Security pointers

one-time passwords
Crypto API's
random numbers
secure applications
people and papers

govt projects
intrusion detection
Java and WWW
UNIX security
NT security

many dead links ... :-(
Tom Dunigan's UTK/CS security course
Security pointers
NIST computer security and resources/conferences
Yahoo Security and Encryption and hacker news
security mailing lists and infosec news
newgroups: sci.crypt    comp.risks
cryptography archives
IACR J. of Cryptology including Cryptoxx and "Fast Software Encryption" conferences proceedings
Cryptosystems Journal and the American Cryptogram Association ACA
Cryptography-related Journals
Information security magazine
UNIX security USENIX see conf. proceeding for security '99 and conference papers
National Information Systems Security Conference and '97 proceedings and '96 proceedings and '98 papers
conferences and call for papers CFP
Annual Computer Security Applications Conference
Popular Cryptography journal of Internet privacy
Internet Security Review and SANS
Schneier's cryptogram
opensec open security solutions
:-) DigiCrime decrypting service

gnupg GNU and openpgp
MIT's pgp distribution
the PGP documentation pgpdoc1.txt and pgpdoc2.txt or html/postscript versions
beginner's guide and pgp4dummies and tip sheet
PGP 2.6.2 docs vol 1 essential topics, vol 2 special topics, vol 3 file formats
GNU's gnupg no RSA/IDEA
another PGP page and different version interoperability
BAL's PGP Public Key Server news a FAQ
ESnet PGP key server and ESnet PGP key ring
Yahoo PGP page
MIT PGP Release
PGP 2.6.2 FAQ, Buglist, Fixes, and Improvements
PGP attack FAQ or PGP attack FAQ
PGPfone and time stamp service and pgptalk
web of trust analysis and The PGP Trust Model
SLED/Four11 key CA, for public key issues see Verisign FAQ
PGP Distribution Authorization Form
Pretty Good Privacy - in UK
Jeff Schiller's Home Page
BAL's WWW Home Page -- HTTP Version
passphrase usage and passphrase faq pass phrase info
how PGP works
PGP Inc and and PGP International
randomness of IDEA keys in PGP
smime info s/mime

opie tutorial and opie paper
S/key ISOC paper (postscript, 74K) and RFC1760 and S/Key docs
skey paper
skey help page
logdaemon and wrappers includes BSD UNIX skey stuff or was here
winkey windows client
opie/skey ftp probably most portable implementation (linux, sunos, hp, irix, aix)
S/key ftp archive Sys V UNIX, PC, MAC, skey and skey archives (Bellcore)
skey vulnerabilities (there is also an skey crack program MONKEY, dictionary brute force) and maybe try here or here
SecurID ... Axent Securenet SNK ... Enigma Logic ... CRYPTOCard ... ActivCard
white paper on vulnerabilities of SecurID and a rebuttal
CERT's info on one-time passwords
CSI's single sign-on products
Xskey and a more secure keyinit ftp
java skey
SPEKE Strong Password Authentication and Bellovin's EKE
or consider these secure session services ssh or SecureCRT or srp or kerberos or stel or SRA telnet or SSL telnet or SPX or deslogin

Kerberos info and a nice paper
CMU Kerberos page and MIT's Kerberos page and ISI's Kerberos page
Athena Kerberos docs and papers (ftp) and USENIX Kerberos paper (html)
RFC 1510 kerberos v5
cygnus KerbNet includes NT support
newsgroup comp.protocols.kerberos and a FAQ and a Mailing List
Kerberos in windows 2000 or here

Crypto API's ETF CAPI info
eSS (Generic Security Service API) RFC's RFC2078 v2 and SPKM or older RFC1508 and RFC1509 and IETF CAPI info
GSS api v2 C bindings
U of Il's Java GSS API
CDSA Common Data Security Architecture
TIS info on Crypto API's and ICE
SSL Secure Socket Layer from Netscape and SSL specs and SSL FAQ and a protocol overview
ftps ssl ftp and here
openssl and openssl api tutorial
Eric Young's crypto page and
SSLeay ftp and FAQ and programmer ref
SSL performance
sslwrap wrap services in ssl
https and http performance and see Infosecurity mag. 10/99 and ipivot ssl front end
Java's JSSE secure sockets extension (SSL)
TLS ssl, the next generation, transport layer security
FGInt rsa, elgamal, dsa, source
pct private communication technology protocol
cross-site scripting
stronghold secure server and apache
ssh has a nice API
RSAREF 2.0 info
NSA API recommendations
Crypto Systems Toolkit
CryptoLib info from Bell Labs
RSA's BSAFE toolkit
windows crypto and wincrdll
Microsoft's CryptoAPI
pegwit uses square
Rivest's RC6
Eric Young's libdes or here
TEA Tiny Encryption Algorithm and key shedule weakness leading to XTEA
BICOM bijective compression with rijndael encryption
CAST or RFC2144 and cast-256 and crypto algorithms and CAST S box design bent functions
cryptix java crypto lib
another java crypto lib iaik
PKCS Public-Key Cryptography Standards, #11 is crypto-token API (cryptoki) also here
crypto software good stuff
crypto algorithms and crypto crypto performance ciphers, hashes, CRCs
Wei Dai's Crypto++ C++ API cryptlib, including AES candidates and panama
java 1.2 crypto architecture API and specs examples
java 1.2 or tree and and the jce cryptography extension and jce api and cryptix crypto lib
Java's JSSE secure sockets extension (SSL)
signing java code from Securing Java book
Gutmann's cryptlib and PRNG's for various OS's
Crypto Kong win95/nt
comparison of crypto libs
classical crypto routines and a vigenere applet

big integer software

gnu's GMP multiprecision arithmetic and also C++ Integer class Integer.h or Java's BigInteger or BSD's mp library mp.h or perl Math::BigInt
GNU's Multiple Precision Library software and gmp manual and speed tables
lidia C++ library for computational number theory and source and ntl number theory library

elliptic curve cryptography

Certicoms excellent tutorial
ecc '99 conference
RSA's elliptic curves cryptosystems and what are elliptic curves
elliptic curves bibilography and RSA's Elliptic Curve Cryptosystems (pdf) Key exchange with elliptic curves and elliptic curve software
ECC tutorial
menezes's page ECC and CACR and tech reports
Certicom ECC standards and X9.62 and X9.63 and a FAQ
ECC challenge ECC2K-108 broken
Rosing's book Implementing Elliptic Curve Cryptography sources
elliptic curve cryptography software or here
INRIA's break of 97 bit ecc

random numbers
random numbers and P1363 info and P1363 ftp and random number conditioning
RFC1750 random numbers
random numbers resources or here
Ritter's randomness links and randomness tests
Wagner's randomness links
/dev/random and random.c info also see Gutmann
Maurer's Universal Statistical Test for Random Bit Generators MUST and C source
Wagner's page or netscape randomness
PGP 5.0 weakness in random number generation
attacks on random number generators and yarrow
HAVEGE HArdware Volatile Entropy Generator
prng info R250
cryptographic noise Noiz and friends
Strange Attractors and TCP/IP Sequence Number Analysis 3-d rendering, PRNG analysis '01
havege hardware random numbers
Gutmann's software generation of practically strong random numbers pgp and /dev/random
Surveys and Papers on Pseudorandomness
RS232 serial port RNG orion or protego
GCP global consciousness project, collecting/analyzing random data from RNG ?
RNG info
Intel papers and RNG FAQ and stat tests for RNG on Pentium III 802 chipset and a white paper and inteface specs
review of intel RNG on i810 chipset (i82802 is the firmware hub with the RNG) linux 2.4 has /dev/intel_rng that can read it (8 bits/4 ms ?)
test code for 82802 rng
AMD AMD-760 MPX Chipset random number generator, linux support
via processor random number generator hardware and via nehemiah secure processor
RSA paper Hardware based random number generation
hardware RNG or here and newbridge or here or SG100
hifn's PKI board and hardware RNG
using lava lamps for random numbers, lavarand (BBS, sha) see
paper on testing pseudo random number generators and other info
prngd pseudo random number generator daemon and egd entropy gathering daemon
diehard test PRGs
ent entropy tester source
selecting a random number generator
FIPS 140-1 has some rng tests too
monte carlo estimation of pi applet

prime numbers

prime number page and largest primes and Mersenne Primes
prime number info and more and a history
more prime number links
meganumbers large primes and integers
Rivest's Finding Four Million Large Random Primes (dvi)
Carmichael numbers
galois fields

secure applications crypto software
Secure telnet stuff includes deslogin or ftp which requires a DES key data base at the server and STEL which uses skey, DES/IDEA, and Diffie-Hellman. STEL source
Taiwan's secure telnet/rlogin/ftp uses key server, des
SRA telnet/ftp uses Secure RPC's D-H code to encrypt authentication
Secure Shell ssh and a FAQ and ssh-1.2.26 and ssh for PC
getting started with ssh or guide for using ssh on pc
Ylonen's ssh paper
openssh and ssh2
free pc ssh or another or another or one with source or another
free teraterm windows/ssh client or SecureCRT or putty
windows scp
windows/mac ssh clients or here
java ssh applet or mindterm java ssh client or mindterm
java telnet ssh applet
more ssh links clients and such
ssh and Kerberos
ppp over ssh vpn
ssh2 free development psst
nautilus secure net phone
Stanford's SRP Authentication and Key Exchange (EKE)
secure FTP or safetp
webmail secure email or
CFS and ESM Cryptographic File System (CFS) and Encrypting Session Manager (ESM) and cfs mailing list and swIPe
lightweight crypto tunnel for linux CIPE also see vpnd and pipsec
http tunnel pass thru firewalls
keynoteTrust Management Toolkit
Sun's secure RPC
TCFS Transparent Cryptographic File System
DOS/Windows SFS Secure File System
linux file encryption or here PPDD or linux disk encryption summary '99
linux encryption howto api, disk, network
bestcrypt windows/linux disk encryption or at
various windows disk and file encryption products/shareware and Cryptosystem ME6
Window's 2000 EFS encrypting file system or here or EFS resources
security of EFS
MAC disk encryption or here or filevault
RASP secure media
ide disk encryption
sigaba secure email
PEM Privacy Enhanced Mail and PEM rfc1421 and RIPEM info
MOSS MIME Object Security Services
links electronic commerce
electronic cash paypal or ecash and cybercash and First Virtual and millicent and iKP and digital money tutorial
bigvine, lassobucks, confinity,,
MasterCard's Secure Electronic Transactions SET
ietf's internet open trading protocol and iotp draft
FSTC Financial Services Technology Consortium (electronic commerce, checking, fraud prevention)
SFNB's security CMW+
SecureWare CMW's and Trusted MACH TMACH and ORA's THETA
dtos NSA secure os or here or here
NSA/VMware's Nettop mls os
secure linux bastille and NSA's security enhanced linux and Flask: Flux Advanced Security Kernel
secure bsd
Argus PitBull trusted OS, also see HP's Virtual Vault or Trusted Solaris
eros capabilities-based secure OS
info on openbsd security
Jim Rome's CMW slides (pdf) and NIST CMW info

commercial providers
watch out for snake oil and a snake oil FAQ
meganet virtual matrix encryption vme (see snake oil above)
Jetico linux/windows disk encryption and Cryptext or F-Secure Desktop or SecureWin or NT SHADE or scramdisk
syncrypt or certicom
other PC security
Sword & Shield
RSA and Secure Computer Corp security services security planning, risk analysis '03
compaq's group
TIS key escrow, moss, firewalls, fortezza, Trusted MACH
Secure Networks Ballista security scanner
crypto products and icsa
SecurityMetrics or SecureSoft USA
CSI Computer Security Institute (conference) and Trusted Systems and SANS network security
eracom and Information Resource Engineering (IRE) link encryptors (used by banks)
airdefense wireless protection software copyright protection
Schumann Security Software single sign-on, role based access (rbac)
COMSEC Solutions and premonition role-based access
Motorola NES and INES and Xerox XEU and Wang TIU or here and DEC's old DESNC zergo link encryptors
hifn hardware encryptors 7751 and compression or Rainbow's crypto accelerators or ncipher or chrysalis-its biometric fingerprint and XP authentication
3com's 3XP NIC IPsec acceleration 3cr990 (lpz gets 92 mbs w/ 3des)
ISI GRIP high speed IPsec
HP's ICF international cryptography framework
cryptoheaven Secure Email and Online Storage
Ritter's ciphers dynamic substitution
OSF DCE security and IntelliSoft's DCE/Snare and DASCOM DCE
Intellisoft's DCE/snare vpn
Bellcore's VRA exportable file encryption
CORBA security and spec
UniShield and MITRE and Motorola
Elementrix POTP and Paralon LanKey
high speed security MCNC ATM and GTE's ATM FASTLANE encryptor KG-75 or Secant's CellCase and not so high-speed InfoGuard also Cylink's ATM OC3 encryptor and celotek oc12 atm ecnryptor
frame relay encryption
StorgeTek's ATLAS OC3 ATM security
cryptek B2 NIC and secure fax
Aladdin's hasp4 dongle against software piracy or hardlock or marx
securikey laptop dongle or everbee
Microsoft's Proxy Server
ISS and their links , includes a FAQ whitepaper
Safetynet Security and AntiVirus - Free Evals
CyberSafe and MOBIUS encryption tech and Hughes NetLOCK
cylink and AT&T hardware and software
network security scanners and scanner summary and Livingston's RADIUS
Nmap scanner or here
hping scanner
nessus security scanner
GFI LANguard Network Security Scanner
penetration testing or application testing 3DES encryptors
utimaco hardware disk encryption
SecureOffice 3DES for office


firewall wizards archives and faq and links
YaHoo's firewall systems and firewall faq
network firewall notebook
The Firewall Report and a firewall products and review
NCSA Certified Firewall Products and ICSA's certified products
Ranum's why i no longer believe in firewalls
TIS firewalls ftp/fwtk and Gauntlet and Secure Computing's sidewinder and axent/raptor and firewall vendors
free t.rex and fwtk firewall toolkit
firewall appliances
CheckPoint FireWall-1 and VPN and NSC's NetSentry and DPF
DataComm's firewall performance and CMP's review of 6 firewalls and another comparison
CSI's firewall product analysis
a firewall FAQ
ultimately secure firewall and other firewall info
Ranum's Thinking about Firewalls and a firewall tutorial
DOMUS Firewall Penetration Testing and Haeni paper
firewalk filter probes or firewalk and IP filter
firewalking probing firewalls
Ugate's firewall nat box or sonicwall or gnat box or SOHO2000 or macsense xrouter
linksys router/firewall box for cable modems etc. masquerade
linux firewall/nat, there's also IP masquerade HOWTO
review of personal firewalls
signal9 personal firewalls conseal or zonealarm and trojan's to deactivate personal firewalls
outpost personal firewall
Norton's personal firewall or blackice defender or sygate personal firewall
trendmicro's gatelock personal firewall nat dhcp
Win* ids/firewall network ICE or infoexpress or IFW2000
MAC OS X firewall ipfw others: brickhouse firewalkX Norton Personal firewall (NPW)
shields up firewall tester
linux ipchains/ipfwadm firewall and firewalls paper
NIST site security and more firewall info and more info
SURF firewall paper and source
NEC's paper on firewalls and virtual private networks
wingate or here or socks proxy servers info on proxy servers

virtual private network encrypted IP tunnels / VPN

ORNL's virtual private network page (VPN) and tunnel performance data (PIX, PPTP, ipv6,netfortress)
Jain's vpn links papers, books
3com's 3XP NIC IPsec acceleration
more general VPN info and links/FAQ and more vpn links
Internet Week's vpn page
Network Computing's VPN review
Cisco's IOS security architecture and Cisco's PIX info and PIX's page encrypted links
Cisco's encrypting routers and TACACS info and spec
Gong's enclave paper. and TIS's DTE firewalls
Point to Point Tunneling Protocol (PPTP) and microsoft pptp info and here or here win95
PPTP specs
pptp for unix linux
PPTP for linux and archives
l2tp is combo of pptp and l2f layer-2 forwarding
Microsoft's Windows 2000 VPN
CHAP and PAP (PAP sends passwords in clear) MS-CHAP
ppp over ssh vpn
PPTP vulnerabilities and update and evaluation
Cisco's L2F tunneling protocol, combined with PPTP gives you L2TP.
NetFortress and DEC's altavista tunnel and
InfoExpress VTCP/Secure and UUNET's LanGuardian
DIGEX Virtual Private Networks and Hughes NetLOCK
IBM's SecureWay and Internet Security and IBM network security group
Datamation's VPN article's SafePassage Secure Tunnel

smart cards

smart card security page
datakey des/rsa smart cards (specs), STU-III and info on smart tokens and telequip
smart card intro
USB crypto token crypto card or spyrus usb crypto token
Bellcore smartcard and Litronics
smartcard interface defn
smartdisk or RSA's info or safeboot or SmartDisk Security Corporation
IBM's cryptocards


June 1998 KEA and SKIPJACK declassified KEA and SKIPJACK specs (pdf, 819K) and annex (pdf, 411K) test vectors
Clapp's stream cipher similar to SKIPJACK?
SKIPJACK analysis
FORTEZZA approach and LOCKout and Spyrus FORTEZZA hardware
FORTEZZA developers info
lots of FORTEZZA and capstone info Rainbow's FORTEZZA Kocher's FORTEZZA info
Skipjack review
FORTEZZA and Mosaic and MISSI info
NIST's clipper chip info
FORTEZZA and Netscape and Clipper chip info
FORTEZZA documentation
Message Security Protocol (MSP) spec and use with FORTEZZA (WORD docs ) and Xerox SDNS MSP info

Certification Authorities CA and PKI

Nortel's ENTRUST and VeriSign
vasco roaming certificate
Eurosign CA and another CA GTE's CA or CyberTrust COST CA Xcert CA Thawte CA RSA's keon or wildid
certification authority (CA) info and more info and IETF X.509 pkix, public key infrastructure (PKI) and RFC1422 and RFC1487 LDAP
LDAP tutorial
NIST's PKI info
IEEE P1363 PKI standard
Gutmann's X509 style guide
SPKI and Rivest's SDSI 1.0 and S-expressions
Public Key Cryptography based on Braid Groups
OSF DCE and public keys and DCE and Fortezza
Sesame and SecuDE or here
BBN SafeKeeper in RSA's certificate signing unit CSU
Trusted Third Parties in Electronic Commerce
13 reasons to say no to PKI or looking for alternatives to PKI

government services and projects
FIRST and CERT and its ftp archive
FBI's national infrastructure protection center cybernotes NIPC
CIAC and bulletins
ESnet auth/security
ESnet key dn
DoD's disa Multilevel Security program
dragonfly in-line encryption
DoD's Orange Book or here or rainbow series and a summary and Trusted Product evaluation lists and an A1 system Gemini
UK's itsec certification e0-e6
NIST's latest common criteria product certifcation
Multics page or here and info on timing channels
Red Book NCSC's trusted networks
NRC's Cryptography's Role in Securing the Information Society and full report
NACIC national counter intelligence
Network Encryption history and patents
FIPS 186 DSS and FIPS 46-2 DES or FIPS 46-3 DES and FIPS 180 SHS SHA
Coopersmith DES design
FIPS 191 LAN security
security standards X9* and info on crypto standards or here like iso ietf
ISO17799 security standard
cipher standards
s/mime pkcs ssl standards
security protocols overview IPsec, ssl, tls, s/mime
GSA public key project
Federal Internet Security Framework draft document by the FNC's Security working group Collaborations in Internet Security
NIST Advanced Encryption Standard (AES) and winner is rijndael and rijndael page and source code round 2
rijndael page with diagram
square cipher forerunner to rijndael
AES proposals and performance and source code and round1 comments
AES final report why they chose rijndael
other AES finalists serpent and twofish and rc6 and mars
US Crypto Policy EES, ACM 1994
European's AES follow on nessie
Manhattan Cyber project

IP security

IETF Internet drafts or here or Internet drafts (UK)
IETF security info and IPsec info including Oakley, SKIP, Photuris, ISAKMP, HMAC and ipsec archives
Timestep's IPsec whitepaper
ipsec/ipv6 implementations 10/97 or here
NIST's Linux ipsec and JI's LIPsec
companies implementing IPsec
Bellovin's IP security shortcomings and Plaintext Cryptanalysis paper and MS-DOS implementation paper
NRL's PF_KEY raw socket key mgt.
key mgt for IP: SKIP and ISAKMP and Photuris and SKEME
S/WAN secure IP consortium or RSA's S/WAN page and cygnus swan
linux swan implementation
linux/bsd pipsec kernel free ipsec
OpenVPN SKIP implementations
internet authentication rfc1704
IP Authentication header RFC1826 and IP Encapsulating Security Payload RFC1827
also see IP security architecture RFC1825 IP authentication with MD5 RFC1828 DES-CBC for IP RFC1829 keyed SHA RFC1852
NRL implementation of IPv6 security or here
Japan's IPv6 KAME project
DESX Kilian/Rogaway protecting DES against exhaustive key search DESX
DNS security and Internet draft
secure DNS ISC bind DNSSEC (DNS Security Extensions)
SNMP v3 security and Stalling's article and keychange
historical: SDNS OSI NLSP TLSP sp3 sp4

key escrow

Clipper key escrow, and Fortezza (Denning)
key escrow
FIPS 185 Escrowed Encryption Standard (EES) and Clipper pointers
encryption policy and NRC's recommendations
US crypto policy
The Risks of Key Recovery
TIS's RecoverKey and Commercial Key Escrow CKE
Cylink's CyKey (pdf) key recovery
Denning's A Taxonomy for Key Escrow Encryption Systems and Descriptions of Key Escrow Systems
European govt's and key escrow
PGP's ADK's bug, key escrow

intrusion detection
Sobirey's list of IDS systems
ICSA's ids buyer's guide
SANS IDS tools and faq
NIDS faq
SNORT UT's favorite
Data Comm's ids comparison slides and infoworld's review
intrusion detection made simple
dragon sensor
silentrunner insider threat
network forensics netdetector and netintercept
UC Davis and their CIDF and Frank's feature selection or artificial intelligence and intrusion detection
UNM security group
James Madison infosec
annotated bibliography and ids bibliography
emerald's live traffic analysis
Coast projects and their autonomous agents and their ids page
SDSC's security projects PICS
metanetworks hi speed IDS and presentation
saint jude kernel-level IDS to protect a host
neural IDS
Deception Toolkit honeypot or honeypot or honeypot or touches
honeynet and why you should fear baby hackers Intrusion Detection Systems, Honeypots & Incident Handling
DARPA IDS Evaluation
Defending a Computer System using Autonomous Agents
Forrest's computer immune systems for IDS
SAIC CMDS projects Ranum's network flight recorder nfr and paper
Wietse's tools and papers and his new site and CIAC's tools and CERT tools
info on and archives of ids news group,
Performance Benchmarking of UNIX System Auditing and Coast's unix tools swatch... big brother, service monitoring unix
Ptacek's eluding network intrusion detection and vulnerabilities of IDS's
intrusion detection misc and shootout and tcpdump use
ids using tcpdump and shadow
snort for unix and windows, ids
ntop network monitor
LBL's Paxson's bro and paper
LLNL has NID LANL/Sun has NERD and LANL's NADIR other DOE tools and there is an AIS alarm system
SRI's NIDES or another NIDES or EMERALD or SRI intrusion detection
CMU's ids info and statistical-based ids
using cisco's netflow data for intrusion detection host profiles and here
rowland's abacus project and portsentry or ngrep or tcpshow
windows inzider port to process association
USAF's DIDS or Navy/Marine ICE-PICK
ISS's RealSecure or Wheelgroup's NetRanger
TIS's stalker
ProWatch Secure or abirnet's sessionwall
network general's cybercop and cybercop FAQ
En Garde's T-sight manual intrusion detection
monitoring tools Argus     tcpdump or     and tcpdpriv wash tcpdump data
ethereal or and for windows tcpdump windump     netlog     INTOUCH INSA
etherape viewer
libnet raw packet lib, use with libpcap
Axent's Intruder Alert or MimeStar
IDS tester replay tcpdump's
DARPA intrusion detection evaluation
mjr's host burglar alarms
CERT's intrusion detection check list and recovering from a root compromise

CERT advisories and CIAC bulletins and ISS xforce alerts and NIPC's warnings
CERT incident stats and a paper
Mitre's cve common vulnerabilities
securitytracker vulnerabilities list
Top 10 security stories of 2000
Yahoo's hacker news and SANS newsbites and securityfocus news
Microsoft vulnerabilities and patches
leaky ethernet broadcasts '03
master key vulnerabilities
information warfare and another and another and another and another and another and a bibliography information warfare
info war IASIW and Libicki's What is information warfare?
TIME's ONWARD CYBER SOLDIERS ( or local copy) and Commando Solo and America Under Attack
12/26/00 info warfare
6/19/01 cyber warfare
NSA's cyber-attack and moonlight maze
CNN's cyber terror or here or here
DARPA's information survivability
Wired's cyberwar 2002 feb '98 issue or NSA's operation Eligible Receiver
PC week's hack invitation 10/99 and here
emp and herf
threat info CNN's internet insurgency includes a timeline
insider threat another insider threat story
Open Computing cover story(s) and a Security Timeline and a survey
Threat Assessment of Malicious Code and Human Threats
risk management software review or risk assessment
caspr commonly accepted security practices or cobit and CERT's octave threat/asset and vulnerability evaluation
ranum's risk assessment walkthrough
Winkler's USENIX '95 social engineering and industrial espionage social engineering
dsniff man-in-the-middle attacks against ssl/ssh
The Internet Threat
information survivability
I-way security
war dialer's or Sandstorm PhoneSweep or telesweep or THC-SCAN
ISS's vulnerability database
info from Berkeley on ip spoofing and endpoint/nfs vulnerabilities (10/11/95)
IP spoofing
ftp bounce attack
stack attacks buffer overflows and on DEC unix and a paper
sql injection exploits
phrack bypassing stackguard stackshield
how to write secure code
testing for buffer overflows
idle scan stealth
tempest electromagnetic emissions and tempest links and van Eck radiation and here
takedown Mitnick/Shimomura, also TIME's article and details on attack
satan FAQ and satan info and SATAN tool page and courtney
saint network scanner
NT/win95 satan-like tool ogre scanner
nmap port scanner and OS profiler queso
p0f pof OS profiler and siphon
Network Computing's review of security scanners 7/15/98
IIS rds exploit
Ranum's Taxonomy of Network Attacks slides (also here) or here or pdf
session hijacking
Strange Attractors and TCP/IP Sequence Number Analysis 3-d rendering, PRNG analysis '01
SYN flooding panix and technical details and Sun patch info and Cisco TCP intercept and syn cookies
info on smurf attacks and land attack
naptha various TCP denial of service attacks
countermeasure backtracking DoS (denial of service) dostracker or dostrack or centertrack or pdf
paper on dos attacks '03
Cisco's tracking packet floods using cisco routers
win* patch for teardrop attack linux teardrop
distributed denial of service stacheldraht or trinoo or tfn tribe flood network or tfn2k or Cert's denial of service tools
CERT's denial of service workshop pdf
ICSA's info on ddos
hackernews article on denial of service attacks
Cisco info on distributed denial of service attacks
hwa-security hack codes
email anti-relay or here forwarder, mail relay
mimesweeper content security and malicious data
MCI's TCP/IP security checklist point and click attacks
Stoll's Stalking the Wily Hacker
L0pht computer underground
US News hacker article June 97
stack attacks
common network ports used by hackers, or trojan ports
net attack survey
denial of service attacks RFC1636 and ports and exploits
Wietse's guide-to-cracking and cracking software
Muffets crack Unix password cracker
password crackers john the ripper and password tools
NT password cracker l0phtcrack and re-setting NT passwords
BIOS passwords -- many vendors have backdoor passwords in their BIOS, visit here or here or PC hacking faq or here
AccessData cryptography and password recovery and more password recovery
sniffer faq
trinux bootable sniffers
sniffers and a sniffer FAQ or here and sniffit
sniffer detector antisniff and sniffer bait
UC berkeley sniffer detection paper and a sniffer detect faq
dsniff aritcle sniffing on switched net (also read about hunt) and dsniff
etterccap switch sniffer
cold sniffer
solaris sniffer on unplumbed interface
raw IP FAQ and bpf libpcap
unix exploits and script kiddies
En Garde's IP-watcher
windows 2000 sniffer natas sources
keyboard sniffers and revelation display password behind asterisks on win* or hardware or hardware or keyghost or here
keystroke loggers and detectors spycop or spydetect
keyboard sniff fbi legal case privacy
Internet security diary
Muffet's WANhack doc and slides
X security and Unix security software (rootkit,xkey.c), links, and here (info on xauth and mxconns)
SyMark Unix security packages
linux ramen worm
How to 0wn the Internet in Your Spare Time '02 worms and viruses stats, paxson
labrea worm trap, labrea source
vulnerability tester
MIME dangers
white paper on vulnerabilities of SecurID
8lgm adivsories and Secure networks papers and advisories
alt.2600 FAQ or ftp or and PHRACK or or
security/hacking software packetstorm or rootshell or hackernet or elitehackers or undernut or anticode by OS or bugware or here or unix exploits or ADM exploits adm
top 50 hack tools
antionline and or hacker news a hacker faq or self-evident and exploits
antionline's hacker profiling hacker profiles
exploits shokdial unix war dialer
hacked pages archive
hack FAQs NT, web, netware
bnc irc proxy
nt root kit keyboard sniffer
rootkit and more hacker files and here and here and here
list of rootkits suckit
anatomy of breakin
Phrack loadable kernel modules
chkrootkit detect rootkit
appcap capture application output/input
A Portrait of J. Random Hacker
Hacker'z Blood and underground archive and hacker's tools
Yahoo's hacker page
software bugs/reliablity fuzz testing
First Virtual's keyboard sniffer attack
security of cable modems


history of viruses and more virus info
Win95/CIH virus
viruses and more virus info including newsgroup FAQs
Symantec vbsim virus simulator
McAfee info or F-Prot info or Norton AntiVirus or Dr Solomon or NIST virus info or IBM's antivirus or avertlabs
Sophos anti virus
TrendMicro's email scanner
SANS internet storm center, alerts, worms, DDOS, viruses
NH&A anti-virus, security and network management software
CIAC's virus database
UNIX viruses and Bliss and scanner
netbus trojan horse like back orifice BO2K
worm construction kit
good times virus hoax and other computer virus myths and internet hoaxes and urban legends and urban legends


becoming a cryptographer
Timing attack or Kocher's page and RSA's response
Bellcore's stress attacks on tamper proof devices and DES
DVD cracker 11/99
Intel's HDCP high bandwidth data copy protection
EFF's DES cracker or Shamir's twinkle sieve or here or twinkle paper or FPGA DES
Extracting a 3DES key from an IBM 4758
Weaknesses in the Key Scheduling Algorithm of RC4 WEP vulnerability and RC4 analyses
PKZIP attack
unicity and DES
RC5-56 brute force
Differential Cryptanalysis of Madryga
Differential Cryptanalysis of REDOC III and see Shirriff
breaking DES or Wiener's other cryptanalysis files
DES and DFA differential fault analysis (smart cards) or Design Principles for Tamper-Resistant Smartcard Processors
Kocher's differential power analysis (smart cards)
Breaking DES Using a Molecular Computer and Adelman's seminal paper Molecular Computation of Solutions to Combinatorial Problems
Entrust quantum computing and cryptography 9/03
Shor's Algorithms for Quantum Computation discrete logs and factoring
Bernstein's NFS factoring optimization
MIT/Stanford quantum computing or
quantum computing or here or here
quantum computing
MD5 collisions
RSA's info on attack on hash functions
RC4 weak keys
Architectural considerations for cryptanalytic hardware
Allies' decryption efforts during World War II and enigma/purple bibliography
PBS's decoding nazi secrets

Netscape's security overview and data security
www security faq
Mosaic's user authentication tutorial .htpasswd .htaccess and setting up htpasswd and apache user authentication and FAQ
apache server security tips and secure server tutorials and setting up apache ssl server or apache ssl
www authentication
What's a cookie or cookie info or rfc 2109 cookie rfc or cookies and privacy a cookie example
WWW security and a FAQ and NCSA's web security
Internet Explorer Bug 2/27/97
NT IIS exploit 6/99
CGI security and a tutorial and another tutorial
cgii security
Java applet security and a FAQ or security faq
More Java Security: Low Level Security in Java and bugs
java security fundamentals
Datamation article: Yes, Java's Secure. Here's Why
hostile applets
Princeton's Secure Internet Programming: News and web spoofing
Princeton's description of Java security problems
Sun's response to recent security problem: DNS Spoofing and Java
Netscape/Java security patch: Applet Security Manager patch
Second Java security bug: Digital Espresso (extract):
All reported bugs (above) fixed by Netscape: SECURITY ENHANCEMENTS IN NETSCAPE NAVIGATOR 2.01:
A new security bug: c/net Article:
Sun's response: Security Update:
applet net vulnerable and java security news release
Java security or Securing Java
Java encryption or at systemics or at phaos
Java security book or Security in Java 2 SDK 1.2
JavaScript security problem: RISKS Digest (extract)
ActiveX Exploder signed applet ( authenticode )
malicious mobile code consortium
ActiveX workshop mobile code risks

NT security
NT security and and
online book Internet Security with Windows NT
Sheldon's NT security
Microsoft security and another and an NT security FAQ and NT password recovery
ISS' NT security or NT Security Risks and article
trusted systems nt security
auditing NT for a break-in
NT exploits
NT security white paper and ntbugtraq
netbios CIFS whitepaper SMB vulnerabilities and rfc1001 and rfc1002
Windows 2000 security

UNIX security
RFC2196 Site Security Handbook
COAST Unix security and Spafford's hotlist
tripwire '02 and fsdb file signature database
Improving the security of your Unix system
Secure UNIX programming FAQ
A taxonomy of security faults in the Unix operating system (thesis)
Reliability of UNIX utilities or newer version fuzz
An Architectural Overview of UNIX Network Security
bugtraq archives or bugtraq and bugtraq stats graphs
Wagner's computer security
computer security info
setting up anon ftp and FAQ
Sun's BSM basic security module audit or in answerbook
sun solaris security binary fingerprints, acls, rbacs security bulletins

Tom Dunigan's UTK/CS security course CS594 and Fall '96
Vaudenay's communication security plus book
NYU security course and MIT/Rivest's '95 course and '96 course
list of online crypto courses and Rubin's list and Schneier's list
Stinson's Cryptography and Computer Security
Wagner's course with links to papers
CCNY's course good links
Popyack's course
oregon state's course
uppala's course
ADFA's course
LANAKI's classical crypto course
Gutmann's encryption and security tutorial
Oberlin's CS115 Cryptology classical cryptology
UC Davis: Modern Cryptography (Phil Rogaway)
MIT: Network and Computer Security
MIT: Intro to Cryptography and Cryptanalysis
Applied cryptography seminar held last year at Princeton University
Maryland's Neumann's course on information systems survivability
Delp's cryptography and secure communications
Koc's Security and Cryptography
Cryptology course at UMBC
Cryptography and Data Security Worcester Polytechnic Institute
Schaefer's crypto courses
John Hopkins
UCSD: Modern Cryptography (Mihir Bellare)
Kevin McCurley's course on Cryptology
Charles Blair '94 class notes
CSU Hayward and Duke
Sandia's college cyber defenders
Crypto course for 8-12 year olds
Communications Security and Vulnerability
Schneier's cyrptanlysis self-study
Computer and Network Security
Spillman's class page
TAMU's hack lab
intro to crypto

people and papers
good collection of first papers
Denning's page and her paper on Future of Cryptography
Rivest's page and his papers
Ellis's early reports on non-secret encryption pre-RSA and story of non-secret encryption
Eli Biham page
Wagner's page and Ross Anderson
menezes's page ECC
marcus ranum or here
security researchers and Kevin's pages on Protecting Privacy and Information Integrity
Thompson's Reflections on trusting trust or here
Peter Neumana's page info survivability, risks, emerald
Stinson's page
Jenkin's page hash evaluation and avalanche
Schneier's papers and counterpane's extensive online crypto papers and Rogaway's papers
Guntmann's page and slides and links
Chaum's Security without Identification
Shoup's papers
Ritter's page
multiparty D-H
security papers and crypto bibliography and links
key length paper and NSA's (?) response
NSA's inevitability of failure need for secure os
NIST's early computer security papers trusted systems and such
Intel/Verisign more secure chip 9/02
fast software encryption bibliography fast software encryption for pentium
acm crossroads security papers
Cryptographic Algorithms
hashes and compression FAQ and compression and encryption
CRC links and CRC intro and performance of checksums and crc's over real data
ISI MD5 performance
tiger hash function and RIPEMD-160 or RIPEMD-160 and source
keyed hash functions RFC 2104
Rogaway's umac message authentication and an authentication codes bibliography and hash summary
MD5 message authentication and RC5 and RC6 and RC4 ?
SHA SHS, Secure Hash Standard
RSA papers on block ciphers and stream ciphers
panama hashing and stream cipher and source
hashing function lounge and hash functions and more hash function references
snow stream cipher
hash functions message digests
calyptrix speed, haval, random
IBM's paper on public key cryppto based on shortest nonzero vector in an n dimensional lattice
Gathen's Exponentiation in finite fields: theory and practice
white papers on email security, spam and intrusion prevention
Ballardie's multicast security and Scalable Multicast Key Distribution RFC1949
GKMP architecture and specs also see internet drafts
Dunigan's page and report on group key management
secure multicast and UCSB's secure multicast and Pessi's secure multicast
Erbele's high-speed DES implementation
Mittra's Iolus scalable secure multicasting
Bellovin's papers and Blaze;s papers and other research.att papers
applied crypto online readings
online books A Hacker's Guide to Protecting Your Internet Site and Network
Shor's page AT&T
MITRE's Security Publications
RSA's CryptoBytes technical newsletter and IEEE's Cipher newsletter
Crypto paper archive and Irvine's crypto abstracts
Rogaway's publications and UC Davis papers and more crypto papers/books and Bellare's papers and IBM's papers or IBM's CyberDigest and COSIC's publications
SAFER paper
paper Rubin's remote executables
Savard's cryptographic compendium crypto systems or here
security library pointers to papers online (including worm, berferd, tripwire)


Prentice Hall books and Wiley books and Addison Wesley books
CRC and O'Reilly security books
Schneier's Applied Cryptography and source
Handbook of Applied Cryptography and on line version and ICSA Guide To Cryptography
Stalling's Cryptography and Network Security and links
National Research Council's Cryptography's Role in Securing the Information Society
Birman's Building Secure and Reliable Network Applications
Aegean Park Press military
US Army's Field Manual on Basic Cryptanalysis FM 34-40-2
Navy's CSP-845 cipher and M-209 and CSP-488 or M-94 and ECM Mark II
first published book on cryptology 1518
Kahn's classic the codebreakers

cs cryptography annotated links
secure processors via nehemiah or DS5001FP
NIH's security links
security reference
stealth computing over the Internet, and parasitic computing
infosyssec computer and network security resource
UCB's ISAAC project and hack page or its US mirror
crypto page and another and a good page and another
cipher taxonomy
self-protecting code ? trusted software
network security links
Whither cryptography?
ACA 's classical crypto resources more classical crypto
classical crypto cipher machines and such rotor machines
enigma page and another and another and another
enigma applet and java version
enigma applet
Japan's purple cipher machine
field ciphers and civil war ciphers
NIST's Security in Open Systems and Introduction to computer security
NIST RBAC role based access control and RBAC web access and TrustedWeb RBAC for the Web demo and another and another and premonition role-based access and ckm 2000 split keys
quadralay's page and lots of links
security and hackerscene
voting or electronic polling sensus more sensus info or campus voting and
internet voting and remotevote and critical study of SERVE
bit commitment
Fred Cohen & Associates
The Five Great Inventions of Twentieth Century Cryptography
ISRC info security research and teaching (au)
Pointers to Cryptographic Software
The Cryptographers Home Page DES, authentication, C source
ORNL's network security and DOE's info security
DOE's security site
ANL's Zipper Secure Communications for High-Performance Computing
Biham's SIMD parallel DES
Intelligence Newsletter
RSA's Security Solutions catalog
authentication: hand geometry and '96 Olympics security and biometrics and other access controls
IETF's common authentication technology kerberos with pki, spkm, gss
German security page or crypto page or UCSD page or Henry's page
RISKS digests
EINet Galaxy security info
Cryptolog internet guide to cryptography
encryption with cellular automata
cryptography timeline
UWM's Center for cryptography, computer, and network security
Microsoft security
Lucent's Inferno network OS with security


RSA's cryptography FAQ
Usenet security FAQ
One-Time-Pad FAQ or here
sci.crypt FAQ and ISS's FAQs and RSA FAQ and Verisign's digital certificate FAQ
USENET security FAQs and other FAQs


Privacy and Authentication for Wireless Local Area Networks and other papers
wireless application protocol wap and wtls spec pdf and wap forum
wap security and
IEEE 802.11 WEP wired equivalency privacy another 802.11 info
war driving and and wireless security
wireless visualization project and wireless map
directional antenna with a pringles can and coffee can
WEP security flaws
WEP sniffer airsnort and airsnort home page and netstumbler and wepcrack useful for war driving
security aspects of wireless LANs
lucent/wavelan 128 bit RC4 also see cisco/aironet
GSM cell phone encryption and breaking GSM and '98 A5 attack and more GSM info and here PCS 1900 and GSM World and shamir paper
A5 study '03 and GSM interceptions
GSM security
GSM security study
GSM security architectur
cell phone encryption CMEA
Qualcomm CDMA digital wireless communication
spread spectrum
VCR plus
bluetooth and E0 algorithm
bluetooth security and security weaknesses in bluetooth
bluetooth vs 802.11


is strong crypto a human right '98
legislation and privacy and anonymity and privacy
Bacard's privacy page and Robert's anonymity links
Electronic Frontier Foundation and echelon/privacy
anonymous remailer FAQ or list
mixmaster remailers and list and essay
hushmail and mutemail
anonymous browsing anonymizer or safeweb
identity theft or here or here or here
US govt FTC identity theft page


crypto law survey (laws for various countries) and legal issues
Cryptography Export Control Archives and export control policies and Wassenaar Arrangement
export restrictions relaxed january 2000
ITAR exemption for foreign travel
washington post article encryption export
international survey and foreign encryption products
PECSENC subcommittee on encryption
VPN legal issues and links
Surety's record authentication service and info on time-stamping and legal precedents and firstuse service
rfc 3161 time stamp protocol x.509
legal aspects of digital signature
certified time and of course NTP


internet forensic resources
summary of forensics books
TCTCoroner's Toolkit or here unix forensics, post morten
sleuthkit or FIRE bootable CD
forensic toolkit NT/windows hidden files etc.
black ops of tcp/ip forensics and reciprocal ids 11/25/02
Purdue cyber forensics
NY Times article
infoworld's computer forensics
computer forensics ltd or electronic discovery
computer forensics online and icsc
forensics problems 7/02
training and comuforensics more training and tools
unix forensics
consultant and berryhill and network international
network forensics netdetector and netintercept
wipe wiping magnetic media and Gutmann's Secure Deletion of Data from Magnetic and Solid-State Memory
windows window washer


steganography mailing list and software index
steganography overview
Neil Johnson's stego page and steganography paper
detect stego on the internet '02
bin laden using steganography ? stego and covert channels
more steganography
steganography info and here
steganography information hiding home page
steganography and tempest paper
the rise of steganography
EzStego and other software stools and such from sevenlocks
weaknesses in some stego software
outguess stego software
whitespace steganography
wrapster hide documents in mp3 for use with napster
NTI's data hiding unformatted floppy, unused tracks, etc.
semantic-preserving steganography
StirMark Image Watermarking Robustness Test
Phrack 52's steganography thumbprinting
Rowland's covert TCP channels or here and related Phrack article and covert OSI channels
ackcmd remote shell using ACK's
A Guide to Understanding Covert Channel Analysis of Trusted Systems
Navy's covert channel guidelines and DoD's Orange Book section 8
DNS tunneling or http tunnel
steganographic file system
LANL's data embedding
Invisible communication
secret language
Workshop on Information Hiding
On the limits of steganography
Wayner's book Disappearing Cryptography
digital watermarks and another
copy detection and Doneh's Collusion Secure Fingerprinting of Digital Data
DICE and Digimarc and a report stego software
Rivest's confidentiality without encryption chaffing and winnowing

Return to © Tom Dunigan's page. also see Tennessee landforms
Last Modified (touches: )