Enlaces sobre Criptografia y Seguridad
Encryption and Security-related Resources
Crypto Link Farms
Security related papers, pages, X.509 information, publications, network security and firewall vendors, security FAQ's.
Very nicely done collection of links to anonymity, privacy, and security resources.
More link farms, conferences, organizations, electronic commerce, IETF, key forfeiture, crypto people.
Huge collections of links to security-related sites - the format is a bit like this list.
Links to FTP archives, bibliographies and e-journals, disk and filesystem encryption, laws and regulations, network security, newsgroups and mailing lists, protocols and standards, software, and vulnerabilities.
A large archive of security software, publications, and technical information.
Gene Spaffords crypto and security link farm.
Crypto, programming, networking tutorials, firewalls, viruses, physical security, threat assessment and disaster planning, security ethics, legal resources.
Algorithms and mathematics, FTP archives, bibliographies, key escrow, disk, file, and mail encryption, crypto laws, internet security, newsgroups and mailing lists, protocols and standards, steganography, voice encryption, security problems (the original has vanished, this looks like an old mirror).
Conferences, books, research groups, organisations, companies, algorithms, protocols, software and hardware, legislation, history.
Links to encryption regulation, encryption policy and privacy, and general encryption resources.
PGP, encryption algorithms, legal issues.
Crypto newsgroups, papers, cypherpunks, crypto policy, digital cash, and other information sources.
Various crypto-related tech reports.
Encryption standards, FAQ's, and FTP sites.
Encryption software, text files and information, resources and links.
Links to crypto, digital signatures, e-cash, internet backing, smart cards, NT security, PKI, standards.
PEM, MIME, and MOSS RFCs, links to CA's, implementations, literature, PGP.
Recommendations, drafts, papers, new items, official bodies, research, and government meddling.
Links and summaries of a wide variety of firewall products.
Links to a large number of security-related sites, books, journals, and related information (imagine this page, but not all lumped together on one page).
Privacy, crypto, software, security information and updates, publications, virus protection.
Algorithms, software packages, protocols and standards, books, journals, conferences, newsgroups, mailing lists, crypto links.
Anonymity, e-commerce, crypto, PGP, security organisations, publications, security bulletins, software.
A large number of intelligence, security, law enforcement, disaster planning, terrorism, crime, military, and defense agencies and organizations.
Electronic privacy links, organisations, newsgroups.
Links to remailers, anon proxies, crypto and stego software, file wiping tools, privacy and anti-privacy organisations.
Anti-virus software, firewalls, general security vendors, general infosec links, parental control, privacy, law, and ethics.
Encryption, steganography, special events, research, documents, news, security archives, security organizations.
Current events, security web pages, commercial security tools, newsgroups, mailing lists, FAQ's, incident bulletins, conferences/seminars/workshops.
Conferences, link encryption, phone and modem encryption, encrypted filesystems, PKI, research, governments and policy, companies, people, PGP.
Search engine for finding information on security-related issues (anonymity, conferences, legislation, security products, publications, R&D, security problems).
Spanish crypto and security-related companies, magazines, and events.
Links to crypto companies, universities, newsgroups, books, algorithms, security and crypto tools.
Links to other crypto sites, source code archives, companies and organisations, peope, and reference information.
Firewall basics, white papers, products, manufacturers, books, papers, training, mailing lists, links to other firewall-related resources.
PGP, S/Key, Kerberos, crypto API's, secure applications, commercial providers, government agencies, intrusion detection, vulnerabilities.
Security info search engine run by the Korean Information Security Agency.
More links to law enforcement and intelligence agencies.
Encryption algorithms, data protection, steganography, ecash, Internet security, viruses, conferences, security standards, newsgroups and mailing lists, RFC, journals.
Links to web pages, newsgroups, FTP sites, research labs, papers, conferences, and journals.
Cypherpunks resources, remailers, digital cash, PGP, and Clipper.
Crypto overviews and FAQ's, link farms, encrypted comms, e-commerce, crypto libraries.
Crypto Archives
US-only crypto code archive.
Links to software for email/voice/file/disk encryption, authentication, stego.
PGP, symmetric and asymmetric encryption, crypto libraries, papers.
Linux crypto software archive.
Archive of crypto software, only available from the US and Canada.
DES, SSL, cryptanalysis, documentation, PGP, miscellaneous.
Apache, Applied Crypto files, encryption, Java, PGP, remailers, security, voice encryption files.
Large selection of crypto software, but trapped behind the iron curtain.
Disk and file encryption, PGP, stego, voice encryption.
PGP and PGP-related software.
French archive of CERT bulletins, dictionaries, PC, Unix, VMS security software (mostly anti-virus and access control rather than crypto).
Crypto Social Issues
Analysis of the UK governments policy on encryption.
Phil Karn rebuts inaccurate and bizarre government claims in congressional testimony (this is an example of the kind of misinformation which government advisors often provide to their governments).
UK campaign to adopt an MP and enlighten them over problems with crypto restrictions.
Simple photo essay showing how to get rid of politicians pushing for draconian anti-privacy laws.
AOL uses a bug in its own software to run code on users machines.
Computer privacy issues.
Comments on UK crypto policy (from the person who tried to sell GAK to the NHS).
BBC news stories on encryption, including "UK Government dithers on encryption regulation".
Companies which supply surveillance technology to non-democratic regimes.
Privacy concerns about Intel's PIII processor ID (mis)feature.
Brookings Institute study of crypto policy (pro-GAK).
Translates crypto code into English to allow it to be exported, then translates it back into code afterwards.
UK government tactics for deploying GAK.
Summary of the Canadian crypto export situation.
Cato Handbook for Congress: Freedom on the Internet and Other Computer Networks
Cato Institute study of crypto policy (anti-GAK).
CDT information on current US crypto policy
CIPHR'99 Conference: Cryptography & International Protection of Human Rights
Conference on crypto and human rights.
US government policy laundering on key escrow.
Digital privacy (or more specifically, the lack thereof).
Surveillance, stalking, privacy invasion, eavesdropping, and anything else related to these categories.
Comments on new US export regulations.
Easier-to-handle HTML versions of the above.
Confronting the New Intelligence Establishment: Lessons from the Colorado Experience
Article on NSA communications interception and attempts to have it stopped.
Traffic monitoring on an OC3 link using a Pentium PC - an example of how this sort of thing would be done.
Cracking DES from the US (made available based on the Ninth Circuit Court of Appeals ruling that the export controls violate the First Amendment).
Crime, Terror & War: National Security & Public Safety in the Information Age
The sky is falling! The sky is falling!
Reports of Crypto AG rigging crypto hardware to allow NSA decryption.
Allegations of intelligence agencies subverting Crypto AG product security.
Possible rigging of Swiss-made crypto gear by the NSA.
The one organisation making money out of US export controls.
A survey of crypto laws in various countries.
The state of crypto regulation plans in Europe as of May 1997.
1999 EPIC report on crypto controls.
National Academy of Sciences report on cryptography policy.
American Association for the Advancement of Science page on crypto and human rights.
Cryptology: Law Enforcement & National Security vs. Privacy, Security & The Future of Commerce
Good analysis of crypto politics and export control issues.
Privacy laws and the Internet.
Information and links on Echelon, Europol/Enfopol, and other wide-scale surveillance initiatives.
Development of Surveillance Technology and Risk of Abuse of Economic Information 1/4
European parliament report on computer-based industrial espionage.
German news report on NSA industrial espionage leading to $100M loss for German company.
Another report on Enercon industrial espionage.
Distributing encryption software by the Internet: loopholes in Australian export controls
Examination of legal implications of electronic export from Australia. Conclusion: It's OK.
Reply to the DTI Consultation Paper on Licensing of Trusted Third Parties for the Provision of Encryption Services.
The Australian Financial Review on Wassenaar'98.
Covert Action Quarterly article on wordlwide NSA surveillance.
Free Congress Foundation report on Echelon surveillance system.
Echelon--Rights Violation in the Information Age, by Don Lobo Tiggre
Article on Echelon.
White paper on hackers.
How Japan, Inc, handles encryption policy (a real contrast to the US governments attitude).
FBI's "The sky is falling" speech, revised every year or so (it's been falling since about '92).
Dorothy Dennings 1997 GAK forecast.
Cato Institute study on the future of encryption.
EPIC information on current US crypto policy.
EPIC privacy resources.
Diminuitive crypto hacks (well-known algorithms in a few lines of Perl, Python, or C) and how to use them to poke fun at export laws.
Commentary on likely effects of UK proposal to license export of intangibles.
Extracts from Nicky Hager's book "Secret Power".
Big Brother for financial information.
Declassified US government machinations to ban/restrict crypto.
Article given background details on the liberalisation of crypto in France.
Contents of and discussion over various US crypto bills.
Survey of encryption policy worldwide.
Electronic implants to "aggressively build a proprietary global system of exchange, customer tracking and profiling". Not sure if these people are for real or not.
Global Network Navigator web review: The NSA vs The Net.
Paper documenting the overt and covert regulation and restriction of cryptography by governments.
Links to sites which show how easy it is to get information on your and your activities on the net.
GAK-resistant crypto protocol design guidelines.
Essays and articles on the computer underground (and all sorts of other things).
Australia's interpretation of Wassenaar'98.
Growing Development of Foreign Encryption Products in the face of U.S. Export Regulations
1999 survey of non-US companies producing crypto products.
IFIP's (very sensible) position on crypto use and crypto regulation.
Information on the creeping takeover of GAK.
Technical details on large-scale GSM and ISDN interception techniques.
Comprehensive report on worldwide communications surveillance and interception practices.
The FBI exports CALEA to the rest of the world.
Attempts to ensure privacy on the internet.
Interview on European crypto policy.
Click on this form to become an international arms trafficker.
The risks of key recovery, key escrow, and trusted third party encryption.
GAK/EuroClipper home page.
President's Export Council Subcommittee on Encryption recommendations to pretty much remove export controls.
Information on large-scale illegal wiretaps in LA.
There's nothing going on there... nothing to see... move along, move along...
Description of NSA backdoor inserted into every (recent) version of Windows.
Early attempts to incorporate PEM and PGP encryption into web browsers torpedoed by the NSA.
Huge (1/2MB) writeup on the NSA and crypto politics.
NSA influence on New Zealand export policy.
Paper on key recovery (GAK) vs human and political rights.
NSA and MS CryptoAPI CSP signing keys.
Links to information on Echelon, media coverage, and other information.
"We've lately had reason to wonder if our nation's cryptography policy is being made by fools. It is a mixed blessing to learn that the people in charge are merely liars [...]".
Wired article showing just how effective US export controls really are.
Letters to Phil about the use of PGP by human rights groups.
Information and resources on government phone tapping plans.
Germany government statement affirming the right to use the strongest crypto possible.
Various resources related to the (lack of) privacy, including access to databases and online information search facilities.
Privacy reports, interntional agreements on privacy and human rights, surveillance technologies, ID cards, privacy-related conferences.
Zola Times articles on Internet privacy.
Links and information on various privacy-related issues (cryptography, anonymity, secure communications).
Free crypto campaign logos.
List of anonymous remailers.
Report on US using crypto restrictions to steal other countries economic secrets.
Data surveillance and information privacy information publications, and legislation.
Paper discussing various freedoms and rights such as the right to privacy.
Roxen's General Export Application for Strong 128-bit Encrypted Denied
Swedish government refusal of export permit for 128-bit SSL.
RSA encoded as a MIDI file. Technically this is a program and therefore unexportable from the US.
Richmond Journal of Law and Technology article on forced disclosure of crypto keys.
Offshore internet services and accounts in Anguilla.
Declassified papers and resources on Clipper and key escrow, voice and mail encryption software.
How to turn a deck of cards into an export-controlled item.
FBI policy laundering: Persuade Europe to adopt wiretapping laws which failed in the US.
Information on crypto controls, Echelon, and related issues, from a Danish perspective.
Government surveillance server ("delivers intercepted call content and identifying information... capacity for up to 512 simulatneous call intercepts".
East German surveillance state-style laws being applied in the unified Germany.
Documentation relating to EU telecoms surveillance plans (EU-Echelon).
DSD meddling in Australian crypto exports.
Story on European Enfopol massive-scale wiretapping initiative.
NSA report on why GAK is bad (yes, you read that right).
An online book covering threats to privacy, cryptography, PGP, and related issues.
Cellular phone tracking.
ukcrypto mailing list archives.
Critique of UK crypto licensing/GAK proposal.
First exposure of the NSA and Echelon
Echelon in action: APB story on NSA building up 1000+ page file on Princess Diana.
Report on Australian crypto policy, originally suppressed by the government, then released in censored form after a judicial review, finally obtained as the full version by EFA. Provides most interesting reading since the bits they didn't want the public to see are now highlighted in red.
See what information your web browser is sending to remote servers.
Crypto Software
Clean-room JCE implementation.
Suite of free intrusion detection tools.
Crypto tool using PGP 2.6.3i with triple DES and SHA-1.
Free-world implementations of the AES algorithms.
Encryption based on automata theory (unknown security level).
Vigenere cipher cracker, Windows port scanner.
Apache secure web server.
Security-tuned Linux distribution.
BSAFE API wrapper around SSLeay.
Canadian encryption software and companies.
Cryptographic analysis program (automatically analyse and break simple ciphers).
Windows'95/98 trojan detector (detects and disables Back Orifice, Netbus, etc etc).
Free SSH for Windows.
SSH client in Java.
Crypto IP encapsulation - encrypting IP routers using Linux.
Software emulation of various historical ciphers
SDSI implementations and documentation.
A reference implementation of the IETF's ISAKMP protocol.
TLS in Java.
Tests resistance of programs to random input.
Anonymous proxying for web browsing.
Cryptix Java crypto library.
Encryption library supporting a large number of encryption algorithms, digital signatures, key exchange, X.509/PKIX/SET certificates, CA functionality, key databases, HTTP and LDAP directory access, smart cards, S/MIME, and secure enveloping.
Entropy gathering daemon (random number source) for Unix.
PGP-like program using elliptic curve crypto.
Comparison of various free (and free-world) crypto libraries.
Elliptic curve and RSA public-key encryption software.
Elliptic curve OLE extension for VB.
Command-line Blowfish encrypter.
Java crypto library.
Scanned US crypto publications available outside the US.
Crypto software, brute-force encryption cracking, crypto politics issues.
PGP-compatible C library and Mac application.
Various pieces of crypto software written in, and for, Delphi.
Delphi crypto libraries.
DES in VHDL, including a Xilinx-optimised version.
Programs to wipe files, free disk space, slack space, the Windows swap file.
DES, RC4, IDEA, SHA-1, MD5, and others, in elisp.
Security projects based on SSLeay.
Code to work with encrypted PDF's (intended mainly for use with Ghostscript).
Various Linux disk encryption programs.
Windows NT disk encryption using 3DES Blowfish, IDEA, or CAST, compatible with SFS and ScramDisk. Written in the free world.
Using procmail to strip trojan horses/malicious HTML/buffer overflow attacks/browser attacks/etc. Unfortunately since most of these holes affect Windows and procmail runs under Unix...
P1363 ECC implementation.
PGP-compatible plugin written in Java.
Windows file/disk/free space eraser.
DES and Skipjack for the PIC.
X-Windows interface to file encryption software.
C source code and information on ECC's (the techniques employed are closely related to encryption techniques).
Encrypted socket protocol (an open protocol for TCP/IP secure transmissions).
File encryption using 64-bit (?) Blowfish.
Security kernel for the Fluke OS.
Free 128-bit SSL browser proxy,
DES in Java, C++ firewall class library.
Free VHDL DES core.
Resource page for developers of free security software.
SPEKE toolkit.
Free SSH client for Win'95 and NT.
The GNU encryption project.
TIS firewall toolkit home page.
Bignum library and sample PKC code.
Security toolkit for RSA, DSA, DES, DH, X.509, PKCS, PEM, X.500, and BYOG.
GPL'd OpenPGP implementation from the free world.
All sorts of neat stuff for software decoding of various radio signals.
Non-US Kerberos 5 implementation.
Encrypted mail using SSL and Java.
Java cryptography extensions from the free world.
Unix source code and software for working with iButtons.
The Information Concealment Engine block cipher.
Automatic protection against stack-smashing attacks.
French crypto archive.
Free-world Linux kernel patch to add strong crypto services to the OS.
How to get PGP, documentation, foreign-language support, PGP-related products and services, and other PGP resources.
Internet Locations for Materials on the Disks for Applied Cryptography
Site #1.
Crypto-based spam protection software.
PGP information, software, key management, key server interface, PGP links.
Free-world JCE implementation.
Kerberos in Java.
SSL implementation in Java.
The KeyNote trust management system.
Dcyphers keyboard sniffer.
Linux with strong crypto built in.
Open-source crypto chip (VHDL source available). Wow!
Archive utility with encryption, ScramDisk add-on for Delphi.
Mixmaster remailer publications and soure code.
Intel-optimised hashing, bignum, and crypto code.
KEA information.
Pluggable authentication modules for Linux.
P5-optimised code for various hash algorithms.
C++ computational number theory library (great for crypto).
C++ bignum library.
IPSEC, ISAKMP/Oakley and DNSSEC software for Linux.
IP packet sniffer for Linux.
Free SSH v2 implementation.
GPL'd replacement for Unix crypt(1) written in the free world.
Microsoft's attempt at a cryptograhpy API. This page moves a lot, you may need to try a search from MS's developer pages.
SSH client in Java.
PGP key manager, PGP netscape plugin, Motif and Win32 file encrypter using cryptlib, cryptlib Java wrappers.
OpenSSL interface for the Apache web server.
Putting the crypto back into Netscape/Mozilla.
Speech encryption (with a neat anti-Clipper graphic).
Python crypto toolkit.
SSH client for the Mac.
Stealth scanner using TCP half open scanning, TCP FIN/Xmas/NULL stealth scanning, ftp bounce and IP fragmentation scanning, and OS identification by TCP/IP fingerprinting.
Internet software distribution authenticated with PGP.
Includes an NT security config tool to patch a number of NT security holes and flaws.
C++ bignum maths library.
PRNG for Unix.
Blowfish encryption DLL for Win32.
Free SSL/TLS implementation.
PKI toolkit.
Various Java crypto classes.
Java security package docs.
Large collection of free software and information related to security and encryption.
Brief descriptions of various security programs.
PGP, logiciel de cryptographie gratuit et en français (PGP pour les français)
French PGP page.
PGP function library.
DLL which implements various PGP functions.
A dummy home page for the www.pgp.net domain (incomplete).
Photuris session-key management protocol software and test server.
Documentation for Private Idaho.
Linux encrypted disk device driver using Blowfish.
PPTP for Linux (presumably without all of Microsoft's security holes in it).
(Relatively) secure encryption using 40-bit keys (designed to bypass silly French restrictions).
Telnet/SSH client for Win32.
Python scripts for automating various parts of running a CA.
sendmail encryption patch, SOBER stream cipher.
RC4 ActiveX control.
Windows shell extension for file encryption using RC4 (requires 128-bit MS crypto provider to work).
cpunk/mix remailer for Windows.
RIPEM source code and information.
RSA key generation and encryption for Linux.
European RSAREF providing full source-code compatibility with the original.
TLS-based tunnel.
Free general-purpose smart card interface library.
Win3.1/95/98 non-swappable memory allocator.
Win95 disk encryption using 3DES, Blowfish, IDEA, MISTY, Square, and TEA.
ScramDisk add-ons and a program to demonstrate a flaw in it (now fixed).
File encryption using elliptic-curve PKC's and Blowfish.
Mac program which encrypts edited files with IDEA.
The world's best transparent disk encryption software for DOS and Windows (this has nothing to do with the fact the I'm the author :-).
Secure logging for Unix and Windows.
ECC crypto for PalmPilots.
Enhanced front-end for ScramDisk.
Links to various file wiping utilities.
Simlators for various historical cipher machines.
Various encryption reoutines.
Information on the S/KEY authentication system.
SMB port/machine scanner.
S/MIME freeware library (export-controlled, US only).
Whitespace steganography software.
ActiveX DES control.
Very nice Unix and Windows speech encryption software.
Very good encrypted, digital-signature-authentication remote access software (replaces the r* utilities, allows X11 and TCP port redirection over the encrypted connection).
ssh/scp port for Win95/NT.
Very nice, free SSL implementation (like Netscape's SSL, but without the bugs and crippled encryption).
Secure password-based authentication over insecure networks.
Tool to add stack overflow protection to Linux programs.
Information hiding in MP3's.
PPP over SSL tunneling software.
Crypto extensions for perl and Java.
PKCS #11 software-only token implementation.
Classic ciphers, links to crypto sites, explanations of the maths behind PGP and RSA, privacy issues.
SSH client for Win32.
Description and C source code.
366-byte IDEA file encryption program.
Patching Netscape, MSIE, and Outlook to use strong crypto.
Mac file encryption using IDEA, written in the free world.
Floppy-bootable Linux network security toolkit.
PGP encryption integrated into Word for Windows.
SSH DLL add-on for Teraterm.
Very fast MAC.
Pointers to information on and implementations of a number of conventional, public-key, and hash algorithms.
ssh port to NT via Cygnus gnu-win32.
Windows'95 password (.PWL) viewer.
C++ class library of cryptographic primitives.
Windows front-end for PGP.
Secure data deletion for Unix.
Add-on to allow XPDF to decrypt encrypted PDF files.
C library for fast computation in finite extension over finite rings
Various security-related bits of code (ARP spoofing, iButton PAM, portable firewall).
Miscellaneous Security Items
Anonymity and Privacy
Web access anonymiser.
Web access anonymizer.
Links to public WWW/FTP anonymising proxies.
Proxy which hides personal details from intrusive web pages and blocks spam.
Routing mechanism which resists traffic analysis.
Remailer home pages, remailer techinfo, PGP introduction, PGP keyservers, crypto pages and laws.
A paper on steganography.
Random Numbers
Home page of the Unix /dev/random randomness driver.
Thermal-noise-based hardware RNG.
PC Geiger counters (great random data sources).
Information on sources of strong random numbers.
Techniques for analyzing PRNG's.
George Marsaglia's RNG test suite.
A survey of PRNG's for crypto applicatoins.
Various notes on /dev/random and randomness gathering.
Build-it-yourself radioactive-decay based random number generator (perfect for Chernobyl residents).
Proposed standard for random-number generation devices.
Random number generation using lava lamps.
Hardware RNG.
CDROM contains ~1/4GB of random numbers.
Low-cost single-chip RNG.
Serial-port hardware RNG.
Cryptographically strong random number generator.
Various random number sources.
Designs and analyses of various zener-based generators.
Papers and software for PRNG's.
Theory and practice of random number generation.
Analyses of hardware and software randomg number generators.
Web sites and references for RNG information, information on various PRNG's.
Resources on secure random-number generation and the problems of insecure random number generation.
Cryptographically strong random number generator.
Hardware random number generator.
Randomness-gathering techniques.
PN-junction based hardware RNG sampled using a sound card.
Zener-based noise generator.
Incredibly expensive hardware RNG.
Relative speeds of a number of encryption and hash algorithms.
PGP web of trust tracing server.
Visitors guide to Bletchley Park.
Steganography papers and ideas.
Presumably the idea is that attackers crash this first, cutting of the rest of your network and leaving it secure.
Online links to digital crime, blackmail services, encryption key cracking, airline rerouting, internet shoplifting, e-cash laundering, alien mind control, etc etc.
Cypherpunk groupies page. I have no idea what to file this one under...
University of Malaga infosec group.
GSM-related technical information and secret features of phones. NB: This page repeats the official GSM security info rather than the actual details.
Project for a freely-available voice crypto board (moribund).
Anonymity for WWW content providers.
Descriptions and photos of the KL7 and KWR37.
Technology and IP law resources.
Apple security and crypto information page for the Mac.
Unix and Internet security papers, security software, links and miscellaneous items.
Microsoft's interpretation of security (see many other links on this page for everyone elses interpretation of Microsoft's security).
X9.59 electronic payment-related references.
Bignum prime number verification via a CGI script.
Distributed security measures which resist attack.
Papers on primality testing.
Information on quantum computation and cryptography.
Information on cellular telephony, PCS, and wireless data transfer.
Calendar of security and crypto conferences.
Security tools, password recovery and cracks, security information.
Various research projects in computer security.
GAK/key escrow/trusted third party/whatever centre.
Information on the SSL implementation used by your browser.
The Square block cipher and links to implementations.
Information and links to historical cryptosystems and encryption machines.
Yet another new (and patented) PKC.
Public Key Infrastructure
New Zealand CA.
Analysis and comparison of various states' digital signature laws.
US CA.
CA licensed under the Utah Digital Signature Act.
Open Group PKI requirements (requires registration to access).
Australian CA.
Belgium and Luxemburg CA.
South African CA.
Implementation details of the German digital signature law.
Estonian CA.
Spanish CA.
ABA analysis of CA liability issues (~190 pages).
Asian(?) CA.
Center for Standards Public Key Infrastructure (PKI) Standardization Home Page
DISA information pages on the Internet PKI.
Australian CA. GAK alert: This CA escrows all encryption keys.
Extracting certs from Netscape's .db files.
List of CA's worldwide.
Czech DATANET CA.
Brazilian CA.
Columbia University (not country) CA.
Columbian draft digital signature legislation.
South African CA.
American Bar Association digital signature guidelines, available as WordPerfect and Word documents.
Comprehensive collection of links to digital signature legislation worldwide.
CA licensed under the Utah Digital Signature Act.
German CA.
Proposed EC framework for digital signatures and encryption.
Final report on the Florida digital signature guidelines.
EC initiative on standardised digital signature framework.
PKI for Europe
Australian PKI project.
Global trust register for public keys in molecular form.
European CA.
Australian government PKI project.
GTE CA.
German initiative for computerised home banking.
Austrian CA.
IBM CA and PKI products.
Japanese CA.
Top-level CA for European ICE-TEL CA infrastructure.
European CA.
Combination Estonian electronic ID card page and world's shortest URL.
X.509/PKIX profile for certificates specifically adapted for digital signature applications where the signatures need recognition equivalent to handwritten signatures.
IKS CA.
Initiative to harmonize dozens of incompatible digital signature laws.
IN certification authority.
Installing certificates and root keys in Internet Explorer and IIS
Instructions on installing certificates into MSIE.
UK CA.
Nice introduction to cryptographic techniques, certificates, SSL, and SSLeay.
IPCA public key.
Spanish CA.
PKI, PKCS #11, LDAP, general security links.
Web-based PGP keyserver.
German KeyTrust CA (part of the MailTrusT initiative).
Canadian CA.
Danish CA.
Paper which examines problems with existing PKI legislation.
Massachusetts digital siganture and online commerce guidelines and information.
The meta-certificate group (an alternative to X.509/PKIX-type certificates).
NIST PKI profile.
New Zealand PKI work.
Large collection of ASN.1 object identifiers.
Searchable collection of object identifiers.
Modification of OCSP to provide a more workable system.
Bell Sygma CA.
Free LDAP server/client (update of UMich software).
Siemens CA toolkit.
Account authority digital signature (AADS) and X9.59 electronic payment standard information.
Experimental PKIX implementation.
WWW interface to the PGP keyservers.
One of several web-based PGP key servers.
Web interface for PGP key server.
Australian PKI initiative.
German CA.
Italian CA.
A tutorial on PKI.
NIST's PKI information page - interoperability guidelines, PKI panels and overviews, PKI documents.
Home page of the PKIX working group.
Slides from a talk on PKI standards and work in progress.
Regole tecniche per la formazione [...], anche temporale, dei documenti informatici
Italian digital signature law. This site uses weird URL's which don't always work, there's an alternative copy at http://www.interlex.com/testi/regtecn.htm. Another part in English is at http://www.aipa.it/english[4/law[3/pdecree51397.asp.
Regulierungsbehörde für Telekommunikation und Post - Digitale Signatur
Digital signature information published by the German telecoms/post regulation authority.
PKI position statement including links to papers on the dangers of a PKI becoming a SurveillanceI.
South African CA.
Secure Electronic Information in Society (SEIS) project in Sweden.
Slovenian CA.
Australian CA.
Singapore digital signature and CA legislation.
Securities Industry Association CA.
Spanish CA.
Korean CA (all text is in Korean).
Documentation and links for SPKI certs.
Simple public-key infrastructure requirements.
SSH Communications Security ISAKMP test page / Certificate request processing
SSH test CA (issues certs in response to PKCS #10 requests).
Cookbook for setting up a simple CA and working with server and client certs.
Guide to hacking things so Netscape and MSIE will recognise certs generated by other software.
X.509-related services.
Structuring X.509 Certificates for Use with Microsoft Products
MS's idea of how to set up X.509 certs. Note: Page needs Java enabled or it won't work.
Summary of Digital Signature and Electronic Signature Legislation
McBride Baker & Coles very comprehensive summary of worldwide digital signature legislation.
Swiss CA.
TC TrustCenter Certification Authority and Security Provider
German CA.
Italian CA (in Italian).
German Telekom CA.
Discussion forum on e-commerce issues from a South African perspective.
A lawyer's comments on problems with digital signatures.
Links to information on timestamping research, protocols, papers, and patents.
Trivial Public Key Infrastructure.
General CA.
UK CA.
Danish CA.
Norwegian CA.
UN draft articles on electronic signatures.
Major worldwide CA.
Verisign's CRL repository.
Information on digital ID's and certificates, certificate practices, and FAQ's.
Verzeichnisdienst der Zertifizierungsstelle [...] für Telekommunikation und Post
RegTP certificate directory.
Finnish PKI profile (in Finnish)
Trust management on the WWW.
CA toolkit and guide ("low-budget CA").
Swedish CA.
Links to X.500-related information, standards, and references.
The number of these has doubled recently... a second one has been discovered in Petropavlovsk-Kamchatsky.
Various sample certificates including oddball fields and types.
Definitions of crypto, PKI and financial services-related terms.
Security Agencies and Organizations
Messages from ex-Menwith Hill staff.
Ajax U.S. & International Government Military, Intelligence & Law Enforcement Agency Access
Links to intelligence and law enforcement agencies, defence agencies and laboratories, military and other government agencies.
Village Voice article on NSA's subversion of UNSCOM, and a comprehensive list of NSA bases worldwide.
Description of a job interview with the NSA.
Automated System Security Incident Support Team (US DoD CERT).
CERT Australia home page.
Biometrics standards, publications, and other information.
Information on UK military comms (mainly frequencies and protocols used).
The German version of the NSA.
Canadian computer security information.
Computer Coalition for Responsible Exports - industry group opposed to computer export controls based on cold-war fears.
CESG (aka GCHQ) home page (pretty meagre).
Computer Emergency Response Team home page.
CIA veteran's ongoing analysis of CIA activities.
Codes and codewords used in military projects.
The Canadian CSE's official web page.
The Canadian CSE's unofficial web page, which is much more interesting than the official one.
Politecnico de Torino computer and network security group.
Articles on covert action and surveillance.
WPI cryptography and information security research lab.
American Cryptogram Association home page.
Canadian Security Intelligence Service.
The cypherpunks archive via HTTP. PGP, remailers, crypto papers, clipper, and pointers to further information.
Cypherpunks Tonga - various cypherpunks projects and work in progress.
US Department of Defence news releases, with an extensive archive of older material.
US classified military programs spending for 1997.
The Australian NSA subsidiary.
Germany privacy commissioner.
Anti-virus information, research groups, news.
The home page shows satellite SIGINT gear... most appropriate.
Spy bases worldwide.
Background information on Pine Gap in Australia.
50-minute Discovery channel documentary on the NSA.
Archives of the IEEE cipher newsletter containing a great deal of general news on crypto issues.
IFIP security in information systems technical committee home page.
An online InfoSec journal.
Spying, US intelligence agencies, DoD, air force, navy, army, foreign intelligence agencies, whistleblowers, online intelligence archives, military intelligence, weapons technology transfer, industrial espionage, security companies.
Assorted intelligence-related links and information.
IACR home page.
OTH radar installation in Australia.
Hacking central, and a great source of information on security problems.
"A beautiful piece of America, right here in England. You'll be amazed at how much you can learn about how much they know about how much you know". Wonderful :-).
CND's Menwith Hill page.
FAPSI (Russian NSA).
National Association of Investigative Specialists newsletter. Information of interest to investigators, video surveillance, search and seizure, privacy techniques, legal issues.
Information on economic espionage.
National Security Agency High-Performance Computing Projects
Various high-performance computing projects sponsored by the NSA.
The NSA's home page.
The NSA's unofficial home page (much more interesting than the official one).
Archives, electronic briefing books, declassified documents, related information.
The Baltimore Sun's six-part series on the NSA.
NIST computer security resources.
NIST computer security publications.
NZ Intelligence agencies.
US spy base in Australia.
Pine Gap facts. The truth about the Joint Defence Space Research Facility Pine Gap.
Angry Fruit Salad background info on Pine Gap.
Analysis of possible NSA decryption capabilities based on extrapolation on Deep Crack.
GPO appraisal of the US intelligence community
Lots of information on intelligence agencies which their home pages will never tell you.
Noticeboard for ex-Chicksands staff.
Crypto devices used by East Germany.
Various spook agencies in the UK.
Security vendor consortium.
Intelligence, corporate and computer security, counterterrorism, personal security, legislation, news bulletins, upcoming events.
Security news and information, software, online discussion forums, products and services, calendar of security events, firewalls, viruses, security courses and policies.
Sicherheit im Internet - Sicherheit in der Informationsgesellschaft
Information on encryption and security from the German government.
Space and Naval Warfare Systems Command information.
Information on numbers stations.
Computer security... industry consortium... trusted systems... blah blah blah.
Trusted systems glee club.
Wullenweber antennas as used by the NSA.
Security Books, Journals, Bibliographies, and Publications
(Just a call for papers at the moment).
NIST's AES information page.
Historical books on cryptography, intelligence, military history, and related topics.
The story of Alice and Bob.
PhD thesis analysing 4,300 Internet security incidents.
Article debunking various Infowar myths.
Online book on cryptography (only the initial section is complete).
ANSI e-paymnet list archives.
US army field manuals, schools, strategies and systems.
Bibliography of key agreement protocols with links to authors and online papers.
Various papers on authentication and crypto protocol analysis.
Bibliography on molecular computing, including attacking encryption systems using molecular computers.
List of block ciphers, characteristics, and known attacks.
Current state of attacks on AES proposals
Information on the S/Key authentication protocol.
Publications pertaining to the CAST encryption algorithm.
Central and East European Secure Systems Strategies (online security journal).
Centre for high-assurance computer systems publications.
Very comprehensive analysis of a wide variety of electronic payment systems.
Number theory, public-key encryption, RNG's.
Checkliste für den datenschutzgerechten Einsatz von Windows NT
Guidelines for securiny an NT system (other than by unplugging it).
Howto for Java code signing for Netscape and MS products.
About 1000 CS bibliographies with around 800,000 references.
Assorted lecture notes and papers, including ones on crypto.
Scanned images of Shannon's classic communications security paper from the Bell Systems Technical Journal.
Abstracts of new computer security-related publications.
Immunology concepts applied to computer security problems.
Links to sites which distribute CS tech reports.
Installing a student-proof NT setup.
Seven Locks' online virus handbook.
Comprehensive collection of virus myths, hoaxes, and vendor press releases.
Bruce Schneier's "Applied Cryptography" information.
Overview of CC terms and mechanisms, including discussion of various online CC processing methods.
Various PGP developers list archives.
Various reports from the computer underground on hacking, security, viruses, hackers, and related issues. Many of the reports debunk common urban legends and media myths about computer security.
Terry Ritter's crypto glossary (long).
Good overview of cryptography, digital signatures, certificates, and trust management.
Introduction to crypto and number theory for digital cash.
Crypto FAQ for beginners.
NIST Computer Science Laboratory bulletins
Computer Systems Policy Project reports, including several covering encryption and e-commerce.
CuD "Computer Underground E-Publications - Top Level" Archive
Cypherpunks mailing list archive.
Searchable archive of the cypherpunks mailing list.
Cypherpunks mailing list archive.
1970's cryptanalysis of the M-209.
Overview of encryption and encryption algorithms, links to further information.
Designing buildings to thwart electronic eavesdropping.
Collection of misc.papers and publications on crypto algorithms and implementations.
Transcripts of interviews with David Kahn
General cryptography, cryptanalysis, computer security.
Several notable crypto books collected onto one CDROM.
DDJ issue on computer security including Twofish, Panama, e-commerce protocols, and smart cards.
Archive of the des-coding mailing list.
Comparison of various (Windows-based) file erasing programs.
Writeup and photos from the 7th Usenix security symposium.
The e$ mailing list, information on digital cash clearing, digital bearer bonds, financial cryptography, and related topics.
E-commerce mailing list and archives.
Elliptic curve cryptography FAQ.
Tutorial on robust programming.
Information on the SHTTP protocol.
Large archive of documents on electronic surveillance.
Tutorial on elliptic curve crypto.
Elliptic curve bibliography.
Tutorial on elliptic-curve crypto.
Encryption and security-related news stories.
Details on the Enigma machine and software simulators.
Description of the Bombe and bombe simulator.
Entrust white papers and tutorials on security, encryption, certification.
Papers and information on the Cryptographically Secured Telecommunications Information Networking Architecture.
Ernst & Young LLP - Information Systems Assurance and Advisory Services
Report on e-cash.
HP tech report evaluating various micropayment schemes.
Economic Strategy Institute study on crypto markets and policy.
Firewalls mailing list archives.
Fragments of a book (4 of 10 chapters exist).
Design and source code for the Frog AES submission.
Various neat crypto and security-related quotes.
Description of GSM network security and encryption considerations.
1989-1994 Hack-Tic magazine archive (scanned images, in Dutch).
Information on the book (well worth getting).
News ticker which often carries crypto and security-related stories (in German).
Links to sites containing information on Enigma, Purple, Magic, and other WWII-era crypto.
Computer security papers from the 1970's.
Prehistory of public-key crypto from GCHQ.
Security and hacking information, news, and software.
Tutorial on finding (and fixing) Unix programming security holes.
UK DTI report on crypto policy.
Reports and publications on security, crypto, security protocols and implementations.
W3C security resources.
Access to over 2 million US patents, including many crypto and security-related ones
DES ASIC designed as a student project.
Information on the IDEA algorithm.
Paper on a fast MMX implementation of IDEA.
IEEE Computer Society press online catalogue, security and privacy section.
PGP standardisation mailing list, RFC's, and archives.
PGP/MIME RFC's and mailing list archives.
S/MIME RFC's and mailing list archives.
Bibliography of online crypto papers.
Idaho State Uni security library.
European Commission INFOSEC publication.
Authenticated DH key exchange.
Various security-related publications: Firewalls, network security, Skipjack/KEA specs (more readable than the NSA originals).
Current internet drafts, including many security-related ones (but you really need to know what you're looking for).
DNS security RFC's and sample code.
Internet-related legal issues (relevant to electronic commerce).
Paper exploring and comparing different versions of S/MIME and PGP.
Crypto/security-related news stories.
Lecture slides from a seminar by Vinnie Moscaritolo.
Introductory overview to encryption systems.
Ives Gobaus's easy introduction to cryptography.
Java security questions and issues.
Electronic commerce, legal issues, EDI, etc.
Journal of Information Law and Technology.
Crypto journal with papers the others won't print.
John Youngs collection of crypto links, mostly covering crypto social issues, laws, espionage, government regulation, and an amazing array of other interesting things.
Papers on HMAC's.
Publications on PGP, PGP keys, digital signatures, and crypto politics (most in German).
Information and programs for breaking historical ciphers (monoalphabetic and polyalphabetics, transposition ciphers.
Collection of large primes and primality-checking information.
Searchable index of over 800 crypto and computer security articles.
Linux security information.
The Loki97 block cipher (submitted for the AES).
Mac-Crypto conferences and digests.
Overview of crypto, catalogue of crypto algorithms.
Russian publications on encryption, digital finances, e-commerce.
A market model for digital bearer instrument underwriting.
Maxmimal length LFSR feedback polynomials.
Overview of various micropayment schemes.
Description of MISTY.
Reviews of books on intelligence agencies, high-tech, military, and a potpourri of government agencies, drugs, elites, big business, organized crime, terrorism, US foreign policy, and so on.
NASA tech reports search engine.
Information and proceedings from NISSC conferences from 1996 onwards.
Networked Computer Science Technical Library, searchable technical report repository.
Netscape security-related documentation.
Various articles on encryption from Network Computing magazine.
Patents on network encryption.
Various white papers on firewall design.
Springer-Verlag book series on crypto and security.
Bibliogaphy/tech report/FAQ searchable index.
HFE PKC. Patented :-(.
Newspaper article on early (spook) PKC development in the UK.
Index of NSA declassified documents.
NSA firewall-related documents and firewall performance tests.
Scanned copy of declassified 1960's memo on NSA public-key encryption research.
NSA comments on various crypto API's.
IBM Network Security Group publications.
NT/CIFS domain authentication specification.
Another new PKC.
Interesting paper on security problems due to improperly implemented encryption systems.
On Distributed Communications: Security, Secrecy, and Tamper-free Considerations
1964 Rand Corporation report on cryptography and security.
OpenBSD security advisories and information.
ASN.1 whitepapers and resources (ASN.1 is used in various security standards).
FAQ on OE's use of certificates and encryption.
Tutorial and analysis on RSA algorithm.
Comments on various certification and certificate management systems and methods.
Search the US patent database for crypto patents.
Technology used to control US nuclear weapons.
Online guide to PGP 5.0
List of potential problems in PGP.
Survey of PGP passphrases which also indicates which key sizes people prefer when they have a choice.
Command reference card for PGP.
President's Commission on Critical Infrastructure Protection.
Various US government agencies look at Jobsec^H^H^H^HInfosec.
Everything you need to know about prime numbers.
RIPEMD-160 information and implementations.
Frequently asked questions about encryption algorithms, techniques, protocols, and services.
Cool crypto-related pictures.
Free monthly security newsletter.
German crypto book with comprehensive coverage of crypto and security protocols.
SATAN-ism: Computer Security Probes Over the Internet - Shrink Wrapped for Your Safety?
Includes a good chronology of hacking and security incidents.
Second Advanced Encryption Standard (AES) Candidate Conference
AES conference info including all the conference papers in PDF format.
Books on breaking various historical ciphers.
Protecting electronically published medical books, including problems experienced with the X.509 PKI in practice.
ssh working group home page.
Guide to secure Unix programming.
Online book (also available as molecules, 368 pages) on (trying to) secure Java.
Security information, papers, news, and alerts.
Seven Locks' online security handbook.
Description of Lotus Notes differential workfactor encryption.
Various WWW security issues.
Links to various security and e-commerce related sites and publications.
Descriptions of various security models (only partially complete).
Preprints of papers from the workshop.
Meta-search-engine which allows searching of multiple security-related online bibliographies.
The title says it all.
Journal devoted to SET and SET implementations.
A good general overview of the implications of SET.
Linear cryptanalysis of DES (MSc thesis), various papers on hash functions.
Online security journal covering various computer security issues.
Exactly what the name says.
Satellite TV scrambling and descrambling methods.
Retrieve documents from a large archive of crypto/security papers.
Overview of secure email and secure email technologies and standards.
Crypto and security-related bibliographies (conferences, journals, papers, and tech reports).
Signing Applets for Internet Explorer and Netscape Navigator
Overview of code signing.
Microsofts online code signing docs.
Chapter outline pages include links to crypto-related publications and resources.
Symposium on Network and Distributed Systems Security (SNDSS'96) proceedings.
Publishers of LNCS (crypto and security conference proceedings).
ssl-talk mailing list archive.
The SSL discussion list FAQ.
Survey of corporate applications of and attitudes towards encryption.
Free technology newsletter which includes coverage of encryption issues.
Covert channels using TCP/IP (including source code).
Technical Report Archives in Computer Science (By Institution)
Links to tech report archives at various universities.
Search engines for tech reports, theses, conference proceedings and books held at universities worldwide.
Reviews of books covering technology, privacy, commerce, security, and the law.
Monthly computer security newsletter.
Metaphysical analysis of the Blowfish algorithm.
Links to various crypto-related books.
Large collection of computer-science-related bibliographies, including encryption and security issues.
"Theory and practice of information security", includes information on a number of security problems in current implementations.
Online library of papers on crypto theory.
Information on and analysis of thin client security features and issues.
Electronic commerce events, news, articles, and information.
Electronic commerce and EDI resources.
Turing's treatise on the Enigma, c.1940.
CFP's for conferences, including crypto and security conferences.
Unified computer science tech report index.
Cool book on hacking in Australia.
Online guide to X.500 (HTML version of a book on X.500).
Key management.systems as used by the US military.
Includes material from Usenix security conferences and symposiums.
Electronic Cipher Machine (SIGABA) details.
Various papers on verifying security protocols.
VPN (IPSEC et al) consortium, including IPSEC RFC and mailing list archives.
van Eck/TEMPEST eavedropping.
Security guidelines to NT including links to other NT security resources.
Proceedings of the SAC conferences (abstracts only before 1996).
Encryption in the Dead Sea scrolls.
Security People
Large list of links to cryptographers home pages.
Berkeley list of cryptographers.
(Another version of the amazing relocatable home page).
Security Problems
RSADSI's encryption-breaking challenge.
How to run arbitrary code on a Windows machine via email or the web.
Using ActiveX to steal money via fake bank transfers.
Sampling of dangerous ActiveX controls which can be used to run arbitrary code on your machine.
Links to assorted cracking and hacking sites and resources.
Cryptanalysis of CSS.
AOL security problems (some fairly scary).
Breaking RC4, A5, DES, and CDMF with FPGA's.
Various web pages which have been altered by hackers.
Packet sniffing and spoofing.
Mirror of defaced web pages.
Backdoor access to Windows machines which allows them to be controlled from anywhere via the net.
Tool to scan for and remove Back Orifice.
SMB session sniffer, NT TCP/IP connection killer.
Windows trojan allowing remote control of a machine, file transfer, keystroke logging, registry access, and user plugins.
Programs to break the "encryption" on a number of DOS and Windows programs.
Password recovery (apparently they're just a reseller for Access Data).
Wintel PC bugs, including occasional security problems and holes.
Security vulnerability archives.
Security vulnerability archives, 1993-present.
CCC cloning of GSM SIM's and software SIM emulator (in German).
Decoder for cablecrypt-enrypted PAL TV signals.
Completely control an OKI900 through a computer (including many neat things you're not supposed to be able to do).
Unprotects for a large amount of software.
Edit NTFS partitions, reset NT/CMOS/LILO passwords.
Organisations, publications, legal resources, security advisories, mailing lists.
Information on password cracking, denial-of-service attacks, and NT security holes.
Control which web servers can get cookies.
Exploit files for a wide variety of Unix security problems.
"We make the things that break the things that you make".
Password-recovery software for Word, Excel, 123, Quattro Pro, WordPerfect, Quicken, etc.
This URL will crash Netscape (and make Windows unusable for Win 3.x) when connected to.
Combines the MSIE res security hole and the Pentium F00F bug to lock up any Pentium machine running MSIE.
Links to crypto and password-recovery pages.
Powerful noninvasive analysis technique for recovering information (eg encryption keys) from smart cards.
Cyberciminals and cybercrime buzzword buzzword hacking buzzword fnord child pornography buzzword fnord.
The cypherpunks attack crippled US export-approved encryption.
The cypherpunks break crippled US export-approved encryption.
More ActiveX security holes.
Decompiler for reverse-engineering 80x86 software.
Pay TV and smart card hacking information.
BYTE article in plethora of NT security holes.
SolNET RSADSI DES challenge.
Distributed software attack on DES
The denial-of-service FAQ.
Problems with Windows NT device object security.
Monitoring trunked radio nets with scanners.
Distributed computing applications (such as encryption breaking).
Links and information on security weaknesses, password recovery, key recovery tools, reverse engineering. Of particular interest is the information on the large number of snake oil crypto programs out there.
Unlock and generally mess with Ericsson GSM and PCN phones.
Inmarsat interception using standard commercial gear, with an example of interception of sensitive political information and electronics smuggling to the Iraqi internal security organisation.
Transmitters, phone taps, listening devices, computer bugs.
Hackers test the gullibility of a Forbes reporter.
Debunking some of the more outrageous parts of the Forbes story.
Another writeup on the EMP gun urban legend.
Much information on reverse-engineering software.
Stego information, including how to defeat various steganography-based watermarking techniques.
Potential PGP weaknesses and problems.
Catalogue of security holes and exploits for Windows and various Unixen.
Red and blue box software, IR car door unlocker for the Gameboy.
NT password grabber.
Netware-related security problems and issues.
The Smartcard Developers Association proves that GSM security isn't nearly as good as the vendors claim.
The ISAAC group's page on the GSM security breach.
Frightening new virus running rampant on the net.
Satellite TV security and insecurities
CDROM full of files on every aspect of computer security and how to bypass it.
Web interface to anonymisers, Internet tracing/lookups, white pages, reverse phone directories, satellite imaging, DNS scanning.
Various texts related to hacking and security.
Information on viruses, trojans, denial-of-service problems, and other security weaknesses.
POCSAG decoder for monitoring pager messages.
Hardware hacks, mainly mag.card related.
Links to information and equipment suppliers for TEMPEST and hardware penetration attacks.
Various NT security problems.
Various hostile Java applets.
Password crackers, carding, war diallers, key generators, hex editors, links to related sites.
SSL server authentication attack.
Warning about ICQ toolz/ICKiller, which installs nasty trojans in your system.
Vulnerabilities database for various OS's.
What the Windows 95 Registration Wizard is *really* doing with your system.
A (very complete) taxonomy of Internet attacks.
How to access your local hard drive with a web browser.
IE security hole which allows your logon username and password hash to be grabbed over the net, regardless of firewalls or use of "strong" passwords. 14,000 passwords grabbed so far by this site alone, with no apparent attempt by MS to fix it.
IOPUS Software: Automatic, invisible POP3 / SMTP email sender sender
Secretly monitor and mail files to other machines.
Links to sites covering NT security issues.
Java Code Engineering: engineer & reverse engineer Java class files
Links to books and articles, disassemblers, decompilers, and deobfuscators.
Unix password cracker, including MMX version which is 30% faster than the standard one.
Password breakers for Trumpet Winsock, Eudora, Win95 screen saver, Netscape mail, Win95 shared items, Pegasus mail.
Key and unlock code generators for large amounts of software.
Communicate secure in the knowledge that only the US government is listening.
How to implement espionage-enabled software.
Key recovery utilities, tutorials, programs (including ones to break Arj, BIOS passwords, Compuserve, Contraband 9G, Crypt-o-Text, Cryptic Writer, CuteFTP, CyberSitter, Encrypt-It, Eudora, MS Access, MS Word, MS Excel, Norton Diskreet, Novell Netware, RAR, 40-bit S/MIME, Stacker, Turbo Encrypto, Wincrypt, Windows NT password, WordPerfect, WS_FTP, and Zip), and resources.
Information on breaking various security systems used by schools (mostly Win95-related - this is "security" for very small values of security).
Updates on Internet and Internet software security problems.
Software to decode police mobile data terminal messages.
The infinite security holes in FP for Unix.
Security holes and bugs in Microsofts Internet Information Server.
Recover passwords for MS Word, Excel, Access, Money, and VBA projects.
Recover passwords for all newer versions of Word and Excel.
NT password cracking FAQ.
Things which can go wrong with smart cards.
Cellular signal destruction unit (in other words a GSM jammer).
Windows backdoor access server.
Security flaws in Netscape.
Security problems in Netware, NT, web servers and browsers.
Distributed attack on RC5.
Security problems with First Virtual.
Good collection of password breakers and crackers for a variety of programs.
How to decrypt Remote.NLM passwords for Netware 4 and 5.
TEMPEST monitoring.
Clean up various Netscape files which record information on you and your net activity.
Change the Windows NT administrator password.
Very effective NT password cracker.
Windows NT security holes and exploits.
Not directly security-related, but contains a lot of useful technical information and source code to bypass or upset NT's security controls.
Password change and general system editing utility for NT.
NT security issues and concerns, security tools.
How to disable various Internet blockers (and these things are supposed to be childproof!).
mjr on firewall testing and certification.
Breaking into cars using a PalmPilot.
Assorted information on security problems and programs (AOL, Netware, boxing, carding, encryption, password-cracking, virii, satellite TV, text files).
Reverse-engineering Novell's directory services (includes Novell password breaker).
Decode Paradox tables without knowing the password.
How to remove/bypass password/"encryption" protection for a variety of software.
Password recovery software for NT, Zip, Arj, and all MS Office programs.
Assorted key and password breakers (partially in Russian).
Hardware keyboard bug which records 2,500 keystrokes.
Security problems, hacking, hacker conferences, general news.
Various Win32-related security utilities.
How to bypass the 16C84 security fuse.
Problems with remote machines crashing whens sent long ping packets (this affects Unix systems, Macs, Netware, routers, printers, ...).
Crackz, Keygenz, and other things ending in z (including cracks for a large number of copy protection schemes like Vbox, SalesAgent, softSENTRY, TimeLock, and many others).
An implementation of the Biham/Kocher paper (complexity 2^38).
Security holes in a large smart-card based PKI project.
Phone punx network.
Dump NT password hashes even with Syskey installed.
Rain.Forest.Puppy's collection of NT security holes and information.
Warnig about an online credit card fraud technique.
Demo of MSIE bug which allows arbitrary files to be read from your machine.
Tutorial on reverse-engineering a microcontroller.
Archives of the ACM forum on risks to the public in computers and related systems (use the arrow icons to move to other risks volumes).
Risks Of "Key Recovery," "Key Escrow," And "Trusted Third-Party" Encryption
Report on GAK risks by noted cryptographers.
Security and other problems in MSIE.
Searchable archive of Windows and Unix security problems.
RSA encryption-breaking challenge (40 bits in 3.5 hours, 48 bits in 13 days).
Network of ~300 sites devoted to satellite TV hacking and related topics (eg smart cards, decoders, smart card programming).
Satellite TV hacking, cards, software, programmers, and codes.
Collection of typical security problems and holes in school computers.
Scott Schnoll's Unofficial Microsoft Internet Explorer Security FAQ
Bugs and design flaws in MS Internet Explorer.
French security page with information on security problems, backdoors, and patches.
Security survey which found that two thirds of the WWW hosts checked had security problems.
Paper on potential weaknesses in SecurID.
Large collection of security bugs in most major OS's.
Shut down Windows 95/98 from Java. So much for the sandbox.
Screen saver which breaks 40-bit S/MIME encryption.
Snake oil warning signs - encryption software to avoid.
TCP/IP login tracer which sniffs logins for FTP, telnet, POP3 connections.
List of known SSL implemetation bugs.
Resources related to stack-overwriting security holes.
Completely invisible interceptor which logs keystrokes, URL's, executed, dates, times, mouse click events, etc, with optional encryption.
Windows 95 and NT keystroke logger.
Windows PE compressors, deprotectors, unwrappers, anti-debugging/tracing, executable encrypters, and other useful Windows programming/hacking tools.
Supplementary Analysis of the Royal Holloway Key Escrow Scheme
More weaknesses in Euro-Clipper.
Broadcast everything in your home all over the neighbourhood, secured with 40-bit crypto.
Novell Netware, cellular phone, and other security problems.
Assorted virii, including a PGP keyfile-stealing virus.
THC home page.
Hacking/phreaking information and links. Load this one with Java disabled.
Reverse-engineering and cryptanalysis of NetNanny.
Satellite TV hacking info: D2Mac, Eurocrypt, Videocrypt, Multimac, etc.
What others can find out about you using online search engines.
Much information on TEMPEST eavesdropping and its prevention.
Various Windows security tools (port scanner, find processes listening on ports, obtain various privileges on a system).
Information on various NT trojans (Back Orifice, Netbus, etc).
Crackers for MS Office, Excel, Word Perfect, Word, Pkzip, and other programs.
Fast Zip password cracker.
Filez! Warez! D00D!<
(Various encryption-breaking utilities and other programs. There's a main
page for this, but it's so encrusted with Java and animated graphics and
sounds that it's unusable).
Unix security problems, software, documentation, RFC's.
VBA password recovery (allows viewing of VBA source code).
How to remove the region coding of Creative Labs DVD drives - choose the "Documentation" link.
Database of common security vulnerabilities in RPC's, sendmail, firewalls, and various other categories.
Various weaknesses in the Royal Holloway "trusted third party" ley escrow scheme.
(This one's good enough to deserve its own reference).
Unix security advisories and updates.
Long list of gaping security holes in FrontPage for Unix.
Grabbing car alarm codes.
Security problems with Windows'95 (and Win3.x) password files.
Security hole which allows your Win'95 password to be obtained from anywhere on the net.
Explanation of Windows NT buffer overruns using RAS as an example.
Recover passwords for Windows NT servers, domain controllers, and workstations.
Windows NT security problems and solutions.
Windows NT security issues.
Edit NT partitions, change the password for any account (including administrator).
Reverse-engineering and breaking WinXFiles "encryption".
Password-recovery software for MS Office, Outlook, Schedule, VBA, Access, and Money.
Security Products
Access Control
Authentication/single sign-on card.
Extra security measures for Java programs, Orange Book/ITSEC security modules.
ACL-based web server security.
Biometric identification systems.
Access control and security sensors.
FireWall-1 firewall.
Win 3.1/Win95 access control.
Network scanners, authentication and security modules.
User authentication and remote access management tools.
Kerberos and public-key based single sign-on, access control.
CYCON Labyrinth og CYCON technologies and Cypress Consulting
The Cycon labyrinth firewall.
Fingerprint verification products.
Auditing, security alerts, password analysis, and security software for Netware.
Firewalls, security gateways, F-secure.
Java-based access control over SSL.
Blocks Java, ActiveX, and cookies to web browsers.
Access control to Delphi apps.
Biometric security products.
Software and hardware-based copy protection.
Firewalls, tiger team testing, WWW security.
Access control for DOS and Windows.
DOS/Windows access control software.
PC access control and encryption software.
Security gateway, firewall, Winsock interface.
Single sign-on, access control management.
Watchguard firewall and security management software.
PalmPilot based challenge-response authentication supporting a variety of popular protocols.
High-security storage facility.
Euro-Kerberos
Phsyical security items and information.
Fingerprint verification products.
Auditing, consulting, and training for networks, firewalls, security policies, and assurance testing.
Windows Internet proxy.
Data Encryption
Crypto hardware accelerator cards.
Windows PGP shell.
Email encryption software which is probably some form of rebadged PGP.
File, email, disk, voice encryption including IDE data channel encryption hardware. Proprietary algorithms.
Desktop encryption for Windows using Blowfish.
DES, SHA-1, MD5, bignum maths cores.
Network and internet security processors and solutions.
Australian PGP vendor.
Encryption, hash functions, and secure random number generation in Java.
ISDN BRI and PRI online encryption hardware, secure servers, VPN products, all using RSA with triple DES (single DES optional). Frame relay and X.25 encryption using DES or proprietary algorithm.
Crypto systems toolkit - DES, IDEA, RSA, DSA, RIPEMD, SHA1, MD2, MD5, X.509/CA toolkit, email security software.
SafeKeyper tamperproof hardware key storage.
GOST and DES software/hardware encryption for DOS/Windows.
Secure chat program using CAST128/3DES/Blowfish, written in the free world.
Blowfish file encryption for DOS and Win95.
DES and hashing DLL's and OCX's.
Directory snoopper/file eraser, file encryption for Windows.
Brivida, Inc. - Technology for Virtual Private Networks "VPN"
VPN's using IPSEC DES encryption.
Secure non-US encryption by adding another layer of 128-bit encryption over the top of the US crippled 40-bit version.
Fax, video, voice, and modem encryption.
CA and timestamping software, SSL servers and clients.
DES and Blowfish file encryption.
Fast DES hardware, encrypting SCSI controllers, PCMCIA cards, from a non-US source.
RSA/triple DES ATM link encryptor.
Elliptic curve cryptosystem products.
Phone and fax encryption add-on (questionable algorithm).
Encryption hardware and crypto accelerators.
Pure ECC-based file encryption.
DSA-signed DH for link and session encryption.
Firewall/VPN, Windows file encryption.
Drag-and-drop DES encryption for Win95/NT.
Encryption/decryption, credit card processing, for Cold Fusion.
Diffie-Hellman and triple DES speech encryption. No GAK.
Secure comms gear for government use.
Link encryption hardware, file and fax encryption software (unknown algorithm).
Johnson-noise-based RNG for PC parallel ports.
Condor - Secure Ubiquitous Portable Interoperable Communications Buzzword Buzzword
Secure Fortezza-protected voice and data over celluylar links.
Mac file encryption, approved by the French secret service.
Royalty-free Verilog PKC core.
Swiss resellers of various US security products (Entrust, ActivCard, Datakey), although some require US export permits.
Key-based subband voice scrambler. Uses Diffie-Hellman key exchange, but a questionable encryption function "based on matrix multiplication".
Win95/NT 4 encryption shell extension.
Encryption software and hardware of all kinds (but see also the links in the "Crypto Social Issues" section).
PGP add-on for MS Exchange.
Encryption and security software and consulting.
MD5-based file encryption.
Proxy which includes SSL tunnelling.
ZixMail mail encryption with 3DES and RSA. Software contains US government backdoors, thus its exportability.
PEM software, bignum maths package.
IDEA + RNG + bignum accelerator on a chip. Produced in the free world.
Lockheed Martin's crypto processor.
DES/RC4 file encryption using a USB dongle, unfortunately keys are hardcoded into the dongle.
File and file transfer encryption (unknown algorithm).
IDEA and SEAL file encryption for Win32.
Pasword-based file encryption using Blowfish.
DEMCOM: Steganos for Windows 95/98/NT Homepage - The home of steganography
BMP/DIB/WAV/VOC/text/HTML stego with RC4 encryption.
S/MIME software for MS Exchange and Eudora.
VHDL DES core.
DES-based encryption program. Fairly standard stuff, but the marketing smells of snake oil ("most secure file encryption available", "patented encryption enhancement technology", etc).
ISDN link encryption using FEAL 16, IDEA, or DES.
Secure (encrypted) software and information distribution systems.
Floppy drive encryption for Windows 95.
Secure data transmission via a web browser and SSL, but intermediate storage is unencrypted on a third-parties sever.
Very fast bignum maths card for PC's.
Digital signature/encryption software and interfaces (implemented as wrappers around crypto toolkits like BSAFE and CryptoAPI).
DES file encryption.
DOS, Win95, and NT file, drive, and email encryption using IDEA, file wiping,
Clipper chips.
Win95/NT anti-virus and encryption software.
DLL/VBX/OLE control providing DES and 3 other (unknown) encryption algorithms.
Encryption for Visual Basic.
DES file encryption for Windows.
(Formerly Nortel) Entrust cryptography product family. GAK alert: These products are GAK-ready.
Encryption toolkits, DES encryption hardware for PC's.
Windows/Unix <-> Windows/Unix link encryption with secure telnet, X11, port forwarding, etc. The link is encrypted with algorithms like triple DES or Blowfish, with 1024-bit RSA for key exchange an authentication.
File encryption using 64-bit (?) Blowfish.
JCE, SSl in Java.
X.509 certificate viewer, PKI, encryption services and consulting.
Fortezza on an ISA card, Fortezza Plus.
Links and information for Fortezza developers.
VPN's.
Email encryption using 2Kbit RSA and Blowfish.
PKCS/X.509 and S/MIME key management, signing, secure email and browser.
RSA speech encryption for PSTN lines.
Link encryption hardware from ISDN up to T3 speeds.
Orange Book A1 certified network processor.
Products based on the German SuperCrypt DES/triple DES chip.
Hardware-based key management for CA's.
FPGA DES cores for Altrea FPGA's.
Windows file encryption, unknown algorithm.
Various crypto-related add-ons to the Mac OS.
Data encryption products (an division of E-Systems)
IBM's (really cool) 4758 crypto module.
Data encryption, security, consulting.
Win95 file encryption.
Disk encryption using Blowfish, PGP-compatible mail encryption using RSA+IDEA, smart cards.
Triple DES file encryption for Windows.
HP's international big brother design.
Access control, electronic commerce, 128-bit SSL proxy.
Internet security technology (knowledge of Swedish useful).
DES cores.
PGP - compatible encryption software for e-mail, hard disk encryption, access control hardware tokens.
National's PCMCIA crypto card.
Network and link encryption hardware.
Email encryption, crypto toolkits, encrypted Zmodem.
Java crypto extensions (JCE).
File encryption/archiving using DES, Blowfish, CAST128.
Win95/NT drag-and-drop file encryption.
File encryption using Blowfish, 3DES, IDEA, Twofish.
Snake oil for the masses.
Floppy disk encryption software.
DES and RSA encryption chips and hardware.
Lucas-function based PKC.
Email encryption using DES, 3DES, Blowfish and DH (but will automatically and transparently fall back to sending cleartext - this is listed as a feature of the software).
DES, Blowfish file encryption, disk wiping.
File/data encryption using Blowfish, Twofish, RC4, Cobra128, GOST, triple DES, and CAST.
DES-based file encryption for DOS/Windows and MVS.
Motorola crypto processor.
Morotola secure phones and fax and data communications products.
Clipper and Capstone chips and related products.
Hardware crypto accelerators.
Network link encryption.
Encryption and authentication for LANs and WANs.
IPSEC/ISAKMP/OAKLEY drives for ODI, NDIS, and Linux.
DES-based file encryption for the Mac.
Blowfish encryption for Windows.
Blowfish file encryption.
VHDL/Verilog DES core.
Crypto processors.
Opera Software - Bringing speed and fun back into Internet browsing
Non-US web browser with strong SSL encryption.
Blowfish file encryption (web page smells slightly of snake oil).
Windows front-end for PGP.
SSL in Java.
Cool RSA/bignum and DES/triple DES encryption hardware.
Entrust-based S/MIME integrated into Lotus Notes. View pages with Java turned off, or just wait for their spam to arrive in your mail.
PEM and S/MIME encryption for the Power Mac.
Private Data - Protecting your privacy with innovative products
Disk encryption for Win95 (unknown algorithm).
DES EDI encryption.
Various access control and security products.
CryptoSwift crypto hardware accelerator.
DES encryption software and other utilities.
Secure FTP, mail, modem encryption using DES, 3DES, Blowfish, or IDEA.
Crypto SDK and email software utilising a new, fast discrete-log-over-GF(2^k) based PKC.
Public-key crypto toolkit.
Windows file/directory encryption using RC4.
Transparent Win95 file encryption.
DES disk encryption for Win3.x/Win95 (exportable 56-bit because it's GAK-ready).
Full-strength encrypting web proxy which bypasses US export restrictions.
File encryption using Blowfish, CAST-128, and Diamond2.
PCMCIA-based disk and file encryption.
Secure PIN/password store for the PalmPilot.
Secure phones, encrypting routers and encryption cards using proprietary algorithms.
Win32 SSH client.
Disk and file encryption using IDEA, SEAL, and PKC's). Note that this company is located in the free world (Switzerland), despite the .net address.
File encryption and signing for Win95/NT
DES and IDEA encryption software for Windows.
Triple DES encryption add-on for MS Office.
File encryption using DES, triple DES< Blowfish, CAST-128, Diamond2, RC4.
Win95/NT file encryption using RSA and the BSAFE conventional algorithms, other security tools (eg secure delete, secure shutdown).
Public-key file encryption, CA software.
ASIC DES core.
Apache-based secure web server.
Simple Key management for Internet Protocols - papers, information, implementations (US only).
As above, without the export restrictions.
ActiveX interface to PKCS #11 modules.
Ncrypt file archiving, compression, and encryption utilities.
"Braun pretends to use the BlowFish algorithm to provide secure
encryption in his
application Crypto v3.5. Actually the algorithm used is a weak
proprietary one"- Casimir.
DES/triple DES protected OS/2 data transfer.
Disk encryption for Windows NT.
Crypto libraries and software.
128-bit SSL proxy - turns crippled SSL browsers into full-strength encryption ones.
SSL Plus SSL integration suite.
SSL 3.0 implemented in Java.
An SSL reference implementation (still under development).
Secure sockets relay - full-strength SSL proxying.
Encrypted virtual disk volumes (the standards compliance section looks a bit odd).
Windows file/directory encryption using DES or Blowfish.
Apache-based secure web server.
File and email encryption using Elgamal, Blowfish, IDEA, and triple DES.
Win95/NT, OS/2, DOS file encryption using DES, IDEA, Blowfish, NewDES, and Lucifer.
TCC: Encryption products and solutions for Data, Phone, Voice, and FAX NETWORKS
Link encryption, phone and fax encryption.
ICL's Windows file encryption software.
Win95 file encryption.
Encryption, digital signature, CA toolkits.
Secure EDI over the Internet.
File, email encryption using Blowfish.
VPN encryption systems using DES encryption and X.509 certificates and digital signatures for authentication.
NT disk encryption for hard drives, CDROM's, networks, using DES, triple DES, Safer, Blowfish, CAST-128.
Phone encryption devices and add-ons.
Intranet ACL-based security and encryption using RSA and triple DES.
TrustWorks products - Delivering information security products that you trust
SKIP-based VPN using pluggable encryption algorithms.
Strong encryption for MS Office documents.
DES, triple DES, GOST, Blowfish, 3-Way, RC5, TEA, Safer, Shark, Diamond-2, and others.
DOS, OS/2, Windows encryption software, encryption hardware.
Win95 drive encryption using Blowfish, with smart card support.
SEMS email encryption using the RPK algorithm.
WAN VPN encryption products using DES and triple DES with SKIP key management.
Fortezza, DES encrypting modems, link encryptors.
S/MIME encryption software.
PKC-based email encryption software.
Access control, X.509-related software.
Verilog DES core.
XETI technologies supporting secure business collaboration over the Internet
Java PKIX toolkit, data conferencing over SSL.
Xilinx DES core.
Crypto and CA products. They'll also design GAK protocols for backdoor access to your medical records if required.
Interception and Monitoring
Hardware and software for intercepting and monitoring information, and stopping of the same.
Signals interception and monitoring gear.
TEMPEST-shielded computer gear.
Cellular Monitoring Interface (via Electronic Countermeasures Inc)
Computer interface for intercepting cellphone traffic.
Scanner software.
Hardware keyboard sniffer.
Makes for great TEMPEST shielding.
Win95/NT port scanner.
PC fax interception card.
Surveillance, wiretaps, spying equipment.
Assorted bugs, transmitters, receivers, cellphone tracking and interception, fax interception, and other bugging and interception gear.
GSM, cellphone, computer, and fax interception and monitoring equipment (the GSM interception unit features real-time, off-air interception of up to 1000 voice/data/fax transmissions, traffic targetting and screening, and call tracking, all with a friendly Windows interface).
Complete GSM monitoring/interception system with call and target tracking and location features.
LittleBrother Internet monitoring call.
Various network monitoring and snopping tools.
Monitor and intercept TCP/IP sessions.
Pager Decoding Interface (via Electronic Countermeasures Inc)
Computer interface for intercepting pager traffic.
Win95/98/NT keystroke logger.
Bugs, speech and telephone interception gear, information on industrial espionage.
Cellular, GSM, and fax interception and monitoring equipment.
Cellphone, fax interception gear.
Sophisticated network sniffer which can extract files and data sent via FTP, HTTP, NNTP, SMTP, POP3, NetBIOS, search the data stream for keywords, and log usernames and passwords.
Industrial espionage and surveillance tools and techniques, security equipment, secure communications systems, disaster recovery, bug sweeps.
Electronic eavesdropping detection, anti-bugging, privacy protection, secure communications.
Monitor and control any IP connection on a network.
RF identification and tracking devices.
Technical Surveillance Countermeasures - bugs and wiretapping, detecting bugs, intelligence agencies, and counterintelligence.
Xilinx 5210/4013E card.
Investigative Tools
Tools for investigating the security aspects of various things.
Developmemt boards from as low as $199.
Fast turn-around ASICs.
IC reverse engineering.
Classify encrypted data by likelihood of encryption system used ("especially recommended for cipher generated outside North America where DES and private-key systems are not as dominant").
Disk data recovery.
Scanning probe microscopy (used to investigate magnetic media).
Starting point for hardware crypt-breaking information and tools.
Satellite and terrestrial TV scrambling systems.
Recovery of data from damaged or overwritten/erased magnetic media.
DOS forensic software for recovering evidence from PC's.
Various content-addressable memories, useful for investigating encryption algorithms.
Neural network hardware.
Computer forensic training, consulting, and tools.
IBM technique for imaging signals in chips.
More investigative tools for encryption keys.
Perfect for investigating currently unknown DES and RC4 keys.
Misc
EMI shielding, useful for TEMPEST shielding.
RF interference generators.
Operating system security add-on products for Solaris and Windows NT.
Document destructions products and services.
Portable TEMPEST-shielding enclosures.
C&A Systems Security: Leaders in Security Risk Analysis, Risk Assessment & Risk Management
DES toolkits, risk analysis tools.
Links to security-related bug fixes for MSIE and Windows NT.
Cryptography and biometric countermeasures consulting.
SSL Plus integration suite, RSAREF, IDEA licensing, code security screening.
Web interface to Verisign's digital ID (CA) service.
Floppy disk bulk eraser.
DivX for your PC.
TEMPEST PC's, monitors, and comms gear.
Framework Executive Back Orifice removal and protection tool
Program to remove Back Orifice.
Various standards for satellite TV scrambling, cellphones, and scrambling-related encryption.
IBM's security hardware and software, consulting, technology, and general information.
Highly configurable kernel-level IP packet filters.
Computer enclosures and alarms.
Fast encryption hardware (with a little programming...).
Law enforcement supplies.
Physical security products.
Magnetic and optical media degaussing and declassification systems.
TEMPEST and COMSEC engineering and consulting.
Data destruction equipment and information.
TEMPEST-secure communications and data processing devices.
TNO physics and electronics laboratory (information security, electronic warfare, electronic security, sensor and weapons electronics).
Wang's TEMPEST products and secure services.
Software to provide anonymity on the net.
Online Commerce and Banking
We do e-commerce because that's where the money and the suckers are.
Online access to account balances, stock quotes, and other banking services.
Full online banking using 128-bit SSL proxies.
Electronic cheques.
Internet security and e-commerce products.
Online credit card, debit card, and cheque verification.
Links to various e-cash resources.
Various online electronic transaction protocols.
Wells Fargo online banking.
Smart Cards
Smart cards? A certain animal cunning, perhaps.
Smartcard based desktop security and access control software.
Masters thesis on secure client-server communication using smart cards.
Smart card personalization and card management software.
Smart cards, card readers, development kits.
ACOLAs Homepage -Communication, Terminal Server and Data Collection Products
Smart card and RF card products.
Smart card emulators, PCB's, readers.
Smart cards, memory cards (up to 1Mbit), readers, development systems.
Smart card/mag stripe reader/writer.
Fingerprint readers, combined card/fingerprint readers.
Smart card connectors and reader contacts.
Tech info on second-generation phone cards.
Smartcard development kit.
Bill's idea of a JavaCard?
Smart card reader/writer.
Card Technology magazine online.
Smart card and security card conference information.
Smart card EEPROMs.
Programmers, smart cards, add-ons.
Multiapplication smartcard management software.
Data sheets for various Siemens cards.
Chipcard, Chipkarten, Chipcards, Smartcards, Programmer für Chipkarten, Pay-TV-Cards,
Smart cards, programmers, software.
University of Michigan smart card research project.
Smart-card based key storage, file encryption, access control.
CompInfo - Smartcard Technology - Information Sources and Manufacturers
Links to sources of information on smart cards and card and card reader manufacturers.
Programming information and keys for COP cards.
Smart cards, PIC programming, code recovery/reverse engineering.
Various access-control systems.
Card terminals and card-based vending machines.
Identification and authorization chips, secure microcontrollers.
Digital credentials/timestamping/crypto in a button.
Card printers, embossers, terminals.
Smart card reader/writers, smart cards.
Smart card readers.
Overview of smartcard-based payment systems (undergaduate thesis, in German).
C-based smartcard API.
EMV card, terminal, and application specifications for smart card credit and debit applications.
Smart-card and smart-card-like authentication and security devices.
USB-based crypto token. Need to enable Java, autoinstall, and a dozen other security holes for the demo to work.
Smartcards with built-in fingerprint readers.
Notes from the HIP'97 Fun with Smartcards session.
Information on various smart-card based electronic purse systems.
Smart card readers, terminals, and developer kits.
Smart card info, documentation, software, projects.
Smart card read/write/emulation software.
Links to PIC sites including PIC-based smart cards and card programmers.
HIP'97 smart cards info.
"emulation of the One-time key system using large psuedo-random number generators" (linear congruential generators).
IBM smart card technology and products.
IBM JavaCard and card toolkits and API's.
Dutch student-designed card reader and software.
Smart card reader, PINpad, card authorisation terminal.
IC Card with Combined National ID and Health Insurance Card Functions
Taiwanese smart card/ID card project.
Smart-card based identification.
USB-based smart card-a-like (looks like it does MD5 onboard for challenge-response authentication).
Implementing Airline Electronic Ticketing Using Integrated Circuit Cards
Electronic ticketing project using smart cards.
GSM, crypto, multi-application cards and software.
Formerly Siemens smart card division.
Smart card custom software development.
Contactless cards and SDK's.
Java kludged to run on a smart card.
Various smart card hacking initiatives, mostly targetting European pay tv systems.
Multos/Javacard/OSSCA (Keycorp card OS) cards and products.
Smart card readers and terminals, smart cards.
Smart card development software, encryption software.
Smart cards, card API's, Fortezza cards.
Magnetic card reader/writers.
Card production equipment.
Includes EEPROM memory for smart cards..
Smart cards, readers, development kits.
Mondex electronic wallet (pretty content-free pages).
Databooks for Motorola microcontrollers (including smart card micros).
A different access point for Motorola smart card information.
Smartcards for salesdroids - try the other non-Motorola Morotola card links instead.
Smart card manufacturing and assembly.
Framework for running multiple applications in a card (pretty light on detail).
Development and use of smart card-enabled apps in a Linux environment.
Mag card and smart card readers, PINpads.
Payment and electronic wallet cards, crypto cards, contactless cards.
Electronic wallet balance checker.
Mag stripe and smart cards
Java smart card middleware.
Contactless smart cards.
Smart-card hacking-related hardware.
Smart card readers, RFID products, crypto and flash cards.
Philips smart cards.
Smart cards and readers.
Card readers, terminals, development kits.
Smart-card based electronic wallet.
The Borg of smart cards.
Smart card application developer toolkits for Windows.
Smart card standards, interface software, hardware.
Smart card readers, tools, SDK's.
Smart card readers, writers, and interface products.
Smart card information and data sheets.
No technical information, unfortunately.
SJB Research: Smart card news. As it happens. Every business day.
Live smart card newsfeed.
IBM Redbook case study on smart cards.
Smart card news, trade information, vendors, and projects.
Home page for the book, as well as individual card sales, ATR catalogue, and pointers to smart card info.
Nonprofit group promoting smart card use.
Smart card info, product links, news.
Smart card publicatiosn, technology, and information.
Card readers/writers/PINPads.
Links to chip manufacturers, companies, conferences, mag cards, readers, RF cards, and other smart-card related information.
Web server running on a Cyberflex smart card.
Smart card information, card types, and links to manufacturers.
Smartcard security news, standards, attacks, and links.
Card readers, POS terminals.
Smart card interface tools for various environments and languages.
Search engine which links to most major embedded semi vendors.
Links to smart cards, memory cards, smart card readers, mag cards and barcode cards.
STMicroelectronics smart card chips.
Info on reading/decoding phone cards.
General information on smart cards.
Smart cards, terminals, security software.
Smart card readers.
Smart card readers and writers.
CCC universal smart card programmer.
Card manufacturers.
Smart cards, keyboards, and card readers with fingerprint readers.
EEPROM's, smart cards, flash memories.
Mag and smart cards, card readers, contactless cards.
Information on phone cards, readers, interface software.
Snake Oil
Proprietary guaranteed unbrekable crypto we invented this morning in the shower.
"not an encryption algorithm, but an accessory that can enhance and simplify any symmetric encryption algorithm". Apparently it's a keyed RNG, and you're expected to pay for this (presumably the extensive use of buzzwords adds value).
"Uses a patented proprietary algorithm" (make up your mind, which is it?)..."currently there is no competition for BioPassword(tm) due to the proprietary nature of the algorithm"... either they have their dates wrong or this thing has been in beta for over 10 years. From the people who brought you NetNanny censorware.
"offers the most sophisticated data security encryption system available today"... "371200 bit encryption with up to 140 levels of access, 18 encryption key formats, and up to 10 encryption algorithms"... "this proprietary system delivers a unique solution for each user with a duplicate system occurring only once in every 600,000,000 Black Leopard Encryption systems at this time".
"provides unique, very efficient, non-algorithmic based encryption".
"Absolute online privacy - Level 3(tm)(c)(patent pending)" - "the best encryption software available today" - "unbreakable".
"Absolute security - a morphing encryption rate of at least 20 kilobytes"..."will protect your data from the most sophisticated decryption systems that exist now or are likely to exist for years to come".
"Possibly the world's fastest and most secure encryption algorithms"... "This new encryption is an amazing accomplishment. Cypher Mind had to be re-programmed over 10 times". This site has an entire suite of snake oil algorithms.
Proof that you can do snake oil in QuickBasic as well as C ("it works by generating permutations").
Not the usual snake oil, but there's a program available (CrackCot) which breaks it.
Cellular-automata-based OS/2 file encryption.
"Maximum security encryption... we use our own snake oil because public-key encryption has been proven to be insecure".
Crypto using Blowfish or DES, but it transmits your password to a monitoring center in the US (this isn't snake oil in the usual sense but... sheesh).
"offers security through its use of values derived from the installed hardware resident on the computer"..."examines a defined set of hardware on a computer with proprietary algorithms developed by Cygnaworx to create a unique Flexible Digital Signature (FDS)" (makes invalidating your signature as simple as getting a new hard drive or a motherboard upgrade).
"Uses a unique encryption process"... "the 4-cycle data stream encryption process".
Online banking fully protected by GSM security (that's the same GSM security which was broken in early 1998, and which (when not broken) at best offers you 54-bit crypto broadcast over the air where anyone can get it).
Self-proclaimed leading security expert Kimble analyses your security problems.
Software which is "ABSOLUTELY IMPOSSIBLE TO CRACK. This can be proved as never has a file that has been encrypted... been cracked, even with utilising some of the best cryptographers living" [sic].
DESkey - software protection devices, license management and encryption technology.
Call your company "Data Encryption Systems" and you get to name your products DESkey, DESlock, etc (any relationship to any other algorithm called DES is purely coincidental).
"Don't be fooled by imitations - - this is the true CRYP program" - you'd want to *imitate* this thing?
"bitwise exclusive OR encryption" with a password... "virtually impregnable".
"it has been mathematically proven that only a brute-force attack can break encryption"... "a Cray can break a 128-bit key in two days"..."perhaps passing an electric current through a leaf will solve the problem" (or you could smoke it and then write a crypto article).
"RBackup's archives are virtually impenetrable"..."If someone does manage to crack RBackup's encryption scheme, we will immediately plug in one of six others we have ready to go"..."[a DES-encrypted message] was decoded using two banks of 120 extremely high-speed 32-bit Sparc workstations connected to two supercomputers running 24 hours a day for eight days".
Encryptor 4.0 The Ultimate in Securing Files On Your Computer
"uses a revolutionary newly discovered incremental base shift algorithm that makes unauthorised decryption of your files near impossible".
"The most powerful Windows encryption software available".
Encryption using "proprietary artificial intelligence engines", "light years beyond the security level offerend by any other encryption method". Incidentally, this Skipjack has nothing in common (apart from the name) with the USG's Skipjack.
"a family of block ciphers that are distinguished by their speed of encryption and decryption". Another distinguishing feature is their breakability, and the performance isn't so hot either.
"will shift the bytes in any file in a way that can only be re-aligned using the correct password".
"FusionSys has developed a new encryption system (patent applications have been filed). While FusionSys HES belongs to a group of common key encryption systems, FusionSys HES has a striking feature: Master keys exist".
Genio USA, CrypEdit, The Best Encryption Software for Windows
"Public Key encryption is exactly that, you are not the only party involved in the generation, integrity, and security of all the keys/passwords used to encrypt your e-mail, documents, and files"... Uses "320 bits of secret key security via its proven proprietary methods".
"Encryption/decryption utility based on the One-Time Pad method" (this is better than some in that it uses a sound card to generate the pad, but it's hardly a practical method).
"Georgia SoftWorks provides unmatched security"..."designed specifically for Windows NT to handle the most demanding commercial and industrial applications"... "can be legally exported around the world"... "The key size for the version for domestic and international mass market is 40 bits".
"electronic data security empowering technology" (it looks like just a reinvention of the smart card, but the marketing hype makes it snake oil).
"a 10 key, negative residual, binary kedged, 'maybe' logic coding process", leading to 'maybe' security.
"the first unbreakable suite of public and private-key encryption schemes known". Uses "a Base 13 cumlative XOR trapdoor calculation algorithm ... making it mathematically impossible given a large enough key [sic]".
KeyGen Automatic Synchronized Key Generator (TM) for Encryption Without Key Management
"No key management! No certificate authorities!". No visible means of security.
"MaeDae's ENCRYPT-IT is one of the most respected programs in the encryption industry" (using an easily-broken proprietary algorithm in the unregistered and international version, although you get DES when you register it if you're in the US). This product is ICSA-certified snake oil.
"A breakthrough new Encryption method, using innovative new technology...The Meganet VME can not be compromised". These guys have set new standards in snake oil marketing, down to getting accounts on newswire sites (eg Businesswire) and injecting bogus press releases mentioning big names like IBM (who have never heard of them, but whose lawyers are now aware of their existence) in order to get more coverage.
"the ultimate file protection utility"... "file Locker uses an advanced and quite unconventional encryption technology to lock your files".
Multi-Matrix Methode / Kryptographische Integritaets-Funktion
MAC based on taking SIN(), COS(), TAN(), ATAN(), LOG10(), LN(), and inverses of data bytes multiplied by key bytes.
"In the second world war the Japanese were masters at breaking every code the Allies produced"..."Navaho lock uses 128 bit symmetric key encryption, the strongest legally available in North America, and Symmetric Keys are easier to use and more secure than Public Keys".
Amazing what you can do in an afternoon with Visual Basic.
"uses a secure encryption algorithm which is not subject to U.S. export restrictions".. ."the password you pick can be embedded in the application, if you chose".
Security(?) system where the participants are going to have more to fear from the DEA than the NSA.
OTP's turn up in a lot of snake oil crypto. This FAQ explains why snake oil OTP's are never really OTP's.
"One Time Pad (TM) authentication" (a very primitive, non-free alternative to S/Key).
Various ways of misusing a strong algorithm (Twofish) to make the application which uses it insecure.
"EMF's encryption offers good protection and excellent speed. It is, as far as we know, exportable"... "We developed our own encryption instead of using a standard".
"Do you like the idea of unwanted viewers to be able to read ALL your files?". With our proprietary (and easily-breakable) algorithm, they can! This thing was listed in the "10 proven security programs" by PC Answers, in the 75 best Windows utilities by Windows News, was listed as a Featured Jewel in FileMine, got five stars from Shareware Junkies, rated "unbeatable and excellent" by PC Format, five stars from ZD Interactive, rated an "excellent application" in the Windows 95 Applications list, and got four smileys from RocketDownload. Just goes to show what happens when you rate crypto apps based on the user interface.
"The PostX System, working with existing corporate data sources, delivers millions of personalized, interactive and secure electronic envelopes. [...] "The face of the envelope comes alive with graphics and Web link objects". Encrypted spam?
"I had a fear about math. But ironically, I have developed an encryption product using math". Indian snake oil.
Fractal encryption - even though it only uses a 40-bit key, it's a 40-bit key with *fractals*, which makes it magically safe.
"Uses a prearranged cryptic code which is all but impossible to crack by any individual or government".
"revolutionary artificial intelligence technology" (providing artificial security)... "SenCrypt, the most secure cryptographic algorithm known to mankind".
"new technology that is designed inherently differently than today's encryption techniques"..."mathematically provable to be absolutely secure"..."suitable for future technology progress (quantum computers)" (appears to be yet another pseudo-OTP system).
"Randomly selects a KeyCode which consists of 32 bits... the 32-bit KeyCodes of ENC32 have over 4 BILLION different possible codes!!!!!... Unless you know someone who has over 8 THOUSAND years to spend breaking a code, then you can be pretty sure your files will be SAFE wit h ENC32".
"The author of two other encryption programs has released what he considers to be the 'ultimate' in encryption programs" (so what does that make the other two?).
"A newly patented mode of encryption which is quick and particularly reassuring".
"SuperKrypt products utilize the DNGT bulk encryption method. SuperKrypt technology is extremely powerful: No Cipher". No security either.
Security shyster central, specialising in anything which gets them media attention. Wait for their spam to appear in a mailbox near you.
TRIAX GmbH Gesellschaft für Kommunikation und Datensicherheit
TRIAX(TM) encryption, now with OTPS(TM).
Amazing keyless cryptography! Quadrillions of combinations!
Yet another unreakable one-time-pad system, but this time with GAK. Note the amusing definition of infinity as just above 3.5e33.
"a simulation of an electron's path in a semi-sparse proton field to generate pseudo-random bits".
"Your documents are guaranteed to be safe an secure" (unless your opponent is using one of several Turbo-Crypto breakers, that is).
"The strongest encryption algorithm in the world" - pity it uses a fixed key with a stream cipher, so you can recover the data with a simple XOR. In any case you can use an all-zero password. There's also a backdoor put in by the programmer (see the next entry).
Backdoor in UBE98 discovered by a 14-year-old.
More simple ways to break UBE.
More advanced than RSA, DES, IDEA, and PGP! More advanced than all other algorithms put together! May even work on your system (after extensive patching and modifications).
Military Lightning Server(TM) using a "Multi-sensory portable battle management network state space (patent pending)" with "digital microbe thunder clouds". This gem of programming will infiltrate any machine, "assimilate it", install itself, and take over. Oh yes, there's the obligatory "revolutionary new UGEM unbreakable encryption mechanism". "If you think this is a joke or science fiction ... then you are a fool". PS: I am not a crank.
"Ultimate Privacy Corporation is the only commercial company offering a robust implementation [...] All other encryption systems are crackable". There's also a million dollar challenge in which the company bets a million dollars that their challenge is cooked to the point that noone can claim the prize.
Anonymous email. This product is sold by spamming, so it qualifies for the "avoid at all costs" category even if it isn't strictly snake oil.
Claytons firewall which requires you to use their Secure Mail Shuttle(tm)(c)(r) to tunnel your macro viruses in instead of SMTP.
sci.crypts most indefagitable snake oiler.
Veritable snakepit of encryption software (not all of these are snake oil, but there's an unusually high concentration of them present).
Secure email encryption from the people who brought you SoftRam95.
"a sophisticated encryption program which allows you to secure any type of file" ... "totally unreadable to all data viewers known to man. This is powerful new technology that has never been broken" (you can break it with pencil and paper).
Security Standards, Laws, and Guidelines
A Guide to Understanding Data Remanence in Automated Information Systems
Good guide to how the IETF works (useful for understanding the IETF standards process).
Security guidelines for Australian government IT systems (typical unclassified-level security guidelines).
NIST's AES home page.
Asynchronous Transfer Mode security standards, products, publications, and work in progress.
Austrian (EU-derived) export restrictions.
Australian Controls on the export of Defence and Strategic Goods
Australian government work on establishing a legal framework for e-commerce.
Links to info on ATM's, crypto, standards, publications.
Biometric API documentation and information.
Canadian government position and information on cryptography.
The (deliberately crippled) US cellular phone "encryption" algorithm.
CDSA specs from the OpenGroup.
GCHQ's GAK PKI.
Various links to EDI/EDIFACT information.
ITAR (under new management).
ISO 9000 for computer security.
CDSA specs from Intel (unlike the OpenGroup, you don't have to be a member to get this version).
FBI universal surveillance act, since used as a blueprint in other countries (eg Enfopol in Europe).
US federal guidelines for searching and siezing computers.
NIST security-related object identifier registry.
FIPS 140-1, 46-2, 74, 81, 171, 180, DOD 5200.28-STD (TCSEC), 5220.22-M, NCSC-TG-25.
Validation information and suites for DES, Skipjack, DSA, and crypto modules.
Crypto designators for WWII-era and early postwar comsec gear.
Malaysian computer crimes, digital signature, and telemedecine bills.
DCE security specs and literature, DCE security program group and research efforts.
Requirements for FIPS 140-1 compliance testing.
ABA Digital Signature Guidelines
Draft UN law on electronic commerce.
Digital Signature Standard Validation System (DSSVS) User's Guide
Validation suite for DSA and SHA.
DTI report on tightening export controls further to provide the illision of stopping all crypto getting out.
Electronic commerce: Commission proposes electronic signatures Directive
EU digital signature directive.
Latest version of the ITAR (which became the DTR, and now the EAR).
An overview of EDI security.
EDIFACT security... dear oh dear.
Electronic Commerce: A Guide for the Business and Legal Community
NZ Law Commision report on e-commerce.
Internet electronic commerce security (PEM, PGP, SHTTP, S/MIME, SET, SSL, etc), EDI security (X.12, EWOS), EDIFACT security, other EDI and EDIFACT standards.
Standards for smart cards. smart card terminals, and applications.
All ETSI standards documents available online for free.
ETSI technical committee on security home page.
The sections which apply to crypto software/hardware.
WWW common logfile format.
Extensions to the PGP key format for PGP 5.
Federal Information Processing Standards (including many crypto standards).
Draft of the law with related press releases and information.
Crypto security API overview.
Overview of GSM security and encryption.
Human Authentication API (biometrics AP).
RSA, Diffie-Hellman, elliptic curve, and related public-key cryptography (P1363)
RFC's indexed in various ways.
RCMP IT security bulletins and information.
EFA-coordinated Wassenaar crypto campaign.
RFC drafts.
Including S/MIME, PGP/MIME, MSP security in MIME, simple authentication and security layer (SASL), and mail ubiquitous security extensions (MUSE).
Intelsat specs - roll your own Echelon.
IPSEC drafts and RFC's.
IPSEC specifications, drafts, related drafts, mailing list archives, and implementations.
Internet security association and key management protocol information.
Abstracts for various ISO security standards.
X.400, 500, 600, 700, 800. Get 'em quick before the ISO forces them offline.
X.500 standards (including X.509) as Postscript files.
Online version of the ISO 7816 series (non-ISO copyrighted version, save a small fortune).
ISO smart card standards group home page.
BSI (German NSA) infosec manual.
ITU series X Recommendations - Data networks and open system communication
This includes X.400 and X.500 security-related standards. Note that you can get a lot of these free elsewhere if you know where to look (check some of the links on this page).
BSI guidelines for implementing the German digital signature law (algorithms, protocols, and services).
EU medical security and privacy project.
Authenticode, CryptoAPI, SSL and PCT, SET.
MISSI/MSP/SDNS/MSP+MIME specifications.
Netscapes private extensions to X.509.
NIST/NSA Common Criteria security evaluation program.
FIPS and NIST special publications
List of NIST-validated DES implementations.
Access to IETF, RIPE, W3C, IANA, and SET standards and drafts by name, number, full-text search, etc.
Far more readable (and therefore useful) form of the Orange Book and other bits of the rainbow.
Novell's X.509v3 certificate extensions.
Leaked copies of the OECD crypto guidelines.
Stewart Bakers comments on the creation of the OECD crypto guidelines.
Play the ASN.1 object identifier game! See if you can find an OID for the algorithm you're looking for (and if not, invent your own). Win magnificant prizes, etc etc.
Links to various EDI standards.
You may be able to find bits and pieces of X.500 (including X.509) information here which are a lot more up to date than the ISO/ITU ones.
ASN.1 reference material.
RSADSI Public Key Cryptography Standards.
Never-finished Posix standard for security interfaces to handle ACL's, auditing, capabilities, and information labelling.
Public-key infrastructures (X.509, X-509-related, RFC's, other documents).
The DoD rainbow books and other security publications.
DOD Rainbow books as text, PDF, or Postscript.
Security RFC's sorted by title (also available sorted by number and author(s)).
S-HTTP specs and information.
ETSI security algorithms and codes. Most require NDA's (the usual telecom industry security through obscurity practice).
X/Open security, DCE, and GCS-API.
A list of (mainly ANSI) security-related standards.
Australia/NZ GOSIP security guidelines.
Various security extensions for MIME.
Catalogue of international security-related standards and standards organisations.
Microsofts security standardisation efforts.
SET message definitions.
SET standards, and updates.
Comments on proposed EU digital signature directive.
Specifications for Skipjack and KEA from Clipper.
Errata for KEA test vectors in original spec.
Links to various digital signature law initiatives.
General guidelines for writing security-conscious code.
Speech recognition/speaker verification AP.
SSL 3.0 spec (online version and as a PS file.
Summary of the changes made from Wassenaar'96 to Wassenaar'99.
Cisco's TACACS+ FAQ.
US attempt at a GAK standard. One-sentence summary of the results: "We have no idea how to make this thing work".
Technical Security Standard for Information Technology (TSSIT)
RCMP security standard.
Teletrust security architecture algorithms specification.
Industry group/standards body formed to support security and authentication in communications. Page requires Java to be enabled to work.
The successor to COCOM, which restricts movements of dangerous technology such as biological, nuclear, and chemical weapons, missiles, artillery, and encryption software.
Common security evaluation criteria.
Home page of the TLS WG.
UN Commission on International Trade Law home page (includes UNCITRAL draft e-commerce law).
UK ITSEC documentation and information.
AusCERT checklist for programmers writing security-conscious Unix code.
VISA's profile of the Common Criteria for smart cards.
1998 Wassenaar (more correctly US State Department) control lists as Word and PDF files.
As above but translated into HTML
Article about the Wassenaar Secretariat in Vienna.
The Wassenaar Arrangement as obtained from leaks or freedom-of-information lawsuits.
The Wassenaar control lists as crowbarred from the US State Department by an FOIA request.
The final solution to the crypto problem.
The Defense Messaging System - like X.400 and X.500, but not as simple.
Security guidelines for encryption under Windows.
Internet standards bodies, HTTP security proposals, IETF working groups, Internet standards, mailing lists.
ANSI X.9 standards (including crypto standards).