Nekaj novejših povezav:

Security and Encryption-related Resources and Links

OPOMBA A.J.: žal je tole le verzija, ki sem jo snel lansko leto (osnovna povezava in pa njena ogledala že nekaj časa ne delujejo), vseeno pa je verjetno boljša kot nič.

The following are some interesting resources I've found while wandering around on the net. If there's anything which needs updating or correcting, please let me know. Because of its large size, I only update the online version of the page every few months, so please be patient when waiting for updates to reported changes to appear.

Thanks to a few overseas readers there are now mirrors of this page available outside New Zealand which should provide faster access for people in Europe and the US. These mirrors are:

UK Mirror (updated automatically)

UK Mirror (updated manually)

US Mirror (self-extracting DOS file, updated manually)

Crypto Link Farms

Anonymity, privacy, security.: Very nicely done collection of links to anonymity, privacy, and security resources.
Bellare - Crypto links: More link farms, conferences, organizations, electronic commerce, IETF, key forfeiture, crypto people.
Cambridge Computer Security Group Links: Huge collections of links to security-related sites - the format is a bit like this list.
Coast Security Archive - Category Index: A large archive of security software, publications, and technical information.
Crypto-Log: Internet Guide to Cryptography: Algorithms and mathematics, FTP archives, bibliographies, key escrow, disk, file, and mail encryption, crypto laws, internet security, newsgroups and mailing lists, protocols and standards, steganography, voice encryption, security problems.
Cryptography: PGP, encryption algorithms, legal issues.
Cryptography: The Study of Encryption: Crypto newsgroups, papers, cypherpunks, crypto policy, digital cash, and other information sources.
Cryptography Technical Report Server (CTRS): Various crypto-related tech reports.
Cryptography URL: Encryption standards, FAQ's, and FTP sites.
Datacomms Technologies cryptography archive: Encryption software, text files and information, resources and links.
Email security, cryptography and related stuff: PEM, MIME, and MOSS RFCs, links to CA's, implementations, literature, PGP.
European Cryptography Resources: Recommendations, drafts, papers, new items, official bodies, research, and government meddling.
Firewall Security Jump Page: Links and summaries of a wide variety of firewall products.
Gateway to Information Security Home Page: Links to a large number of security-related sites, books, journals, and related information (imagine this page, but not all lumped together on one page).
Home-Page of Markus Hübner: Security, cryptography, hacking, business on the Internet, security software, satellite hacking.
International Cryptographic Software Pages for Encryption, Decryption, Cryptanalysis, Steganography, and Related Methods: Algorithms, software packages, protocols and standards, books, journals, conferences, newsgroups, mailing lists, crypto links.
Links Related to Terrorism, Intelligence, and Crime: A large number of intelligence, security, law enforcement, disaster planning, terrorism, crime, military, and defense agencies and organizations.
Luca Venuti's Home Page - TPC: Electronic privacy links, organisations, newsgroups.
NCSA Hot Links: Anti-virus software, firewalls, general security vendors, general infosec links, parental control, privacy, law, and ethics.
Neil's Security and Privacy Resources: Encryption, steganography, special events, research, documents, news, security archives, security organizations.
Network/Computer Security Technology: Current events, security web pages, commercial security tools, newsgroups, mailing lists, FAQ's, incident bulletins, conferences/seminars/workshops.
PGP Resources: Resources related to PGP such as mailer add-ons and front-ends, key servers, and related information.
PGP-Users Mailing List Home Page: PGP-related information, remailers, privacy information, security and crypto links.
Richard Pinch: Cryptography page: Links to research groups, associations, publications, companies, government institutions, standards, e-commerce, elliptic curves and factoring, historical, newsgroups and publications.
SAIC Security - Security Documents: Firewalls, WWW security, intrusion detection, Unix security, the internet worm, general network security, and trusted systems.
Security and Privacy Issues: Research, PGP, cypherpunks, SHTTP, crypto software, online banking.
Spanish Crypto Resources: Spanish crypto and security-related companies, magazines, and events.
Steganography: Stego papers, references, research groups, related resources.
The Rotherwick Firewall Resource - Point of Attack: Firewall basics, white papers, products, manufacturers, books, papers, training, mailing lists, links to other firewall-related resources.
Tom Dunigan's Security page: PGP, S/Key, Kerberos, crypto API's, secure applications, commercial providers, government agencies, intrusion detection, vulnerabilities.
TSA (Law Enforcement and Intelligence) Links: More links to law enforcement and intelligence agencies.
Uni-GH Siegen - Security-Server: Encryption algorithms, data protection, steganography, ecash, Internet security, viruses, conferences, security standards, newsgroups and mailing lists, RFC, journals.
Vince Cate's Cryptorebel/Cypherpunk Page: Cypherpunks resources, remailers, digital cash, PGP, and Clipper.
Vinnie's Crypto Links: Crypto overviews and FAQ's, link farms, encrypted comms, e-commerce, crypto libraries.

Crypto FTP Archives

FUNET crypto archive: PGP, symmetric and asymmetric encryption, crypto libraries, papers.
Oxford Uni crypto archives: DES, SSL, cryptanalysis, documentation, PGP, miscellaneous.
Replay crypto/security archives: Apache, Applied Crypto files, encryption, Java, PGP, remailers, security, voice encryption files.
University of Hamburg crypto archive: Disk and file encryption, PGP, stego, voice encryption.
University of Oslo PGP archive: PGP and PGP-related software.
UREC archive: French archive of CERT bulletins, dictionaries, PC, Unix, VMS security software (mostly anti-virus and access control rather than crypto).

Crypto Social Issues

[1997] 1 Web JCLI: Analysis of the UK governments policy on encryption.
Additional Comments of Philip R. Karn, Jr.: Phil Karn rebuts inaccurate and bizarre government claims in congressional testimony (this is an example of the kind of misinformation which government advisors often provide to their governments).
Big Brother Incorporated: Companies which supply surveillance technology to non-democratic regimes.
Canada's export controls: Summary of the Canadian crypto export situation.
Centre for Democracy and Technology Crypto Page: CDT information on current US crypto policy
Clipper Roadshow: US government policy laundering on key escrow.
CNET features - digital life - privacy in the digital age: Digital privacy (or more specifically, the lack thereof).
Codex Surveillance & Privacy Page: Surveillance, stalking, privacy invasion, eavesdropping, and anything else related to these categories.
Comments on Encryption Transfers: Comments on new US export regulations.
Comments on Encryption Transfers - HTML: Easier-to-handle HTML versions of the above.
Crypto AG - Der Spiegel (German): Allegations of intelligence agencies subverting Crypto AG product security.
Crypto Law Survey: A survey of crypto laws in various countries.
Crypto regulation in Europe: The state of crypto regulation plans in Europe as of May 1997.
Cryptography's Role in Securing the Information Society: National Academy of Sciences report on cryptography policy.
Cyberspace Law for Non-Lawyers: Privacy laws and the Internet.
DTI/UK Encryption Policy: Reply to the DTI Consultation Paper on Licensing of Trusted Third Parties for the Provision of Encryption Services.
EE Times - White Paper: White paper on hackers.
Emerging Japanese Encryption Policy: How Japan, Inc, handles encryption policy (a real contrast to the US governments attitude).
Encryption Policy and Market Trends: Dorothy Dennings 1997 GAK forecast.
EPIC Cryptography Policy: EPIC information on current US crypto policy.
EPIC Privacy Links: EPIC privacy resources.
export-a-crypto-system sig: Diminuitive crypto hacks (well-known algorithms in a few lines of Perl, Python, or C) and how to use them to poke fun at export laws.
Exposing the Global Surveillance System: Extracts from Nicky Hager's book "Secret Power".
FinCen: Big Brother for financial information.
Former Secrets: Declassified US government machinations to ban/restrict crypto.
FUD! Home Page - Crypto legislation: Contents of and discussion over various US crypto bills.
GNN on Crypto: Global Network Navigator web review: The NSA vs The Net.
GR Design Principles: GAK-resistant crypto protocol design guidelines.
Gray Areas Magazine: Essays and articles on the computer underground (and all sorts of other things).
Internet Privacy Coalition: Attempts to ensure privacy on the internet.
Interview with David Herson - SOGIS: Interview on European crypto policy.
ITAR Civil Disobedience: Click on this form to become an international arms trafficker.
Key Recovery Study: The risks of key recovery, key escrow, and trusted third party encryption.
KRISIS Home Page: GAK/EuroClipper home page.
The NSA's Influence on New Zealand Crypto Policy: NSA influence on New Zealand export policy.
Phone Tapping: Information and resources on government phone tapping plans.
Privacy, Inc.: Various resources related to the (lack of) privacy, including access to databases and online information search facilities.
Privacy International Home Page: Privacy reports, interntional agreements on privacy and human rights, surveillance technologies, ID cards, privacy-related conferences.
Remailer list: List of anonymous remailers.
Roger Clarke's Privacy Page: Data surveillance and information privacy information publications, and legislation.
Roger Clarke's Public Interests on the Electronic Frontier: Paper discussing various freedoms and rights such as the right to privacy.
RSA as a MIDI file: RSA encoded as a MIDI file. Technically this is a program and therefore unexportable from the US.
Self Incrimination and Cryptographic Keys: Richmond Journal of Law and Technology article on forced disclosure of crypto keys.
Services Available from Offshore Information Services Ltd.: Offshore internet services and accounts in Anguilla.
SOFTWAR Information Security: Declassified papers and resources on Clipper and key escrow, voice and mail encryption software.
Telekommunikationsgesetz: East German surveillance state-style laws being applied in the unified Germany.
The Age - Computers: DSD meddling in Australian crypto exports.
Tools For Privacy: Version 1: An online book covering threats to privacy, cryptography, PGP, and related issues.
Updated UK Proposals for Licensing Encryption Services: Critique of UK crypto licensing/GAK proposal.
Walsh Report: Report on Australian crypto policy, originally suppressed by the government, then released after a judicial review.
What your Browser is Sending: See what information your web browser is sending to remote servers.

Crypto Software

Advanced Cryptography Tool: Crypto tool using PGP 2.6.3i with triple DES and SHA-1.
Apache HTTP Server Project: Apache secure web server.
Canadian Cryptographic/cryptanalytic software: Canadian encryption software and companies.
CIPE: Crypto IP encapsulation - encrypting IP routers using Linux.
Cisco Systems ISAKMP Distribution: A reference implementation of the IETF's ISAKMP protocol.
CRASHME: Random input testing.: Tests resistance of programs to random input.
cryptiX: X.509 security package written in Java (page requires a Java-enabled browser to view).
cryptlib Information: Encryption library supporting both low-level direct access to a large number of algorithms and high-level access to functions like cryptGetKey() and cryptCreateSignature().
Crypto Kong: PGP-like program using elliptic curve crypto.
Cryptographic Libraries: A comparison: Comparison of various free (and free-world) crypto libraries.
Cryptographic software: Elliptic curve and RSA public-key encryption software.
Cryptographic tools for Visual Basic: Elliptic curve OLE extension for VB.
CTC - PGP-compatible encryption software: PGP-compatible C library and Mac application.
Disk/File Wiping Utilities: Programs to wipe files, free disk space, slack space, the Windows swap file.
Encrypted PDFs: Code to work with encrypted PDF's (intended mainly for use with Ghostscript).
Enigma: PGP-compatible plugin written in Java.
Error Correcting Codes (ECC) Home Page: C source code and information on ECC's (the techniques employed are closely related to encryption techniques).
ESP Reference: Encrypted socket protocol (an open protocol for TCP/IP secure transmissions).
FastCAST's Homepage: P5-optimised code for CAST-128/CAST5.
Fortify for Netscape - Home Page: Free 128-bit SSL browser proxy,
Frank O'Dwyer's Homepage - Security Code: DES in Java, C++ firewall class library.
Fuzzy Logic: Cryptography: The GNU encryption project.
G10 - A Free PGP Replacement: GPL'd PGP clone.
GMD Security Technology - SecuDE: Security toolkit for RSA, DSA, DES, DH, X.509, PKCS, PEM, X.500, and BYOG.
Hassop Cottage PGP Page: PGP sites, key servers, remailers.
Heimdal: Non-US Kerberos 5 implementation.
IAIK - Javasecurity Homepage: Java cryptography extensions from the free world.
International PGP Home Page: How to get PGP, documentation, foreign-language support, PGP-related products and services, and other PGP resources.
Internet Locations for Materials on the Disks for Applied Cryptography: Site #1.
Internet Locations for Materials on the Disks for Applied Cryptography: Site #2.
IRDU PGP Page: PGP information, software, key management, key server interface, PGP links.
Java Cryptography Extension 1.2
The Open JCE Project for Java
JGSS Package Distribution Page: Kerberos in Java.
Keytrap Home Page: Dcyphers keyboard sniffer.
libch's Homepage: P5-optimised code for various hash algorithms.
LInteger: C++ bignum library.
Linux Packet Sniffer: IP packet sniffer for Linux.
Microsoft CryptoAPI: Microsoft's (rather nice) cryptograhpy API.
Ming-Ching Tiew Home Page: PGP key manager, PGP netscape plugin, Motif and Win32 file encrypter using cryptlib, cryptlib Java wrappers.
Nautilus Homepage: Speech encryption (with a neat anti-Clipper graphic).
Package Acme.Crypto: Various Java crypto classes.
PC Security Software & Sources: Brief descriptions of various security programs.
PGP Tools: PGP function library.
PGPLIB: DLL which implements various PGP functions.
PGPNet Server: A dummy home page for the www.pgp.net domain (incomplete).
Private Idaho User's Manual: Documentation for Private Idaho.
RIPEM: RIPEM source code and information.
RSA Free Utilities: RSA key generation and encryption for Linux.
RSAEURO - Cryptography For The World: The free-world version of RSAREF.
Secure FileSystem Information: The world's best transparent disk encryption software for DOS and Windows (this has nothing to do with the fact the I'm the author :-).
Sir Winston Rayburn - Crypto/Politico: Various encryption reoutines.
SNOW Home Page: Whitespace steganography software.
spDES Encryption Control: ActiveX DES control.
Ssh (Secure Shell) Home Page: Very good encrypted, digital-signature-authentication remote access software (replaces the r* utilities, allows X11 and TCP port redirection over the encrypted connection).
SSLeay and SSLapps FAQ: Very nice, free SSL implementation (like Netscape's SSL, but without the bugs and crippled encryption).
Speak Freely for Windows: Encrypted voice communications over the internet.
Systemics Software Archive: Crypto extensions for perl and Java.
The Cryptography and PGP Page: Classic ciphers, links to crypto sites, explanations of the maths behind PGP and RSA, privacy issues.
Tiny Encryption Algorithm: Description and C source code.
Transparent Cryptographic File System
TSS PGPWord... Real Security, Real Easy: PGP encryption integrated into Word for Windows.
Uni-GH Siegen - Security-Server - Kryptographie: Pointers to information on and implementations of a number of conventional, public-key, and hash algorithms.
Wei Dai's Crypto++: C++ class library of cryptographic primitives.
WinPGP(tm) Home Page: Windows front-end for PGP.
Wipe 0.02: Heavy-duty file wiper for Linux.

Miscellaneous Security Items

Cypherpunks and Cryptorebels Cypherpunks Archive Index Cypherpunks Home Page The cypherpunks archive via HTTP. PGP, remailers, crypto papers, clipper, and pointers to further information. Cypherpunks Key Cracking Ring The cypherpunks attack crippled US export-approved encryption. Cypherpunks SSL challenge broken The cypherpunks break crippled US export-approved encryption. Cypherpunks Tonga Cypherpunks Tonga - various cypherpunks projects and work in progress. export-a-crypto-system sig PGP Keyserver Interface WWW interface to the PGP keyservers. The Crypt Newsletter Homepage Various reports from the computer underground on hacking, security, viruses, hackers, and related issues.
Public Key Infrastructure Analysing State Digital Signature Legislation Analysis and comparison of various states' digital signature laws. BelSign Belgium and Luxemburg CA. BiNARY SuRGEONS: Certification Services South African CA. C=EE, O=ESTONIAN NATIONAL PCA Estonian CA. CA-CERT Spanish CA. Certification Authority Survey (DGXV Project) List of CA's worldwide. Certificates shipped with Netscape Extracting certs from Netscape's .db files. CERTISIGN Brazilian CA. COST Computer Security Technologies Swedish CA, also smart cards, secude email, DCE, EDIFACT, X.509 certificates. Digital Signature Guidelines American Bar Association digital signature guidelines, available as WordPerfect and Word documents. Florida Digital Signatures - Final Report Final report on the Florida digital signature guidelines. European ICE-TEL Project PKI for Europe GTE CyberTrust Home GTE CA. IAIK - ICE-TEL Information Service Austrian CA. IBM Registry and World Registry IBM CA and PKI products. ICAT Home Page Japanese CA. ICE-TEL Portuguese CA. ICE-TEL Certification Infrastructure European CA. IKS Zertifizierungsinstanz IKS CA. Individual Network IN certification authority. Installing certificates and root keys in Internet Explorer 3.0 & IIS 3.0 Instructions on installing certificates into MSIE. Internet PCA Registration Authority IPCA public key. Keywitness Canada Canadian CA. MA.US/ITD/LEGAL Massachusetts digital siganture and online commerce guidelines and information. MC Home Page The meta-certificate group (an alternative to X.509/PKIX-type certificates). OpenPathCA Siemans CA toolkit. PGP Public Key Server One of several web-based PGP key servers. Politecnico di Torino: ICE-TEL Italian CA. Public Key Authentication Framework: Tutorial A tutorial on PKI. Public Key Infrastructure NIST's PKI information page - interoperability guidelines, PKI panels and overviews, PKI documents. Public-Key Infrastructure (PKIX) home page Home page of the PKIX working group. Public-Key Infrastructure Standards Slides from a talk on PKI standards and work in progress. SI-CA Slovenian CA. Signet PAA Certification Authority Key Information Australian CA. SoftForum Certifying Center Korean CA. SPKI Certificate Documentation Documentation and links for SPKI certs. SPKI Requirements Simple public-key infrastructure requirements. SSLEAY 0.8.1 and MSIE 4.0 X509 certificates Setting up certificates using SSLeay and MSIE 4. Summary of Digital Signature and Electronic Signature Legislation McBride Baker & Coles summary of worldwide digital signature legislation. TradeAuthority General CA. UK Academic PCA UK CA. UNI-C PCA Danish CA. UNINETT Certification Authority - UNISA Norwegian CA. VeriSign, Inc. Major worldwide CA. Verisign Repository Information on digital ID's and certificates, certificate practices, and FAQ's. Weaving a Web of Trust Trust management on the WWW. WebVision Developers Corner CA toolkit and guide ("low-budget CA"). X.509 Sample Certificates Various sample certificates including oddball fields and types.
Random Numbers Aware Electronics Corp. PC Geiger counters (great random data sources). CME's Random Number Conditioning Page Information on sources of strong random numbers. Computer Generated Random Numbers Techniques for analyzing PRNG's. DIEHARD George Marsaglia's RNG test suite. HotBits: Genuine Random Numbers Build-it-yourself radioactive-decay based random number generator (perfect for Chernobyl residents). Ideas for an RNG_DEVICE standard Proposed standard for random-number generation devices. Lavarand! Random number generation using lava lamps. Noisemaker schematic Hardware RNG. Numerical Recipes Home Page CDROM contains ~1/4GB of random numbers. ORION RNG Serial-port hardware RNG. Protegrity Incorporated Cryptographically strong random number generator. Random Number Generation, Taygeta Scientific Inc. Papers and software for PRNG's. Random number generators -- The pLab Project Home Page Theory and practice of random number generation. Random number generators Analyses of hardware and software randomg number generators. Random Number Generators (RNGs) Web sites and references for RNG information, information on various PRNG's. Randomness Resources Resources on secure random-number generation and the problems of insecure random number generation. RBG1210 Cryptographically strong random number generator. SG100 Hardware random number generator. Using and Creating Cryptographic-Quality Random Numbers Randomness-gathering techniques.
Security Books, Journals, and Bibliographies, and miscellaneous short publications A Survey of The Electronic Payment Industry Brief survey of some of the major e-payment industry players as of early 1997. ACM Transactions on Information and System Security (Just a call for papers at the moment). Aegean Park Press Historical books on cryptography, intelligence, military history, and related topics. ATDL US army field manuals, schools, strategies and systems. Bibliography of Molecular Computation and Splicing Sytems Bibliography on molecular computing, including attacking encryption systems using molecular computers. CAST Encryption Algorithm Publications pertaining to the CAST encryption algorithm. CEE VAR News Central and East European Secure Systems Strategies (online security journal). CHACS Publications Centre for high-assurance computer systems publications. Charles Blair's Notes on Cryptography Number theory, public-key encryption, RNG's. Computer Services : Administrator's Pages : NT stuff Installing a student-proof NT setup. Computer Virus Handbook Seven Locks' online virus handbook. Counterpane Homepage Bruce Schneier's "Applied Cryptography" information. Credit Card Transactions: Home Page Overview of CC terms and mechanisms, including discussion of various online CC processing methods. Crypto Glossary Terry Ritter's crypto glossary (long). Cryptography and Number Theory for Digital Cash Introduction to crypto and number theory for digital cash. Cryptography: some important points for beginners Crypto FAQ for beginners. Cryptologia. Cryptosystems Journal Home Page CSL Bulletins NIST Computer Science Laboratory bulletins CuD "Computer Underground E-Publications - Top Level" Archive Cypherpunks Archive Index Cypherpunks mailing list archive. Data Security by Design Designing buildings to thwart electronic eavesdropping. David Wagner's Crypto Posts General cryptography, cryptanalysis, computer security. des-coding List Archive Archive of the des-coding mailing list. e$ Home Page The e$ mailing list, information on digital cash clearing, digital bearer bonds, financial cryptography, and related topics. ECC FAQ Elliptic curve cryptography FAQ. EIT Creations: Secure HTTP Information on the SHTTP protocol. Electronic Surveillance Large archive of documents on electronic surveillance. Elliptic Curve Tutorials Tutorial on elliptic-curve crypto. Encryption News Resource Page Encryption and security-related news stories. Enigma and Its Decryption Details on the Enigma machine and software simulators. Enigma and the Turing Bombe Description of the Bombe and bombe simulator. Enigma bibliography EPFL - LSE - Project CrySTINA Papers and information on the Cryptographically Secured Telecommunications Information Networking Architecture. Firewalls mailing list Firewalls mailing list archives. Foundations of Cryptography by Oded Goldreich Fragments of a book (4 of 10 chapters exist). Hack-Tic Magazine Archive 1989-1994 Hack-Tic magazine archive (scanned images, in Dutch). Handbook of Applied Cryptography Information on the book (well worth getting). Historical Crypto Links Links to sites containing information on Enigma, Purple, Magic, and other WWII-era crypto. HTTP Security group of W3C W3C security resources. IBM Patent Server Home Page Access to over 2 million US patents, including many crypto and security-related ones IEEE Computer Security and Privacy IEEE Computer Society press online catalogue, security and privacy section. ietf-pgp-mime mailing list PGP/MIME RFC's and mailing list archives. ietf-smime mailing list S/MIME RFC's and mailing list archives. Info Security News Integrity Sciences, Inc. SPEKE password authentication Authenticated DH key exchange. Internet drafts Current internet drafts, including many security-related ones (but you really need to know what you're looking for). Internet Infrastructure Protection - DNS Security DNS security RFC's and sample code. Internet Legal Practice Newsletter Internet-related legal issues (relevant to electronic commerce). Introduction to Crypto Systems Lecture slides from a seminar by Vinnie Moscaritolo. Introduction to Cryptography Ives Gobaus's easy introduction to cryptography. Java Security: Frequently Asked Questions Java security questions and issues. JIBC - Journal of Internet Banking and Commerce Electronic commerce, legal issues, EDI, etc. JILT: Home Page Journal of Information Law and Technology. JYA Crypto John Youngs collection of crypto links, mostly covering crypto social issues, laws, espionage, government regulation, and an amazing array of other interesting things. Keyed MD5 Papers on HMAC's. Lawries Cryptography Bibliography Searchable index of over 800 crypto and computer security articles. Linux Security Home Page. Linux security information. Mac Crypto - Info Mac-Crypto conferences and digests. Mach5 Software Cryptography Archives Overview of crypto, catalogue of crypto algorithms. Micropayments on the Internet Overview of various micropayment schemes. Microsoft CryptoAPI mailing list archives. NameBase Book Index Reviews of books on intelligence agencies, high-tech, military, and a potpourri of government agencies, drugs, elites, big business, organized crime, terrorism, US foreign policy, and so on. Network Computing Various articles on encryption from Network Computing magazine. Network Encryption - history and patents Patents on network encryption. New Zealand Digital Library Bibliogaphy/tech report/FAQ searchable index. NSA to NARA OPENDOOR Bibliographic Index Index of NSA declassified documents. NSAM-160 Scanned copy of declassified 1960's memo on NSA public-key encryption research. NSG Publications IBM Network Security Group publications. NT Domain Authentication NT/CIFS domain authentication specification. NT Security - Frequently Asked Questions version On Distributed Communications 1964 RAND paper on secrecy and computer security. Patent Database Access Search the US patent database for crypto patents. PGP 5 Users Guide Online guide to PGP 5.0 PGP Quick Reference Command reference card for PGP. PGPfone Mailing List Archive Phrack Magazine President's Commission on Critical Infrastructure Protection. Various US government agencies look at Jobsec^H^H^H^HInfosec. Prime Page (An Index of Information on Prime Numbers) Everything you need to know about prime numbers. RSA Labs Frequently Asked Questions Frequently asked questions about encryption algorithms, techniques, protocols, and services. RSADSI'S Art Gallery Cool crypto-related pictures. Security Handbook Seven Locks' online security handbook. Security Issues in WWW Various WWW security issues. Security Protocol Workshop'97 Preprints of papers from the workshop. SET Good, thorough coverage of SET and secure card-processing issues. SET Journal Journal devoted to SET and SET implementations. SET Protocol: Business Implications and Implementation A good general overview of the implications of SET. Shahram (publication) Linear cryptanalysis of DES (MSc thesis), various papers on hash functions. Scrambling News Satellite TV scrambling and descrambling methods. Search Security Bibliography Retrieve documents from a large archive of crypto/security papers. Smith's Internet Cryptography Site Chapter outline pages include links to crypto-related publications and resources. SNDSS'96 Symposium on Network and Distributed Systems Security (SNDSS'96) proceedings. Springer-Verlag New York Publishers of LNCS (crypto and security conference proceedings). SSL Pipermail Archive ssl-talk mailing list archive. SSL-Talk FAQ The SSL discussion list FAQ. Survey: corporate uses of cryptography Survey of corporate applications of and attitudes towards encryption. Tasty Bits from the Technology Front Free technology newsletter which includes coverage of encryption issues. Technical Papers at Psionic Software Systems Inc. Covert channels using TCP/IP (including source code). The Collection of Computer Science Bibliographies Large collection of computer-science-related bibliographies, including encryption and security issues. The PDF Encryption Format TSI International Electronic commerce and EDI resources. UCL Crypto Group - Call for papers CFP's for conferences, including crypto and security conferences. USENIX Conference Proceedings Includes material from Usenix security conferences and symposiums. USS Pampanito - ECM Mark II Electronic Cipher Machine (SIGABA) details. Verifying Security Protocols Using Isabelle Various papers on verifying security protocols. Wim Van Eck van Eck/TEMPEST eavedropping.
Security Standards, Laws, and Guidelines A Guide to Understanding Data Remanence in Automated Information Systems ACSI 33 Security guidelines for Australian government IT systems (typical unclassified-level security guidelines). Advanced Encryption Standard (AES) Development Effort NIST's AES home page. An Analysis of PGP's Trust Model ATM Security Page Asynchronous Transfer Mode security standards, products, publications, and work in progress. Außenhandelsgesetz - Dual Use Güter Austrian (EU-derived) export restrictions. Australian Controls on the export of Defence and Strategic Goods CAVE encryption algorithm The (deliberately crippled) US cellular phone "encryption" algorithm. Commercial Encryption Export Controls ITAR (under new management). Common Data Security Architecture Intel's proposed API for adding an encryption/authentication layer to Windows systems. Computer seizure guidelines US federal guidelines for searching and siezing computers. Computer Security Objects Register NIST security-related object identifier registry. CSP Designators Crypto designators for WWII-era and early postwar comsec gear. DAP Malaysia National Homepage Malaysian computer crimes, digital signature, and telemedecine bills. DCE Security DCE security specs and literature, DCE security program group and research efforts. Digital Signature Guidelines ABA Digital Signature Guidelines Draft UNCITRAL Draft UN law on electronic commerce. Export Administration Regulations (EAR) Latest version of the ITAR (which became the DTR, and now the EAR). ECMA Standards (Blue cover) EDI Security An overview of EDI security. EDIFACT Security Implementation Guidelines EDIFACT security... dear oh dear. Electronic Commerce, EDI, EDIFACT and Security Internet electronic commerce security (PEM, PGP, SHTTP, S/MIME, SET, SSL, etc), EDI security (X.12, EWOS), EDIFACT security, other EDI and EDIFACT standards. EMV sets standards for global integration of Chip cards Standards for smart cards. smart card terminals, and applications. Excerpts from the Export Control List of Canada The sections which apply to crypto software/hardware. Extensions to PGP Key Format Extensions to the PGP key format for PGP 5. FIPS Home Page Federal Information Processing Standards (including many crypto standards). German Digital Signature Law Draft of the law with related press releases and information. rł security engineering ag, Information about IDEA cipher Details on the design and development of IDEA. ICE Home Page The Information Concealment Engine block cipher. IEEE P1363 RSA, Diffie-Hellman, elliptic curve, and related public-key cryptography (P1363) ietf-open-pgp mailing list PGP standardisation mailing list, RFC's, and archives. Internet Mail Standards Including S/MIME, PGP/MIME, MSP security in MIME, simple authentication and security layer (SASL), and mail ubiquitous security extensions (MUSE). IESS Specs Intelsat specs - roll your own Echelon. IP Security Protocol (ipsec) Charter IPSEC drafts and RFC's. IP Security Working Group News IPSEC specifications, drafts, related drafts, mailing list archives, and implementations. ISAKMP and Oakley Information Internet security association and key management protocol information. ISO SC27 Standing Document 7 Abstracts for various ISO security standards. ISO Standards X.400, 500, 600, 700, 800. Get 'em quick before the ISO forces them offline. ISO-IEC-9594 X.500 standards (including X.509) as Postscript files. ITU series X Recommendations - Data networks and open system communication This includes X.400 and X.500 security-related standards. Note that you can get a lot of these free elsewhere if you know where to look (check some of the links on this page). Maßnahmenkataloge zum Gesetz zur digitalen Signatur BSI guidelines for implementing the German digital signature law (algorithms, protocols, and services). Microsoft Security Technologies Authenticode, CryptoAPI, SSL and PCT, SET. Netscape Certificate Extensions Specification Netscapes private extensions to X.509. NIST Computer Security Standards FIPS and NIST special publications NIST's DES Validation List List of NIST-validated DES implementations. NT Security - Frequently Asked Questions OECD Draft Guidelines fpr Cryptography Policy Leaked copies of the OECD crypto guidelines. OECD guidelines comments Stewart Bakers comments on the creation of the OECD crypto guidelines. OID assignments from the top node Play the ASN.1 object identifier game! See if you can find an OID for the algorithm you're looking for (and if not, invent your own). Win magnificant prizes, etc etc. Open Systems Environment Implementors Workshop You may be able to find bits and pieces of X.500 (including X.509) information here which are a lot more up to date than the ISO/ITU ones. PKCS RSADSI Public Key Cryptography Standards. Public Key Infrastructure References Public-key infrastructures (X.509, X-509-related, RFC's, other documents). Rainbow Books The DoD rainbow books and other security publications. Security & Electronic Commerce X/Open security, DCE, and GCS-API. Security- and Privacy-Related Standards A list of (mainly ANSI) security-related standards. Security Guidelines Australia/NZ GOSIP security guidelines. Security Standards Catalogue of international security-related standards and standards organisations. Security Technologies Microsofts security standardisation efforts. SET (Secure Electronic Transactions) SET message definitions. SET Electronic Commerce SET standards, and updates. Software Industry Issues: Digital Signatures Links to various digital signature law initiatives. Source Code Review Guidelines General guidelines for writing security-conscious code. SSL 3.0 Specification SSL 3.0 spec (online version and as a PS file. Technical Advisory Committee to Develop a Federal Infomation Processing Standard for the Federal Key Management Infrastructure US key escrow standards working group. Technical Security Standard for Information Technology (TSSIT) RCMP security standard. Teletrust Algorithmenbeschreibung Teletrust security architecture algorithms specification. Teletrust Deutschland e.V. Industry group/standards body formed to support security and authentication in communications. The Wassenaar agreement. The successor to COCOM, which restricts movements of dangerous technology such as biological, nuclear, and chemical weapons, missiles, artillery, and encryption software. TNO-FEL: Common Criteria Common security evaluation criteria. Transport Layer Security (TLS) Working Group Home page of the TLS WG. Unix secure source code checklist AusCERT checklist for programmers writing security-conscious Unix code. Wassenaar Arrangement The Wassenaar Arrangement as obtained from leaks or freedom-of-information lawsuits. Wassenaar Arrangement - US control lists The Wassenaar control lists as crowbarred from the US State Department by an FOIA request. What is DMS? The Defense Messaging System - like X.400 and X.500, but not as simple. Windows Cryptosystem Guidelines Security guidelines for encryption under Windows. WWW-Security Reference page Internet standards bodies, HTTP security proposals, IETF working groups, Internet standards, mailing lists. X9 Home Page ANSI X.9 standards (including crypto standards).
Algorithm benchmarks: Relative speeds of a number of encryption and hash algorithms.
AT&T PathServer: PGP web of trust tracing server.
Bletchley Park Home Page: Visitors guide to Bletchley Park.
Bob Tinsley's Steganography Pages: Steganography papers and ideas.
DigiCrime, Inc.: Online links to digital crime, blackmail services, encryption key cracking, airline rerouting, internet shoplifting, e-cash laundering, alien mind control, etc etc.
Information on VideoCrypt Hard/Software
KL7/KWR37 Crypto Units: Descriptions and photos of the KL7 and KWR37.
KuesterLaw Technology Law Resource: Technology and IP law resources.
Matt's Unix Security Page: Unix and Internet security papers, security software, links and miscellaneous items.
Microsoft Security Advisor Program: Microsoft's interpretation of security (see many other links on this page for everyone elses interpretation of Microsoft's security).
NSA Crypto Museum Photos
Pseudoprimes/Probable Primes: Papers on primality testing.
RADIOPHONE Top Level: Information on cellular telephony, PCS, and wireless data transfer.
Remailer related Sources: Remailer home pages, remailer techinfo, PGP introduction, PGP keyservers, crypto pages and laws.
Securing NIS
Sirene Home Page: Various research projects in computer security.
SourceKey - The Global Source for Key Recovery: GAK/key escrow/trusted third party/whatever centre.
SSL Browser Information: Information on the SSL implementation used by your browser.
Steganography: A paper on steganography.
The Square Page: The Square block cipher and links to implementations.
Toby's Cryptopage: Information and links to historical cryptosystems and encryption machines.

Security Agencies and Organizations

Ajax U.S. & International Government Military, Intelligence & Law Enforcement Agency Access: Links to intelligence and law enforcement agencies, defence agencies and laboratories, military and other government agencies.
AUSCERT - Australian Computer Emergency Response Team: CERT Australia home page.
Bundesamt fuer Sicherheit in der Informationstechnik: The German version of the NSA.
Canadian Security Forum: Canadian computer security information.
Cerulean Technology - Law Enforcement Links
CESG Home Page: CESG (aka GCHQ) home page (pretty meagre).
CERT Coordination Center: Computer Emergency Response Team home page.
Codes and Codewords: Codes and codewords used in military projects.
Communications Security Establishment Official Page: The Canadian CSE's official web page.
Communications Security Establishment Unofficial Page: The Canadian CSE's unofficial web page, which is much more interesting than the official one.
Covert Action Quarterly: Articles on covert action and surveillance.
DefenseLINK News Overview: US Department of Defence news releases, with an extensive archive of older material.
DoD classified spending for FY 1997: US classified military programs spending for 1997.
Defence Signals Directorate - Information Security Branch: The Australian NSA subsidiary.
IEEE Cipher Newsletter Archive: Archives of the IEEE cipher newsletter containing a great deal of general news on crypto issues.
Info-Sec Super Journal: An online InfoSec journal.
Intelligence and Counter-Intelligence Link Farm: Spying, US intelligence agencies, DoD, air force, navy, army, foreign intelligence agencies, whistleblowers, online intelligence archives, military intelligence, weapons technology transfer, industrial espionage, security companies.
International Association for Cryptologic Research: IACR home page.
L0pht Heavy Industries: Hacking central, and a great source of information on security problems.
NAIS Online Newsletter: National Association of Investigative Specialists newsletter. Information of interest to investigators, video surveillance, search and seizure, privacy techniques, legal issues.
National Computer Security Association
National Security Agency High-Performance Computing Projects: Various high-performance computing projects sponsored by the NSA.
National Security Agency: The NSA's home page.
National Security Agency Unofficial Page: The NSA's unofficial home page (much more interesting than the official one).
National Security Archive Home Page: Archives, electronic briefing books, declassified documents, related information.
NSA: America's Fortress of Spies: The Baltimore Sun's six-part series on the NSA.
NIST Computer Security Resource Clearinghouse: NIST computer security resources.
NIST Computer Security Publications: NIST computer security publications.
NZ Intelligence Agencies: NZ Intelligence agencies.
Preparing for the 21st Century: GPO appraisal of the US intelligence community
Project on Intelligence Agency Reform: Lots of information on intelligence agencies which their home pages will never tell you.
Security Resource Net: Intelligence, corporate and computer security, counterterrorism, personal security, legislation, news bulletins, upcoming events.
Seven Locks Software: Security news and information, software, online discussion forums, products and services, calendar of security events, firewalls, viruses, security courses and policies.
SPAWAR Information Systems Security Office Homepage: Space and Naval Warfare Systems Command information.

Security People

Links to home pages of cryptographers: Large list of links to cryptographers home pages.
Ross Anderson
Mihir Bellare
Steven Bellovin
Eli Biham
Wei Dai
Dorothy Denning
Oded Goldreich
Shafi Goldwasser
Bob Jenkins
Phil Karn
Markus Kuhn
Stefan Lucks
Terry Ritter
Ron Rivest
Phil Rogaway
Greg Rose
Ken Shirriff
William Stallings
Doug Stinson
Serge Vaudenay
Boudewijn Visser
Bennet Yee
Yuliang Zheng

Security Problems

$10,000 DES Challenge: RSADSI's encryption-breaking challenge.
ActiveX - Conceptual Security Flaw: Using ActiveX to steal money via fake bank transfers.
AOL-Security Pages: AOL security problems (some fairly scary).
Architectural considerations for cryptanalytic hardware: Breaking RC4, A5, DES, and CDMF with FPGA's.
Archive of Hacked Websites: Various web pages which have been altered by hackers.
Armageddon: Packet sniffing and spoofing.
Bokler's Guide to "CRACKER" Software: Programs to break the "encryption" on a number of DOS and Windows programs.
BugNet: Wintel PC bugs, including occasional security problems and holes.
Bugtraq Archives for July 1995 - present: Security vulnerability archives.
Bugtraq mailing list archives: Security vulnerability archives, 1993-present.
Channel 1 File Library:Unprotects: Unprotects for a large amount of software.
Chaos Computer Club
Computer Crime Reference Index: Organisations, publications, legal resources, security advisories, mailing lists.
Cookie Jar: Control which web servers can get cookies.
CooL_MoDe's Kewl World: Exploit files for a wide variety of Unix security problems.
CRAK Software: Password-recovery software for Word, Excel, 123, Quattro Pro, WordPerfect, Quicken, etc.
Crash Netscape: This URL will crash Netscape (and make Windows unusable for Win 3.x) when connected to.
Crashing IE4: Combines the MSIE res security hole and the Pentium F00F bug to lock up any Pentium machine running MSIE.
Crypto & Hacker Linkz: Links to crypto and password-recovery pages.
Cybercrime on the Internet: Cyberciminals and cybercrime buzzword buzzword hacking buzzword fnord child pornography buzzword fnord.
Death by ActiveX: More ActiveX security holes.
Decompilation of Binary Programs - dcc: Decompiler for reverse-engineering 80x86 software.
Defiants Eurosat.com: Pay TV and smart card hacking information.
DES Challenge Coordinated Effort: SolNET RSADSI DES challenge.
DES Challenge Attack: Distributed software attack on DES
Denial-of-Service FAQ: The denial-of-service FAQ.
distributed.net - Node Zero: Distributed computing applications (such as encryption breaking).
Factorization of RSA-130
Fravia's page of reverse engineering: Much information on reverse-engineering software.
Fun and Games with PGP: Potential PGP weaknesses and problems.
Greg Miller's Home Page: Crypto, AI, and Networking: Netware-related security problems and issues.
Hack Watch News: Satellite TV security and insecurities
Hacker's Encyclopedia CDROM: CDROM full of files on every aspect of computer security and how to bypass it.
Hacking Novell Netware FAQ
HAM Radio Software: POCSAG decoder for monitoring pager messages.
Hardware Hacks: Hardware hacks, mainly mag.card related.
Hostile Applets Home Page: Various hostile Java applets.
H/P/C/V Utilities: Password crackers, carding, war diallers, key generators, hex editors, links to related sites.
Hyperlink Spoofing: SSL server authentication attack.
Infilsec - Vulnerabilities: Vulnerabilities database for various OS's.
Inside the Windows 95 Registration Wizard: What the Windows 95 Registration Wizard is *really* doing with your system.
Internet Attacks: A (very complete) taxonomy of Internet attacks.
Internet browser access to your hard drive: How to access your local hard drive with a web browser.
ISS NT Security Library: Links to sites covering NT security issues.
Key Code Generators: Key and unlock code generators for large amounts of software.
Key Recovery Technologies: How to implement espionage-enabled software.
Microsoft CD Key Authentication Revealed!
Microsoft IIS Web Server Security Bugs: Security holes and bugs in Microsofts Internet Information Server.
Microsoft Security Problems: Security flaws in Microsoft products.
Mini-FAQ: NT Password Attack & defences: NT password cracking FAQ.
Money Protocols: Things which can go wrong with smart cards.
Netscape Security Problems: Security flaws in Netscape.
Netware/Windows NT/Web Hack FAQ: Security problems in Netware, NT, web servers and browsers.
New Media Laboratories - Crypto: Distributed attack on RC5.
No First Virtual: Security problems with First Virtual.
Nowhere to Run: TEMPEST monitoring.
NSClean information: Clean up various Netscape files which record information on you and your net activity.
NTAccess: Change the Windows NT administrator password.
NT Crack: Very effective NT password cracker.
NT Exploits: Windows NT security holes and exploits.
NT Internals: Not directly security-related, but contains a lot of useful technical information and source code to bypass or upset NT's security controls.
NT offline pw-util, bootdisk: Password change and general system editing utility for NT.
NT Security Home: NT security issues and concerns, security tools.
Nurse your Net Nanny!: How to disable various Internet blockers (and these things are supposed to be childproof!).
On the topic of Firewall Testing: mjr on firewall testing and certification.
pan1k?: Assorted information on security problems and programs (AOL, Netware, boxing, carding, encryption, password-cracking, virii, satellite TV, text files).
Password Removal Tactics: How to remove/bypass password/"encryption" protection for a variety of software.
Phrack Magazine Home Page: Security problems, hacking, hacker conferences, general news.
Ping o' Death Page: Problems with remote machines crashing whens sent long ping packets (this affects Unix systems, Macs, Netware, routers, printers, ...).
PkCrack - Breaking PkZip-encryption: An implementation of the Biham/Kocher paper.
RISKS Forum Archives: Archives of the ACM forum on risks to the public in computers and related systems (use the arrow icons to move to other risks volumes).
RSA Challenge '97--Break the Key: RSA encryption-breaking challenge (40 bits in 3.5 hours, 48 bits in 13 days).
SatHack HomePage: Satellite TV hacking, cards, software, programmers, and codes.
Scott Schnoll's Unofficial Microsoft Internet Explorer Security FAQ: Bugs and design flaws in MS Internet Explorer.
Security Survey of Key Internet Hosts: Security survey which found that two thirds of the WWW hosts checked had security problems.
Snake Oil FAQ: Snake oil warning signs - encryption software to avoid.
Snoopie, a TCP login tracer for DOS-machines: TCP/IP login tracer which sniffs logins for FTP, telnet, POP3 connections.
Stack Smashing Security Vulnerabilities: Resources related to stack-overwriting security holes.
Supplementary Analysis of the Royal Holloway Key Escrow Scheme: More weaknesses in Euro-Clipper.
The BioArchive: Novell Netware, cellular phone, and other security problems.
"The Stalker's Home Page": What others can find out about you using online search engines.
The TEMPEST Information page: Much information on TEMPEST eavesdropping and its prevention.
unix / net / hack page: Unix security problems, software, documentation, RFC's.
Vulnerability Database: Database of common security vulnerabilities in RPC's, sendmail, firewalls, and various other categories.
Weaknesses in Euro-Clipper: Various weaknesses in the Royal Holloway "trusted third party" ley escrow scheme.
Web Pages wed like to see:: (This one's good enough to deserve its own reference).
Why You Need ACG: Grabbing car alarm codes.
Windows NT Password Cracker
Windows NT Password Recovery Service: Recover passwords for Windows NT servers, domain controllers, and workstations.
Windows NT Security Administrator: Windows NT security problems and solutions.
Windows NT Security Issues: Windows NT security issues.
Winternals Software: Edit NT partitions, change the password for any account (including administrator).

Security Products

Access Control ActivCard Home Page Authentication/single sign-on card. Argus Products & Services Page Extra security measures for Java programs, Orange Book/ITSEC security modules. Cambridge Neurodynamics Biometric identification systems. Capella Electronics - Security Systems Access control and security sensors. Check Point FireWall-1 FireWall-1 firewall. Cerberus Homepage Win 3.1/Win95 access control. Cryptocard Corporation User authentication and remote access management tools. CYCON Labyrinth og CYCON technologies and Cypress Consulting The Cycon labyrinth firewall. e.g. Software Auditing, security alerts, password analysis, and security software for Netware. Firewall Overview Overview of firewall types and technologies. Hardcastle Electronics Firewalls, security gateways, F-secure. Intracept - X-Ray Vision Blocks Java, ActiveX, and cookies to web browsers. Kalliopi: DELPHI Security - We've got it covered!! Access control to Delphi apps. MARX CRYPTO-BOX Software Copy Protection Software and hardware-based copy protection. medcom Home Page Firewalls, tiger team testing, WWW security. Micah Development Access control for DOS and Windows. New-Tech Systems DOS/Windows access control software. PC Security The Stoplock product range (access control, single sign-on, smart card control, etc). PCGUARDIAN Home Page PC access control and encryption software. SAGUS Products Page Security gateway, firewall, Winsock interface. Sealabs Watchguard firewall and security management software. Secure Storage High-security storage facility. Sesame Euro-Kerberos SOL - Security On Line Phsyical security items and information. The ULTIMATELY Secure Firewall Wingate Lan to Internet Software Windows Internet proxy.

Counterintelligence Items SpyZone Tools and Techniques Industrial espionage and surveillance tools and techniques, security equipment, secure communications systems, disaster recovery, bug sweeps. The Codex Privacy Site Electronic eavesdropping detection, anti-bugging, privacy protection, secure communications. TSCM.COM Counterintelligence Home Page Technical Surveillance Countermeasures - bugs and wiretapping, detecting bugs, intelligence agencies, and counterintelligence.

Data Encryption Aegis Research Corporation Windows PGP shell. Atalla Network and internet security processors and solutions. Avalanche Java Cryptography Toolkit Encryption, hash functions, and secure random number generation in Java. Baltimore | Products Crypto systems toolkit - DES, IDEA, RSA, DSA, RIPEMD, SHA1, MD2, MD5, X.509/CA toolkit, email security software. BBN Security SafeKeyper tamperproof hardware key storage. BestCrypt family of Data Protection systems GOST and DES software/hardware encryption for DOS/Windows. Blowfish Advanced Download Site Blowfish file encryption for DOS and Win95. Bokler Software's Home Page DES and hashing DLL's and OCX's. Briggs Softworks: Software Directory snoopper/file eraser, file encryption for Windows. Brokat X*PRESSO Home Page Secure non-US encryption by adding another layer of 128-bit encryption over the top of the US crippled 40-bit version. Business Security home page Fax, video, voice, and modem encryption. CellCase Key Agile ATM Encryptor RSA/triple DES ATM link encryptor. Certicom Elliptic curve cryptosystem products. CES Home Page Phone and fax encryption add-on (questionable algorithm). Chrysalis ITS - Product Information PCMCIA encryption cards. Cisco Network Encryption Services DSA-signed DH for link and session encryption. Citadel Products Firewall/VPN, Windows file encryption. Clipper and Fortezza: Pictures and Info CodedDrag Drag-and-drop DES encryption for Win95/NT. Cold Fusion Power Packs Encryption/decryption, credit card processing, for Cold Fusion. Communication Security Corporation Home Page Diffie-Hellman and triple DES speech encryption. No GAK. Computer Development Systems Crypto Page Link encryption hardware, file and fax encryption software (unknown algorithm). ComScire QNG From Quantum World Johnson-noise-based RNG for PC parallel ports. Condor - Secure Ubiquitous Portable Interoperable Communications Buzzword Buzzword Secure Fortezza-protected voice and data over celluylar links. Confidentiel : Présentation Mac file encryption, approved by the French secret service. CoreDesign Royalty-free Verilog PKC core. CRYTEK Communications - Secure Telephone Adaptor Key-based subband voice scrambler. Uses Diffie-Hellman key exchange, but a questionable encryption function "based on matrix multiplication". Cryptext Win95/NT 4 encryption shell extension. Crypto AG Switzerland Encryption software and hardware of all kinds (but see also the link in the "Crypto Social Issues" section). Cryptomathic homepage Encryption and security software and consulting. CSM Proxy Server - The Ultimate Gateway to the Internet Proxy which includes SSL tunnelling. Cybanim PEM software, bignum maths package. Cylink Corporation Cypris Lockheed Martin's crypto processor. DATACRYPT Home Page File and file transfer encryption (unknown algorithm). DataGuardŽ - The Software Safe IDEA and SEAL file encryption for Win32. Deming Software S/MIME software for MS Exchange and Eudora. D.I.C.A. ISDN Encryptor ISDN link encryption using FEAL 16, IDEA, or DES. Digital Delivery Secure (encrypted) software and information distribution systems. Diskcrypt 95 Floppy drive encryption for Windows 95. DubnerCruncher Very fast bignum maths card for PC's. EES Family Data Sheet Clipper chips. EMD Enterprises Win95/NT anti-virus and encryption software. Encrypt-It Plus DLL/VBX/OLE control providing DES and 3 other (unknown) encryption algorithms. Encryption Plus Encryption for Visual Basic. Encrytor DES file encryption for Windows. Entrust - Home Page Nortel's Entrust cryptography product family. ERACOM - Encryption Adaptors Encryption toolkits, DES encryption hardware for PC's. F-Secure Cryptography Products Windows/Unix <-> Windows/Unix link encryption with secure telnet, X11, port forwarding, etc. The link is encrypted with algorithms like triple DES or Blowfish, with 1024-bit RSA for key exchange an authentication. Formal Systems X.509 certificate viewer, PKI, encryption services and consulting. FORTEZZA Developers Home Page Fortezza ISA Bus Crypto Card Fortezza on an ISA card. Frontier Technologies e-Lock Home Page PKCS/X.509 and S/MIME key management, signing, secure email and browser. Fulltime RSA RSA speech encryption for PSTN lines. Global Technologies Group, Inc. Products based on the German SuperCrypt DES/triple DES chip. Hide Me for Windows Windows file encryption, unknown algorithm. HRB Systems Data encryption products (an division of E-Systems) IBM SecureWay Data encryption, security, consulting. International Cryptography Framework HP's international big brother design. Internet Solution Security (Pty) Ltd Access control, electronic commerce, 128-bit SSL proxy. Internet Security Group CryptoSwift public-key encryption hardware accelerator. Internet Smartsec Internet security technology (knowledge of Swedish useful). Invincible Data Systems, Inc. PGP - compatible encryption software for e-mail, hard disk encryption, access control hardware tokens. iPower Home Page National's PCMCIA crypto card. IRE Product Catalog Network and link encryption hardware. ISC Products Email encryption, crypto toolkits, encrypted Zmodem. ISDN Encryptor Kremlin Win95/NT drag-and-drop file encryption. Kryptology Home Page Snake oil for the masses. Langley System Web Site Floppy disk encryption software. Lintel Security DES and RSA encryption chips and hardware. LUC ENcryption Technology (LUCENT) Limited Lucas-function based PKC. NetFortress Network link encryption. NetLOCK(tm) Network Security Encryption and authentication for LANs and WANs. NEXUS Solutions NTrust Blowfish encryption for Windows. NTrust Blowfish file encryption. PGP -- Pretty Good Privacy, Inc. Home Page PGP Tools from Net Services Windows front-end for PGP. Phaos Technology SSL in Java. PIJNENBURG Beheer N.V. Cool RSA/bignum and DES/triple DES encryption hardware. PowerCrypt Website PEM and S/MIME encryption for the Power Mac. Racal/Airtech Security Various access control and security products. Rainbow Technologies Internet Security Group CryptoSwift crypto hardware accelerator. RAMPART for DOS/Windows DES encryption software and other utilities. Reflex Magnetics - homepage Secure FTP, mail, modem encryption using DES, 3DES, Blowfish, or IDEA. RPK Public Key Cryptography Crypto SDK and email software utilising a new, fast discrete-log-over-GF(2^k) based PKC. RSA Data Security, Inc. SafeHouse Drive Encryption DES disk encryption for Win3.x/Win95. SafePassage Web Proxy Full-strength encrypting web proxy which bypasses US export restrictions. SandTiger File encryption using Blowfish, CAST-128, and Diamond2. SCI Web Page PCMCIA-based disk and file encryption. SecureFile File encryption and signing for Win95/NT SECURE...Encryption and Security for all DES and IDEA encryption software for Windows. SecureOffice Triple DES encryption add-on for MS Office. SecureWin Win95/NT file encryption using RSA and the BSAFE conventional algorithms, other security tools (eg secure delete, secure shutdown). Security Domain: electronic message security Public-key file encryption, CA software. Sioux: Sophisticated & Secure Apache-based secure web server. SKIP Information Simple Key management for Internet Protocols - papers, information, implementations (US only). SKIP in Russia As above, without the export restrictions. Soft Concepts Ncrypt file archiving, compression, and encryption utilities. SoftWings Enterprises Inc DES/triple DES protected OS/2 data transfer. SoftWinter - Shade page Disk encryption for Windows NT. SoundCode, Inc. Crypto libraries and software. SSL HTTP Security Solution 128-bit SSL proxy - turns crippled SSL browsers into full-strength encryption ones. SSL Plus (Product) SSL Plus SSL integration suite. SSLava SSL 3.0 implemented in Java. SSLP Reference Implementation Project An SSL reference implementation (still under development). SSRSSL Secure sockets relay - full-strength SSL proxying. Stronghold Homepage Apache-based secure web server. SynCrypt File and email encryption using Elgamal, Blowfish, IDEA, and triple DES. tbCrypt Win95/NT, OS/2, DOS file encryption using DES, IDEA, Blowfish, NewDES, and Lucifer. TeamWARE Crypto ICL's Windows file encryption software. TecApro Internacional - Home page Win95 file encryption. Templar Software and Services Secure EDI over the Internet. TimeStep - The Network Security Standard VPN encryption systems using DES encryption and X.509 certificates and digital signatures for authentication. TrustedWeb Intranet ACL-based security and encryption using RSA and triple DES. TSS OfficeLock - Data Security for Microsoft Office Strong encryption for MS Office documents. UCrypt DES, triple DES, GOST, Blowfish, 3-Way, RC5, TEA, Safer, Shark, Diamond-2, and others. Utimaco Safeware AG DOS, OS/2, Windows encryption software, encryption hardware. Virtually Online SEMS email encryption using the RPK algorithm. VPNet: Products WAN VPN encryption products using DES and triple DES with SKIP key management. Wormhole technologies PKC-based email encryption software. Xcert Software Access control, X.509-related software.

Interception and Monitoring

Hardware and software for intercepting and monitoring information.

Cellular Monitoring Interface (via Electronic Countermeasures Inc): Computer interface for intercepting cellphone traffic.
Datascan TEMPEST monitoring system
Electroconductive Concrete ELFINCO: Makes for great TEMPEST shielding.
Fastscan: Win95/NT port scanner.
Fax Analyzer: PC fax interception card.
Force-Ten Online Catalog: Surveillance, wiretaps, spying equipment.
GCOM Technologies: GSM, cellphone, computer, and fax interception and monitoring equipment (the GSM interception unit features real-time, off-air interception of up to 1000 voice/data/fax transmissions, traffic targetting and screening, and call tracking, all with a friendly Windows interface).
GSM Monitoring - GSTA-1400: Complete GSM monitoring/interception system with call and target tracking and location features.
Kansmen Corporation: LittleBrother Internet monitoring call.
NDG Software Products: Various network monitoring and snopping tools.
NetWatcher: Monitor and intercept TCP/IP sessions.
Pager Decoding Interface (via Electronic Countermeasures Inc): Computer interface for intercepting pager traffic.
Spies:Law Enforcement: Cellular, GSM, and fax interception and monitoring equipment.
The Watcher Network Monitoring Program: Monitor and control any IP connection on a network.
Virtual ISA Proto Board: Xilinx 5210/4013E card.

Investigative Tools

Tools for investigating the security aspects of various things.

Chip Express Corporation: Fast turn-around ASICs.
Convar Systeme Deutschland - Service Center: Disk data recovery.
Digital Instruments: Scanning probe microscopy (used to investigate magnetic media).
Hack Watch News: Satellite and terrestrial TV scrambling systems.
IBAS Laboratories - Professional Data Recovery: Recovery of data from damaged or overwritten/erased magnetic media.
MUSIC Semiconductors: Various content-addressable memories, useful for investigating encryption algorithms.
Neuroptics Technologies, Inc.: Neural network hardware.
Programmable Logic Jump Station ( FPGA, CPLD ): More investigative tools for encryption keys.
Xilinx Product Information: Perfect for investigating currently unknown DES and RC4 keys.

Online Commerce and Banking Canada Trust Online access to account balances, stock quotes, and other banking services. Credit Suisse Direct Net Full online banking using 128-bit SSL proxies. EMJ America Internet security and e-commerce products. ICVerify Home Page Online credit card, debit card, and cheque verification. Internet-based digital cash Links to various e-cash resources. Netbill-related publications Various online electronic transaction protocols. Payment mechanisms designed for the Internet Welcome to Online Banking! Wells Fargo online banking.

Smart Cards

These include only the interesting sites, some manufacturers currently provide no really useful information and aren't included here.

Advanced Card Systems, Ltd.: Smart cards, card readers, development kits.
ACOLAs Homepage -Communication, Terminal Server and Data Collection Products: Smart card and RF card products.
AD-Teknik, Mainpage: Smart card emulators, PCB's, readers.
AMC Smart Card Reader Products: Smart card/mag stripe reader/writer.
ASE - The Aladdin Smartcard Environment: Smartcard development kit.
B&C Data Systems: Smart card reader/writer.
Card Europe Main Index Page
CardTech/SecurTech:Home: Smart card and security card conference information.
Catalyst Serial E2PROMs -- I2C Bus: Smart card EEPROMs.
CITI Smart Cards: University of Michigan smart card research project.
CompInfo - Smartcard Technology - Information Sources and Manufacturers: Links to sources of information on smart cards and card and card reader manufacturers.
Crownhill Associates Ltd: Smart cards, PIC programming, code recovery/reverse engineering.
CryptoCard's Security Products: Various access-control systems.
Dallas Semiconductor Corp: Home Page: Identification and authorization chips, secure microcontrollers.
Dallas Semiconductor Corp. iButton: Home Page: Digital credentials/timestamping/crypto in a button.
Datakey Home Page: Smart card reader/writers, smart cards.
DataMega I/O Products: Smart card readers.
Encotone Ltd. Home Page: Smart-card and smart-card-like authentication and security devices.
Fun With Smartcards: Notes from the HIP'97 Fun with Smartcards session.
Gemplus Smart Card Home Page
GIS Home Page: Smart card readers, terminals, and developer kits.
IBM Student Chipcard Innovation Team Homepage: Dutch student-designed card reader and software.
Litronic, Inc.: Smart cards, card API's, Fortezza cards.
Magtek Products: Magnetic card reader/writers.
Microchip Memory Data Sheets: Includes EEPROM memory for smart cards..
Micromodule Pte Lte, Singapore: Smart cards, readers, development kits.
Motorola SmartCards (TM): Databooks for Motorola microcontrollers (including smart card micros).
Motorola SmartCards (TM): A different access point for Motorola smart card information.
Nexus Products and Services: Mag card and smart card readers, PINpads.
Ordacard Israel: Mag stripe and smart cards
OKI Personal Smart Card Reader: Electronic wallet balance checker.
OTI - OnTrack Innovations Israel: Contactless smart cards.
Paul Maxwell-King For Pic Chips, 16c84, sathack, ISO7816, sat-hack, satellite cards, codes, programmers, sky, D2MAC, DSS, season, blockers, crack, satellite, satellite TV, hacking, cracking, satellite hardware, videocrypt, filmnet, sky cards, smartcard, smartcard interface: Smart-card hacking-related hardware.
PEP Products & Services Page: Smart card readers, RFID products, crypto and flash cards.
Philips Smart Card Services: Philips smart cards.
pincash: Smart cards and readers.
SCARD - Smartcard Resources: Smart card standards, interface software, hardware.
Schlumberger Universe of Smart Cards: Smart card readers, tools, SDK's.
SCM Microsystems - Products: Smart card readers, writers, and interface products.
SGS-Thomson Smartcard Products: Smart card information and data sheets.
Siemens Smart Card Integrated Circuits: No technical information, unfortunately.
Smart Cards, Credit Cards, Internet Security.: Smart card resources link farm.
Smart Card News: Smart card publicatiosn, technology, and information.
Smart Card Reader/Writer: Card readers/writers/PINPads.
Smart Card Resource Center: Links to chip manufacturers, companies, conferences, mag cards, readers, RF cards, and other smart-card related information.
Smartcard Information Page: Smart card information, card types, and links to manufacturers.
Smart Semiconductor Search: Search engine which links to most major embedded semi vendors.
Smartcards and other cards: Links to smart cards, memory cards, smart card readers, mag cards and barcode cards.
The Smart Card Forum: General information on smart cards.
TOWITOKO homepage: Smart card readers.
Tritheim Technologies: Smart card readers and writers.
UNIPROG Universalprogrammer: CCC universal smart card programmer.
Xicor Inc.: EEPROM's, smart cards, flash memories.

Snake Oil Ciphile Software "Absolute online privacy - Level 3(tm)(c)(patent pending)" - "the best encryption software available today" - "unbreakable". Cryptor Homepage Cellular-automata-based OS/2 file encryption. Cybank "Maximum security encryption... we use our own snake oil because public-key encryption has been proven to be insecure". Data Protect Self-proclaimed leading security expert Kimble analyses your security problems. DataTech Systems - Home Page Software which is "ABSOLUTELY IMPOSSIBLE TO CRACK. This can be proved as never has a file that has been encrypted... been cracked, even with utilising some of the best cryptographers living" [sic]. Enigma-7 Windows Superencryption Software "The most powerful Windows encryption software available". Evolv - Skipjack IC Info & Pricing Encryption using "proprietary artificial intelligence engines", "light years beyond the security level offerend by any other encryption method". Incidentally, this Skipjack has nothing in common (apart from the name) with the USG's Skipjack. GCC Chaos Encryption Overview KeyGen Automatic Synchronized Key Generator (TM) for Encryption Without Key Management "No key management! No certificate authorities!". No visible means of security. Meganet VME Encryption "A breakthrough new Encryption method, using innovative new technology...The Meganet VME can not be compromised". Net Titan page Amazing what you can do in an afternoon with Visual Basic. One Time Pad (TM) makes Internet Access Secure! "One Time Pad (TM) authentication" (a very primitive, non-free alternative to S/Key). Safeguard Fractal Encryption Software Fractal encryption - even though it only uses a 40-bit key, it's a 40-bit key with *fractals*, which makes it magically safe. Safe Send 1.0 "Uses a prearranged cryptic code which is all but impossible to crack by any individual or government". Shades White Paper "A newly patented mode of encryption which is quick and particularly reassuring". TRIAX GmbH Gesellschaft für Kommunikation und Datensicherheit TRIAX(TM) encryption, now with OTPS(TM). TRICRYPTION - IBM File Encryption Programs Amazing keyless cryptography! Quadrillions of combinations! Universal Data Cryptography Module More advanced than RSA, DES, IDEA, and PGP! More advanced than all other algorithms put together! May even work on your system (after extensive patching and modifications). Ultrimate Privacy The million dollar challenge - we are betting a million dollars that our challenge is cooked so noone can claim the prize! WinKrypt Secure email encryption from the people who brought you SoftRam95.

Argus Systems Group, Inc.

Operating system security add-on products for Solaris and Windows NT.

Automatic Response Systems

Document destructions products and services.

Consensus Products/Services

SSL Plus integration suite, RSAREF, IDEA licensing, code security screening.

Digital ID Center

Web interface to Verisign's digital ID (CA) service.

Disk Zapper

Floppy disk bulk eraser.

IBM SecureWay Home Page

IBM's security hardware and software, consulting, technology, and general information.

IP Packet Filter

Highly configurable kernel-level IP packet filters.

Kilben Business Services

Computer enclosures and alarms.

List of FPGA-based Computing Machines

Fast encryption hardware (with a little programming...).

Minatronics Corporation

Physical security products.

SEM - Security Engineered Machinery

Data destruction equipment and information.

Wang Government Services Secure System's HOME PAGE

Wang's TEMPEST products and secure services.

Virus/Antivirus

Anti-Virus Chamber: Anti-virus software, information, news, and organizations.
Computer Virus Myths treatise
Sophos PLC Home Page: Sophos anti-virus products.
The Crypt Newsletter Homepage: Virus/antivirus information.
Virus Homepage!: Large numbers of viruses and related software.
Virus Page: Virus researchers, anti-virus software and vendors, viruses, programming infomation.

Security and Encryption-related Resources and Links / Peter Gutmann / pgut001@cs.auckland.ac.nz

Nekaj novejših povezav:

Security and Encryption-related Resources and Links

Crypto Link Farms

Crypto FTP Archives

Crypto Social Issues

Crypto Software

Miscellaneous Security Items

Cypherpunks and Cryptorebels

Public Key Infrastructure

Random Numbers

Security Books, Journals, and Bibliographies, and miscellaneous short publications

Security Standards, Laws, and Guidelines

Security Agencies and Organizations

Security People

Security Problems

Security Products

Access Control

Counterintelligence Items

Data Encryption

Interception and Monitoring

Investigative Tools

Online Commerce and Banking

Smart Cards

Snake Oil

Virus/Antivirus