Books
similar text books: Kaufman's Network Security, Private communication in a PUBLIC world or Pfleeger's Security in Computing
Schneier's Applied Cryptography
Menezes' Handbook of Applied Cryptography (much is online too)
Stinson's Cryptography : Theory and Practice discrete mathematics
Spafford's Practical UNIX & Internet Security
historical crypto, David Kahn's The Codebreakers or Singh's The Code Book
Miscellaneous links
Gutmann's crypto tutorials
ftp site of ssh for unix and an ssh for windows or secureCRT or a java ssh client
MIT's pgp distribution or foreign pgp
GNU's gmp manual pages multiprecision arithmetic library
Yahoo's hacking in the news
Counterpane's extensive online crypto papers
sci.crypt's FAQ RSA's cryptography FAQ
DigiCrime decrypting service
newgroups: sci.crypt comp.security.unix comp.security.misc comp.risks
Tom Dunigan's UTK/CS security course CS594, and Fall '96
NIST computer security and resources/conferences
Yahoo Security and Encryption and hacker news
newgroups: sci.crypt comp.security.unix comp.security.misc comp.risks
IACR J. of Cryptology including Cryptoxx and "Fast Software Encryption" conferences proceedings
Cryptosystems Journal and the American Cryptogram Association ACA
Information security magazine
UNIX security USENIX see conf. proceeding for security '99 and conference papers
National Information Systems Security Conference and '97 proceedings and '96 proceedings and '98 papers
conferences and call for papers CFP
ACM SIGASC
Annual Computer Security Applications Conference
Popular Cryptography journal of Internet privacy
Internet Security Review and SANS
Schneier's cryptogram
opensec open security solutions
DigiCrime decrypting service
MIT's pgp distribution
the PGP documentation pgpdoc1.txt and pgpdoc2.txt or html/postscript versions
beginner's guide and pgp4dummies and tip sheet
PGP 2.6.2 docs vol 1 essential topics, vol 2 special topics, vol 3 file formats
GNU's gnupg no RSA/IDEA
another PGP page and different version interoperability
alt.security.pgp news a FAQ
ESnet PGP key server and ESnet PGP key ring
PGP 2.6.2 FAQ, Buglist, Fixes, and Improvements
PGP attack FAQ or PGP attack FAQ
PGPfone and time stamp service and pgptalk
web of trust analysis and The PGP Trust Model
SLED/Four11 key CA, for public key issues see Verisign FAQ
PGP Distribution Authorization Form
BAL's WWW Home Page -- HTTP Version
passphrase usage and passphrase faq
PGP Inc and and PGP International
randomness of IDEA keys in PGP
smime info s/mime
S/key ISOC paper (postscript, 74K) and RFC1760 and S/Key docs
logdaemon and wrappers includes BSD UNIX skey stuff or was here
winkey windows client
opie/skey ftp probably most portable implementation (linux, sunos, hp, irix, aix)
S/key ftp archive Sys V UNIX, PC, MAC, skey and skey archives (Bellcore)
skey vulnerabilities (there is also an skey crack program MONKEY, dictionary brute force) and maybe try here or here
SecurID ... Axent Securenet SNK ... Enigma Logic ... CRYPTOCard ... ActivCard
white paper on vulnerabilities of SecurID and a rebuttal
CERT's info on one-time passwords
CSI's single sign-on products
Xskey and a more secure keyinit ftp
SPEKE Strong Password Authentication and Bellovin's EKE
or consider these secure session services ssh or SecureCRT or srp or kerberos or stel or SRA telnet or SSL telnet or SPX or deslogin
Kerberos info and a nice paper
CMU Kerberos page and MIT's Kerberos page and ISI's Kerberos page
Athena Kerberos docs and papers (ftp) and USENIX Kerberos paper (html)
RFC 1510 kerberos v5
cygnus KerbNet includes NT support
newsgroup comp.protocols.kerberos and a FAQ and a Mailing List
Kerberos in windows 2000
eSS (Generic Security Service API) RFC's RFC2078 v2 and SPKM or older RFC1508 and RFC1509 and IETF CAPI info
GSS api v2 C bindings
U of Il's Java GSS API
CDSA Common Data Security Architecture
TIS info on Crypto API's and ICE
SSL Secure Socket Layer from Netscape and SSL specs and SSL FAQ and a protocol overview
Eric Young's crypto page and
SSLeay ftp and FAQ and programmer ref
https and http performance and see Infosecurity mag. 10/99 and ipivot ssl front end
Java's JSSE secure sockets extension (SSL)
TLS ssl, the next generation, transport layer security
FGInt rsa, elgamal, dsa, source
pct private communication technology protocol
stronghold secure server and apache
ssh has a nice API
CryptoLib info from Bell Labs
RSA's BSAFE toolkit
crypl110.zip Peter Gutmann's SFS cryptolib BLOWFISH, DES/3DES, IDEA, RC4, SAFER, MDC/SHS
Microsoft's CryptoAPI
Rivest's RC6
Eric Young's libdes
TEA Tiny Encryption Algorithm and key shedule weakness leading to XTEA
CAST or RFC2144 and crypto algorithms
cryptix java crypto lib
another java crypto lib iaik
PKCS Public-Key Cryptography Standards, #11 is crypto-token API (cryptoki) also here
crypto software good stuff
crypto algorithms and crypto crypto performance ciphers, hashes, CRCs
Wei Dai's Crypto++ C++ API cryptlib, including AES candidates and panama
java 1.2 crypto architecture API and specs examples
java 1.2 java.security or java.security tree and java.security.interfaces and the jce cryptography extension and jce api and cryptix crypto lib
Java's JSSE secure sockets extension (SSL)
signing java code from Securing Java book
Gutmann's cryptlib and PRNG's for various OS's
Crypto Kong win95/nt
comparison of crypto libs
classical crypto routines and a vigenere applet
big integer software
gnu's GMP multiprecision arithmetic and also C++ Integer class Integer.h or Java's BigInteger or BSD's mp library mp.h or perl Math::BigInt
GNU's Multiple Precision Library software and gmp manual and speed tables
lidia C++ library for computational number theory and source and ntl number theory library
elliptic curve cryptography
Certicoms excellent tutorial
ecc '99 conference
RSA's elliptic curves cryptosystems and what are elliptic curves
elliptic curves bibilography and RSA's Elliptic Curve Cryptosystems (pdf) Key exchange with elliptic curves and elliptic curve software
menezes's page ECC and CACR and tech reports
Certicom ECC standards and X9.62 and X9.63 and a FAQ
ECC challenge ECC2K-108 broken
Rosing's book Implementing Elliptic Curve Cryptography sources
elliptic curve cryptography software or here
INRIA's break of 97 bit ecc
random numbers and P1363 info and P1363 ftp and random number conditioning
RFC1750 random numbers
Ritter's randomness links and randomness tests
/dev/random and random.c info also see Gutmann
Maurer's Universal Statistical Test for Random Bit Generators MUST and C source
Wagner's page or netscape randomness
PGP 5.0 weakness in random number generation
attacks on random number generators and yarrow
prng info R250
cryptographic noise Noiz and friends
Gutmann's software generation of practically strong random numbers pgp and /dev/random
Intel papers and RNG FAQ and stat tests for RNG on Pentium III 802 chipset and a white paper and inteface specs
review of intel RNG on 810 chipset
RSA paper Hardware based random number generation
hardware RNG or here and newbridge or here or SG100
hifn's hifn.com PKI board and hardware RNG
using lava lamps for random numbers, lavarand (BBS, sha)
paper on testing pseudo random number generators and other info
diehard test PRGs
FIPS 140-1 has some rng tests too
monte carlo estimation of pi applet
prime numbers
prime number page and largest primes and Mersenne Primes
prime number info and more and a history
Rivest's Finding Four Million Large Random Primes (dvi)
cryptography.org crypto software
Secure telnet stuff includes deslogin or ftp which requires a DES key data base at the server and STEL which uses skey, DES/IDEA, and Diffie-Hellman. STEL source
Taiwan's secure telnet/rlogin/ftp uses key server, des
SRA telnet/ftp uses Secure RPC's D-H code to encrypt authentication
Secure Shell ssh and a FAQ and ssh-1.2.26 and ssh for PC
getting started with ssh or guide for using ssh on pc
Ylonen's ssh paper
free pc ssh or another or another or one with source or another
free teraterm windows/ssh client or SecureCRT or putty
java ssh applet or mindterm java ssh client
more ssh links clients and such
ppp over ssh vpn
ssh2 free development psst
nautilus secure net phone
Stanford's SRP Authentication and Key Exchange (EKE)
secure FTP or safetp
CFS and ESM Cryptographic File System (CFS) and Encrypting Session Manager (ESM) and cfs mailing list and swIPe
lightweight crypto tunnel for linux CIPE also see vpnd
keynoteTrust Management Toolkit
Sun's secure RPC
TCFS Transparent Cryptographic File System
DOS/Windows SFS Secure File System
linux file encryption or here PPDD
bestcrypt windows/linux disk encryption
RASP secure media
sigaba secure email
PEM Privacy Enhanced Mail and PEM rfc1421 and RIPEM info
MOSS MIME Object Security Services
links electronic commerce and ecash and cybercash and First Virtual and millicent and iKP and digital money tutorial
bigvine, lassobucks, confinity, flooz.com, beenz.com
MasterCard's Secure Electronic Transactions SET
ietf's internet open trading protocol and iotp draft
FSTC Financial Services Technology Consortium (electronic commerce, checking, fraud prevention)
SFNB's security CMW+
SecureWare CMW's and Trusted MACH TMACH and ORA's THETA
dtos NSA secure os
secure linux bastille
Argus PitBull also see HP's Virtual Vault or Trusted Solaris
eros capabilities-based secure OS
info on openbsd security
Jim Rome's CMW slides (pdf) and NIST CMW info
watch out for snake oil and a snake oil FAQ
Jetico linux/windows disk encryption and Cryptext or F-Secure Desktop or SecureWin or NT SHADE or scramdisk
other PC security
compaq's group atalla.com
TIS key escrow, moss, firewalls, fortezza, Trusted MACH
Secure Networks Ballista security scanner
crypto products and icsa
CSI Computer Security Institute (conference) and Trusted Systems and SANS network security
eracom and Information Resource Engineering (IRE) link encryptors (used by banks)
Schumann Security Software single sign-on, role based access (rbac)
COMSEC Solutions and premonition role-based access
Motorola NES and INES and Xerox XEU and Wang TIU or here and DEC's old DESNC zergo link encryptors
hifn hardware encryptors 7751 and compression or Rainbow's crypto accelerators or ncipher or chrysalis-its
3com's 3XP NIC IPsec acceleration 3cr990 (lpz gets 92 mbs w/ 3des)
HP's ICF international cryptography framework
OSF DCE security and IntelliSoft's DCE/Snare and DASCOM DCE
Intellisoft's DCE/snare vpn
Bellcore's VRA exportable file encryption
CORBA security and spec
UniShield and MITRE and Motorola
Elementrix POTP and Paralon LanKey
high speed security MCNC ATM and GTE's ATM FASTLANE encryptor KG-75 or Secant's CellCase and not so high-speed InfoGuard also Cylink's ATM OC3 encryptor and celotek oc12 atm ecnryptor
StorgeTek's ATLAS OC3 ATM security
cryptek B2 NIC and secure fax
Microsoft's Proxy Server
ISS and their links , includes a FAQ whitepaper
Safetynet Security and AntiVirus - Free Evals
CyberSafe and MOBIUS encryption tech and Hughes NetLOCK
cylink and AT&T hardware and software
network security scanners and scanner summary and Livingston's RADIUS
nessus security scanner
isolation.com 3DES encryptors
utimaco hardware disk encryption
SecureOffice 3DES for office
firewalls
firewall wizards archives and faq and links
YaHoo's firewall systems and firewall faq
network firewall notebook
The Firewall Report and a firewall products and review
NCSA Certified Firewall Products and ICSA's certified products
TIS firewalls ftp/fwtk and Gauntlet and Secure Computing's sidewinder and axent/raptor and firewall vendors
free t.rex and fwtk firewall toolkit
CheckPoint FireWall-1 and VPN and NSC's NetSentry and DPF
DataComm's firewall performance and CMP's review of 6 firewalls and another comparison
CSI's firewall product analysis
ultimately secure firewall and other firewall info
Ranum's Thinking about Firewalls and a firewall tutorial
DOMUS Firewall Penetration Testing and Haeni paper
firewalk filter probes and IP filter
firewalking probing firewalls
Ugate's firewall nat box or sonicwall or gnat box or SOHO2000 or macsense xrouter
signal9
personal firewalls
Win* ids/firewall network ICE or infoexpress or IFW2000
linux ipchains/ipfwadm firewall and firewalls paper
NIST site security and more firewall info and more info
SURF firewall paper and source
NEC's paper on firewalls and virtual private networks
wingate or here or socks proxy servers info on proxy servers
virtual private network encrypted IP tunnels / VPN
ORNL's virtual private network page (VPN) and tunnel performance data (PIX, PPTP, ipv6,netfortress)
Jain's vpn links papers, books
3com's 3XP NIC IPsec acceleration
more general VPN info and links/FAQ and more vpn links
Internet Week's vpn page
Network Computing's VPN review
Cisco's IOS security architecture and Cisco's PIX info and PIX's page encrypted links
Cisco's encrypting routers and TACACS info and spec
Gong's enclave paper. and TIS's DTE firewalls
Point to Point Tunneling Protocol (PPTP) and microsoft pptp info and here or here win95
PPTP specs
pptp for unix linux
l2tp is combo of pptp and l2f layer-2 forwarding
Microsoft's Windows 2000 VPN
CHAP and PAP (PAP sends passwords in clear) MS-CHAP
ppp over ssh vpn
PPTP vulnerabilities and update and evaluation
Cisco's L2F tunneling protocol, combined with PPTP gives you L2TP.
NetFortress and DEC's altavista tunnel and network-alchemy.com
InfoExpress VTCP/Secure and UUNET's LanGuardian
DIGEX Virtual Private Networks and Hughes NetLOCK
IBM's SecureWay and Internet Security and IBM network security group
Datamation's VPN article
c2.org's SafePassage Secure Tunnel
smart cards
smart card security page
datakey des/rsa smart cards (specs), STU-III and info on smart tokens and telequip
smart card intro
Bellcore smartcard and Litronics
smartcard interface defn
smartdisk or RSA's info or safeboot or SmartDisk Security Corporation
IBM's cryptocards
FORTEZZA
June 1998 KEA and SKIPJACK declassified KEA and SKIPJACK specs (pdf, 819K) and annex (pdf, 411K) test vectors
Clapp's stream cipher similar to SKIPJACK?
SKIPJACK analysis
FORTEZZA approach and LOCKout and Spyrus FORTEZZA hardware
FORTEZZA developers info
lots of FORTEZZA and capstone info Rainbow's FORTEZZA Kocher's FORTEZZA info
SecretAgent AT&T FORTEZZA
FORTEZZA and Mosaic and MISSI info
NIST's clipper chip info
FORTEZZA and Netscape and Clipper chip info
Denning's KEY ESCROWING TODAY
Message Security Protocol (MSP) spec and use with FORTEZZA (WORD docs ) and Xerox SDNS MSP info
Certification Authorities CA and PKI
vasco roaming certificate
Eurosign CA and another CA GTE's CA or CyberTrust COST CA Xcert CA Thawte CA RSA's keon or wildid
certification authority (CA) info and more info and IETF X.509 pkix, public key infrastructure (PKI) and RFC1422 and RFC1487 LDAP
NIST's PKI info
IEEE P1363 PKI standard
Gutmann's X509 style guide
SPKI and Rivest's SDSI 1.0 and S-expressions
OSF DCE and public keys and DCE and Fortezza
Sesame and Germany's SecuDE or here
BBN SafeKeeper in RSA's certificate signing unit CSU
Trusted Third Parties in Electronic Commerce
13 reasons to say no to PKI or looking for alternatives to PKI
government services and projects
FIRST and CERT and its ftp archive
FBI's national infrastructure protection center cybernotes NIPC
DoD's disa Multilevel Security program
dragonfly in-line encryption
DoD's Orange Book or here or rainbow series and a summary and Trusted Product evaluation lists and an A1 system Gemini
UK's itsec certification e0-e6
NIST's latest common criteria product certifcation
Multics page and info on timing channels
Red Book NCSC's trusted networks
NRC's Cryptography's Role in Securing the Information Society and full report
NACIC national counter intelligence
Network Encryption history and patents
FIPS 140-1 SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES and testing
FIPS 186 DSS and FIPS 46-2 DES and FIPS 180 SHS SHA
FIPS 191 LAN security
security standards X9* and info on crypto standards or here like iso ietf
s/mime pkcs ssl standards
security protocols overview IPsec, ssl, tls, s/mime
Federal Internet Security Framework draft document by the FNC's Security working group Collaborations in Internet Security
NIST Advanced Encryption Standard (AES) and winner is rijndael and rijndael page and source code round 2
rijndael page with diagram
square cipher forerunner to rijndael
AES proposals and performance and source code and round1 comments
US Crypto Policy EES, ACM 1994
European's AES follow on nessie
IP security
IETF Internet drafts or here or Internet drafts (UK)
IETF security info and IPsec info including Oakley, SKIP, Photuris, ISAKMP, HMAC and ipsec archives
Timestep's IPsec whitepaper
ipsec/ipv6 implementations 10/97 or here
NIST's Linux ipsec and JI's LIPsec
companies implementing IPsec
Bellovin's IP security shortcomings and Plaintext Cryptanalysis paper and MS-DOS implementation paper
NRL's PF_KEY raw socket key mgt.
key mgt for IP: SKIP and ISAKMP and Photuris and SKEME
S/WAN secure IP consortium or RSA's S/WAN page and cygnus swan
linux swan implementation
skip.org SKIP implementations
internet authentication rfc1704
IP Authentication header RFC1826 and IP Encapsulating Security Payload RFC1827
also see IP security architecture RFC1825 IP authentication with MD5 RFC1828 DES-CBC for IP RFC1829 keyed SHA RFC1852
NRL implementation of IPv6 security or here
Japan's IPv6 KAME project
DESX Kilian/Rogaway protecting DES against exhaustive key search DESX
DNS security and Internet draft
secure DNS ISC bind
SNMP v3 security and Stalling's article and keychange
historical: SDNS OSI NLSP TLSP sp3 sp4
key escrow
Clipper key escrow, and Fortezza (Denning)
FIPS 185 Escrowed Encryption Standard (EES) and Clipper pointers
encryption policy and NRC's recommendations
TIS's RecoverKey and Commercial Key Escrow CKE
Cylink's CyKey (pdf) key recovery
Denning's A Taxonomy for Key Escrow Encryption Systems and Descriptions of Key Escrow Systems
European govt's and key escrow
Sobirey's list of IDS systems
ICSA's ids buyer's guide
NIDS faq
Data Comm's ids comparison slides and infoworld's review
intrusion detection made simple
UC Davis and their CIDF and Frank's feature selection or artificial intelligence and intrusion detection
UNM security group
annotated bibliography and ids bibliography
emerald's live traffic analysis
Coast projects and their autonomous agents and their ids page
SDSC's security projects PICS
saint jude kernel-level IDS to protect a host
Deception Toolkit honeypot or honeypot or honeypot or touches
Defending a Computer System using Autonomous Agents
Forrest's computer immune systems for IDS
SAIC CMDS projects Ranum's network flight recorder nfr and paper
Wietse's tools and papers and his new site and CIAC's tools and CERT tools
info on and archives of ids news group, majordomo@uow.edu.au
Performance Benchmarking of UNIX System Auditing and Coast's unix tools swatch...
Ptacek's eluding network intrusion detection and vulnerabilities of IDS's
intrusion detection misc and shootout and tcpdump use
LLNL has NID LANL/Sun has NERD and LANL's NADIR other DOE tools and there is an AIS alarm system
SRI's NIDES or another NIDES or EMERALD or SRI intrusion detection
CMU's ids info and statistical-based ids
using cisco's netflow data for intrusion detection host profiles
rowland's abacus project and portsentry or ngrep or tcpshow
windows inzider port to process association
USAF's DIDS or Navy/Marine ICE-PICK
ISS's RealSecure or Wheelgroup's NetRanger
TIS's stalker
ProWatch Secure or abirnet's sessionwall
network general's cybercop and cybercop FAQ
En Garde's T-sight manual intrusion detection
monitoring tools Argus tcpdump or tcpdump.org ethereal and for windows tcpdump windump netlog INTOUCH INSA
Axent's Intruder Alert or MimeStar
IDS tester replay tcpdump's
DARPA intrusion detection evaluation
mjr's host burglar alarms
CERT's intrusion detection check list and recovering from a root compromise
CERT advisories and CIAC bulletins and ISS xforce alerts and NIPC's warnings
CERT incident stats and a paper
Mitre's cve common vulnerabilities
Yahoo's hacker news and SANS newsbites and securityfocus news
information warfare and another and another and another and another and another and a bibliography
iwar.org.uk information warfare
info war IASIW and Libicki's What is information warfare?
TIME's ONWARD CYBER SOLDIERS ( or local copy) and Commando Solo and America Under Attack
NSA's cyber-attack and moonlight maze
CNN's cyber terror or here or here
DARPA's information survivability
Wired's cyberwar 2002 feb '98 issue
infowar.com or NSA's operation Eligible Receiver
PC week's hack invitation 10/99 and here
threat info CNN's internet insurgency includes a timeline
Open Computing cover story(s) and a Security Timeline and a survey
Threat Assessment of Malicious Code and Human Threats
risk management software review or risk assessment
Winkler's USENIX '95 social engineering and industrial espionage social engineering
war dialer's hammer.com or Sandstorm PhoneSweep or telesweep or THC-SCAN
ISS's vulnerability database
info from Berkeley on ip spoofing and endpoint/nfs vulnerabilities (10/11/95)
stack attacks buffer overflows and on DEC unix and a paper
phrack bypassing stackguard stackshield
idle scan stealth
tempest electromagnetic emissions and tempest links and van Eck radiation and here
takedown Mitnick/Shimomura, also TIME's article and details on attack
satan FAQ and satan info and SATAN tool page and courtney
saint network scanner
NT/win95 satan-like tool ogre scanner
nmap port scanner and OS profiler queso
Network Computing's review of security scanners 7/15/98
IIS rds exploit
Ranum's Taxonomy of Network Attacks slides (also here)
session hijacking
SYN flooding panix and technical details and Sun patch info and Cisco TCP intercept and syn cookies
info on smurf attacks and land attack
naptha various TCP denial of service attacks
countermeasure backtracking DoS (denial of service) dostracker or dostrack or centertrack or pdf
Cisco's tracking packet floods using cisco routers
win* patch for teardrop attack linux teardrop
distributed denial of service stacheldraht or trinoo or tfn tribe flood network or tfn2k or Cert's denial of service tools
CERT's denial of service workshop pdf
ICSA's info on ddos
hackernews article on denial of service attacks
Cisco info on distributed denial of service attacks
email anti-relay or here forwarder, mail relay
mimesweeper content security and malicious data
MCI's TCP/IP security checklist
Stoll's Stalking the Wily Hacker
L0pht computer underground
US News hacker article June 97
common network ports used by hackers, or trojan ports
denial of service attacks RFC1636 and doshelp.com ports and exploits
Wietse's guide-to-cracking and cracking software
Muffets crack Unix password cracker
password crackers john the ripper and password tools
NT password cracker l0phtcrack and re-setting NT passwords
BIOS passwords -- many vendors have backdoor passwords in their BIOS, visit here or here or PC hacking faq or here
AccessData cryptography and password recovery and more password recovery
trinux bootable sniffers
sniffers and a sniffer FAQ or here and sniffit
sniffer detector antisniff and sniffer bait
UC berkeley sniffer detection paper and a sniffer detect faq
dsniff aritcle sniffing on switched net (also read about hunt) and dsniff
cold sniffer
unix exploits and script kiddies
En Garde's IP-watcher
windows 2000 sniffer natas sources
keyboard sniffers and revelation display password behind asterisks on win* or hardware or hardware
Muffet's WANhack doc and slides
X security and Unix security software (rootkit,xkey.c), links, and here (info on xauth and mxconns)
SyMark Unix security packages
white paper on vulnerabilities of SecurID
8lgm adivsories and Secure networks papers and advisories
alt.2600 FAQ or ftp or www.2600.com and PHRACK or www.phrack.com or www.phrack.org
security/hacking software packetstorm or rootshell or hackernet or elitehackers or undernut or anticode by OS or bugware or here or unix exploits or ADM exploits adm
antionline and or hacker news a hacker faq or self-evident and exploits
antionline's hacker profiling hacker profiles
exploits shokdial unix war dialer
hacked pages archive
hack FAQs NT, web, netware
bnc irc proxy
rootkit and more hacker files and here and here and here
A Portrait of J. Random Hacker
Hacker'z Blood and underground archive and hacker's tools
Yahoo's hacker page
First Virtual's keyboard sniffer attack
security of cable modems
viruses
history of viruses and more virus info
viruses and more virus info including newsgroup FAQs
McAfee info or F-Prot info or Norton AntiVirus or Dr Solomon or NIST virus info or IBM's antivirus or avertlabs
Sophos anti virus
TrendMicro's antivirus.com email scanner
NH&A anti-virus, security and network management software
CIAC's virus database
UNIX viruses and Bliss and scanner
netbus trojan horse like back orifice BO2K
good times virus hoax and other computer virus myths and internet hoaxes and urban legends
cryptanalysis
Timing attack or Kocher's page and RSA's response
Bellcore's stress attacks on tamper proof devices and DES
DVD cracker 11/99
Intel's HDCP high bandwidth data copy protection
EFF's DES cracker or Shamir's twinkle sieve or here or twinkle paper or FPGA DES
Differential Cryptanalysis of Madryga
Differential Cryptanalysis of REDOC III and see Shirriff
breaking DES or Wiener's other cryptanalysis files
DES and DFA differential fault analysis (smart cards) or Design Principles for Tamper-Resistant Smartcard Processors
Kocher's differential power analysis (smart cards)
Breaking DES Using a Molecular Computer and Adelman's seminal paper Molecular Computation of Solutions to Combinatorial Problems
Shor's Algorithms for Quantum Computation discrete logs and factoring
MIT/Stanford quantum computing or qubit.org
quantum computing or here or here
Architectural considerations for cryptanalytic hardware
Allies' decryption efforts during World War II and enigma/purple bibliography
PBS's decoding nazi secrets
Netscape's security overview and data security
Mosaic's user authentication tutorial .htpasswd .htaccess and setting up htpasswd and apache user authentication and FAQ
apache server security tips and secure server tutorials and setting up apache ssl server or apache ssl
What's a cookie or cookie info or rfc 2109 cookie rfc or cookies and privacy a cookie example
WWW security and a FAQ and NCSA's web security
Internet Explorer Bug 2/27/97
NT IIS exploit 6/99
CGI security and a tutorial and another tutorial
Java applet security and a FAQ or security faq
More Java Security: Low Level Security in Java and bugs
Datamation article: Yes, Java's Secure. Here's Why
Princeton's Secure Internet Programming: News and web spoofing
Princeton's description of Java security problems
Sun's response to recent security problem: DNS Spoofing and Java
Netscape/Java security patch: Applet Security Manager patch
Second Java security bug: Digital Espresso (extract):
All reported bugs (above) fixed by Netscape: SECURITY ENHANCEMENTS IN NETSCAPE NAVIGATOR 2.01:
A new security bug: c/net Article:
Sun's response: Security Update:
applet net vulnerable and java security news release
Java security or Securing Java
Java encryption or at systemics or at phaos
Java security book or Security in Java 2 SDK 1.2
JavaScript security problem: RISKS Digest (extract)
ActiveX Exploder signed applet ( authenticode )
malicious mobile code consortium
NT security and ntsecurity.com and ntsecurity.net
online book Internet Security with Windows NT
Sheldon's NT security
Microsoft security and another and an NT security FAQ and NT password recovery
ISS' NT security or NT Security Risks and article
trusted systems nt security
NT security white paper and ntbugtraq
netbios CIFS whitepaper SMB vulnerabilities and rfc1001 and rfc1002
Windows 2000 security
RFC2196 Site Security Handbook
COAST Unix security, tripwire and Spafford's hotlist
Improving the security of your Unix system
Secure UNIX programming FAQ
A taxonomy of security faults in the Unix operating system (thesis)
Reliability of UNIX utilities or newer version
An Architectural Overview of UNIX Network Security
bugtraq archives or securityfocus.com bugtraq and bugtraq stats graphs
Wagner's computer security
computer security info
Sun's BSM basic security module audit or in answerbook
Tom Dunigan's UTK/CS security course CS594 and Fall '96
NYU security course and MIT/Rivest's '95 course and '96 course
list of online crypto courses and Rubin's list and Schneier's list
Stinson's Cryptography and Computer Security
Wagner's course with links to papers
CCNY's course good links
Popyack's course
oregon state's course
uppala's course
ADFA's course
LANAKI's classical crypto course
Gutmann's encryption and security tutorial
Oberlin's CS115 Cryptology classical cryptology
UC Davis: Modern Cryptography (Phil Rogaway)
MIT: Network and Computer Security
MIT: Intro to Cryptography and Cryptanalysis
Applied cryptography seminar held last year at Princeton University
Maryland's Neumann's course on information systems survivability
Delp's cryptography and secure communications
Koc's Security and Cryptography
Cryptography and Data Security Worcester Polytechnic Institute
Schaefer's crypto courses
UCSD: Modern Cryptography (Mihir Bellare)
Kevin McCurley's course on Cryptology
Charles Blair '94 class notes
CSU Hayward and Duke
Crypto course for 8-12 year olds
Communications Security and Vulnerability
Schneier's cyrptanlysis self-study
Spillman's class page
TAMU's hack lab
good collection of first papers
Denning's page and her paper on Future of Cryptography
Rivest's page and his papers
Ellis's early reports on non-secret encryption pre-RSA and story of non-secret encryption
Eli Biham page
Wagner's page and Ross Anderson
menezes's page ECC
security researchers and Kevin's pages on Protecting Privacy and Information Integrity
Thompson's Reflections on trusting trust or here
Peter Neumana's page info survivability, risks, emerald
Stinson's page
Jenkin's page hash evaluation and avalanche
Schneier's papers and counterpane's extensive online crypto papers and Rogaway's papers
Guntmann's page and slides and links
Chaum's Security without Identification
Shoup's papers
Ritter's page
security papers and crypto bibliography and links
key length paper and NSA's (?) response
NSA's inevitability of failure need for secure os
NIST's early computer security papers trusted systems and such
fast software encryption bibliography fast software encryption for pentium
acm crossroads security papers
hashes and compression FAQ and compression and encryption
CRC info and performance of checksums and crc's over real data
tiger hash function and RIPEMD-160 or RIPEMD-160 and source
keyed hash functions RFC 2104
Rogaway's umac message authentication and an authentication codes bibliography and hash summary
MD5 message authentication and RC5 and RC6 and RC4 ?
SHA SHS, Secure Hash Standard
RSA papers on block ciphers and stream ciphers
panama hashing and stream cipher and source
IBM's paper on public key cryppto based on shortest nonzero vector in an n dimensional lattice
Gathen's Exponentiation in finite fields: theory and practice
Ballardie's multicast security and Scalable Multicast Key Distribution RFC1949
GKMP architecture and specs also see internet drafts
Dunigan's page and report on group key management
secure multicast and UCSB's secure multicast and Pessi's secure multicast
Erbele's high-speed DES implementation
Mittra's Iolus scalable secure multicasting
Bellovin's papers and Blaze;s papers and other research.att papers
applied crypto online readings
online books A Hacker's Guide to Protecting Your Internet Site and Network
Shor's page AT&T
MITRE's Security Publications
RSA's CryptoBytes technical newsletter and IEEE's Cipher newsletter
Crypto paper archive and Irvine's crypto abstracts
Rogaway's publications and UC Davis papers and more crypto papers/books and Bellare's papers and IBM's papers or IBM's CyberDigest and COSIC's publications
paper Rubin's remote executables
Savard's cryptographic compendium crypto systems or here
security library pointers to papers online (including worm, berferd, tripwire)
books
Prentice Hall books and Wiley books and Addison Wesley books
CRC and O'Reilly security books
Schneier's Applied Cryptography and source
Handbook of Applied Cryptography and on line version and ICSA Guide To Cryptography
Stalling's Cryptography and Network Security and links
National Research Council's Cryptography's Role in Securing the Information Society
Birman's Building Secure and Reliable Network Applications
Aegean Park Press military
US Army's Field Manual on Basic Cryptanalysis FM 34-40-2
Navy's CSP-845 cipher and M-209 and CSP-488 or M-94 and ECM Mark II
first published book on cryptology 1518
Kahn's classic the codebreakers
NIH's security links
infosyssec computer and network security resource
UCB's ISAAC project and hack page or its US mirror
crypto page and another and a good page and another
network security links
ACA 's classical crypto resources more classical crypto
classical crypto cipher machines and such rotor machines
enigma page and another and another and another
enigma applet and java version
Japan's purple cipher machine
NIST's Security in Open Systems and Introduction to computer security
NIST RBAC role based access control and RBAC web access and TrustedWeb RBAC for the Web demo and another and another and premonition role-based access and ckm 2000 split keys
quadralay's page and lots of links
voting or electronic polling sensus more sensus info or campus voting and votehere.net
The Five Great Inventions of Twentieth Century Cryptography
ISRC info security research and teaching (au)
Pointers to Cryptographic Software
The Cryptographers Home Page DES, authentication, C source
ORNL's network security and DOE's info security
DOE's security site
ANL's Zipper Secure Communications for High-Performance Computing
Biham's SIMD parallel DES
RSA's Security Solutions catalog
authentication: hand geometry and '96 Olympics security and biometrics and other access controls
IETF's common authentication technology kerberos with pki, spkm, gss
German security page or crypto page or UCSD page or Henry's page
RISKS digests
EINet Galaxy security info
Cryptolog internet guide to cryptography
encryption with cellular automata
UWM's Center for cryptography, computer, and network security
Lucent's Inferno network OS with security
FAQs
RSA's cryptography FAQ
sci.crypt FAQ and ISS's FAQs and RSA FAQ and Verisign's digital certificate FAQ
USENET security FAQs and other FAQs
wireless
Privacy and Authentication for Wireless Local Area Networks and other papers
wireless application protocol wap and wtls spec pdf and wap forum
wap security and columbitech.com
wireless lan security and IEEE 802.11 WEP wired equivalency privacy another 802.11
lucent/wavelan 128 bit RC4 also see cisco/aironet
GSM cell phone encryption and breaking GSM and '98 A5 attack and more GSM info and here PCS 1900 and GSM World and shamir paper
wireless security and CDPD and PrivaFone
Qualcomm CDMA digital wireless communication
privacy
legislation and privacy and anonymity and privacy
Bacard's privacy page and Robert's anonymity links
Electronic Frontier Foundation and echelon/privacy
anonymous remailer FAQ or list
mixmaster remailers and list and essay
anonymous browsing anonymizer
identity theft or here or here or here
US govt FTC identity theft page
legal
crypto law survey and legal issues
Cryptography Export Control Archives and export control policies and Wassenaar Arrangement
ITAR exemption for foreign travel
washington post article encryption export
international survey and foreign encryption products
PECSENC subcommittee on encryption
VPN legal issues and links
Surety's record authentication service and info on time-stamping and legal precedents and firstuse service
legal aspects of digital signature
certified time and of course NTP
forensics
TCTCoroner's Toolkit or here unix forensics, post morten
NY Times article
infoworld's computer forensics
computer forensics ltd or electronic discovery
computer forensics online and icsc
consultant and berryhill and network international
wipe wiping magnetic media and Gutmann's Secure Deletion of Data from Magnetic and Solid-State Memory
steganography
steganography mailing list and software index
steganography overview
Neil Johnson's stego page and steganography paper
more steganography
steganography and tempest paper
EzStego and other software stools and such from sevenlocks
weaknesses in some stego software
StirMark Image Watermarking Robustness Test
Phrack 52's steganography thumbprinting
Rowland's covert TCP channels or here and related Phrack article and covert OSI channels
A Guide to Understanding Covert Channel Analysis of Trusted Systems
Navy's covert channel guidelines and DoD's Orange Book section 8
Workshop on Information Hiding
On the limits of steganography
Wayner's book Disappearing Cryptography
digital watermarks and another
copy detection and Doneh's Collusion Secure Fingerprinting of Digital Data
DICE and Digimarc and a report
Rivest's confidentiality without encryption chaffing and winnowing