bsy's Security Related Net-pointers

This is a list of pointers to security related information. I do not list marketingese for products, just pointers to technical info.

What's New

  • WiFi map of the world
  • PuTTY, an SSH implementation for Windows.
  • Conference announcements
  • Security/Cryptography Standards, Books, and Papers
  • Additional Info Sources

    • Conferences
  • International Association for Cryptologic Research: Crypto 2000, Asiacrypt 2000, and Eurocrypt 2001
  • Université Catholique de Louvraine's list of all conferences that mention security or crypto in their CFPs
  • Annual Computer Security Applications Conference

    • Security/Cryptography Standards, Books, and Papers
  • SDSI/SPKI
  • Free Protocols: in particular, see their critique of the Wireless Application Protocol (WAP) consortium's WAP version of TLS, WTLS. See also WTLS problems.
  • Common Criteria, V2
  • WIPO letterfrom the INFOSEC Community drafted by Spaf
  • Shamir, Biham, et al's analysis of Skipjack
  • Skipjack and KEA -- now declassified
  • A description of the SED algorithm a dicrete log based private key cryptosystem. The main page has more hype about this escrow-friendly system.
  • The First Two Rounds Of MD4 Are Not One Way and MD5 Compression function collision (postscript) by Hans Dobbertin
  • Errata for Applied Cryptography 2nd ed, by Bruce Schneier; the First Edition Errata is also available. Code is available overseas
  • Thompson's 1984 Turing Award Lecture, Reflections on Trusting Trust. A true classic.
  • Aegean Press web page. The Aegean Press publishes declassified military cryptography texts.
  • The Official PGP User's Guide by Philip R. Zimmermann.
  • PGP Source Code and Internals, also by Philip R. Zimmermann. I'd guess that the book would be exportable, but don't take an OCR device with you.... At least not at the same time. Both links courtesy of MIT Press.
  • W3 security page
  • Transport Level Security (TLS) The following protocols were the original contenders considered by the IETF TLS WG. Both SSL and PCT are Internet Drafts.
  • SSL specifications from Netscape
  • PCT specifications from Microsoft
  • SSH specification from HUT
    • Microsoft released a very rough strawman proposal named Secure Transport Level Protocol. The PostScript is available, as well as the original Word .doc file.
    The mailing list archive is also useful.
  • SSL source code, in an encrypted tunnel application, is available from Sweden: medcom.se is providing free downloads. Their Secure Socket Relay product provides full 56-bit DES encryption; not (legally/freely/internationally) available from US sites due to ITAR, but importing munitions is fine. Limitations: 100-day license only; software must be destroyed within 30 days of Medcom's release of a full, commercial version of this software; source is trade secret of Medcom, so don't read it. See the license agreement for full details.
  • MS Sec tech
  • JavaScript
  • Microsoft CryptoAPI
  • Shen -- a proposal for providing secure http
  • CommerceNet/EIT draft spec for Secure-HTTP extensions.
  • Orange book (DOD 5200.28-STD, 85) (earlier version (CSC-STD-00l-83) also available) and a summary of the differences between it and DoD Standard 5200.28. The Orange Book is the classical specification of multi-level security, and deals with trusted computing bases, trusted paths, data labelling, etc. Aka TCSEC.
  • Common Criteria documents (a follow-on to TCSEC)
  • NIST publications and Green/Red books.
  • Documents at the Navy INFOSEC website
  • CTCPEC and related InfoSec works archived at the Canadian System Security Centre.
  • Green Book (European version of Orange Book), version 4.0 ASCII, and the corresponding README file (from uni-stuttgart.de)
  • Science Applications International Corp (SAIC) security information. Orange book style multi-level security and compartment mode workstation info.
  • Anonymous credit card protocol papers, by Low, Maxemchuk, and Paul (from AT&T).
  • RSA.com's public FTP/FAQ site.
  • Cylink pages (now in control of the Stanford patents)
  • Internet Merchantile Protocol information
  • Internet security papers (from AT&T Bell Labs)
  • ITAR complete text (International Traffic and Arms Regulations, from MSU)
  • Economics of the Internet page, including pointers to various electronic cash / electronic commerce proposals. Hal Varian.

    • Additional Info Sources
  • WiFi map of the world
  • Computer Security News Daily at MountainWave
  • Zero Knowledge Proofs explained
  • Rabin's function explained
  • Peter Gutmann's crypto links
  • Søren Hansen's crypto pages
  • Arnold Reinhold's recommendations on chosing good passphrases.
  • Info Law Alert articles
  • Vince Cate's Cryptorebel/Cipherpunk page, including a ITAR-crypto civil disobedience page (Acts of civil disobedience is only applicable to citizens of countries with laws/regulations against exporting cryptography. Note that hiding behind an anonymizer is not civil disobedience -- one must be willing to feel the brunt of the law [and defend ones ideals in court] for civil disobedience to be effective.)
  • NSA
  • Bletchley Park Museum (Bletchley Park is the site of UK's code breaking activities during WWII)
  • Bletchley Park Trust
  • Ron Rivest's page on Cryptography and Security
  • Mihir Bellare's pages, w/ online papers and another collection of crypto links
  • IBM Zurich Security Research page
  • IBM Research's Massively Distributed Systems Security Page
  • Gnu GPG info
  • PGP info (unofficial)
  • CPSR gopher
  • DFN-CERT security info
  • Cert Advisories
  • OpenSSH -- Unix SSH servers and clients. Protocols version 1 and 2 are both supported.
  • PuTTY, an SSH implementation for Windows. (sshv1 and v2).
  • FiSSH, an SSH implementation for Windows (sshv1 only).
  • ttssh, an ssh extension to Teraterm. a popular PC terminal emulator. (sshv1 only).
  • Linux security archive at Temple
  • General Cypherpunks collection at UW, by Matt Thomlinson (phantom@u.washington.edu).
  • Tiger tools at TAMU.
  • Cypherpunks Home Page, including steganographic JPEG, PGP info, and more at soda.berkeley.edu.
  • More security info by Vince Cate.
  • Cryptgraphy export issues page at Cygnus Support.
  • Crypto info (at Quadralay).
  • SurfPunk info at NWU
  • RSA.com server.
  • RIPEM info, including cryptography software (Mark Riordan's collection, at Michigan State; advanced registration required, see instructions) includes an archive of various algorithms
  • crypto algorithms archive, including GOST 28147-89 (from Hamburg Univ, Germany)
  • Crypt Breaker's Workbench, a tool for breaking crypt(1).
  • Dictionaries at Oxford. Including an unabridged dictionary and Rogets
  • Security Related info page (compiled by Szymon Sokol).
  • Privacy tools (electronic eavesdropping, anti-bugging tools, etc)
  • Applied Cryptography lawsuit info
  • DOS/Windows crypto collection from Finland
  • Another crypto package, this time from the Netherlands
  • Security and Crytpo software in Italy.
    • [ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | pgp certserver | openpgp certserver | geourl's meatspace ]
    picture of bsy

    bsy+www@bennetyee.org, last updated Fri Jun 26 11:03:32 PDT 2009. Copyright 2004 Bennet Yee.
    email bsy.

    Don't make me hand over my privacy keys!