and publications on crypto algorithms and implementations. David Wagner's Crypto Posts General cryptography, cryptanalysis, computer security. des-coding List Archive Archive of the des-coding mailing list. Design of LOKI97 Specification of LOKI97 cipher (AES candidate). e$ Home Page The e$ mailing list, information on digital cash clearing, digital bearer bonds, financial cryptography, and related topics. ECC FAQ Elliptic curve cryptography FAQ. EIT Creations: Secure HTTP Information on the SHTTP protocol. Electronic Surveillance Large archive of documents on electronic surveillance. Elliptic Curve Cryptography Tutorial on elliptic curve crypto. Elliptic Curve Tutorials Tutorial on elliptic-curve crypto. Encryption News Resource Page Encryption and security-related news stories. Enigma and Its Decryption Details on the Enigma machine and software simulators. Enigma and the Turing Bombe Description of the Bombe and bombe simulator. Enigma bibliography Entrust Whitepapers Entrust white papers and tutorials on security, encryption, certification. EPFL - LSE - Project CrySTINA Papers and information on the Cryptographically Secured Telecommunications Information Networking Architecture. Firewalls mailing list Firewalls mailing list archives. Foundations of Cryptography by Oded Goldreich Fragments of a book (4 of 10 chapters exist). GSM Network Security Description of GSM network security and encryption considerations. Hack-Tic Magazine Archive 1989-1994 Hack-Tic magazine archive (scanned images, in Dutch). Handbook of Applied Cryptography Information on the book (well worth getting). Heise News - Ticker News ticker which often carries crypto and security-related stories (in German). Historical Crypto Links Links to sites containing information on Enigma, Purple, Magic, and other WWII-era crypto. History of NSE Home Page Prehistory of public-key crypto from GCHQ. HTTP Security group of W3C W3C security resources. IBM Patent Server Home Page Access to over 2 million US patents, including many crypto and security-related ones IEEE Computer Security and Privacy IEEE Computer Society press online catalogue, security and privacy section. ietf-pgp-mime mailing list PGP/MIME RFC's and mailing list archives. ietf-smime mailing list S/MIME RFC's and mailing list archives. Info Security News INFOSEC: Homepage European Commission INFOSEC publication. Integrity Sciences, Inc. SPEKE password authentication Authenticated DH key exchange. Internet drafts Current internet drafts, including many security-related ones (but you really need to know what you're looking for). Internet Infrastructure Protection - DNS Security DNS security RFC's and sample code. Internet Legal Practice Newsletter Internet-related legal issues (relevant to electronic commerce). Internet Mail Security Alternatives Paper exploring and comparing different versions of S/MIME and PGP. Introduction to Crypto Systems Lecture slides from a seminar by Vinnie Moscaritolo. Introduction to the Use of Encryption Introductory overview to encryption systems. Introduction to Cryptography Ives Gobaus's easy introduction to cryptography. Java Security: Frequently Asked Questions Java security questions and issues. JIBC - Journal of Internet Banking and Commerce Electronic commerce, legal issues, EDI, etc. JILT: Home Page Journal of Information Law and Technology. JYA Crypto John Youngs collection of crypto links, mostly covering crypto social issues, laws, espionage, government regulation, and an amazing array of other interesting things. Keyed MD5 Papers on HMAC's. Keyserver Bibliothek Publications on PGP, PGP keys, digital signatures, and crypto politics (most in German). Kryptologie I - Material Information and programs for breaking historical ciphers (monoalphabetic and polyalphabetics, transposition ciphers. Lawries Cryptography Bibliography Searchable index of over 800 crypto and computer security articles. Linux Security Home Page. Linux security information. Mac Crypto - Info Mac-Crypto conferences and digests. Mach5 Software Cryptography Archives Overview of crypto, catalogue of crypto algorithms. Micropayments on the Internet Overview of various micropayment schemes. Microsoft CryptoAPI mailing list archives. NameBase Book Index Reviews of books on intelligence agencies, high-tech, military, and a potpourri of government agencies, drugs, elites, big business, organized crime, terrorism, US foreign policy, and so on. NASA Technical Report Server (NTRS) NASA tech reports search engine. Network Computing Various articles on encryption from Network Computing magazine. Network Encryption - history and patents Patents on network encryption. Network-1 White Papers Various white papers on firewall design. New Zealand Digital Library Bibliogaphy/tech report/FAQ searchable index. NSA to NARA OPENDOOR Bibliographic Index Index of NSA declassified documents. NSA/X31 Documents NSA firewall-related documents and firewall performance tests. NSAM-160 Scanned copy of declassified 1960's memo on NSA public-key encryption research. NSG Publications IBM Network Security Group publications. NT Domain Authentication NT/CIFS domain authentication specification. NT Security - Frequently Asked Questions version NTRU Cryptosystems Home Page Another new PKC. On Distributed Communications 1964 RAND paper on secrecy and computer security. OpenBSD Security OpenBSD security advisories and information. OSS ASN.1 Resources ASN.1 whitepapers and resources (ASN.1 is used in various security standards). Overview of Certification Systems Comments on various certification and certificate management systems and methods. Patent Database Access Search the US patent database for crypto patents. Permissive Action Links Technology used to control US nuclear weapons. PGP Attack FAQ List of potential problems in PGP. PGP 5 Users Guide Online guide to PGP 5.0 PGP Quick Reference Command reference card for PGP. PGPfone Mailing List Archive Phrack Magazine President's Commission on Critical Infrastructure Protection. Various US government agencies look at Jobsec^H^H^H^HInfosec. Prime Page (An Index of Information on Prime Numbers) Everything you need to know about prime numbers. RSA Labs Frequently Asked Questions Frequently asked questions about encryption algorithms, techniques, protocols, and services. RSADSI'S Art Gallery Cool crypto-related pictures. Secret Code Breaker: The Books Books on breaking various historical ciphers. Secure Books: Protecting the Distribution of Knowledge Protecting electronically published medical books, including problems experienced with the X.509 PKI in practice. Security Handbook Seven Locks' online security handbook. Security Issues in WWW Various WWW security issues. Security Policy Models Descriptions of various security models (only partially complete). Security Protocol Workshop'97 Preprints of papers from the workshop. SET Good, thorough coverage of SET and secure card-processing issues. SET Journal Journal devoted to SET and SET implementations. SET Protocol: Business Implications and Implementation A good general overview of the implications of SET. Shahram (publication) Linear cryptanalysis of DES (MSc thesis), various papers on hash functions. Shake Security Journal Online security journal covering various computer security issues. Scrambling News Satellite TV scrambling and descrambling methods. Search Security Bibliography Retrieve documents from a large archive of crypto/security papers. Secure Electronic Mail Overview of secure email and secure email technologies and standards. Selection of Computer Science Bibliographies Crypto and security-related bibliographies (conferences, journals, papers, and tech reports). Signing Applets for Internet Explorer and Netscape Navigator Overview of code signing. Signing Code with Microsoft Authenticode Technology Microsofts online code signing docs. Smith's Internet Cryptography Site Chapter outline pages include links to crypto-related publications and resources. SNDSS'96 Symposium on Network and Distributed Systems Security (SNDSS'96) proceedings. Springer-Verlag New York Publishers of LNCS (crypto and security conference proceedings). SSL Pipermail Archive ssl-talk mailing list archive. SSL-Talk FAQ The SSL discussion list FAQ. Survey: corporate uses of cryptography Survey of corporate applications of and attitudes towards encryption. Tasty Bits from the Technology Front Free technology newsletter which includes coverage of encryption issues. Technical Papers at Psionic Software Systems Inc. Covert channels using TCP/IP (including source code). Technical Report Archives in Computer Science (By Institution) Links to tech report archives at various universities. Technical Reports Search Service Search engines for tech reports, theses, conference proceedings and books held at universities worldwide. Technology and Society Book Reviews Reviews of books covering technology, privacy, commerce, security, and the law. The Collection of Computer Science Bibliographies Large collection of computer-science-related bibliographies, including encryption and security issues. The PDF Encryption Format TSI International Electronic commerce and EDI resources. UCL Crypto Group - Call for papers CFP's for conferences, including crypto and security conferences. UCSTRI -- Cover Page Unified computer science tech report index. Underground Cool book on hacking in Australia. Understanding X.500 - The Directory Online guide to X.500 (HTML version of a book on X.500). United States Navy EKMS WebPage Key management.systems as used by the US military. USENIX Conference Proceedings Includes material from Usenix security conferences and symposiums. USS Pampanito - ECM Mark II Electronic Cipher Machine (SIGABA) details. Verifying Security Protocols Using Isabelle Various papers on verifying security protocols. Wim Van Eck van Eck/TEMPEST eavedropping. Workshop on Selected Areas in Cryptography (SAC) Proceedings of the SAC conferences (abstracts only before 1996).
Security Standards, Laws, and Guidelines A Guide to Understanding Data Remanence in Automated Information Systems ACSI 33 Security guidelines for Australian government IT systems (typical unclassified-level security guidelines). Advanced Encryption Standard (AES) Development Effort NIST's AES home page. An Analysis of PGP's Trust Model ATM Security Page Asynchronous Transfer Mode security standards, products, publications, and work in progress. Außenhandelsgesetz - Dual Use Güter Austrian (EU-derived) export restrictions. Australian Controls on the export of Defence and Strategic Goods Canadian Cryptography Canadian government position and information on cryptography. CAVE encryption algorithm The (deliberately crippled) US cellular phone "encryption" algorithm. Commercial Encryption Export Controls ITAR (under new management). Common Data Security Architecture Intel's proposed API for adding an encryption/authentication layer to Windows systems. Computer seizure guidelines US federal guidelines for searching and siezing computers. Computer Security Objects Register NIST security-related object identifier registry. CSP Designators Crypto designators for WWII-era and early postwar comsec gear. DAP Malaysia National Homepage Malaysian computer crimes, digital signature, and telemedecine bills. DCE Security DCE security specs and literature, DCE security program group and research efforts. Digital Signature Guidelines ABA Digital Signature Guidelines Draft UNCITRAL Draft UN law on electronic commerce. Export Administration Regulations (EAR) Latest version of the ITAR (which became the DTR, and now the EAR). ECMA Standards (Blue cover) EDI Security An overview of EDI security. EDIFACT Security Implementation Guidelines EDIFACT security... dear oh dear. Electronic Commerce, EDI, EDIFACT and Security Internet electronic commerce security (PEM, PGP, SHTTP, S/MIME, SET, SSL, etc), EDI security (X.12, EWOS), EDIFACT security, other EDI and EDIFACT standards. EMV sets standards for global integration of Chip cards Standards for smart cards. smart card terminals, and applications. Excerpts from the Export Control List of Canada The sections which apply to crypto software/hardware. Extensions to PGP Key Format Extensions to the PGP key format for PGP 5. FIPS Home Page Federal Information Processing Standards (including many crypto standards). German Digital Signature Law Draft of the law with related press releases and information. GSM Security and Encryption Overview of GSM security and encryption. r³ security engineering ag, Information about IDEA cipher Details on the design and development of IDEA. ICE Home Page The Information Concealment Engine block cipher. IEEE P1363 RSA, Diffie-Hellman, elliptic curve, and related public-key cryptography (P1363) ietf-open-pgp mailing list PGP standardisation mailing list, RFC's, and archives. Information Technology Security Branch RCMP IT security bulletins and information. Internet drafts RFC drafts. Internet Mail Standards Including S/MIME, PGP/MIME, MSP security in MIME, simple authentication and security layer (SASL), and mail ubiquitous security extensions (MUSE). IESS Specs Intelsat specs - roll your own Echelon. IP Security Protocol (ipsec) Charter IPSEC drafts and RFC's. IP Security Working Group News IPSEC specifications, drafts, related drafts, mailing list archives, and implementations. ISAKMP and Oakley Information Internet security association and key management protocol information. ISO SC27 Standing Document 7 Abstracts for various ISO security standards. ISO Standards X.400, 500, 600, 700, 800. Get 'em quick before the ISO forces them offline. ISO-IEC-9594 X.500 standards (including X.509) as Postscript files. IT Baseline Protection Manual BSI (German NSA) infosec manual. ITU series X Recommendations - Data networks and open system communication This includes X.400 and X.500 security-related standards. Note that you can get a lot of these free elsewhere if you know where to look (check some of the links on this page). Maßnahmenkataloge zum Gesetz zur digitalen Signatur BSI guidelines for implementing the German digital signature law (algorithms, protocols, and services). MEDSEC EU medical security and privacy project. Microsoft Security Technologies Authenticode, CryptoAPI, SSL and PCT, SET. Netscape Certificate Extensions Specification Netscapes private extensions to X.509. NIST Computer Security Standards FIPS and NIST special publications NIST's DES Validation List List of NIST-validated DES implementations. NT Security - Frequently Asked Questions OECD Draft Guidelines fpr Cryptography Policy Leaked copies of the OECD crypto guidelines. OECD guidelines comments Stewart Bakers comments on the creation of the OECD crypto guidelines. OID assignments from the top node Play the ASN.1 object identifier game! See if you can find an OID for the algorithm you're looking for (and if not, invent your own). Win magnificant prizes, etc etc. Open Systems Environment Implementors Workshop You may be able to find bits and pieces of X.500 (including X.509) information here which are a lot more up to date than the ISO/ITU ones. PKCS RSADSI Public Key Cryptography Standards. Public Key Infrastructure References Public-key infrastructures (X.509, X-509-related, RFC's, other documents). Rainbow Books The DoD rainbow books and other security publications. RFCs about Security: Sorted by Titles Security RFC's sorted by title (also available sorted by number and author(s)). Security & Electronic Commerce X/Open security, DCE, and GCS-API. Security- and Privacy-Related Standards A list of (mainly ANSI) security-related standards. Security Guidelines Australia/NZ GOSIP security guidelines. Security Multiparts for MIME Various security extensions for MIME. Security Standards Catalogue of international security-related standards and standards organisations. Security Technologies Microsofts security standardisation efforts. SET (Secure Electronic Transactions) SET message definitions. SET Electronic Commerce SET standards, and updates. Software Industry Issues: Digital Signatures Links to various digital signature law initiatives. Source Code Review Guidelines General guidelines for writing security-conscious code. Spyrus Support MSP/CSP specs. SSL 3.0 Specification SSL 3.0 spec (online version and as a PS file. Technical Advisory Committee to Develop a Federal Infomation Processing Standard for the Federal Key Management Infrastructure US key escrow standards working group. Technical Security Standard for Information Technology (TSSIT) RCMP security standard. Teletrust Algorithmenbeschreibung Teletrust security architecture algorithms specification. Teletrust Deutschland e.V. Industry group/standards body formed to support security and authentication in communications. Page requires Java to be enabled to work. The Wassenaar agreement. The successor to COCOM, which restricts movements of dangerous technology such as biological, nuclear, and chemical weapons, missiles, artillery, and encryption software. TNO-FEL: Common Criteria Common security evaluation criteria. Transport Layer Security (TLS) Working Group Home page of the TLS WG. Unix secure source code checklist AusCERT checklist for programmers writing security-conscious Unix code. Wassenaar Arrangement The Wassenaar Arrangement as obtained from leaks or freedom-of-information lawsuits. Wassenaar Arrangement - US control lists The Wassenaar control lists as crowbarred from the US State Department by an FOIA request. What is DMS? The Defense Messaging System - like X.400 and X.500, but not as simple. Windows Cryptosystem Guidelines Security guidelines for encryption under Windows. WWW-Security Reference page Internet standards bodies, HTTP security proposals, IETF working groups, Internet standards, mailing lists. X9 Home Page ANSI X.9 standards (including crypto standards).
Algorithm benchmarks: Relative speeds of a number of encryption and hash algorithms.
AT&T PathServer: PGP web of trust tracing server.
Bletchley Park Home Page: Visitors guide to Bletchley Park.
Bob Tinsley's Steganography Pages: Steganography papers and ideas.
DigiCrime, Inc.: Online links to digital crime, blackmail services, encryption key cracking, airline rerouting, internet shoplifting, e-cash laundering, alien mind control, etc etc.
GISUM. Information Security: University of Malaga infosec group.
Information on VideoCrypt Hard/Software
JANUS: Anonymity for WWW content providers.
KL7/KWR37 Crypto Units: Descriptions and photos of the KL7 and KWR37.
KuesterLaw Technology Law Resource: Technology and IP law resources.
Matt's Unix Security Page: Unix and Internet security papers, security software, links and miscellaneous items.
Microsoft Security Advisor Program: Microsoft's interpretation of security (see many other links on this page for everyone elses interpretation of Microsoft's security).
NSA Crypto Museum Photos
Payment, Security & Internet References: X9.59 electronic payment-related references.
Prime number verification via ECPP: Bignum prime number verification via a CGI script.
Pseudoprimes/Probable Primes: Papers on prim

Security and Encryption-related

Crypto Link Farms

Crypto FTP Archives

Crypto Social Issues

Crypto Software

Miscellaneous Security Items

Cypherpunks and Cryptorebels

Public Key Infrastructure

Random Numbers

Security Books, Journals, and Bibliographies, and miscellaneous short publications

Security Standards, Laws, and Guidelines