Encryption and Security-related Resources

The following are security-related resources (aka "the crypto link farm") that I've found on the net. If there's anything which needs updating or correcting, please let me know. Because of its large size, I only update the online version of the page every few months, so please be patient when waiting for updates to reported changes to appear.

Thanks to a few overseas readers there are now mirrors of this page available outside New Zealand which should provide faster access for people in Europe and the US. These mirrors are:

Austrian mirror (updated manually)
German mirror (updated automatically)
German mirror (updated automatically)
Italian mirror (updated automatically)
Norwegian mirror (updated automatically)
UK mirror (updated automatically)
UK mirror (updated manually)
UK mirror (updated manually)
US Mirror (self-extracting DOS file, updated manually)
US mirror (updated manually)

Crypto Link Farms

Alexander Geschonneck's security page: Security related papers, pages, X.509 information, publications, network security and firewall vendors, security FAQ's.
Anonymity, privacy, security.: Very nicely done collection of links to anonymity, privacy, and security resources.
Bellare - Crypto links: More link farms, conferences, organizations, electronic commerce, IETF, key forfeiture, crypto people.
Cambridge Computer Security Group Links: Huge collections of links to security-related sites - the format is a bit like this list.
Chris Vidler's Cryptography Page: Links to FTP archives, bibliographies and e-journals, disk and filesystem encryption, laws and regulations, network security, newsgroups and mailing lists, protocols and standards, software, and vulnerabilities.
Coast Security Archive - Category Index: A large archive of security software, publications, and technical information.
COAST Hotlist Contents: Gene Spaffords crypto and security link farm.
Computer Security Network Telecommunications and Physical Security @ Algonquin College: Crypto, programming, networking tutorials, firewalls, viruses, physical security, threat assessment and disaster planning, security ethics, legal resources.
Crypto-Log: Internet Guide to Cryptography: Algorithms and mathematics, FTP archives, bibliographies, key escrow, disk, file, and mail encryption, crypto laws, internet security, newsgroups and mailing lists, protocols and standards, steganography, voice encryption, security problems (the original has vanished, this looks like an old mirror).
Cryptology pointers: Conferences, books, research groups, organisations, companies, algorithms, protocols, software and hardware, legislation, history.
Cryptographic Resources On The Web: Links to encryption regulation, encryption policy and privacy, and general encryption resources.
Cryptography: PGP, encryption algorithms, legal issues.
Cryptography: The Study of Encryption: Crypto newsgroups, papers, cypherpunks, crypto policy, digital cash, and other information sources.
Cryptography Technical Report Server (CTRS): Various crypto-related tech reports.
Cryptography URL: Encryption standards, FAQ's, and FTP sites.
Datacomms Technologies cryptography archive: Encryption software, text files and information, resources and links.
DSTC Security Related Links: Links to crypto, digital signatures, e-cash, internet backing, smart cards, NT security, PKI, standards.
Email security, cryptography and related stuff: PEM, MIME, and MOSS RFCs, links to CA's, implementations, literature, PGP.
European Cryptography Resources: Recommendations, drafts, papers, new items, official bodies, research, and government meddling.
Firewall Security Jump Page: Links and summaries of a wide variety of firewall products.
Gateway to Information Security Home Page: Links to a large number of security-related sites, books, journals, and related information (imagine this page, but not all lumped together on one page).
Hideaway.Net - Security, Privacy, Anti-Virus, Linux: Privacy, crypto, software, security information and updates, publications, virus protection.
International Cryptographic Software Pages for Encryption, Decryption, Cryptanalysis, Steganography, and Related Methods: Algorithms, software packages, protocols and standards, books, journals, conferences, newsgroups, mailing lists, crypto links.
Kriptópolis: Criptografía, PGP, Seguridad en Internet: Anonymity, e-commerce, crypto, PGP, security organisations, publications, security bulletins, software.
Links Related to Terrorism, Intelligence, and Crime: A large number of intelligence, security, law enforcement, disaster planning, terrorism, crime, military, and defense agencies and organizations.
Luca Venuti's Home Page - TPC: Electronic privacy links, organisations, newsgroups.
No Big Brother Page: Links to remailers, anon proxies, crypto and stego software, file wiping tools, privacy and anti-privacy organisations.
NCSA Hot Links: Anti-virus software, firewalls, general security vendors, general infosec links, parental control, privacy, law, and ethics.
Neil's Security and Privacy Resources: Encryption, steganography, special events, research, documents, news, security archives, security organizations.
Network/Computer Security Technology: Current events, security web pages, commercial security tools, newsgroups, mailing lists, FAQ's, incident bulletins, conferences/seminars/workshops.
Security and Cryptography: Conferences, link encryption, phone and modem encryption, encrypted filesystems, PKI, research, governments and policy, companies, people, PGP.
Security Search - The Security Search Engine: Search engine for finding information on security-related issues (anonymity, conferences, legislation, security products, publications, R&D, security problems).
Spanish Crypto Resources: Spanish crypto and security-related companies, magazines, and events.
Strong Cryptography Links on the Internet: Links to crypto companies, universities, newsgroups, books, algorithms, security and crypto tools.
Technical Information - Cryptography: Links to other crypto sites, source code archives, companies and organisations, peope, and reference information.
The Rotherwick Firewall Resource - Point of Attack: Firewall basics, white papers, products, manufacturers, books, papers, training, mailing lists, links to other firewall-related resources.
Tom Dunigan's Security page: PGP, S/Key, Kerberos, crypto API's, secure applications, commercial providers, government agencies, intrusion detection, vulnerabilities.
TWISTer: Trend Watch for Information Security Technolgy: Security info search engine run by the Korean Information Security Agency.
TSA (Law Enforcement and Intelligence) Links: More links to law enforcement and intelligence agencies.
Uni-GH Siegen - Security-Server: Encryption algorithms, data protection, steganography, ecash, Internet security, viruses, conferences, security standards, newsgroups and mailing lists, RFC, journals.
University of Torino Security Resources: Links to web pages, newsgroups, FTP sites, research labs, papers, conferences, and journals.
Vince Cate's Cryptorebel/Cypherpunk Page: Cypherpunks resources, remailers, digital cash, PGP, and Clipper.
Vinnie's Crypto Links: Crypto overviews and FAQ's, link farms, encrypted comms, e-commerce, crypto libraries.

Crypto Archives

Attrition crypto archive: US-only crypto code archive.
Crypto: Links to software for email/voice/file/disk encryption, authentication, stego.
FUNET crypto archive: PGP, symmetric and asymmetric encryption, crypto libraries, papers.
munitions - cryptographic software for linux: Linux crypto software archive.
North American Cryptography Archives: Archive of crypto software, only available from the US and Canada.
Oxford Uni crypto archives: DES, SSL, cryptanalysis, documentation, PGP, miscellaneous.
Replay crypto/security archives: Apache, Applied Crypto files, encryption, Java, PGP, remailers, security, voice encryption files.
Tattooman Crypto Archive: Large selection of crypto software, but trapped behind the iron curtain.
University of Hamburg crypto archive: Disk and file encryption, PGP, stego, voice encryption.
University of Oslo PGP archive: PGP and PGP-related software.
UREC archive: French archive of CERT bulletins, dictionaries, PC, Unix, VMS security software (mostly anti-virus and access control rather than crypto).

Crypto Social Issues

[1997] 1 Web JCLI: Analysis of the UK governments policy on encryption.
Additional Comments of Philip R. Karn, Jr.: Phil Karn rebuts inaccurate and bizarre government claims in congressional testimony (this is an example of the kind of misinformation which government advisors often provide to their governments).
Adopt An MP - Homepage: UK campaign to adopt an MP and enlighten them over problems with crypto restrictions.
Adopt An MP - Letter to Jack Straw, Home Secretary: Simple photo essay showing how to get rid of politicians pushing for draconian anti-privacy laws.
America Online exploits bug in own software: AOL uses a bug in its own software to run code on users machines.
Americans for Computer Privacy: Computer privacy issues.
Baltimore - Library - UK Crypto Policy: Comments on UK crypto policy (from the person who tried to sell GAK to the NHS).
BBC News - Encryption: BBC news stories on encryption, including "UK Government dithers on encryption regulation".
Big Brother Incorporated: Companies which supply surveillance technology to non-democratic regimes.
Big Brother Inside Homepage: Privacy concerns about Intel's PIII processor ID (mis)feature.
Brookings Policy Brief No.21.: Brookings Institute study of crypto policy (pro-GAK).
C to English and English to C translator: Translates crypto code into English to allow it to be exported, then translates it back into code afterwards.
CACIB: UK government tactics for deploying GAK.
Canada's export controls: Summary of the Canadian crypto export situation.
Cato Handbook for Congress: Freedom on the Internet and Other Computer Networks: Cato Institute study of crypto policy (anti-GAK).
Centre for Democracy and Technology Crypto Page: CDT information on current US crypto policy
CIPHR'99 Conference: Cryptography & International Protection of Human Rights: Conference on crypto and human rights.
Clipper Roadshow: US government policy laundering on key escrow.
CNET features - digital life - privacy in the digital age: Digital privacy (or more specifically, the lack thereof).
Codex Surveillance & Privacy Page: Surveillance, stalking, privacy invasion, eavesdropping, and anything else related to these categories.
Comments on Encryption Transfers: Comments on new US export regulations.
Comments on Encryption Transfers - HTML: Easier-to-handle HTML versions of the above.
Confronting the New Intelligence Establishment: Lessons from the Colorado Experience: Article on NSA communications interception and attempts to have it stopped.
Coral: Traffic monitoring on an OC3 link using a Pentium PC - an example of how this sort of thing would be done.
Cracking DES: Cracking DES from the US (made available based on the Ninth Circuit Court of Appeals ruling that the export controls violate the First Amendment).
Crime, Terror & War: National Security & Public Safety in the Information Age: The sky is falling! The sky is falling!
Crypto AG: Reports of Crypto AG rigging crypto hardware to allow NSA decryption.
Crypto AG - Der Spiegel (German): Allegations of intelligence agencies subverting Crypto AG product security.
Crypto AG: The NSA's Trojan Whore?: Possible rigging of Swiss-made crypto gear by the NSA.
Crypto-Controls Advisory Services: The one organisation making money out of US export controls.
Crypto Law Survey: A survey of crypto laws in various countries.
Crypto regulation in Europe: The state of crypto regulation plans in Europe as of May 1997.
Cryptography and Liberty 1999: 1999 EPIC report on crypto controls.
Cryptography's Role in Securing the Information Society: National Academy of Sciences report on cryptography policy.
Cryptography, Scientific Freedom, and Human Rights: American Association for the Advancement of Science page on crypto and human rights.
Cryptology: Law Enforcement & National Security vs. Privacy, Security & The Future of Commerce: Good analysis of crypto politics and export control issues.
Cyberspace Law for Non-Lawyers: Privacy laws and the Internet.
Das Ministerium für Wahrheit: Information and links on Echelon, Europol/Enfopol, and other wide-scale surveillance initiatives.
Development of Surveillance Technology and Risk of Abuse of Economic Information 1/4: European parliament report on computer-based industrial espionage.
DIE ZEIT Nr. 28/1998 Leichtes Spiel: German news report on NSA industrial espionage leading to $100M loss for German company.
DIE ZEIT Nr. 39 vom 17. 9. 1998: Hintertür für Spione: Another report on Enercon industrial espionage.
Distributing encryption software by the Internet: loopholes in Australian export controls: Examination of legal implications of electronic export from Australia. Conclusion: It's OK.
DTI/UK Encryption Policy: Reply to the DTI Consultation Paper on Licensing of Trusted Third Parties for the Provision of Encryption Services.
E-commerce under threat from encryption deal: The Australian Financial Review on Wassenaar'98.
Echelon: Exposing the Global Surveillance System: Covert Action Quarterly article on wordlwide NSA surveillance.
ECHELON: America's Secret Global Surveillance Network: Free Congress Foundation report on Echelon surveillance system.
Echelon--Rights Violation in the Information Age, by Don Lobo Tiggre: Article on Echelon.
EE Times - White Paper: White paper on hackers.
Emerging Japanese Encryption Policy: How Japan, Inc, handles encryption policy (a real contrast to the US governments attitude).
Encryption: Impact on Law Enforcement: FBI's "The sky is falling" speech, revised every year or so (it's been falling since about '92).
Encryption Policy and Market Trends: Dorothy Dennings 1997 GAK forecast.
Encryption Policy for the 21st Century: Cato Institute study on the future of encryption.
EPIC Cryptography Policy: EPIC information on current US crypto policy.
EPIC Privacy Links: EPIC privacy resources.
export-a-crypto-system sig: Diminuitive crypto hacks (well-known algorithms in a few lines of Perl, Python, or C) and how to use them to poke fun at export laws.
Export Licensing of Intangibles: Commentary on likely effects of UK proposal to license export of intangibles.
Exposing the Global Surveillance System: Extracts from Nicky Hager's book "Secret Power".
FinCen: Big Brother for financial information.
Former Secrets: Declassified US government machinations to ban/restrict crypto.
French Cryptology: the takeover by force of Jospin: Article given background details on the liberalisation of crypto in France.
FUD! Home Page - Crypto legislation: Contents of and discussion over various US crypto bills.
GILC -- Cryptography and Liberty: Survey of encryption policy worldwide.
Global Monetary: Electronic implants to "aggressively build a proprietary global system of exchange, customer tracking and profiling". Not sure if these people are for real or not.
GNN on Crypto: Global Network Navigator web review: The NSA vs The Net.
Government, Cryptography, and the Right to Privacy: Paper documenting the overt and covert regulation and restriction of cryptography by governments.
Good Privacy Test Sites: Links to sites which show how easy it is to get information on your and your activities on the net.
GR Design Principles: GAK-resistant crypto protocol design guidelines.
Gray Areas Magazine: Essays and articles on the computer underground (and all sorts of other things).
Green light for limited encryption exports: Australia's interpretation of Wassenaar'98.
Growing Development of Foreign Encryption Products in the face of U.S. Export Regulations: 1999 survey of non-US companies producing crypto products.
IFIP TC11 Position on Cryptopolicies: IFIP's (very sensible) position on crypto use and crypto regulation.
Information About PGP & Encryption: Information on the creeping takeover of GAK.
Interception: Technical details on large-scale GSM and ISDN interception techniques.
Interception Capabilities 2000: Comprehensive report on worldwide communications surveillance and interception practices.
International requirements for interception: The FBI exports CALEA to the rest of the world.
Internet Privacy Coalition: Attempts to ensure privacy on the internet.
Interview with David Herson - SOGIS: Interview on European crypto policy.
ITAR Civil Disobedience: Click on this form to become an international arms trafficker.
Key Recovery Study: The risks of key recovery, key escrow, and trusted third party encryption.
KRISIS Home Page: GAK/EuroClipper home page.
Liberalization 2000: President's Export Council Subcommittee on Encryption recommendations to pretty much remove export controls.
Los Angeles County Public Defender's Office: Information on large-scale illegal wiretaps in LA.
Menwith Hill letter from Ministry of Defence: There's nothing going on there... nothing to see... move along, move along...
Microsoft, the NSA, and You: Description of NSA backdoor inserted into every (recent) version of Windows.
NCSA HTTPd/Mosaic: Using PGP/PEM auth: Early attempts to incorporate PEM and PGP encryption into web browsers torpedoed by the NSA.
NSA and Crypto-politics: Huge (1/2MB) writeup on the NSA and crypto politics.
NSA's Influence on New Zealand Crypto Policy: NSA influence on New Zealand export policy.
No Chance for Key Recovery: Paper on key recovery (GAK) vs human and political rights.
NSA's keys: NSA and MS CryptoAPI CSP signing keys.
Paul Wolf's Echelon Links: Links to information on Echelon, media coverage, and other information.
PC Week: Lies and cryptography: "We've lately had reason to wonder if our nation's cryptography policy is being made by fools. It is a mixed blessing to learn that the people in charge are merely liars [...]".
PGP 6.0: Cat out of the bag: Wired article showing just how effective US export controls really are.
Phil Zimmermann: Letters to Phil about the use of PGP by human rights groups.
Phone Tapping: Information and resources on government phone tapping plans.
Pressemitteilung - 2. Juni 1999: Germany government statement affirming the right to use the strongest crypto possible.
Privacy, Inc.: Various resources related to the (lack of) privacy, including access to databases and online information search facilities.
Privacy International Home Page: Privacy reports, interntional agreements on privacy and human rights, surveillance technologies, ID cards, privacy-related conferences.
Privacy on the Internet: Zola Times articles on Internet privacy.
Privacy on the Net: Practical Issues: Links and information on various privacy-related issues (cryptography, anonymity, secure communications).
q/depesche: Free crypto campaign logos.
Remailer list: List of anonymous remailers.
Report: U.S. Uses Key Escrow To Steal Secrets: Report on US using crypto restrictions to steal other countries economic secrets.
Roger Clarke's Privacy Page: Data surveillance and information privacy information publications, and legislation.
Roger Clarke's Public Interests on the Electronic Frontier: Paper discussing various freedoms and rights such as the right to privacy.
Roxen's General Export Application for Strong 128-bit Encrypted Denied: Swedish government refusal of export permit for 128-bit SSL.
RSA as a MIDI file: RSA encoded as a MIDI file. Technically this is a program and therefore unexportable from the US.
Self Incrimination and Cryptographic Keys: Richmond Journal of Law and Technology article on forced disclosure of crypto keys.
Services Available from Offshore Information Services Ltd.: Offshore internet services and accounts in Anguilla.
SOFTWAR Information Security: Declassified papers and resources on Clipper and key escrow, voice and mail encryption software.
Solitaire Encryption Algorithm: How to turn a deck of cards into an export-controlled item.
Special Investigation: ILETS and the ENFOPOL 98 Affair: FBI policy laundering: Persuade Europe to adopt wiretapping laws which failed in the US.
Stille, I svumpukler! Det er en andagtsfuld stund!: Information on crypto controls, Echelon, and related issues, from a Danish perspective.
Tapping into CALEA: Government surveillance server ("delivers intercepted call content and identifying information... capacity for up to 512 simulatneous call intercepts".
Telekommunikationsgesetz: East German surveillance state-style laws being applied in the unified Germany.
Telepolis Enfopol-Papiere: Documentation relating to EU telecoms surveillance plans (EU-Echelon).
The Age - Computers: DSD meddling in Australian crypto exports.
The European Surveillance Union: Story on European Enfopol massive-scale wiretapping initiative.
Threat and Vulnerability Model for Key Recovery: NSA report on why GAK is bad (yes, you read that right).
Tools For Privacy: Version 1: An online book covering threats to privacy, cryptography, PGP, and related issues.
TruePosition Wireless Location System Home Page: Cellular phone tracking.
UK Cryptographic Policy Discussion Group: ukcrypto mailing list archives.
Updated UK Proposals for Licensing Encryption Services: Critique of UK crypto licensing/GAK proposal.
U.S. Electronic Espionage: A Memoir: First exposure of the NSA and Echelon
US Spy Agency Confirms Secret Princess Diana Files: Echelon in action: APB story on NSA building up 1000+ page file on Princess Diana.
Walsh Report: Report on Australian crypto policy, originally suppressed by the government, then released in censored form after a judicial review, finally obtained as the full version by EFA. Provides most interesting reading since the bits they didn't want the public to see are now highlighted in red.
What your Browser is Sending: See what information your web browser is sending to remote servers.

Crypto Software

ABA JCE: Clean-room JCE implementation.
Abacus Project: Suite of free intrusion detection tools.
Advanced Cryptography Tool: Crypto tool using PGP 2.6.3i with triple DES and SHA-1.
AES Algorithm Efficiency: Free-world implementations of the AES algorithms.
Alex Encryption: Encryption based on automata theory (unknown security level).
Ambient Empire: Vigenere cipher cracker, Windows port scanner.
Apache HTTP Server Project: Apache secure web server.
Bastille-linux homepage: Security-tuned Linux distribution.
BSAFEeay, a public domain implementation of the BSAFE API: BSAFE API wrapper around SSLeay.
Canadian Cryptographic/cryptanalytic software: Canadian encryption software and companies.
CAP: Cryptographic analysis program (automatically analyse and break simple ciphers).
Cassandra: Windows'95/98 trojan detector (detects and disables Back Orifice, Netbus, etc etc).
Cedomir Igaly's SSH Page: Free SSH for Windows.
Cédric Gourio's Java-SSH: SSH client in Java.
CIPE: Crypto IP encapsulation - encrypting IP routers using Linux.
CipherClerk: Software emulation of various historical ciphers
CIS: SDSI (Simple Distributed Security Infrastructure): SDSI implementations and documentation.
Cisco Systems ISAKMP Distribution: A reference implementation of the IETF's ISAKMP protocol.
Claymore PureTLS: TLS in Java.
CRASHME: Random input testing.: Tests resistance of programs to random input.
Crowds Home Page: Anonymous proxying for web browsing.
cryptix: Cryptix Java crypto library.
cryptlib Information: Encryption library supporting a large number of encryption algorithms, digital signatures, key exchange, X.509/PKIX/SET certificates, CA functionality, key databases, HTTP and LDAP directory access, smart cards, S/MIME, and secure enveloping.
Crypto at Lothar: Entropy gathering daemon (random number source) for Unix.
Crypto Kong: PGP-like program using elliptic curve crypto.
Cryptographic Libraries: A comparison: Comparison of various free (and free-world) crypto libraries.
Cryptographic software: Elliptic curve and RSA public-key encryption software.
Cryptographic tools for Visual Basic: Elliptic curve OLE extension for VB.
Cryptography Blowfish Multi-thread: Command-line Blowfish encrypter.
Cryptonite Java Package: Java crypto library.
Cryptoscan: Scanned US crypto publications available outside the US.
Cyber-Knights Templar: Crypto software, brute-force encryption cracking, crypto politics issues.
CTC - PGP-compatible encryption software: PGP-compatible C library and Mac application.
Delphi crypto software: Various pieces of crypto software written in, and for, Delphi.
Delphi SkunkWorks - Data Encryption: Delphi crypto libraries.
DES in VHDL: DES in VHDL, including a Xilinx-optimised version.
Disk/File Wiping Utilities: Programs to wipe files, free disk space, slack space, the Windows swap file.
Emacs Cryptographic Library and Tools: DES, RC4, IDEA, SHA-1, MD5, and others, in elisp.
Enabling Network Security with SSLeay: Security projects based on SSLeay.
Encrypted PDFs: Code to work with encrypted PDF's (intended mainly for use with Ghostscript).
Encrypting your Disks with Linux: Various Linux disk encryption programs.
Encryption for the Masses: Windows NT disk encryption using 3DES Blowfish, IDEA, or CAST, compatible with SFS and ScramDisk. Written in the free world.
Enhancing E-Mail Security With Procmail: Using procmail to strip trojan horses/malicious HTML/buffer overflow attacks/browser attacks/etc. Unfortunately since most of these holes affect Windows and procmail runs under Unix...
Engineering Research Home Page: P1363 ECC implementation.
Enigma: PGP-compatible plugin written in Java.
Eraser: Windows file/disk/free space eraser.
Eric's Crypto Software: DES and Skipjack for the PIC.
Eric Hambuch - Linux Software: X-Windows interface to file encryption software.
Error Correcting Codes (ECC) Home Page: C source code and information on ECC's (the techniques employed are closely related to encryption techniques).
ESP Reference: Encrypted socket protocol (an open protocol for TCP/IP secure transmissions).
FileVault: File encryption using 64-bit (?) Blowfish.
Flask: Flux Advanced Security Kernel: Security kernel for the Fluke OS.
Fortify for Netscape: Free 128-bit SSL browser proxy,
Frank O'Dwyer's Homepage - Security Code: DES in Java, C++ firewall class library.
Free-DES Home Page: Free VHDL DES core.
Freefire Projektstartseite: Resource page for developers of free security software.
FreeSPEKE SDK: SPEKE toolkit.
Fresh Free FiSSH!: Free SSH client for Win'95 and NT.
Fuzzy Logic: Cryptography: The GNU encryption project.
F W T K . O R G: TIS firewall toolkit home page.
GInt: Bignum library and sample PKC code.
GMD Security Technology - SecuDE: Security toolkit for RSA, DSA, DES, DH, X.509, PKCS, PEM, X.500, and BYOG.
GNU Privacy Guard: GPL'd OpenPGP implementation from the free world.
Hamradio page of Thomas M. Sailer, HB9JNX: All sorts of neat stuff for software decoding of various radio signals.
Heimdal: Non-US Kerberos 5 implementation.
HushMail: Encrypted mail using SSL and Java.
IAIK - Javasecurity Homepage: Java cryptography extensions from the free world.
iButtons: Unix source code and software for working with iButtons.
ICE Home Page: The Information Concealment Engine block cipher.
Immunix: Adaptive System Survivability: Automatic protection against stack-smashing attacks.
International Crypto Freedom (PGP en français): French crypto archive.
International Kernel Patch: Free-world Linux kernel patch to add strong crypto services to the OS.
International PGP Home Page: How to get PGP, documentation, foreign-language support, PGP-related products and services, and other PGP resources.
Internet Locations for Materials on the Disks for Applied Cryptography: Site #1.
Introduction to the Kiwi software suite: Crypto-based spam protection software.
IRDU PGP Page: PGP information, software, key management, key server interface, PGP links.
JCSI: Free-world JCE implementation.
JGSS Package Distribution Page: Kerberos in Java.
jSSL - A free Java SSL implementation.: SSL implementation in Java.
KeyNote Web Page: The KeyNote trust management system.
Keytrap Home Page: Dcyphers keyboard sniffer.
kha0S Linux - b/c friends don't let friends s[ug]id: Linux with strong crypto built in.
Kryptographie-Chip: Open-source crypto chip (VHDL source available). Wow!
Kwik-Rite Development : Windows and WWW solutions: Archive utility with encryption, ScramDisk add-on for Delphi.
Lance Cottrell Home Page: Mixmaster remailer publications and soure code.
Leonard Janke's Homepage: Intel-optimised hashing, bignum, and crypto code.
Lewis' KEA (Key Exchange Algorithm) Page: KEA information.
Linux-PAM: Pluggable authentication modules for Linux.
libch's Homepage: P5-optimised code for various hash algorithms.
LiDIA - Main Page: C++ computational number theory library (great for crypto).
LInteger: C++ bignum library.
Linux FreeS/WAN Project: IPSEC, ISAKMP/Oakley and DNSSEC software for Linux.
Linux Packet Sniffer: IP packet sniffer for Linux.
LSH: Free SSH v2 implementation.
Mcrypt: GPL'd replacement for Unix crypt(1) written in the free world.
MD5 Message Digest algorithm in Javascript
Microsoft CryptoAPI: Microsoft's attempt at a cryptograhpy API. This page moves a lot, you may need to try a search from MS's developer pages.
MindTerm - A java implementation of SSH: SSH client in Java.
Ming-Ching Tiew Home Page: PGP key manager, PGP netscape plugin, Motif and Win32 file encrypter using cryptlib, cryptlib Java wrappers.
mod_ssl: The Apache Interface to OpenSSL: OpenSSL interface for the Apache web server.
Mozilla Crypto Group: Putting the crypto back into Netscape/Mozilla.
Nautilus Homepage: Speech encryption (with a neat anti-Clipper graphic).
Ng Pheng Siong's Home Page: Python crypto toolkit.
NiftyTelnet: SSH client for the Mac.
Nmap -- Stealth Port Scanner: Stealth scanner using TCP half open scanning, TCP FIN/Xmas/NULL stealth scanning, ftp bounce and IP fragmentation scanning, and OS identification by TCP/IP fingerprinting.
NSBD: Not-So-Bad Distribution: Internet software distribution authenticated with PGP.
NT Tools: Includes an NT security config tool to patch a number of NT security holes and flaws.
NTL: A Library for doing Number Theory: C++ bignum maths library.
Ocotillo PRNG: PRNG for Unix.
Official OpenCrypt Site: Blowfish encryption DLL for Win32.
OpenSSL: The Open Source toolkit for SSL/TLS: Free SSL/TLS implementation.
Oscar - DSTC's Public Key Infrastructure Project: PKI toolkit.
Package Acme.Crypto: Various Java crypto classes.
Package java.security: Java security package docs.
Packet Storm Security Archives: Large collection of free software and information related to security and encryption.
PC Security Software & Sources: Brief descriptions of various security programs.
PGP, logiciel de cryptographie gratuit et en français (PGP pour les français): French PGP page.
PGP Tools: PGP function library.
PGPLIB: DLL which implements various PGP functions.
PGPNet Server: A dummy home page for the www.pgp.net domain (incomplete).
Photuris Test Server: Photuris session-key management protocol software and test server.
Private Idaho User's Manual: Documentation for Private Idaho.
ppdd: Linux encrypted disk device driver using Blowfish.
PPTP-linux: Point-to-Point Tunneling Protocol: PPTP for Linux (presumably without all of Microsoft's security holes in it).
PS: (Relatively) secure encryption using 40-bit keys (designed to bypass silly French restrictions).
PuTTY: a free Win32 telnet/ssh client: Telnet/SSH client for Win32.
pyCA - Software for running a certificate authority: Python scripts for automating various parts of running a CA.
Qualcomm Australia crypto software: sendmail encryption patch, SOBER stream cipher.
RC4 Stream Cipher Library: RC4 ActiveX control.
RC4SE: Windows shell extension for file encryption using RC4 (requires 128-bit MS crypto provider to work).
Reliable Remailer: cpunk/mix remailer for Windows.
RIPEM: RIPEM source code and information.
RSA Free Utilities: RSA key generation and encryption for Linux.
RSAEURO - Cryptography For The World: European RSAREF providing full source-code compatibility with the original.
SafeGossip: TLS-based tunnel.
SCEZ - Smart Card Library: Free general-purpose smart card interface library.
SCNSM: Win3.1/95/98 non-swappable memory allocator.
ScramDisk - Free Disk Encryption Software: Win95 disk encryption using 3DES, Blowfish, IDEA, MISTY, Square, and TEA.
ScramDisk Additions: ScramDisk add-ons and a program to demonstrate a flaw in it (now fixed).
Secretz: File encryption using elliptic-curve PKC's and Blowfish.
Secure Edit: Mac program which encrypts edited files with IDEA.
Secure FileSystem Information: The world's best transparent disk encryption software for DOS and Windows (this has nothing to do with the fact the I'm the author :-).
Secure Logging: Secure logging for Unix and Windows.
Secure Memo Pad Encryptor for Palm Handhelds: ECC crypto for PalmPilots.
SecureTrayUtil: Enhanced front-end for ScramDisk.
Security: File wiping: Links to various file wiping utilities.
Simulator Index Page: Simlators for various historical cipher machines.
Sir Winston Rayburn - Crypto/Politico: Various encryption reoutines.
S/KEY Information: Information on the S/KEY authentication system.
SMB Scanner: SMB port/machine scanner.
S/MIME Freeware Library: S/MIME freeware library (export-controlled, US only).
SNOW Home Page: Whitespace steganography software.
spDES Encryption Control: ActiveX DES control.
Speak Freely: Very nice Unix and Windows speech encryption software.
Ssh (Secure Shell) Home Page: Very good encrypted, digital-signature-authentication remote access software (replaces the r* utilities, allows X11 and TCP port redirection over the encrypted connection).
SSH/SCP for Windows: ssh/scp port for Win95/NT.
SSLeay and SSLapps FAQ: Very nice, free SSL implementation (like Netscape's SSL, but without the bugs and crippled encryption).
SRP: Secure Password Authentication for the Net: Secure password-based authentication over insecure networks.
Stack Shield: Tool to add stack overflow protection to Linux programs.
Steganography - MP3Stego: Information hiding in MP3's.
Stunnel homepage: PPP over SSL tunneling software.
Systemics Software Archive: Crypto extensions for perl and Java.
TC TrustCenter TC_PKCS11: PKCS #11 software-only token implementation.
The Cryptography and PGP Page: Classic ciphers, links to crypto sites, explanations of the maths behind PGP and RSA, privacy issues.
Therapy: SSH client for Win32.
Tiny Encryption Algorithm: Description and C source code.
TinyIDEA - 128-bit File Encryption: 366-byte IDEA file encryption program.
Tom's Privacy Pages: Patching Netscape, MSIE, and Outlook to use strong crypto.
Transparent Cryptographic File System
Tresor Page: Mac file encryption using IDEA, written in the free world.
Trinux: A Linux Security Toolkit: Floppy-bootable Linux network security toolkit.
TSS PGPWord... Real Security, Real Easy: PGP encryption integrated into Word for Windows.
TTSSH: An SSH Extension to Teraterm: SSH DLL add-on for Teraterm.
UMAC -- Message Authentication Webpage: Very fast MAC.
Uni-GH Siegen - Security-Server - Kryptographie: Pointers to information on and implementations of a number of conventional, public-key, and hash algorithms.
Unix tools on Windows NT?: ssh port to NT via Cygnus gnu-win32.
Vitas DownLoad area: Windows'95 password (.PWL) viewer.
Wei Dai's Crypto++: C++ class library of cryptographic primitives.
WinPGP(tm) Home Page: Windows front-end for PGP.
wipe 0.15: Secure data deletion for Unix.
XPDF additions: Add-on to allow XPDF to decrypt encrypted PDF files.
Zen: C library for fast computation in finite extension over finite rings
ZWEKNU Central Industries: Various security-related bits of code (ARP spoofing, iButton PAM, portable firewall).

Miscellaneous Security Items

Anonymity and Privacy Aixs Net Privacy Web access anonymiser. Anonymizer Web access anonymizer. IRC4ALL Public Proxy Page Links to public WWW/FTP anonymising proxies. Lucent Personalised Web Assistant Proxy which hides personal details from intrusive web pages and blocks spam. Onion Routing Routing mechanism which resists traffic analysis. Remailer related Sources Remailer home pages, remailer techinfo, PGP introduction, PGP keyservers, crypto pages and laws. Steganography A paper on steganography.
Random Numbers /dev/random Support Page Home page of the Unix /dev/random randomness driver. Atom-Age Products Thermal-noise-based hardware RNG. Aware Electronics Corp. PC Geiger counters (great random data sources). CME's Random Number Conditioning Page Information on sources of strong random numbers. Computer Generated Random Numbers Techniques for analyzing PRNG's. DIEHARD George Marsaglia's RNG test suite. Efficient Generation of Cryptographic Confusion Sequences A survey of PRNG's for crypto applicatoins. FreeBSD Notes Various notes on /dev/random and randomness gathering. HotBits: Genuine Random Numbers Build-it-yourself radioactive-decay based random number generator (perfect for Chernobyl residents). Ideas for an RNG_DEVICE standard Proposed standard for random-number generation devices. Lavarand! Random number generation using lava lamps. Noisemaker schematic Hardware RNG. Numerical Recipes Home Page CDROM contains ~1/4GB of random numbers. ORB - Open Random Bit Generator Low-cost single-chip RNG. ORION RNG Serial-port hardware RNG. Protegrity Incorporated Cryptographically strong random number generator. Radiation Monitors for PCs Various random number sources. Random Noise Sources Designs and analyses of various zener-based generators. Random Number Generation, Taygeta Scientific Inc. Papers and software for PRNG's. Random number generators -- The pLab Project Home Page Theory and practice of random number generation. Random number generators Analyses of hardware and software randomg number generators. Random Number Generators (RNGs) Web sites and references for RNG information, information on various PRNG's. Randomness Resources Resources on secure random-number generation and the problems of insecure random number generation. RBG1210 Cryptographically strong random number generator. SG100 Hardware random number generator. Using and Creating Cryptographic-Quality Random Numbers Randomness-gathering techniques. Wayne's Random Noise Generator PN-junction based hardware RNG sampled using a sound card. Xorrox's random Zener-based noise generator. Z5000 - True Random Number Generator Incredibly expensive hardware RNG.
Algorithm benchmarks: Relative speeds of a number of encryption and hash algorithms.
AT&T PathServer: PGP web of trust tracing server.
Bletchley Park Home Page: Visitors guide to Bletchley Park.
Bob Tinsley's Steganography Pages: Steganography papers and ideas.
Building a Windows NT bastion host in practice: Presumably the idea is that attackers crash this first, cutting of the rest of your network and leaving it secure.
DigiCrime, Inc.: Online links to digital crime, blackmail services, encryption key cracking, airline rerouting, internet shoplifting, e-cash laundering, alien mind control, etc etc.
Geeks We Would LOVE to Have Dated, and WHY:: Cypherpunk groupies page. I have no idea what to file this one under...
GISUM. Information Security: University of Malaga infosec group.
GSM Wizard: GSM-related technical information and secret features of phones. NB: This page repeats the official GSM security info rather than the actual details.
Harmless Little Project: Project for a freely-available voice crypto board (moribund).
Information on VideoCrypt Hard/Software
JANUS: Anonymity for WWW content providers.
KL7/KWR37 Crypto Units: Descriptions and photos of the KL7 and KWR37.
KuesterLaw Technology Law Resource: Technology and IP law resources.
Mac OS Security and Crypto: Apple security and crypto information page for the Mac.
Matt's Unix Security Page: Unix and Internet security papers, security software, links and miscellaneous items.
Microsoft Security Advisor Program: Microsoft's interpretation of security (see many other links on this page for everyone elses interpretation of Microsoft's security).
NSA Crypto Museum Photos
Payment, Security & Internet References: X9.59 electronic payment-related references.
Prime number verification via ECPP: Bignum prime number verification via a CGI script.
Proactive Security Home Page: Distributed security measures which resist attack.
Pseudoprimes/Probable Primes: Papers on primality testing.
Quantum Computation/Cryptography at Los Alamos: Information on quantum computation and cryptography.
RADIOPHONE Top Level: Information on cellular telephony, PCS, and wireless data transfer.
S & P Calendar: Calendar of security and crypto conferences.
Securing NIS
Security on LGG: Security tools, password recovery and cracks, security information.
Sirene Home Page: Various research projects in computer security.
SourceKey - The Global Source for Key Recovery: GAK/key escrow/trusted third party/whatever centre.
SSL Browser Information: Information on the SSL implementation used by your browser.
The Square Page: The Square block cipher and links to implementations.
Toby's Cryptopage: Information and links to historical cryptosystems and encryption machines.
USDS Homepage: Yet another new (and patented) PKC.

Public Key Infrastructure

128i: New Zealand CA.
Analysing State Digital Signature Legislation: Analysis and comparison of various states' digital signature laws.
AlphaTrust.com Home Page: US CA.
ARCANVS: CA licensed under the Utah Digital Signature Act.
Architecture for Public-Key Infrastructure (APKI): Open Group PKI requirements (requires registration to access).
Australia Post - KeyPOST: Australian CA.
BelSign: Belgium and Luxemburg CA.
BiNARY SuRGEONS: Certification Services: South African CA.
BSI-Projekt Digitale Signatur: Implementation details of the German digital signature law.
C=EE, O=ESTONIAN NATIONAL PCA: Estonian CA.
CA-CERT: Spanish CA.
CALiability analysis Web doc: ABA analysis of CA liability issues (~190 pages).
Carynet Security Certificate Authority: Asian(?) CA.
Center for Standards Public Key Infrastructure (PKI) Standardization Home Page: DISA information pages on the Internet PKI.
Certificates Australia: Australian CA. GAK alert: This CA escrows all encryption keys.
Certificates shipped with Netscape: Extracting certs from Netscape's .db files.
Certification Authority Survey (DGXV Project): List of CA's worldwide.
certifikacni stranka DATANETu: Czech DATANET CA.
CERTISIGN: Brazilian CA.
Columbia Certification Authority: Columbia University (not country) CA.
Columbian Draft Proposal of Law on Electronic Commerce: Columbian draft digital signature legislation.
CompuSource Certificate Authorities Home Page: South African CA.
Digital Signature Guidelines: American Bar Association digital signature guidelines, available as WordPerfect and Word documents.
Digital Signature Legislation: Comprehensive collection of links to digital signature legislation worldwide.
Digital Signature Trust (DST) Home Page: CA licensed under the Utah Digital Signature Act.
Dunkel Certification Authority: German CA.
European Framework for Digital Signatures And Encryption: Proposed EC framework for digital signatures and encryption.
Florida Digital Signatures - Final Report: Final report on the Florida digital signature guidelines.
European Electronic Signature Standardisation Initiative: EC initiative on standardised digital signature framework.
European ICE-TEL Project: PKI for Europe
Gatekeeper: Australian PKI project.
Global Trust Register: Global trust register for public keys in molecular form.
GlobalSign - Trust On The Net: European CA.
Government Public Key Authority: Australian government PKI project.
GTE CyberTrust Home: GTE CA.
Home Banking Computer Interface: German initiative for computerised home banking.
IAIK - ICE-TEL Information Service: Austrian CA.
IBM Registry and World Registry: IBM CA and PKI products.
ICAT Home Page: Japanese CA.
ICE-TEL: Top-level CA for European ICE-TEL CA infrastructure.
ICE-TEL Certification Infrastructure: European CA.
ID.EE: Combination Estonian electronic ID card page and world's shortest URL.
IETF-PKIX Qualified Certificates: X.509/PKIX profile for certificates specifically adapted for digital signature applications where the signatures need recognition equivalent to handwritten signatures.
IKS Zertifizierungsinstanz: IKS CA.
ILPF: Digital Signature Working Group: Initiative to harmonize dozens of incompatible digital signature laws.
Individual Network: IN certification authority.
Installing certificates and root keys in Internet Explorer and IIS: Instructions on installing certificates into MSIE.
Inter Clear - The UK's first Certificate Authority: UK CA.
Introducing SSL and Certificates using SSLeay: Nice introduction to cryptographic techniques, certificates, SSL, and SSLeay.
Internet PCA Registration Authority: IPCA public key.
IPS Seguridad: Spanish CA.
Janus's homepage: PKI, PKCS #11, LDAP, general security links.
Keyserver.de: Web-based PGP keyserver.
KeyTrust: German KeyTrust CA (part of the MailTrusT initiative).
Keywitness Canada: Canadian CA.
Kommunedatas certificeringscenter: Danish CA.
Legislating Market Winners: Paper which examines problems with existing PKI legislation.
MA.US/ITD/LEGAL: Massachusetts digital siganture and online commerce guidelines and information.
MC Home Page: The meta-certificate group (an alternative to X.509/PKIX-type certificates).
Minimum Interoperability Specifications for PKI Components: NIST PKI profile.
NZPKAF: New Zealand PKI work.
Object Identifiers Registry #1: Large collection of ASN.1 object identifiers.
Object Identifiers Registry #2: Searchable collection of object identifiers.
OCSP++ - An On-line Certificate Status Protocol: Modification of OCSP to provide a more workable system.
OnWatch Service - Public Key & Security Ref.: Bell Sygma CA.
OpenLDAP: Free LDAP server/client (update of UMich software).
OpenPathCA: Siemens CA toolkit.
Payment, Security & Internet References, Lynn Wheeler: Account authority digital signature (AADS) and X9.59 electronic payment standard information.
Pequi: Experimental PKIX implementation.
PGP Keyserver Interface: WWW interface to the PGP keyservers.
PGP Public Key Server: One of several web-based PGP key servers.
PGP Public Key Server for Yashy-hack and PGP-Users: Web interface for PGP key server.
PKAF: Australian PKI initiative.
Policy Certification Authority [DFN-PCA] Home Page: German CA.
Politecnico di Torino: ICE-TEL: Italian CA.
Public Key Authentication Framework: Tutorial: A tutorial on PKI.
Public Key Infrastructure: NIST's PKI information page - interoperability guidelines, PKI panels and overviews, PKI documents.
Public-Key Infrastructure (PKIX) home page: Home page of the PKIX working group.
Public-Key Infrastructure Standards: Slides from a talk on PKI standards and work in progress.
Regole tecniche per la formazione [...], anche temporale, dei documenti informatici: Italian digital signature law. This site uses weird URL's which don't always work, there's an alternative copy at http://www.interlex.com/testi/regtecn.htm. Another part in English is at http://www.aipa.it/english[4/law[3/pdecree51397.asp.
Regulierungsbehörde für Telekommunikation und Post - Digitale Signatur: Digital signature information published by the German telecoms/post regulation authority.
Roger Clarke's PKI Position Statement: PKI position statement including links to papers on the dangers of a PKI becoming a SurveillanceI.
SACA Home Page: South African CA.
SEIS: Secure Electronic Information in Society (SEIS) project in Sweden.
SI-CA: Slovenian CA.
Signet ID Home Page: Australian CA.
Singapore Controller of Certification Authorities: Singapore digital signature and CA legislation.
SIRCA: Securities Industry Association CA.
SISCER: Spanish CA.
SoftForum Certifying Center: Korean CA (all text is in Korean).
SPKI Certificate Documentation: Documentation and links for SPKI certs.
SPKI Requirements: Simple public-key infrastructure requirements.
SSH Communications Security ISAKMP test page / Certificate request processing: SSH test CA (issues certs in response to PKCS #10 requests).
SSLeay Certificate Cookbook: Cookbook for setting up a simple CA and working with server and client certs.
SSLeay PKCS#12 patch FAQ: Guide to hacking things so Netscape and MSIE will recognise certs generated by other software.
Structured Arts: X.509-related services.
Structuring X.509 Certificates for Use with Microsoft Products: MS's idea of how to set up X.509 certs. Note: Page needs Java enabled or it won't work.
Summary of Digital Signature and Electronic Signature Legislation: McBride Baker & Coles very comprehensive summary of worldwide digital signature legislation.
Swisskey AG: Swiss CA.
TC TrustCenter Certification Authority and Security Provider: German CA.
Telecom Italia Certification Authority: Italian CA (in Italian).
Telekom Trust Center: German Telekom CA.
The e-commerce debate in South Africa: Discussion forum on e-commerce issues from a South African perspective.
The Insecurity of the Digital Signature: A lawyer's comments on problems with digital signatures.
Time-Stamping: Links to information on timestamping research, protocols, papers, and patents.
tpki: Trivial Public Key Infrastructure.
TradeAuthority: General CA.
UK Academic PCA: UK CA.
UNI-C PCA: Danish CA.
UNINETT Certification Authority - UNISA: Norwegian CA.
United Nations - Electronic Signatures: UN draft articles on electronic signatures.
VeriSign, Inc.: Major worldwide CA.
Verisign CRL's: Verisign's CRL repository.
Verisign Repository: Information on digital ID's and certificates, certificate practices, and FAQ's.
Verzeichnisdienst der Zertifizierungsstelle [...] für Telekommunikation und Post: RegTP certificate directory.
VRK/PRC: Fineid specifications-HST määritykset: Finnish PKI profile (in Finnish)
Weaving a Web of Trust: Trust management on the WWW.
WebVision Developers Corner: CA toolkit and guide ("low-budget CA").
World Wide Wedlin CA: Swedish CA.
X.500 Directory Standard: Links to X.500-related information, standards, and references.
X.500 Registration Authorities: The number of these has doubled recently... a second one has been discovered in Petropavlovsk-Kamchatsky.
X.509 Sample Certificates: Various sample certificates including oddball fields and types.
X9F Taxonomy and Glossary - Lynn Wheeler: Definitions of crypto, PKI and financial services-related terms.

Security Agencies and Organizations

13th USASAFS Assn - Hill Postings: Messages from ex-Menwith Hill staff.
Ajax U.S. & International Government Military, Intelligence & Law Enforcement Agency Access: Links to intelligence and law enforcement agencies, defence agencies and laboratories, military and other government agencies.
A Most Unusual Collection Agency: Village Voice article on NSA's subversion of UNSCOM, and a comprehensive list of NSA bases worldwide.
An interview with the NSA: Description of a job interview with the NSA.
ASSIST: Automated System Security Incident Support Team (US DoD CERT).
AUSCERT - Australian Computer Emergency Response Team: CERT Australia home page.
Biometric Consortium: Biometrics standards, publications, and other information.
British Military Communications Homepage: Information on UK military comms (mainly frequencies and protocols used).
Bundesamt fuer Sicherheit in der Informationstechnik: The German version of the NSA.
Canadian Security Forum: Canadian computer security information.
CCRE - Welcome: Computer Coalition for Responsible Exports - industry group opposed to computer export controls based on cold-war fears.
Cerulean Technology - Law Enforcement Links
CESG Home Page: CESG (aka GCHQ) home page (pretty meagre).
CERT Coordination Center: Computer Emergency Response Team home page.
CIABASE: CIA veteran's ongoing analysis of CIA activities.
Codes and Codewords: Codes and codewords used in military projects.
Communications Security Establishment Official Page: The Canadian CSE's official web page.
Communications Security Establishment Unofficial Page: The Canadian CSE's unofficial web page, which is much more interesting than the official one.
Computer and Network Security Group: Politecnico de Torino computer and network security group.
Covert Action Quarterly: Articles on covert action and surveillance.
CRIS at WPI: WPI cryptography and information security research lab.
Crypto Drop Box: American Cryptogram Association home page.
CSIS - Main Menu: Canadian Security Intelligence Service.
Cypherpunks Home Page: The cypherpunks archive via HTTP. PGP, remailers, crypto papers, clipper, and pointers to further information.
Cypherpunks Tonga: Cypherpunks Tonga - various cypherpunks projects and work in progress.
DefenseLINK News Overview: US Department of Defence news releases, with an extensive archive of older material.
DoD classified spending for FY 1997: US classified military programs spending for 1997.
Defence Signals Directorate - Information Security Branch: The Australian NSA subsidiary.
Der Bundesbeauftragte für den Datenschutz: Germany privacy commissioner.
eicar - European Institute for Computer Anti-Virus Research: Anti-virus information, research groups, news.
GCHQ Homepage: The home page shows satellite SIGINT gear... most appropriate.
Ground Truth: Intelligence and Related Facilities: Spy bases worldwide.
History of Joint Defence Space Research Facility Pine Gap: Background information on Pine Gap in Australia.
HOMEVIDEOS.com - Top Secret, National Security Agency: 50-minute Discovery channel documentary on the NSA.
IEEE Cipher Newsletter Archive: Archives of the IEEE cipher newsletter containing a great deal of general news on crypto issues.
IFIP TC11 homepage: IFIP security in information systems technical committee home page.
Info-Sec Super Journal: An online InfoSec journal.
Intelligence and Counter-Intelligence Link Farm: Spying, US intelligence agencies, DoD, air force, navy, army, foreign intelligence agencies, whistleblowers, online intelligence archives, military intelligence, weapons technology transfer, industrial espionage, security companies.
Intelligence Zone: Assorted intelligence-related links and information.
International Association for Cryptologic Research: IACR home page.
Jindalee: OTH radar installation in Australia.
L0pht Heavy Industries: Hacking central, and a great source of information on security problems.
Menwith Hill Tours: "A beautiful piece of America, right here in England. You'll be amazed at how much you can learn about how much they know about how much you know". Wonderful :-).
Menwith Hill US Spy Base: CND's Menwith Hill page.
Military institute of government communication: FAPSI (Russian NSA).
NAIS Online Newsletter: National Association of Investigative Specialists newsletter. Information of interest to investigators, video surveillance, search and seizure, privacy techniques, legal issues.
National Computer Security Association
National Counterintelligence (NACIC) Home Page: Information on economic espionage.
National Security Agency High-Performance Computing Projects: Various high-performance computing projects sponsored by the NSA.
National Security Agency: The NSA's home page.
National Security Agency Unofficial Page: The NSA's unofficial home page (much more interesting than the official one).
National Security Archive Home Page: Archives, electronic briefing books, declassified documents, related information.
NSA: America's Fortress of Spies: The Baltimore Sun's six-part series on the NSA.
NIST Computer Security Resource Clearinghouse: NIST computer security resources.
NIST Computer Security Publications: NIST computer security publications.
NZ Intelligence Agencies: NZ Intelligence agencies.
Pine Gap: US spy base in Australia.
Pine Gap facts. The truth about the Joint Defence Space Research Facility Pine Gap.: Angry Fruit Salad background info on Pine Gap.
Possible NSA Decryption Capabilities: Analysis of possible NSA decryption capabilities based on extrapolation on Deep Crack.
Preparing for the 21st Century: GPO appraisal of the US intelligence community
Project on Intelligence Agency Reform: Lots of information on intelligence agencies which their home pages will never tell you.
RAF Chicksands Alumni Notice Board: Noticeboard for ex-Chicksands staff.
SAS- und Chiffrierdienst der DDR: Crypto devices used by East Germany.
Secret Kingdom: Various spook agencies in the UK.
Security Research Alliance: Security vendor consortium.
Security Resource Net: Intelligence, corporate and computer security, counterterrorism, personal security, legislation, news bulletins, upcoming events.
Seven Locks Software: Security news and information, software, online discussion forums, products and services, calendar of security events, firewalls, viruses, security courses and policies.
Sicherheit im Internet - Sicherheit in der Informationsgesellschaft: Information on encryption and security from the German government.
SPAWAR Information Systems Security Office Homepage: Space and Naval Warfare Systems Command information.
Spy Centre: Spy Numbers Stations: Information on numbers stations.
Trusted Computing Platform Alliance: Computer security... industry consortium... trusted systems... blah blah blah.
Trusted Systems Interoperability Group (TSIG): Trusted systems glee club.
Wullenweber or CDDA Antennas: Wullenweber antennas as used by the NSA.

Security Books, Journals, Bibliographies, and Publications

ACM Transactions on Information and System Security: (Just a call for papers at the moment).
Advanced Encryption Standard (AES) Development Effort: NIST's AES information page.
Aegean Park Press: Historical books on cryptography, intelligence, military history, and related topics.
alicebob: The story of Alice and Bob.
An Analysis of Security Incidents on the Internet 1989-1995: PhD thesis analysing 4,300 Internet security incidents.
An Electronic Pearl Harbor? Not Likely: Article debunking various Infowar myths.
An Introduction to Cryptography: Online book on cryptography (only the initial section is complete).
Archives for ansi-epay: ANSI e-paymnet list archives.
ATDL: US army field manuals, schools, strategies and systems.
Authentication, Key Agreement, and Key Exchange Protocols: Bibliography of key agreement protocols with links to authors and online papers.
Authentication Logic: Various papers on authentication and crypto protocol analysis.
Bibliography of Molecular Computation and Splicing Sytems: Bibliography on molecular computing, including attacking encryption systems using molecular computers.
Block Cipher Lounge: List of block ciphers, characteristics, and known attacks.
Block Cipher Lounge - AES: Current state of attacks on AES proposals
Brown Computer Science S/Key access: Information on the S/Key authentication protocol.
CAST Encryption Algorithm: Publications pertaining to the CAST encryption algorithm.
CEE VAR News: Central and East European Secure Systems Strategies (online security journal).
CHACS Publications: Centre for high-assurance computer systems publications.
Chablis - Market Analysis of Digital Payment Systems: Very comprehensive analysis of a wide variety of electronic payment systems.
Charles Blair's Notes on Cryptography: Number theory, public-key encryption, RNG's.
Checkliste für den datenschutzgerechten Einsatz von Windows NT: Guidelines for securiny an NT system (other than by unplugging it).
Code Signing for Java Applets: Howto for Java code signing for Netscape and MS products.
Collection of Computer Science Bibliographies: About 1000 CS bibliographies with around 800,000 references.
Collection of Lecture Notes, Survey Papers, etc: Assorted lecture notes and papers, including ones on crypto.
Communication Theory of Secrecy Systems: Scanned images of Shannon's classic communications security paper from the Bell Systems Technical Journal.
Computer & Communications Security Reviews: Abstracts of new computer security-related publications.
Computer Immune Systems -- Research: Immunology concepts applied to computer security problems.
Computer Science Technical Reports Archive Sites: Links to sites which distribute CS tech reports.
Computer Services : Administrator's Pages : NT stuff: Installing a student-proof NT setup.
Computer Virus Handbook: Seven Locks' online virus handbook.
Computer Virus Myths treatise: Comprehensive collection of virus myths, hoaxes, and vendor press releases.
Counterpane Homepage: Bruce Schneier's "Applied Cryptography" information.
Credit Card Transactions: Home Page: Overview of CC terms and mechanisms, including discussion of various online CC processing methods.
cryp.to -- The Cryptographic WWW Server: Various PGP developers list archives.
Crypt Newsletter Homepage: Various reports from the computer underground on hacking, security, viruses, hackers, and related issues. Many of the reports debunk common urban legends and media myths about computer security.
Crypto Glossary: Terry Ritter's crypto glossary (long).
Cryptography: Good overview of cryptography, digital signatures, certificates, and trust management.
Cryptography and Number Theory for Digital Cash: Introduction to crypto and number theory for digital cash.
Cryptography: some important points for beginners: Crypto FAQ for beginners.
Cryptologia.
Cryptosystems Journal Home Page
CSL Bulletins: NIST Computer Science Laboratory bulletins
CSPP - Reports: Computer Systems Policy Project reports, including several covering encryption and e-commerce.
CuD "Computer Underground E-Publications - Top Level" Archive
Cypherpunks Archive Index: Cypherpunks mailing list archive.
Cypherpunks Archive: Searchable archive of the cypherpunks mailing list.
Cypherpunks HyperArchive: Cypherpunks mailing list archive.
Dabbling in Cryptography: 1970's cryptanalysis of the M-209.
Data Encryption Page: Overview of encryption and encryption algorithms, links to further information.
Data Security by Design: Designing buildings to thwart electronic eavesdropping.
Dave's Crypto Index: Collection of misc.papers and publications on crypto algorithms and implementations.
David Kahn Interviews: Transcripts of interviews with David Kahn
David Wagner's Crypto Posts: General cryptography, cryptanalysis, computer security.
DDJ Crypto CD: Several notable crypto books collected onto one CDROM.
DDJ, December 1998: DDJ issue on computer security including Twofish, Panama, e-commerce protocols, and smart cards.
des-coding List Archive: Archive of the des-coding mailing list.
Disk and File Shredders: A Comparison: Comparison of various (Windows-based) file erasing programs.
dp6 and the 7th USENIX security symposium: Writeup and photos from the 7th Usenix security symposium.
e$ Home Page: The e$ mailing list, information on digital cash clearing, digital bearer bonds, financial cryptography, and related topics.
[E-CARM] E-Commerce and Rights Management: E-commerce mailing list and archives.
ECC FAQ: Elliptic curve cryptography FAQ.
ECS 153 Winter 1998, Robust Programming: Tutorial on robust programming.
EIT Creations: Secure HTTP: Information on the SHTTP protocol.
Electronic Surveillance: Large archive of documents on electronic surveillance.
Elliptic Curve Cryptography: Tutorial on elliptic curve crypto.
Elliptic Curves and Cryptology: Elliptic curve bibliography.
Elliptic Curve Tutorials: Tutorial on elliptic-curve crypto.
Encryption News Resource Page: Encryption and security-related news stories.
Enigma and Its Decryption: Details on the Enigma machine and software simulators.
Enigma and the Turing Bombe: Description of the Bombe and bombe simulator.
Enigma bibliography
Entrust Whitepapers: Entrust white papers and tutorials on security, encryption, certification.
EPFL - LSE - Project CrySTINA: Papers and information on the Cryptographically Secured Telecommunications Information Networking Architecture.
Ernst & Young LLP - Information Systems Assurance and Advisory Services: Report on e-cash.
Evaluation of Micropayment Schemes: HP tech report evaluating various micropayment schemes.
Finding the Key: Economic Strategy Institute study on crypto markets and policy.
Firewalls mailing list: Firewalls mailing list archives.
Foundations of Cryptography by Oded Goldreich: Fragments of a book (4 of 10 chapters exist).
Frog Encryption Algorithm: Design and source code for the Frog AES submission.
Great Crypto & Info Security Quotes: Various neat crypto and security-related quotes.
GSM Network Security: Description of GSM network security and encryption considerations.
Hack-Tic Magazine Archive: 1989-1994 Hack-Tic magazine archive (scanned images, in Dutch).
Handbook of Applied Cryptography: Information on the book (well worth getting).
Heise News - Ticker: News ticker which often carries crypto and security-related stories (in German).
Historical Crypto Links: Links to sites containing information on Enigma, Purple, Magic, and other WWII-era crypto.
History of Computer Security: Computer security papers from the 1970's.
History of NSE Home Page: Prehistory of public-key crypto from GCHQ.
HNN - H a c k e r N e w s N e t w o r k: Security and hacking information, news, and software.
How to find security holes: Tutorial on finding (and fixing) Unix programming security holes.
House of Commons - Trade and Industry - Seventh Report: UK DTI report on crypto policy.
HSC -- Herve Schauer Consultants: Reports and publications on security, crypto, security protocols and implementations.
HTTP Security group of W3C: W3C security resources.
IBM Patent Server Home Page: Access to over 2 million US patents, including many crypto and security-related ones
IDaSS designs: DES encription/decription device: DES ASIC designed as a student project.
IDEA Algorithm - Ascom Systec Ltd.: Information on the IDEA algorithm.
IDEA: A Cipher for Multimedia Architectures?: Paper on a fast MMX implementation of IDEA.
IEEE Computer Security and Privacy: IEEE Computer Society press online catalogue, security and privacy section.
ietf-open-pgp mailing list: PGP standardisation mailing list, RFC's, and archives.
ietf-pgp-mime mailing list: PGP/MIME RFC's and mailing list archives.
ietf-smime mailing list: S/MIME RFC's and mailing list archives.
Index of Crypto Papers Online: Bibliography of online crypto papers.
Info Security News
Information Security Resources: Idaho State Uni security library.
INFOSEC: Homepage: European Commission INFOSEC publication.
Integrity Sciences, Inc. SPEKE password authentication: Authenticated DH key exchange.
interhack publications: Various security-related publications: Firewalls, network security, Skipjack/KEA specs (more readable than the NSA originals).
Internet drafts: Current internet drafts, including many security-related ones (but you really need to know what you're looking for).
Internet Infrastructure Protection - DNS Security: DNS security RFC's and sample code.
Internet Legal Practice Newsletter: Internet-related legal issues (relevant to electronic commerce).
Internet Mail Security Alternatives: Paper exploring and comparing different versions of S/MIME and PGP.
Internet/Network Security - Welcome from The Mining Co.: Crypto/security-related news stories.
Introduction to Crypto Systems: Lecture slides from a seminar by Vinnie Moscaritolo.
Introduction to the Use of Encryption: Introductory overview to encryption systems.
Introduction to Cryptography: Ives Gobaus's easy introduction to cryptography.
Java Security: Frequently Asked Questions: Java security questions and issues.
JIBC - Journal of Internet Banking and Commerce: Electronic commerce, legal issues, EDI, etc.
JILT: Home Page: Journal of Information Law and Technology.
Journal of Craptology Home Page: Crypto journal with papers the others won't print.
JYA Crypto: John Youngs collection of crypto links, mostly covering crypto social issues, laws, espionage, government regulation, and an amazing array of other interesting things.
Keyed MD5: Papers on HMAC's.
Keyserver Bibliothek: Publications on PGP, PGP keys, digital signatures, and crypto politics (most in German).
Kryptologie I - Material: Information and programs for breaking historical ciphers (monoalphabetic and polyalphabetics, transposition ciphers.
Largest Known Primes: Collection of large primes and primality-checking information.
Lawries Cryptography Bibliography: Searchable index of over 800 crypto and computer security articles.
Linux Security Home Page.: Linux security information.
LOKI97: The Loki97 block cipher (submitted for the AES).
Mac Crypto - Info: Mac-Crypto conferences and digests.
Mach5 Software Cryptography Archives: Overview of crypto, catalogue of crypto algorithms.
Maksim Otstavnov's HomeWall: Russian publications on encryption, digital finances, e-commerce.
Market Model - DBI Underwriting: A market model for digital bearer instrument underwriting.
Maximal Length LFSR Feedback Terms: Maxmimal length LFSR feedback polynomials.
Micropayments on the Internet: Overview of various micropayment schemes.
Microsoft CryptoAPI mailing list archives.
MISTY - Mitsubishi Electric's Encryption algorithm: Description of MISTY.
NameBase Book Index: Reviews of books on intelligence agencies, high-tech, military, and a potpourri of government agencies, drugs, elites, big business, organized crime, terrorism, US foreign policy, and so on.
NASA Technical Report Server (NTRS): NASA tech reports search engine.
National Information Systems Security Conference Page: Information and proceedings from NISSC conferences from 1996 onwards.
NCSTRL Home Page: Networked Computer Science Technical Library, searchable technical report repository.
Netscape DevEdge Online: Netscape security-related documentation.
Network Computing: Various articles on encryption from Network Computing magazine.
Network Encryption - history and patents: Patents on network encryption.
Network-1 White Papers: Various white papers on firewall design.
New Book Series: Information Security and Cryptography: Springer-Verlag book series on crypto and security.
New Zealand Digital Library: Bibliogaphy/tech report/FAQ searchable index.
Nicolas Tadeusz COURTOIS home page: HFE PKC. Patented :-(.
Non_secret_encryption: Newspaper article on early (spook) PKC development in the UK.
NSA to NARA OPENDOOR Bibliographic Index: Index of NSA declassified documents.
NSA/X31 Documents: NSA firewall-related documents and firewall performance tests.
NSAM-160: Scanned copy of declassified 1960's memo on NSA public-key encryption research.
NSA Cryptographic API 2nd Edition - 01 July 1996: NSA comments on various crypto API's.
NSG Publications: IBM Network Security Group publications.
NT Domain Authentication: NT/CIFS domain authentication specification.
NT Security - Frequently Asked Questions version
NTRU Cryptosystems Home Page: Another new PKC.
On cryptosystems untrustworthiness: Interesting paper on security problems due to improperly implemented encryption systems.
On Distributed Communications: Security, Secrecy, and Tamper-free Considerations: 1964 Rand Corporation report on cryptography and security.
OpenBSD Security: OpenBSD security advisories and information.
OSS ASN.1 Resources: ASN.1 whitepapers and resources (ASN.1 is used in various security standards).
Outlook Express Digital IDs & Encryption: FAQ on OE's use of certificates and encryption.
Overview and Analysis of Cryptographic Methods: Tutorial and analysis on RSA algorithm.
Overview of Certification Systems: Comments on various certification and certificate management systems and methods.
Patent Database Access: Search the US patent database for crypto patents.
Permissive Action Links: Technology used to control US nuclear weapons.
PGP 5 Users Guide: Online guide to PGP 5.0
PGP Attack FAQ: List of potential problems in PGP.
PGP Passphrase Survey: Survey of PGP passphrases which also indicates which key sizes people prefer when they have a choice.
PGP Quick Reference: Command reference card for PGP.
PGPfone Mailing List Archive
Phrack Magazine
President's Commission on Critical Infrastructure Protection.: Various US government agencies look at Jobsec^H^H^H^HInfosec.
Prime Page (An Index of Information on Prime Numbers): Everything you need to know about prime numbers.
RIPEMD-160 page: RIPEMD-160 information and implementations.
RSA Labs Frequently Asked Questions: Frequently asked questions about encryption algorithms, techniques, protocols, and services.
RSADSI'S Art Gallery: Cool crypto-related pictures.
S.A.F.E.R. - Security Alert For Enterprise Resources: Free monthly security newsletter.
Safer Net - Kryptografie im Internet: German crypto book with comprehensive coverage of crypto and security protocols.
SATAN-ism: Computer Security Probes Over the Internet - Shrink Wrapped for Your Safety?: Includes a good chronology of hacking and security incidents.
Second Advanced Encryption Standard (AES) Candidate Conference: AES conference info including all the conference papers in PDF format.
Secret Code Breaker: The Books: Books on breaking various historical ciphers.
Secure Books: Protecting the Distribution of Knowledge: Protecting electronically published medical books, including problems experienced with the X.509 PKI in practice.
Secure Shell (secsh) Charter: ssh working group home page.
Secure UNIX Programming FAQ: Guide to secure Unix programming.
Securing Java: Getting Down to Business with Mobile Code: Online book (also available as molecules, 368 pages) on (trying to) secure Java.
s e c u r i t y f o c u s: Security information, papers, news, and alerts.
Security Handbook: Seven Locks' online security handbook.
Security in Lotus Notes and Internet: Description of Lotus Notes differential workfactor encryption.
Security Issues in WWW: Various WWW security issues.
Security News: Links to various security and e-commerce related sites and publications.
Security Policy Models: Descriptions of various security models (only partially complete).
Security Protocol Workshop'97: Preprints of papers from the workshop.
Selection of Security/Encryption Bibliographies: Meta-search-engine which allows searching of multiple security-related online bibliographies.
Self-Study Course in Block Cipher Cryptanalysis: The title says it all.
SET Journal: Journal devoted to SET and SET implementations.
SET Protocol: Business Implications and Implementation: A good general overview of the implications of SET.
Shahram (publication): Linear cryptanalysis of DES (MSc thesis), various papers on hash functions.
Shake Security Journal: Online security journal covering various computer security issues.
Short Course in Cryptography: Exactly what the name says.
Scrambling News: Satellite TV scrambling and descrambling methods.
Search Security Bibliography: Retrieve documents from a large archive of crypto/security papers.
Secure Electronic Mail: Overview of secure email and secure email technologies and standards.
Selection of Computer Science Bibliographies: Crypto and security-related bibliographies (conferences, journals, papers, and tech reports).
Signing Applets for Internet Explorer and Netscape Navigator: Overview of code signing.
Signing Code with Microsoft Authenticode Technology: Microsofts online code signing docs.
Smith's Internet Cryptography Site: Chapter outline pages include links to crypto-related publications and resources.
SNDSS'96: Symposium on Network and Distributed Systems Security (SNDSS'96) proceedings.
Springer-Verlag New York: Publishers of LNCS (crypto and security conference proceedings).
SSL Pipermail Archive: ssl-talk mailing list archive.
SSL-Talk FAQ: The SSL discussion list FAQ.
Survey: corporate uses of cryptography: Survey of corporate applications of and attitudes towards encryption.
Tasty Bits from the Technology Front: Free technology newsletter which includes coverage of encryption issues.
Technical Papers at Psionic Software Systems Inc.: Covert channels using TCP/IP (including source code).
Technical Report Archives in Computer Science (By Institution): Links to tech report archives at various universities.
Technical Reports Search Service: Search engines for tech reports, theses, conference proceedings and books held at universities worldwide.
Technology and Society Book Reviews: Reviews of books covering technology, privacy, commerce, security, and the law.
TECS: The Encyclopaedia of Computer Security: Monthly computer security newsletter.
The Blowfish Talk: How to Discuss Blowfish With Your Child: Metaphysical analysis of the Blowfish algorithm.
The Book point: Links to various crypto-related books.
The Collection of Computer Science Bibliographies: Large collection of computer-science-related bibliographies, including encryption and security issues.
The PDF Encryption Format
Öåíòð Çàùèòû Èíôîðìàöèè: "Theory and practice of information security", includes information on a number of security problems in current implementations.
Theory of Cryptography Library: Online library of papers on crypto theory.
Thin Client Security Homepage: Information on and analysis of thin client security features and issues.
Thomson EC Resources: Electronic commerce events, news, articles, and information.
TSI International: Electronic commerce and EDI resources.
Turing's Treatise on Enigma: Turing's treatise on the Enigma, c.1940.
UCL Crypto Group - Call for papers: CFP's for conferences, including crypto and security conferences.
UCSTRI -- Cover Page: Unified computer science tech report index.
Underground: Cool book on hacking in Australia.
Understanding X.500 - The Directory: Online guide to X.500 (HTML version of a book on X.500).
United States Navy EKMS WebPage: Key management.systems as used by the US military.
USENIX Conference Proceedings: Includes material from Usenix security conferences and symposiums.
USS Pampanito - ECM Mark II: Electronic Cipher Machine (SIGABA) details.
Verifying Security Protocols Using Isabelle: Various papers on verifying security protocols.
Virtual Private Network Consortium -- VPNC: VPN (IPSEC et al) consortium, including IPSEC RFC and mailing list archives.
Wim Van Eck: van Eck/TEMPEST eavedropping.
Windows-NT-Netze im Krankenhaus: Security guidelines to NT including links to other NT security resources.
Workshop on Selected Areas in Cryptography (SAC): Proceedings of the SAC conferences (abstracts only before 1996).
Writings in Esoteric Scripts from Qumran: Encryption in the Dead Sea scrolls.

Security People

Links to home pages of cryptographers: Large list of links to cryptographers home pages.
Links to cryptographers: Berkeley list of cryptographers.
Ross Anderson
Mihir Bellare
Steven Bellovin
Eli Biham
Wei Dai
Dorothy Denning
Oded Goldreich
Shafi Goldwasser
David Jablon
Bob Jenkins
Phil Karn
Lars Knudsen
Markus Kuhn
Markus Kuhn: (Another version of the amazing relocatable home page).
Stefan Lucks
Terry Ritter
Ron Rivest
Phil Rogaway
Greg Rose
Ken Shirriff
William Stallings
Doug Stinson
Serge Vaudenay
Boudewijn Visser
Bennet Yee
Yuliang Zheng

Security Problems

$10,000 DES Challenge: RSADSI's encryption-breaking challenge.
Accidental Trojan Horses: How to run arbitrary code on a Windows machine via email or the web.
ActiveX - Conceptual Security Flaw: Using ActiveX to steal money via fake bank transfers.
ActiveX security check page: Sampling of dangerous ActiveX controls which can be used to run arbitrary code on your machine.
aLoNg3x'S hOmEpAgE: Links to assorted cracking and hacking sites and resources.
Analysis of DVD ContentsScrambling System: Cryptanalysis of CSS.
AOL-Security Pages: AOL security problems (some fairly scary).
Architectural considerations for cryptanalytic hardware: Breaking RC4, A5, DES, and CDMF with FPGA's.
Archive of Hacked Websites: Various web pages which have been altered by hackers.
Armageddon: Packet sniffing and spoofing.
ATTRITION Mirrored Sites: Mirror of defaced web pages.
Back Orifice: Backdoor access to Windows machines which allows them to be controlled from anywhere via the net.
Back Orifice Removal - BORED: Tool to scan for and remove Back Orifice.
Basement Research: SMB session sniffer, NT TCP/IP connection killer.
BO2K - Back Orifice 2000: Windows trojan allowing remote control of a machine, file transfer, keystroke logging, registry access, and user plugins.
Bokler's Guide to "CRACKER" Software: Programs to break the "encryption" on a number of DOS and Windows programs.
Buchanan International: Password recovery (apparently they're just a reseller for Access Data).
BugNet: Wintel PC bugs, including occasional security problems and holes.
Bugtraq Archives for July 1995 - present: Security vulnerability archives.
Bugtraq mailing list archives: Security vulnerability archives, 1993-present.
CCC klont D2 Kundenkarte: CCC cloning of GSM SIM's and software SIM emulator (in German).
CCD : software cablecrypt decoder: Decoder for cablecrypt-enrypted PAL TV signals.
Cellular Telephone Experimentors Kit: Completely control an OKI900 through a computer (including many neat things you're not supposed to be able to do).
Channel 1 File Library:Unprotects: Unprotects for a large amount of software.
Chaos Computer Club
Cmos, LILO, NT passwords - Antivirus: Edit NTFS partitions, reset NT/CMOS/LILO passwords.
Computer Crime Reference Index: Organisations, publications, legal resources, security advisories, mailing lists.
Computer Security Information: Information on password cracking, denial-of-service attacks, and NT security holes.
Cookie Jar: Control which web servers can get cookies.
CooL_MoDe's Kewl World: Exploit files for a wide variety of Unix security problems.
Craaack Labs: "We make the things that break the things that you make".
CRAK Software: Password-recovery software for Word, Excel, 123, Quattro Pro, WordPerfect, Quicken, etc.
Crash Netscape: This URL will crash Netscape (and make Windows unusable for Win 3.x) when connected to.
Crashing IE4: Combines the MSIE res security hole and the Pentium F00F bug to lock up any Pentium machine running MSIE.
Crypto & Hacker Linkz: Links to crypto and password-recovery pages.
Cryptography Research - Differential Power Analysis: Powerful noninvasive analysis technique for recovering information (eg encryption keys) from smart cards.
Cybercrime on the Internet: Cyberciminals and cybercrime buzzword buzzword hacking buzzword fnord child pornography buzzword fnord.
Cypherpunks Key Cracking Ring: The cypherpunks attack crippled US export-approved encryption.
Cypherpunks SSL challenge broken: The cypherpunks break crippled US export-approved encryption.
Death by ActiveX: More ActiveX security holes.
Decompilation of Binary Programs - dcc: Decompiler for reverse-engineering 80x86 software.
Defiants Eurosat.com: Pay TV and smart card hacking information.
Déjà Vu All Over Again: BYTE article in plethora of NT security holes.
DES Challenge Coordinated Effort: SolNET RSADSI DES challenge.
DES Challenge Attack: Distributed software attack on DES
Denial-of-Service FAQ: The denial-of-service FAQ.
Device Object Security: Problems with Windows NT device object security.
Digital Signals Monitoring with your scanner: Monitoring trunked radio nets with scanners.
distributed.net - Node Zero: Distributed computing applications (such as encryption breaking).
D.O.E. SysWorks: Links and information on security weaknesses, password recovery, key recovery tools, reverse engineering. Of particular interest is the information on the large number of snake oil crypto programs out there.
Ericsson Unlock Devices: Unlock and generally mess with Ericsson GSM and PCN phones.
ERL PTT: Monitoring Inmarsat: Inmarsat interception using standard commercial gear, with an example of interception of sensitive political information and electronics smuggling to the Iraqi internal security organisation.
Eye Tech Surveillance = Products Page: Transmitters, phone taps, listening devices, computer bugs.
Factorization of RSA-130
Forbes ASAP: Hack Attack: Hackers test the gullibility of a Forbes reporter.
Forbes addendum: EMP weapons: Calling Victor von Doom: Debunking some of the more outrageous parts of the Forbes story.
Forbes addendum: The Netly News - EMP Gun: Another writeup on the EMP gun urban legend.
Fravia's page of reverse engineering: Much information on reverse-engineering software.
Fravia's Steganography Starting Page: Stego information, including how to defeat various steganography-based watermarking techniques.
Fun and Games with PGP: Potential PGP weaknesses and problems.
Fyodor's Exploit World, Exploits for many Operating Systems including Linux,Solaris,Microsoft,Macintosh. For Hackers, Hacking, Computer Security auditing & testing: Catalogue of security holes and exploits for Windows and various Unixen.
GB_SOFTWARE(English): Red and blue box software, IR car door unlocker for the Gameboy.
Georgia SoftWorks - Windows NT Password Guard!: NT password grabber.
Greg Miller's Home Page: Crypto, AI, and Networking: Netware-related security problems and issues.
GSM cellphone cloning: The Smartcard Developers Association proves that GSM security isn't nearly as good as the vendors claim.
GSM Cloning: The ISAAC group's page on the GSM security breach.
Gullibility Virus: Frightening new virus running rampant on the net.
Hack Watch News: Satellite TV security and insecurities
Hacker's Encyclopedia CDROM: CDROM full of files on every aspect of computer security and how to bypass it.
Hacker's Homepage: Web interface to anonymisers, Internet tracing/lookups, white pages, reverse phone directories, satellite imaging, DNS scanning.
Hacking Novell Netware FAQ
Hacking Texts: Various texts related to hacking and security.
HackZone: Information on viruses, trojans, denial-of-service problems, and other security weaknesses.
HAM Radio Software: POCSAG decoder for monitoring pager messages.
Hardware Hacks: Hardware hacks, mainly mag.card related.
Hardware Security Links: Links to information and equipment suppliers for TEMPEST and hardware penetration attacks.
Home of Mnemonix - Welcome!: Various NT security problems.
Hostile Applets Home Page: Various hostile Java applets.
H/P/C/V Utilities: Password crackers, carding, war diallers, key generators, hex editors, links to related sites.
Hyperlink Spoofing: SSL server authentication attack.
ICKiller can be deadly: Warning about ICQ toolz/ICKiller, which installs nasty trojans in your system.
Infilsec - Vulnerabilities: Vulnerabilities database for various OS's.
Inside the Windows 95 Registration Wizard: What the Windows 95 Registration Wizard is *really* doing with your system.
Internet Attacks: A (very complete) taxonomy of Internet attacks.
Internet browser access to your hard drive: How to access your local hard drive with a web browser.
Internet Explorer Expoit #4: IE security hole which allows your logon username and password hash to be grabbed over the net, regardless of firewalls or use of "strong" passwords. 14,000 passwords grabbed so far by this site alone, with no apparent attempt by MS to fix it.
IOPUS Software: Automatic, invisible POP3 / SMTP email sender sender: Secretly monitor and mail files to other machines.
ISS NT Security Library: Links to sites covering NT security issues.
Java Code Engineering: engineer & reverse engineer Java class files: Links to books and articles, disassemblers, decompilers, and deobfuscators.
John the Ripper: Unix password cracker, including MMX version which is 30% faster than the standard one.
K^KakO^B Cracking Tools Page: Password breakers for Trumpet Winsock, Eudora, Win95 screen saver, Netscape mail, Win95 shared items, Pegasus mail.
Key Code Generators: Key and unlock code generators for large amounts of software.
Key Recovery Alliance: Communicate secure in the knowledge that only the US government is listening.
Key Recovery Technologies: How to implement espionage-enabled software.
Key Recovery Utilities and Resources: Key recovery utilities, tutorials, programs (including ones to break Arj, BIOS passwords, Compuserve, Contraband 9G, Crypt-o-Text, Cryptic Writer, CuteFTP, CyberSitter, Encrypt-It, Eudora, MS Access, MS Word, MS Excel, Norton Diskreet, Novell Netware, RAR, 40-bit S/MIME, Stacker, Turbo Encrypto, Wincrypt, Windows NT password, WordPerfect, WS_FTP, and Zip), and resources.
M2mike's Corner of the Web: Information on breaking various security systems used by schools (mostly Win95-related - this is "security" for very small values of security).
Maximum Security: Updates on Internet and Internet software security problems.
MDT Monitor for Windows: Software to decode police mobile data terminal messages.
Microsoft CD Key Authentication Revealed!
Microsoft FrontPage 98 Security Hell: The infinite security holes in FP for Unix.
Microsoft IIS Web Server Security Bugs: Security holes and bugs in Microsofts Internet Information Server.
Microsoft Password Recovery Software: Recover passwords for MS Word, Excel, Access, Money, and VBA projects.
MS Word & Excel security weakness: Recover passwords for all newer versions of Word and Excel.
Mini-FAQ: NT Password Attack & defences: NT password cracking FAQ.
Money Protocols: Things which can go wrong with smart cards.
MOSIACs CSDU: Cellular signal destruction unit (in other words a GSM jammer).
Netbus: Windows backdoor access server.
Netscape Security Problems: Security flaws in Netscape.
Netware/Windows NT/Web Hack FAQ: Security problems in Netware, NT, web servers and browsers.
New Media Laboratories - Crypto: Distributed attack on RC5.
No First Virtual: Security problems with First Virtual.
(Not only) Russian Password Crackers: Good collection of password breakers and crackers for a variety of programs.
Novell Remote.NLM Password Decryption Algorithm: How to decrypt Remote.NLM passwords for Netware 4 and 5.
Nowhere to Run: TEMPEST monitoring.
NSClean information: Clean up various Netscape files which record information on you and your net activity.
NTAccess: Change the Windows NT administrator password.
NT Crack: Very effective NT password cracker.
NT Exploits: Windows NT security holes and exploits.
NT Internals: Not directly security-related, but contains a lot of useful technical information and source code to bypass or upset NT's security controls.
NT offline pw-util, bootdisk: Password change and general system editing utility for NT.
NT Security Home: NT security issues and concerns, security tools.
Nurse your Net Nanny!: How to disable various Internet blockers (and these things are supposed to be childproof!).
On the topic of Firewall Testing: mjr on firewall testing and certification.
Palmtop plunder: Breaking into cars using a PalmPilot.
pan1k?: Assorted information on security problems and programs (AOL, Netware, boxing, carding, encryption, password-cracking, virii, satellite TV, text files).
Pandora: Reverse-engineering Novell's directory services (includes Novell password breaker).
Paradox Specs: Decode Paradox tables without knowing the password.
Password Removal Tactics: How to remove/bypass password/"encryption" protection for a variety of software.
Password recovery software: Password recovery software for NT, Zip, Arj, and all MS Office programs.
Pavel Semjanov's Home Page: Assorted key and password breakers (partially in Russian).
PC Keyboard Bug: Hardware keyboard bug which records 2,500 keystrokes.
Phrack Magazine Home Page: Security problems, hacking, hacker conferences, general news.
Phrozen Crew - News: Various Win32-related security utilities.
PIC16C84 Security: How to bypass the 16C84 security fuse.
Ping o' Death Page: Problems with remote machines crashing whens sent long ping packets (this affects Unix systems, Macs, Netware, routers, printers, ...).
PIR8 Underground : Home Of KeyGenz: Crackz, Keygenz, and other things ending in z (including cracks for a large number of copy protection schemes like Vbox, SalesAgent, softSENTRY, TimeLock, and many others).
PkCrack - Breaking PkZip-encryption: An implementation of the Biham/Kocher paper (complexity 2^38).
PKI and Smart Cards: Security holes in a large smart-card based PKI project.
PPN: Phone punx network.
Pwdump2: Dump NT password hashes even with Syskey installed.
. r a i n . f o r e s t . p u p p y .: Rain.Forest.Puppy's collection of NT security holes and information.
Random Credit Card/Check Card Fraud with Small Charges: Warnig about an online credit card fraud technique.
Read text/HTML file with Internet Explorer: Demo of MSIE bug which allows arbitrary files to be read from your machine.
Reverse Engineering the LEGO RCX: Tutorial on reverse-engineering a microcontroller.
RISKS Forum Archives: Archives of the ACM forum on risks to the public in computers and related systems (use the arrow icons to move to other risks volumes).
Risks Of "Key Recovery," "Key Escrow," And "Trusted Third-Party" Encryption: Report on GAK risks by noted cryptographers.
RISKS Search results for Explorer,MSIE,MS IE,ActiveX: Security and other problems in MSIE.
rootshell.com: Searchable archive of Windows and Unix security problems.
RSA Challenge '97--Break the Key: RSA encryption-breaking challenge (40 bits in 3.5 hours, 48 bits in 13 days).
Satellite Code Network: Network of ~300 sites devoted to satellite TV hacking and related topics (eg smart cards, decoders, smart card programming).
SatHack HomePage: Satellite TV hacking, cards, software, programmers, and codes.
School Security Flaws: Collection of typical security problems and holes in school computers.
Scott Schnoll's Unofficial Microsoft Internet Explorer Security FAQ: Bugs and design flaws in MS Internet Explorer.
Sécurité & Piratage: French security page with information on security problems, backdoors, and patches.
Security Survey of Key Internet Hosts: Security survey which found that two thirds of the WWW hosts checked had security problems.
SecurID Weaknesses: Paper on potential weaknesses in SecurID.
Sekcia bugs: Large collection of security bugs in most major OS's.
Shutdown Windows: Shut down Windows 95/98 from Java. So much for the sandbox.
S/MIME Screen Saver: Screen saver which breaks 40-bit S/MIME encryption.
Snake Oil FAQ: Snake oil warning signs - encryption software to avoid.
Snoopie, a TCP login tracer for DOS-machines: TCP/IP login tracer which sniffs logins for FTP, telnet, POP3 connections.
SSL implementation bugs: List of known SSL implemetation bugs.
Stack Smashing Security Vulnerabilities: Resources related to stack-overwriting security holes.
Stealth Keyboard Interceptor: Completely invisible interceptor which logs keystrokes, URL's, executed, dates, times, mouse click events, etc, with optional encryption.
StealthLogger official homepage: Windows 95 and NT keystroke logger.
Stone's WebNote: Windows PE compressors, deprotectors, unwrappers, anti-debugging/tracing, executable encrypters, and other useful Windows programming/hacking tools.
Supplementary Analysis of the Royal Holloway Key Escrow Scheme: More weaknesses in Euro-Clipper.
swaptec: Broadcast everything in your home all over the neighbourhood, secured with 40-bit crypto.
The BioArchive: Novell Netware, cellular phone, and other security problems.
The Codebreakers: Assorted virii, including a PGP keyfile-stealing virus.
The Hacker's Choice - Official HomePage: THC home page.
T H E · L E G A C Y: Hacking/phreaking information and links. Load this one with Java disabled.
The Reversal of NetNanny: Reverse-engineering and cryptanalysis of NetNanny.
The Sanctuary: Satellite TV hacking info: D2Mac, Eurocrypt, Videocrypt, Multimac, etc.
"The Stalker's Home Page": What others can find out about you using online search engines.
The TEMPEST Information page: Much information on TEMPEST eavesdropping and its prevention.
The Toolbox: Various Windows security tools (port scanner, find processes listening on ports, obtain various privileges on a system).
Threats to your security on the Internet: Information on various NT trojans (Back Orifice, Netbus, etc).
Tools!: Crackers for MS Office, Excel, Word Perfect, Word, Pkzip, and other programs.
Ultra Zip Password Cracker: Fast Zip password cracker.
Underground Railroad: Filez! Warez! D00D!<
(Various encryption-breaking utilities and other programs. There's a main page for this, but it's so encrusted with Java and animated graphics and sounds that it's unusable).
unix / net / hack page: Unix security problems, software, documentation, RFC's.
VBA Key: VBA password recovery (allows viewing of VBA source code).
Visual Domain - Homepage of Erwin van den Berg: How to remove the region coding of Creative Labs DVD drives - choose the "Documentation" link.
Vulnerability Database: Database of common security vulnerabilities in RPC's, sendmail, firewalls, and various other categories.
Weaknesses in Euro-Clipper: Various weaknesses in the Royal Holloway "trusted third party" ley escrow scheme.
Web Pages we’d like to see:: (This one's good enough to deserve its own reference).
Whitehats.com Internet Security Good Guys: Unix security advisories and updates.
Why I Don't Like Microsoft's FrontPage Web Authoring Tool: Long list of gaping security holes in FrontPage for Unix.
Why You Need ACG: Grabbing car alarm codes.
Windows 95 *.PWL Cracks: Security problems with Windows'95 (and Win3.x) password files.
Windows 95 and MSIE Security Hole: Security hole which allows your Win'95 password to be obtained from anywhere on the net.
Windows NT Buffer Overruns - RASMAN.EXE: Explanation of Windows NT buffer overruns using RAS as an example.
Windows NT Password Cracker
Windows NT Password Recovery Service: Recover passwords for Windows NT servers, domain controllers, and workstations.
Windows NT Security Administrator: Windows NT security problems and solutions.
Windows NT Security Issues: Windows NT security issues.
Winternals Software: Edit NT partitions, change the password for any account (including administrator).
WinXFiles Reversing: Reverse-engineering and breaking WinXFiles "encryption".
www.lostpassword.com - Home: Password-recovery software for MS Office, Outlook, Schedule, VBA, Access, and Money.

Security Products

Access Control ActivCard Home Page Authentication/single sign-on card. Argus Products & Services Page Extra security measures for Java programs, Orange Book/ITSEC security modules. BRICKHouse Secure Web Server ACL-based web server security. Cambridge Neurodynamics Biometric identification systems. Capella Electronics - Security Systems Access control and security sensors. Check Point FireWall-1 FireWall-1 firewall. Cerberus Homepage Win 3.1/Win95 access control. Core SDI SA Network scanners, authentication and security modules. Cryptocard Corporation User authentication and remote access management tools. CyberSafe - Products Kerberos and public-key based single sign-on, access control. CYCON Labyrinth og CYCON technologies and Cypress Consulting The Cycon labyrinth firewall. GEZ Microsystems Inc. - Oakville, Ontario, Canada Fingerprint verification products. e.g. Software Auditing, security alerts, password analysis, and security software for Netware. Hardcastle Electronics Firewalls, security gateways, F-secure. identikey Java-based access control over SSL. Intracept - X-Ray Vision Blocks Java, ActiveX, and cookies to web browsers. Kalliopi: DELPHI Security - We've got it covered!! Access control to Delphi apps. Keyware Technologies Biometric security products. MARX CRYPTO-BOX Software Copy Protection Software and hardware-based copy protection. medcom Home Page Firewalls, tiger team testing, WWW security. Micah Development Access control for DOS and Windows. New-Tech Systems DOS/Windows access control software. PCGUARDIAN Home Page PC access control and encryption software. SAGUS Products Page Security gateway, firewall, Winsock interface. Schumann Products for Enterprise Security Single sign-on, access control management. Sealabs Watchguard firewall and security management software. SecurePilot PalmPilot based challenge-response authentication supporting a variety of popular protocols. Secure Storage High-security storage facility. Sesame Euro-Kerberos SOL - Security On Line Phsyical security items and information. Startek Engineering Inc. Fingerprint verification products. Technical Incursion Countermeasures Auditing, consulting, and training for networks, firewalls, security policies, and assurance testing. The ULTIMATELY Secure Firewall Wingate Lan to Internet Software Windows Internet proxy.

Data Encryption 3Si Products and Services Crypto hardware accelerator cards. Aegis Research Corporation Windows PGP shell. American Stealth Messenger Email encryption software which is probably some form of rebadged PGP. Ancort File, email, disk, voice encryption including IDE data channel encryption hardware. Proprietary algorithms. Archsoft Security Software Solutions -Cerberus Desktop encryption for Windows using Blowfish. ASIC International - Cryptographic Cores and Technologies DES, SHA-1, MD5, bignum maths cores. Atalla Network and internet security processors and solutions. Australian Privacy Home Page Australian PGP vendor. Avalanche Java Cryptography Toolkit Encryption, hash functions, and secure random number generation in Java. Babylon ISDN BRI and PRI online encryption hardware, secure servers, VPN products, all using RSA with triple DES (single DES optional). Frame relay and X.25 encryption using DES or proprietary algorithm. Baltimore | Products Crypto systems toolkit - DES, IDEA, RSA, DSA, RIPEMD, SHA1, MD2, MD5, X.509/CA toolkit, email security software. BBN Security SafeKeyper tamperproof hardware key storage. BestCrypt family of Data Protection systems GOST and DES software/hardware encryption for DOS/Windows. BetweenUs: Features Secure chat program using CAST128/3DES/Blowfish, written in the free world. Blowfish Advanced Download Site Blowfish file encryption for DOS and Win95. Bokler Software's Home Page DES and hashing DLL's and OCX's. Briggs Softworks: Software Directory snoopper/file eraser, file encryption for Windows. Brivida, Inc. - Technology for Virtual Private Networks "VPN" VPN's using IPSEC DES encryption. Brokat X*PRESSO Home Page Secure non-US encryption by adding another layer of 128-bit encryption over the top of the US crippled 40-bit version. Business Security home page Fax, video, voice, and modem encryption. C & A CA and timestamping software, SSL servers and clients. carrick Encryption Home Page DES and Blowfish file encryption. CE Infosys GmbH Fast DES hardware, encrypting SCSI controllers, PCMCIA cards, from a non-US source. CellCase Key Agile ATM Encryptor RSA/triple DES ATM link encryptor. Certicom Elliptic curve cryptosystem products. CES Home Page Phone and fax encryption add-on (questionable algorithm). Chrysalis ITS - Product Information Encryption hardware and crypto accelerators. Ciphermax Pure ECC-based file encryption. Cisco Network Encryption Services DSA-signed DH for link and session encryption. Citadel Products Firewall/VPN, Windows file encryption. Clipper and Fortezza: Pictures and Info CodedDrag Drag-and-drop DES encryption for Win95/NT. Cold Fusion Power Packs Encryption/decryption, credit card processing, for Cold Fusion. Communication Security Corporation Home Page Diffie-Hellman and triple DES speech encryption. No GAK. Communication Systems - East Infosec Home Page Secure comms gear for government use. Computer Development Systems Crypto Page Link encryption hardware, file and fax encryption software (unknown algorithm). ComScire QNG From Quantum World Johnson-noise-based RNG for PC parallel ports. Condor - Secure Ubiquitous Portable Interoperable Communications Buzzword Buzzword Secure Fortezza-protected voice and data over celluylar links. Confidentiel : Présentation Mac file encryption, approved by the French secret service. CoreDesign Royalty-free Verilog PKC core. CPE Security/PKI Swiss resellers of various US security products (Entrust, ActivCard, Datakey), although some require US export permits. CRYTEK Communications - Secure Telephone Adaptor Key-based subband voice scrambler. Uses Diffie-Hellman key exchange, but a questionable encryption function "based on matrix multiplication". Cryptext Win95/NT 4 encryption shell extension. Crypto AG Switzerland Encryption software and hardware of all kinds (but see also the links in the "Crypto Social Issues" section). CryptoEx 1.0 PGP add-on for MS Exchange. Cryptomathic homepage Encryption and security software and consulting. Cryptosystem ME5 MD5-based file encryption. CSM Proxy Server - The Ultimate Gateway to the Internet Proxy which includes SSL tunnelling. CustomTracks Home Page ZixMail mail encryption with 3DES and RSA. Software contains US government backdoors, thus its exportability. Cybanim PEM software, bignum maths package. Cybernetica - CryptoChip project IDEA + RNG + bignum accelerator on a chip. Produced in the free world. Cylink Corporation Cypris Lockheed Martin's crypto processor. Data Encryption Key PANDORA DES/RC4 file encryption using a USB dongle, unfortunately keys are hardcoded into the dongle. DATACRYPT Home Page File and file transfer encryption (unknown algorithm). DataGuard® - The Software Safe IDEA and SEAL file encryption for Win32. DataSAFE encryption software by NovaStor Pasword-based file encryption using Blowfish. DEMCOM: Steganos for Windows 95/98/NT Homepage - The home of steganography BMP/DIB/WAV/VOC/text/HTML stego with RC4 encryption. Deming Software S/MIME software for MS Exchange and Eudora. DES Core VHDL DES core. Design Automation - CyberLock DES-based encryption program. Fairly standard stuff, but the marketing smells of snake oil ("most secure file encryption available", "patented encryption enhancement technology", etc). D.I.C.A. ISDN Encryptor ISDN link encryption using FEAL 16, IDEA, or DES. Digital Delivery Secure (encrypted) software and information distribution systems. Diskcrypt 95 Floppy drive encryption for Windows 95. docSpace Direct Secure data transmission via a web browser and SSL, but intermediate storage is unencrypted on a third-parties sever. DubnerCruncher Very fast bignum maths card for PC's. e-Lock, Security Solution from Frontier Technologies,Home Digital signature/encryption software and interfaces (implemented as wrappers around crypto toolkits like BSAFE and CryptoAPI). EasyCrypt DES file encryption. EasyPrivacy DOS, Win95, and NT file, drive, and email encryption using IDEA, file wiping, EES Family Data Sheet Clipper chips. EMD Enterprises Win95/NT anti-virus and encryption software. Encrypt-It Plus DLL/VBX/OLE control providing DES and 3 other (unknown) encryption algorithms. Encryption Plus Encryption for Visual Basic. Encrytor DES file encryption for Windows. Entrust - Home Page (Formerly Nortel) Entrust cryptography product family. GAK alert: These products are GAK-ready. ERACOM - Encryption Adaptors Encryption toolkits, DES encryption hardware for PC's. F-Secure Cryptography Products Windows/Unix <-> Windows/Unix link encryption with secure telnet, X11, port forwarding, etc. The link is encrypted with algorithms like triple DES or Blowfish, with 1024-bit RSA for key exchange an authentication. FileVault File encryption using 64-bit (?) Blowfish. Forge - Distributed Environment Solutions JCE, SSl in Java. Formal Systems X.509 certificate viewer, PKI, encryption services and consulting. FORTEZZA Developers Home Page Fortezza ISA Bus Crypto Card Fortezza on an ISA card, Fortezza Plus. FORTEZZA PC Cards Links and information for Fortezza developers. Fortress Technologies VPN's. Free, secure, reliable, E-mail Email encryption using 2Kbit RSA and Blowfish. Frontier Technologies e-Lock Home Page PKCS/X.509 and S/MIME key management, signing, secure email and browser. Fulltime RSA RSA speech encryption for PSTN lines. GDS: Encryption, Authentication, Transaction Security Link encryption hardware from ISDN up to T3 speeds. Gemini Computers, Incorporated Orange Book A1 certified network processor. Global Technologies Group, Inc. Products based on the German SuperCrypt DES/triple DES chip. GTEI-CyberTrust-SafeKeyper-Overview Hardware-based key management for CA's. Hammercore DES Cores FPGA DES cores for Altrea FPGA's. Hide Me for Windows Windows file encryption, unknown algorithm. Highwinds Trading Company Products Various crypto-related add-ons to the Mac OS. HRB Systems Data encryption products (an division of E-Systems) IBM cryptography: cryptographic cards home page IBM's (really cool) 4758 crypto module. IBM SecureWay Data encryption, security, consulting. I.D.E.A Encryption for Windows Win95 file encryption. IDS - Products Disk encryption using Blowfish, PGP-compatible mail encryption using RSA+IDEA, smart cards. INFOSEC Products Triple DES file encryption for Windows. International Cryptography Framework HP's international big brother design. Internet Solution Security (Pty) Ltd Access control, electronic commerce, 128-bit SSL proxy. Internet Smartsec Internet security technology (knowledge of Swedish useful). Inventra Soft Cores Current Documentation DES cores. Invincible Data Systems, Inc. PGP - compatible encryption software for e-mail, hard disk encryption, access control hardware tokens. iPower Home Page National's PCMCIA crypto card. IRE Product Catalog Network and link encryption hardware. ISC Products Email encryption, crypto toolkits, encrypted Zmodem. ISDN Encryptor Java Cryptography Extension Java crypto extensions (JCE). JVDE EBackup File encryption/archiving using DES, Blowfish, CAST128. Kremlin Win95/NT drag-and-drop file encryption. Kryptel - File Encryption Software for Windows 95/98 File encryption using Blowfish, 3DES, IDEA, Twofish. Kryptology Home Page Snake oil for the masses. Langley System Web Site Floppy disk encryption software. Lintel Security DES and RSA encryption chips and hardware. LUC ENcryption Technology (LUCENT) Limited Lucas-function based PKC. MAILguardian and MAILguardian Enterprise Email encryption using DES, 3DES, Blowfish and DH (but will automatically and transparently fall back to sending cleartext - this is listed as a feature of the software). Marathon Computer Press Jumpstation DES, Blowfish file encryption, disk wiping. Markus Hahn's Software Page File/data encryption using Blowfish, Twofish, RC4, Cobra128, GOST, triple DES, and CAST. Megacrypt/MVS : efficient and easy DES cryptography DES-based file encryption for DOS/Windows and MVS. Motorola Advanced INFOSEC Machine (AIM) Motorola crypto processor. Motorola SSTG Secure Telecom Products Morotola secure phones and fax and data communications products. Mykotronx! Clipper and Capstone chips and related products. nCipher products Hardware crypto accelerators. NetFortress Network link encryption. NetLOCK(tm) Network Security Encryption and authentication for LANs and WANs. Netseal Product Specifications IPSEC/ISAKMP/OAKLEY drives for ODI, NDIS, and Linux. Next Wave Software DES-based file encryption for the Mac. NEXUS Solutions NTrust Blowfish encryption for Windows. NTrust Blowfish file encryption. Ocean Logic DES VHDL/Verilog DES core. Okiok Data Security Products Crypto processors. Opera Software - Bringing speed and fun back into Internet browsing Non-US web browser with strong SSL encryption. PC-Encrypt Email Security Blowfish file encryption (web page smells slightly of snake oil). PGP -- Pretty Good Privacy, Inc. Home Page PGP Tools from Net Services Windows front-end for PGP. Phaos Technology SSL in Java. PIJNENBURG Beheer N.V. Cool RSA/bignum and DES/triple DES encryption hardware. PKIMagic Entrust-based S/MIME integrated into Lotus Notes. View pages with Java turned off, or just wait for their spam to arrive in your mail. PowerCrypt Website PEM and S/MIME encryption for the Power Mac. Private Data - Protecting your privacy with innovative products Disk encryption for Win95 (unknown algorithm). Psypher/EDI+ DES EDI encryption. Racal/Airtech Security Various access control and security products. Rainbow Technologies Internet Security Group CryptoSwift crypto hardware accelerator. RAMPART for DOS/Windows DES encryption software and other utilities. Reflex Magnetics - homepage Secure FTP, mail, modem encryption using DES, 3DES, Blowfish, or IDEA. RPK Public Key Cryptography Crypto SDK and email software utilising a new, fast discrete-log-over-GF(2^k) based PKC. RS Cryptographic Development Kit Public-key crypto toolkit. RSA Data Security, Inc. S to Infinity - Encryption Page Windows file/directory encryption using RC4. SAFE Folder Transparent Win95 file encryption. SafeHouse Drive Encryption DES disk encryption for Win3.x/Win95 (exportable 56-bit because it's GAK-ready). SafePassage Web Proxy Full-strength encrypting web proxy which bypasses US export restrictions. SandTiger File encryption using Blowfish, CAST-128, and Diamond2. SCI Web Page PCMCIA-based disk and file encryption. Secret! Secure PIN/password store for the PalmPilot. Sectra Defence Communication Systems Secure phones, encrypting routers and encryption cards using proprietary algorithms. SecureCRT Win32 SSH client. Secure Link Services Ltd (SLS), DataGuard Family Disk and file encryption using IDEA, SEAL, and PKC's). Note that this company is located in the free world (Switzerland), despite the .net address. SecureFile File encryption and signing for Win95/NT SECURE...Encryption and Security for all DES and IDEA encryption software for Windows. SecureOffice Triple DES encryption add-on for MS Office. SecureStore Homepage File encryption using DES, triple DES< Blowfish, CAST-128, Diamond2, RC4. SecureWin Win95/NT file encryption using RSA and the BSAFE conventional algorithms, other security tools (eg secure delete, secure shutdown). Security Domain: electronic message security Public-key file encryption, CA software. SICAN DesignObject (TM): DES Data Encryption System ASIC DES core. Sioux: Sophisticated & Secure Apache-based secure web server. SKIP Information Simple Key management for Internet Protocols - papers, information, implementations (US only). SKIP in Russia As above, without the export restrictions. SMARTCrypt by WetStone ActiveX interface to PKCS #11 modules. Soft Concepts Ncrypt file archiving, compression, and encryption utilities. Software Design - Crypto for Windows by Gregory Braun "Braun pretends to use the BlowFish algorithm to provide secure encryption in his application Crypto v3.5. Actually the algorithm used is a weak proprietary one"- Casimir. SoftWings Enterprises Inc DES/triple DES protected OS/2 data transfer. SoftWinter - Shade page Disk encryption for Windows NT. SoundCode, Inc. Crypto libraries and software. SSL HTTP Security Solution 128-bit SSL proxy - turns crippled SSL browsers into full-strength encryption ones. SSL Plus (Product) SSL Plus SSL integration suite. SSLava SSL 3.0 implemented in Java. SSLP Reference Implementation Project An SSL reference implementation (still under development). SSRSSL Secure sockets relay - full-strength SSL proxying. Stealth Drive Encrypted virtual disk volumes (the standards compliance section looks a bit odd). Stealth Encryptor for Windows Windows file/directory encryption using DES or Blowfish. Stronghold Homepage Apache-based secure web server. SynCrypt File and email encryption using Elgamal, Blowfish, IDEA, and triple DES. tbCrypt Win95/NT, OS/2, DOS file encryption using DES, IDEA, Blowfish, NewDES, and Lucifer. TCC: Encryption products and solutions for Data, Phone, Voice, and FAX NETWORKS Link encryption, phone and fax encryption. TeamWARE Crypto ICL's Windows file encryption software. TecApro Internacional - Home page Win95 file encryption. Technology Nexus AB - Välkommen! Encryption, digital signature, CA toolkits. Templar Software and Services Secure EDI over the Internet. ThunderStore Product Overview File, email encryption using Blowfish. TimeStep - The Network Security Standard VPN encryption systems using DES encryption and X.509 certificates and digital signatures for authentication. TorDisk HomePage NT disk encryption for hard drives, CDROM's, networks, using DES, triple DES, Safer, Blowfish, CAST-128. Transcrypt Product Overview Phone encryption devices and add-ons. TrustedWeb Intranet ACL-based security and encryption using RSA and triple DES. TrustWorks products - Delivering information security products that you trust SKIP-based VPN using pluggable encryption algorithms. TSS OfficeLock - Data Security for Microsoft Office Strong encryption for MS Office documents. UCrypt DES, triple DES, GOST, Blowfish, 3-Way, RC5, TEA, Safer, Shark, Diamond-2, and others. Utimaco Safeware AG DOS, OS/2, Windows encryption software, encryption hardware. V-Disk Official site Win95 drive encryption using Blowfish, with smart card support. Virtually Online SEMS email encryption using the RPK algorithm. VPNet: Products WAN VPN encryption products using DES and triple DES with SKIP key management. Western DataCom Home Page - Data Security Fortezza, DES encrypting modems, link encryptors. Worldtalk Worldsecure S/MIME encryption software. Wormhole technologies PKC-based email encryption software. Xcert Software Access control, X.509-related software. X_DES Core Page Verilog DES core. XETI technologies supporting secure business collaboration over the Internet Java PKIX toolkit, data conferencing over SSL. XF-DES: Data Encryption Standard Engine Core Xilinx DES core. Zergo WWW Site - Information Security Specialists Crypto and CA products. They'll also design GAK protocols for backdoor access to your medical records if required.

Interception and Monitoring

Hardware and software for intercepting and monitoring information, and stopping of the same.

Applied Signal Technology Product Summary Introduction: Signals interception and monitoring gear.
Candes Systems Inc. - TEMPEST Computers and Peripherals: TEMPEST-shielded computer gear.
Cellular Monitoring Interface (via Electronic Countermeasures Inc): Computer interface for intercepting cellphone traffic.
Computer Aided Technologies: Scanner software.
Covert Keyboard Press bug: Hardware keyboard sniffer.
Datascan TEMPEST monitoring system
Electroconductive Concrete ELFINCO: Makes for great TEMPEST shielding.
Fastscan: Win95/NT port scanner.
Fax Analyzer: PC fax interception card.
Force-Ten Online Catalog: Surveillance, wiretaps, spying equipment.
GENESIS Group online: Assorted bugs, transmitters, receivers, cellphone tracking and interception, fax interception, and other bugging and interception gear.
GCOM Technologies: GSM, cellphone, computer, and fax interception and monitoring equipment (the GSM interception unit features real-time, off-air interception of up to 1000 voice/data/fax transmissions, traffic targetting and screening, and call tracking, all with a friendly Windows interface).
GSM Monitoring - GSTA-1400: Complete GSM monitoring/interception system with call and target tracking and location features.
Kansmen Corporation: LittleBrother Internet monitoring call.
NDG Software Products: Various network monitoring and snopping tools.
NetWatcher: Monitor and intercept TCP/IP sessions.
Pager Decoding Interface (via Electronic Countermeasures Inc): Computer interface for intercepting pager traffic.
PCProtect: Win95/98/NT keystroke logger.
Radte KG - Spytec: Bugs, speech and telephone interception gear, information on industrial espionage.
Spies:Law Enforcement: Cellular, GSM, and fax interception and monitoring equipment.
SPY Electronics, Communication and Surveillance Systems: Cellphone, fax interception gear.
SPY - Networkspy / -agent / -analysator: Sophisticated network sniffer which can extract files and data sent via FTP, HTTP, NNTP, SMTP, POP3, NetBIOS, search the data stream for keywords, and log usernames and passwords.
SpyZone Tools and Techniques: Industrial espionage and surveillance tools and techniques, security equipment, secure communications systems, disaster recovery, bug sweeps.
The Codex Privacy Site: Electronic eavesdropping detection, anti-bugging, privacy protection, secure communications.
The Watcher Network Monitoring Program: Monitor and control any IP connection on a network.
TIRIS Products & Technology: RF identification and tracking devices.
TSCM.COM Counterintelligence Home Page: Technical Surveillance Countermeasures - bugs and wiretapping, detecting bugs, intelligence agencies, and counterintelligence.
Virtual ISA Proto Board: Xilinx 5210/4013E card.

Investigative Tools

Tools for investigating the security aspects of various things.

APS Powerful, yet Affordable EDA Tools: Developmemt boards from as low as $199.
Chip Express Corporation: Fast turn-around ASICs.
Chipworks: IC reverse engineering.
Code Classifier: Classify encrypted data by likelihood of encryption system used ("especially recommended for cipher generated outside North America where DES and private-key systems are not as dominant").
Convar Systeme Deutschland - Service Center: Disk data recovery.
Digital Instruments: Scanning probe microscopy (used to investigate magnetic media).
FPGA, CPLD: OptiMagic's Programmable Logic Jump Station: Starting point for hardware crypt-breaking information and tools.
Hack Watch News: Satellite and terrestrial TV scrambling systems.
IBAS Laboratories - Professional Data Recovery: Recovery of data from damaged or overwritten/erased magnetic media.
Investigating the Suspect Computer: DOS forensic software for recovering evidence from PC's.
MUSIC Semiconductors: Various content-addressable memories, useful for investigating encryption algorithms.
Neuroptics Technologies, Inc.: Neural network hardware.
NTI Home Page: Computer forensic training, consulting, and tools.
Picosecond Imaging Circuit Analysis: IBM technique for imaging signals in chips.
Programmable Logic Jump Station ( FPGA, CPLD ): More investigative tools for encryption keys.
Xilinx Product Information: Perfect for investigating currently unknown DES and RC4 keys.

Misc APM - EMI Shielding Products EMI shielding, useful for TEMPEST shielding. AR Products RF interference generators. Argus Systems Group, Inc. Operating system security add-on products for Solaris and Windows NT. Automatic Response Systems Document destructions products and services. BEMA, Inc Portable TEMPEST-shielding enclosures. C&A Systems Security: Leaders in Security Risk Analysis, Risk Assessment & Risk Management DES toolkits, risk analysis tools. Computer Security Update Links to security-related bug fixes for MSIE and Windows NT. COMSEC Solutions Cryptography and biometric countermeasures consulting. Consensus Products/Services SSL Plus integration suite, RSAREF, IDEA licensing, code security screening. Digital ID Center Web interface to Verisign's digital ID (CA) service. Disk Zapper Floppy disk bulk eraser. Embassy DivX for your PC. Emcom Products and Services TEMPEST PC's, monitors, and comms gear. Framework Executive Back Orifice removal and protection tool Program to remove Back Orifice. Hackers Catalog Books Various standards for satellite TV scrambling, cellphones, and scrambling-related encryption. IBM SecureWay Home Page IBM's security hardware and software, consulting, technology, and general information. IP Packet Filter Highly configurable kernel-level IP packet filters. Kilben Business Services Computer enclosures and alarms. List of FPGA-based Computing Machines Fast encryption hardware (with a little programming...). NIC Law Enforcement Supply CATALOG - MAIN SITE Law enforcement supplies. Minatronics Corporation Physical security products. Proton Engineering Degausser & Declassification Systems Magnetic and optical media degaussing and declassification systems. Security Engineering Services, Inc TEMPEST and COMSEC engineering and consulting. SEM - Security Engineered Machinery Data destruction equipment and information. Tempest Products TEMPEST-secure communications and data processing devices. TNO-FEL TNO physics and electronics laboratory (information security, electronic warfare, electronic security, sensor and weapons electronics). Wang Government Services Secure System's HOME PAGE Wang's TEMPEST products and secure services. Zero-Knowledge Systems | Freedom Software to provide anonymity on the net.

Online Commerce and Banking

We do e-commerce because that's where the money and the suckers are.

Canada Trust: Online access to account balances, stock quotes, and other banking services.
Credit Suisse Direct Net: Full online banking using 128-bit SSL proxies.
echeck: Electronic cheques.
EMJ America: Internet security and e-commerce products.
ICVerify Home Page: Online credit card, debit card, and cheque verification.
Internet-based digital cash: Links to various e-cash resources.
Netbill-related publications: Various online electronic transaction protocols.
Payment mechanisms designed for the Internet
Welcome to Online Banking!: Wells Fargo online banking.

Smart Cards

Smart cards? A certain animal cunning, perhaps.

3-G International: Smartcard based desktop security and access control software.
A safe Internet communication channel with smartcards: Masters thesis on secure client-server communication using smart cards.
A8 Corp: Smart card personalization and card management software.
Advanced Card Systems, Ltd.: Smart cards, card readers, development kits.
ACOLAs Homepage -Communication, Terminal Server and Data Collection Products: Smart card and RF card products.
AD-Teknik, Mainpage: Smart card emulators, PCB's, readers.
Amazing Smart Card Technologies: Smart cards, memory cards (up to 1Mbit), readers, development systems.
AMC Smart Card Reader Products: Smart card/mag stripe reader/writer.
American Biometric Company: Fingerprint readers, combined card/fingerprint readers.
AMP Smart Card Connectors: Smart card connectors and reader contacts.
Analysis of French T2G: Tech info on second-generation phone cards.
ASE - The Aladdin Smartcard Environment: Smartcard development kit.
Basic programmable smartcard: Bill's idea of a JavaCard?
B&C Data Systems: Smart card reader/writer.
Card Europe Main Index Page
Card Technology Web Site: Card Technology magazine online.
CardTech/SecurTech:Home: Smart card and security card conference information.
Catalyst Serial E2PROMs -- I2C Bus: Smart card EEPROMs.
Cavitronic: Programmers, smart cards, add-ons.
Chip Application Technologies: Multiapplication smartcard management software.
Chip Cards: Data sheets for various Siemens cards.
Chipcard, Chipkarten, Chipcards, Smartcards, Programmer für Chipkarten, Pay-TV-Cards,: Smart cards, programmers, software.
CITI Smart Cards: University of Michigan smart card research project.
Compelson Labs: Smart-card based key storage, file encryption, access control.
CompInfo - Smartcard Technology - Information Sources and Manufacturers: Links to sources of information on smart cards and card and card reader manufacturers.
Cop Card Site: Programming information and keys for COP cards.
Crownhill Associates Ltd: Smart cards, PIC programming, code recovery/reverse engineering.
CryptoCard's Security Products: Various access-control systems.
CyberMark > Products & Specs: Card terminals and card-based vending machines.
Dallas Semiconductor Corp: Home Page: Identification and authorization chips, secure microcontrollers.
Dallas Semiconductor Corp. iButton: Home Page: Digital credentials/timestamping/crypto in a button.
Datacard Group: Card printers, embossers, terminals.
Datakey Home Page: Smart card reader/writers, smart cards.
DataMega I/O Products: Smart card readers.
Die branchenübergreifende elektronische Geldbörse: Overview of smartcard-based payment systems (undergaduate thesis, in German).
Edgar Online - EdCard: C-based smartcard API.
EMV Technical Specifications: EMV card, terminal, and application specifications for smart card credit and debit applications.
Encotone Ltd. Home Page: Smart-card and smart-card-like authentication and security devices.
eToken: USB-based authentication for networks: USB-based crypto token. Need to enable Java, autoinstall, and a dozen other security holes for the demo to work.
Fingerprintcards: Smartcards with built-in fingerprint readers.
Fun With Smartcards: Notes from the HIP'97 Fun with Smartcards session.
GeldKarte and electronic banking home page: Information on various smart-card based electronic purse systems.
Gemplus Smart Card Home Page
German Smartcard Hacker Org.
GIS Home Page: Smart card readers, terminals, and developer kits.
GNU SmartCard Project: Smart card info, documentation, software, projects.
Goran Vlaski's Software Page: Smart card read/write/emulation software.
Guru's Lair: Scads of PIC microprocessor web site links: Links to PIC sites including PIC-based smart cards and card programmers.
HIP Smartcard Homepage: Cards: HIP'97 smart cards info.
How to do it: Private Key Encryption (A method): "emulation of the One-time key system using large psuedo-random number generators" (linear congruential generators).
IBM Smart Card Solutions: IBM smart card technology and products.
IBM SmartCard for e-Business: IBM JavaCard and card toolkits and API's.
IBM Student Chipcard Innovation Team Homepage: Dutch student-designed card reader and software.
IC Card Reader / Writer: Smart card reader, PINpad, card authorisation terminal.
IC Card with Combined National ID and Health Insurance Card Functions: Taiwanese smart card/ID card project.
Identity Systems Security Inc.: Smart-card based identification.
i-Key from Rainbow Technologies: Product Overview: USB-based smart card-a-like (looks like it does MD5 onboard for challenge-response authentication).
Implementing Airline Electronic Ticketing Using Integrated Circuit Cards: Electronic ticketing project using smart cards.
incard Products: GSM, crypto, multi-application cards and software.
Infineon Technologies AG: Formerly Siemens smart card division.
i n f o t e c h n a: Smart card custom software development.
Inside Technologies: Contactless cards and SDK's.
Java(TM) Card(TM) Technology: Java kludged to run on a smart card.
KeyBlitz Project: Various smart card hacking initiatives, mostly targetting European pay tv systems.
Keycorp - Smartcards: Multos/Javacard/OSSCA (Keycorp card OS) cards and products.
KOBIL Systems GmbH: Chipkartenterminals: Smart card readers and terminals, smart cards.
Leapfrog Smart Products: Smart card development software, encryption software.
Litronic, Inc.: Smart cards, card API's, Fortezza cards.
Magtek Products: Magnetic card reader/writers.
Meinen, Ziegel & Co. GmbH: Products: Card production equipment.
Microchip Memory Data Sheets: Includes EEPROM memory for smart cards..
Micromodule Pte Lte, Singapore: Smart cards, readers, development kits.
Mondex Electronic Cash: Mondex electronic wallet (pretty content-free pages).
Motorola SmartCards (TM): Databooks for Motorola microcontrollers (including smart card micros).
Motorola SmartCards (TM): A different access point for Motorola smart card information.
Motorola Smartcard: Smartcards for salesdroids - try the other non-Motorola Morotola card links instead.
Mühlbauer AG: Smart card manufacturing and assembly.
Multos - the smartcard gets smarter: Framework for running multiple applications in a card (pretty light on detail).
MUSCLE Smartcard Developers: Development and use of smart card-enabled apps in a Linux environment.
Nexus Products and Services: Mag card and smart card readers, PINpads.
Oberthur Products: Payment and electronic wallet cards, crypto cards, contactless cards.
OKI Personal Smart Card Reader: Electronic wallet balance checker.
Ordacard Israel: Mag stripe and smart cards
OpenCard Framework: Java smart card middleware.
OTI - OnTrack Innovations Israel: Contactless smart cards.
Paul Maxwell-King For Pic Chips, 16c84, sathack, ISO7816, sat-hack, satellite cards, codes, programmers, sky, D2MAC, DSS, season, blockers, crack, satellite, satellite TV, hacking, cracking, satellite hardware, videocrypt, filmnet, sky cards, smartcard, smartcard interface: Smart-card hacking-related hardware.
PEP Products & Services Page: Smart card readers, RFID products, crypto and flash cards.
Philips Smart Card Services: Philips smart cards.
pincash: Smart cards and readers.
POSH Mfg. Products Page: Card readers, terminals, development kits.
Proton World: Smart-card based electronic wallet.
PubliCARD: The Borg of smart cards.
SCAD toolkit: Smart card application developer toolkits for Windows.
SCARD - Smartcard Resources: Smart card standards, interface software, hardware.
Schlumberger Universe of Smart Cards: Smart card readers, tools, SDK's.
SCM Microsystems - Products: Smart card readers, writers, and interface products.
SGS-Thomson Smartcard Products: Smart card information and data sheets.
Siemens Smart Card Integrated Circuits: No technical information, unfortunately.
SJB Research: Smart card news. As it happens. Every business day.: Live smart card newsfeed.
Smart Cards: A Case Study: IBM Redbook case study on smart cards.
Smart Card Cyber Show: Smart card news, trade information, vendors, and projects.
Smart Card Developer's Kit: Home page for the book, as well as individual card sales, ATR catalogue, and pointers to smart card info.
Smart Card Forum Home page: Nonprofit group promoting smart card use.
Smart Card Industry Association Website: Smart card info, product links, news.
Smart Card News: Smart card publicatiosn, technology, and information.
Smart Card Reader/Writer: Card readers/writers/PINPads.
Smart Card Resource Center: Links to chip manufacturers, companies, conferences, mag cards, readers, RF cards, and other smart-card related information.
Smart Card Web Server: Web server running on a Cyberflex smart card.
Smartcard Information Page: Smart card information, card types, and links to manufacturers.
Smartcard Security Information Page: Smartcard security news, standards, attacks, and links.
Smartcard Technology Ltd.: Card readers, POS terminals.
Smart Dynamics, LLC -- Software Products: Smart card interface tools for various environments and languages.
Smart Semiconductor Search: Search engine which links to most major embedded semi vendors.
Smartcards and other cards: Links to smart cards, memory cards, smart card readers, mag cards and barcode cards.
ST - Products: STMicroelectronics smart card chips.
Telecard Mapping Home Page: Info on reading/decoding phone cards.
The Smart Card Forum: General information on smart cards.
Thyron's Products Page: Smart cards, terminals, security software.
TOWITOKO homepage: Smart card readers.
Tritheim Technologies: Smart card readers and writers.
UNIPROG Universalprogrammer: CCC universal smart card programmer.
Versatile Card Technology - Products: Card manufacturers.
Who?Vision: Smart cards, keyboards, and card readers with fingerprint readers.
Xicor Inc.: EEPROM's, smart cards, flash memories.
ZeitControl Cardsystems: Mag and smart cards, card readers, contactless cards.
Zmit's Telecard Page: Information on phone cards, readers, interface software.

Snake Oil

Proprietary guaranteed unbrekable crypto we invented this morning in the shower.

ASK ToolKit Home Page: "not an encryption algorithm, but an accessory that can enhance and simplify any symmetric encryption algorithm". Apparently it's a keyed RNG, and you're expected to pay for this (presumably the extensive use of buzzwords adds value).
Biopassword Product: "Uses a patented proprietary algorithm" (make up your mind, which is it?)..."currently there is no competition for BioPassword(tm) due to the proprietary nature of the algorithm"... either they have their dates wrong or this thing has been in beta for over 10 years. From the people who brought you NetNanny censorware.
Black Leopard Systems of Canada: "offers the most sophisticated data security encryption system available today"... "371200 bit encryption with up to 140 levels of access, 18 encryption key formats, and up to 10 encryption algorithms"... "this proprietary system delivers a unique solution for each user with a duplicate system occurring only once in every 600,000,000 Black Leopard Encryption systems at this time".
Cennoid Encryption: "provides unique, very efficient, non-algorithmic based encryption".
Ciphile Software: "Absolute online privacy - Level 3(tm)(c)(patent pending)" - "the best encryption software available today" - "unbreakable".
Control Communications Systems: "Absolute security - a morphing encryption rate of at least 20 kilobytes"..."will protect your data from the most sophisticated decryption systems that exist now or are likely to exist for years to come".
CyberEncode.com Encryption Software and Technology: "Possibly the world's fastest and most secure encryption algorithms"... "This new encryption is an amazing accomplishment. Cypher Mind had to be re-programmed over 10 times". This site has an entire suite of snake oil algorithms.
Crypto98 beta: Proof that you can do snake oil in QuickBasic as well as C ("it works by generating permutations").
Crypt-o-Text: Not the usual snake oil, but there's a program available (CrackCot) which breaks it.
Cryptor Homepage: Cellular-automata-based OS/2 file encryption.
Cybank: "Maximum security encryption... we use our own snake oil because public-key encryption has been proven to be insecure".
CyberAngel EXR - Product Information: Crypto using Blowfish or DES, but it transmits your password to a monitoring center in the US (this isn't snake oil in the usual sense but... sheesh).
Cygnaworks - Products: "offers security through its use of values derived from the installed hardware resident on the computer"..."examines a defined set of hardware on a computer with proprietary algorithms developed by Cygnaworx to create a unique Flexible Digital Signature (FDS)" (makes invalidating your signature as simple as getting a new hard drive or a motherboard upgrade).
DataCloak: "Uses a unique encryption process"... "the 4-cycle data stream encryption process".
Data Protect: DaProMas: Online banking fully protected by GSM security (that's the same GSM security which was broken in early 1998, and which (when not broken) at best offers you 54-bit crypto broadcast over the air where anyone can get it).
Data Protect: Self-proclaimed leading security expert Kimble analyses your security problems.
DataTech Systems - Home Page: Software which is "ABSOLUTELY IMPOSSIBLE TO CRACK. This can be proved as never has a file that has been encrypted... been cracked, even with utilising some of the best cryptographers living" [sic].
DESkey - software protection devices, license management and encryption technology.: Call your company "Data Encryption Systems" and you get to name your products DESkey, DESlock, etc (any relationship to any other algorithm called DES is purely coincidental).
Encryption Encryption Encryption: "Don't be fooled by imitations - - this is the true CRYP program" - you'd want to *imitate* this thing?
Encryption Plus: "bitwise exclusive OR encryption" with a password... "virtually impregnable".
Encryption provides benefits and risks: "it has been mathematically proven that only a brute-force attack can break encryption"... "a Cray can break a 128-bit key in two days"..."perhaps passing an electric current through a leaf will solve the problem" (or you could smoke it and then write a crypto article).
Encryption Techniques: "RBackup's archives are virtually impenetrable"..."If someone does manage to crack RBackup's encryption scheme, we will immediately plug in one of six others we have ready to go"..."[a DES-encrypted message] was decoded using two banks of 120 extremely high-speed 32-bit Sparc workstations connected to two supercomputers running 24 hours a day for eight days".
Encryptor 4.0 The Ultimate in Securing Files On Your Computer: "uses a revolutionary newly discovered incremental base shift algorithm that makes unauthorised decryption of your files near impossible".
Enigma-7 Windows Superencryption Software: "The most powerful Windows encryption software available".
Evolv - Skipjack IC Info & Pricing: Encryption using "proprietary artificial intelligence engines", "light years beyond the security level offerend by any other encryption method". Incidentally, this Skipjack has nothing in common (apart from the name) with the USG's Skipjack.
ezCode: "a family of block ciphers that are distinguished by their speed of encryption and decryption". Another distinguishing feature is their breakability, and the performance isn't so hot either.
FileCode: "will shift the bytes in any file in a way that can only be re-aligned using the correct password".
fusionsys home: "FusionSys has developed a new encryption system (patent applications have been filed). While FusionSys HES belongs to a group of common key encryption systems, FusionSys HES has a striking feature: Master keys exist".
GCC Chaos Encryption Overview
Genio USA, CrypEdit, The Best Encryption Software for Windows: "Public Key encryption is exactly that, you are not the only party involved in the generation, integrity, and security of all the keys/passwords used to encrypt your e-mail, documents, and files"... Uses "320 bits of secret key security via its proven proprietary methods".
Geoff Park's ShareWare and FreeWare Page: "Encryption/decryption utility based on the One-Time Pad method" (this is better than some in that it uses a sound card to generate the pad, but it's hardly a practical method).
Georgia SoftWorks Windows NT Telnet Server: Security: "Georgia SoftWorks provides unmatched security"..."designed specifically for Windows NT to handle the most demanding commercial and industrial applications"... "can be legally exported around the world"... "The key size for the version for domestic and international mass market is 40 bits".
ICM Data Security Technologies: "electronic data security empowering technology" (it looks like just a reinvention of the smart card, but the marketing hype makes it snake oil).
Internet Opencode Padlock: "a 10 key, negative residual, binary kedged, 'maybe' logic coding process", leading to 'maybe' security.
Jaws Technologies Inc.: "the first unbreakable suite of public and private-key encryption schemes known". Uses "a Base 13 cumlative XOR trapdoor calculation algorithm ... making it mathematically impossible given a large enough key [sic]".
KeyGen Automatic Synchronized Key Generator (TM) for Encryption Without Key Management: "No key management! No certificate authorities!". No visible means of security.
MaeDae Enterprises: "MaeDae's ENCRYPT-IT is one of the most respected programs in the encryption industry" (using an easily-broken proprietary algorithm in the unregistered and international version, although you get DES when you register it if you're in the US). This product is ICSA-certified snake oil.
Meganet VME Encryption: "A breakthrough new Encryption method, using innovative new technology...The Meganet VME can not be compromised". These guys have set new standards in snake oil marketing, down to getting accounts on newswire sites (eg Businesswire) and injecting bogus press releases mentioning big names like IBM (who have never heard of them, but whose lawyers are now aware of their existence) in order to get more coverage.
Microsort CA: "the ultimate file protection utility"... "file Locker uses an advanced and quite unconventional encryption technology to lock your files".
Multi-Matrix Methode / Kryptographische Integritaets-Funktion: MAC based on taking SIN(), COS(), TAN(), ATAN(), LOG10(), LN(), and inverses of data bytes multiplied by key bytes.
Navaho Lock: "In the second world war the Japanese were masters at breaking every code the Allies produced"..."Navaho lock uses 128 bit symmetric key encryption, the strongest legally available in North America, and Symmetric Keys are easier to use and more secure than Public Keys".
Net Titan page: Amazing what you can do in an afternoon with Visual Basic.
NetLib® 32-bit Security Encryption Component: "uses a secure encryption algorithm which is not subject to U.S. export restrictions".. ."the password you pick can be embedded in the application, if you chose".
Novel Cryptography: Security(?) system where the participants are going to have more to fear from the DEA than the NSA.
One-Time-Pad Frequently Asked Questions: OTP's turn up in a lot of snake oil crypto. This FAQ explains why snake oil OTP's are never really OTP's.
One Time Pad (TM) makes Internet Access Secure!: "One Time Pad (TM) authentication" (a very primitive, non-free alternative to S/Key).
PadLock-It: Various ways of misusing a strong algorithm (Twofish) to make the application which uses it insecure.
PC Magic Software - Encrypted Magic Folders: "EMF's encryption offers good protection and excellent speed. It is, as far as we know, exportable"... "We developed our own encryption instead of using a standard".
PEPSOFT - WinXFiles: "Do you like the idea of unwanted viewers to be able to read ALL your files?". With our proprietary (and easily-breakable) algorithm, they can! This thing was listed in the "10 proven security programs" by PC Answers, in the 75 best Windows utilities by Windows News, was listed as a Featured Jewel in FileMine, got five stars from Shareware Junkies, rated "unbeatable and excellent" by PC Format, five stars from ZD Interactive, rated an "excellent application" in the Windows 95 Applications list, and got four smileys from RocketDownload. Just goes to show what happens when you rate crypto apps based on the user interface.
PostX: "The PostX System, working with existing corporate data sources, delivers millions of personalized, interactive and secure electronic envelopes. [...] "The face of the envelope comes alive with graphics and Web link objects". Encrypted spam?
Rediff On The Net, Infotech: Mr Locksmith: "I had a fear about math. But ironically, I have developed an encryption product using math". Indian snake oil.
Safeguard Fractal Encryption Software: Fractal encryption - even though it only uses a 40-bit key, it's a 40-bit key with *fractals*, which makes it magically safe.
Safe Send 1.0: "Uses a prearranged cryptic code which is all but impossible to crack by any individual or government".
Secret Envoy - Ion Marketing: "revolutionary artificial intelligence technology" (providing artificial security)... "SenCrypt, the most secure cryptographic algorithm known to mankind".
Secure Choice Proof Page: "new technology that is designed inherently differently than today's encryption techniques"..."mathematically provable to be absolutely secure"..."suitable for future technology progress (quantum computers)" (appears to be yet another pseudo-OTP system).
Security and Encryption Software: "Randomly selects a KeyCode which consists of 32 bits... the 32-bit KeyCodes of ENC32 have over 4 BILLION different possible codes!!!!!... Unless you know someone who has over 8 THOUSAND years to spend breaking a code, then you can be pretty sure your files will be SAFE wit h ENC32".
Secure File Encryption and Compression: "The author of two other encryption programs has released what he considers to be the 'ultimate' in encryption programs" (so what does that make the other two?).
Shades White Paper: "A newly patented mode of encryption which is quick and particularly reassuring".
Superkrypt: "SuperKrypt products utilize the DNGT bulk encryption method. SuperKrypt technology is extremely powerful: No Cipher". No security either.
Surveillance, surveillance equipment, surveillance products, surveillance software, surveillance techniques: Security shyster central, specialising in anything which gets them media attention. Wait for their spam to appear in a mailbox near you.
TRIAX GmbH Gesellschaft für Kommunikation und Datensicherheit: TRIAX(TM) encryption, now with OTPS(TM).
TRICRYPTION - IBM File Encryption Programs: Amazing keyless cryptography! Quadrillions of combinations!
TriStrata Security - Products: Yet another unreakable one-time-pad system, but this time with GAK. Note the amusing definition of infinity as just above 3.5e33.
Trontrail: "a simulation of an electron's path in a semi-sparse proton field to generate pseudo-random bits".
Turbo Encrypto HomePage: "Your documents are guaranteed to be safe an secure" (unless your opponent is using one of several Turbo-Crypto breakers, that is).
UnBreakable Encryption: "The strongest encryption algorithm in the world" - pity it uses a fixed key with a stream cipher, so you can recover the data with a simple XOR. In any case you can use an all-zero password. There's also a backdoor put in by the programmer (see the next entry).
UBE98 Backdoor: Backdoor in UBE98 discovered by a 14-year-old.
Breaking the "Unbreakable": More simple ways to break UBE.
Universal Data Cryptography Module: More advanced than RSA, DES, IDEA, and PGP! More advanced than all other algorithms put together! May even work on your system (after extensive patching and modifications).
UGEM System Characteristics: Military Lightning Server(TM) using a "Multi-sensory portable battle management network state space (patent pending)" with "digital microbe thunder clouds". This gem of programming will infiltrate any machine, "assimilate it", install itself, and take over. Oh yes, there's the obligatory "revolutionary new UGEM unbreakable encryption mechanism". "If you think this is a joke or science fiction ... then you are a fool". PS: I am not a crank.
Ultrimate Privacy: "Ultimate Privacy Corporation is the only commercial company offering a robust implementation [...] All other encryption systems are crackable". There's also a million dollar challenge in which the company bets a million dollars that their challenge is cooked to the point that noone can claim the prize.
Veil UltiMail System: Anonymous email. This product is sold by spamming, so it qualifies for the "avoid at all costs" category even if it isn't strictly snake oil.
Whale Communications - Air Gap Technologies: Claytons firewall which requires you to use their Secure Mail Shuttle(tm)(c)(r) to tunnel your macro viruses in instead of SMTP.
where to get SCOTT19U.ZIP: sci.crypts most indefagitable snake oiler.
WinFiles.com Windows 95/98 File Encryption Utilities: Veritable snakepit of encryption software (not all of these are snake oil, but there's an unusually high concentration of them present).
WinKrypt: Secure email encryption from the people who brought you SoftRam95.
Wizzard Software Encrypto!: "a sophisticated encryption program which allows you to secure any type of file" ... "totally unreadable to all data viewers known to man. This is powerful new technology that has never been broken" (you can break it with pencil and paper).

Security Standards, Laws, and Guidelines

A Guide to Understanding Data Remanence in Automated Information Systems
A Novice's Guide to the IETF: Good guide to how the IETF works (useful for understanding the IETF standards process).
ACSI 33: Security guidelines for Australian government IT systems (typical unclassified-level security guidelines).
Advanced Encryption Standard (AES) Development Effort: NIST's AES home page.
An Analysis of PGP's Trust Model
ATM Security Page: Asynchronous Transfer Mode security standards, products, publications, and work in progress.
Außenhandelsgesetz - Dual Use Güter: Austrian (EU-derived) export restrictions.
Australian Controls on the export of Defence and Strategic Goods
Australia's Legal Framework for Electronic Commerce: Australian government work on establishing a legal framework for e-commerce.
Banking technology resource home page: Links to info on ATM's, crypto, standards, publications.
Biometric Application Programming Interface (BAPI): Biometric API documentation and information.
Canadian Cryptography: Canadian government position and information on cryptography.
CAVE encryption algorithm: The (deliberately crippled) US cellular phone "encryption" algorithm.
CDSA - Common Data Security Architecture: CDSA specs from the OpenGroup.
Cloud Cover: GCHQ's GAK PKI.
Commerce At Light Speed-EDI: Various links to EDI/EDIFACT information.
Commercial Encryption Export Controls: ITAR (under new management).
Common Criteria Project -- HomePage: ISO 9000 for computer security.
Common Data Security Architecture: CDSA specs from Intel (unlike the OpenGroup, you don't have to be a member to get this version).
Communications Assistance for Law Enforcement Act: FBI universal surveillance act, since used as a blueprint in other countries (eg Enfopol in Europe).
Computer seizure guidelines: US federal guidelines for searching and siezing computers.
Computer Security Objects Register: NIST security-related object identifier registry.
Cryptographic Standards Library: FIPS 140-1, 46-2, 74, 81, 171, 180, DOD 5200.28-STD (TCSEC), 5220.22-M, NCSC-TG-25.
Cryptographic Standards Validation Programs at NIST: Validation information and suites for DES, Skipjack, DSA, and crypto modules.
CSP Designators: Crypto designators for WWII-era and early postwar comsec gear.
DAP Malaysia National Homepage: Malaysian computer crimes, digital signature, and telemedecine bills.
DCE Security: DCE security specs and literature, DCE security program group and research efforts.
Derived Test Requirements for FIPS 140-1: Requirements for FIPS 140-1 compliance testing.
Digital Signature Guidelines: ABA Digital Signature Guidelines
Draft UNCITRAL: Draft UN law on electronic commerce.
Digital Signature Standard Validation System (DSSVS) User's Guide: Validation suite for DSA and SHA.
DTI - Strategic Export Controls: DTI report on tightening export controls further to provide the illision of stopping all crypto getting out.
Electronic commerce: Commission proposes electronic signatures Directive: EU digital signature directive.
Export Administration Regulations (EAR): Latest version of the ITAR (which became the DTR, and now the EAR).
ECMA Standards (Blue cover)
EDI Security: An overview of EDI security.
EDIFACT Security Implementation Guidelines: EDIFACT security... dear oh dear.
Electronic Commerce: A Guide for the Business and Legal Community: NZ Law Commision report on e-commerce.
Electronic Commerce, EDI, EDIFACT and Security: Internet electronic commerce security (PEM, PGP, SHTTP, S/MIME, SET, SSL, etc), EDI security (X.12, EWOS), EDIFACT security, other EDI and EDIFACT standards.
EMV sets standards for global integration of Chip cards: Standards for smart cards. smart card terminals, and applications.
ETSI Publications: All ETSI standards documents available online for free.
ETSI TC SEC Homepage: ETSI technical committee on security home page.
Excerpts from the Export Control List of Canada: The sections which apply to crypto software/hardware.
Extended Log File Format: WWW common logfile format.
Extensions to PGP Key Format: Extensions to the PGP key format for PGP 5.
FIPS Home Page: Federal Information Processing Standards (including many crypto standards).
German Digital Signature Law: Draft of the law with related press releases and information.
GiTS Security: Crypto security API overview.
GSM Security and Encryption: Overview of GSM security and encryption.
HA-API: Human Authentication API (biometrics AP).
IEEE P1363: RSA, Diffie-Hellman, elliptic curve, and related public-key cryptography (P1363)
IETF RFC Index: RFC's indexed in various ways.
Information Technology Security Branch: RCMP IT security bulletins and information.
International Wassenaar Crypto Campaign: EFA-coordinated Wassenaar crypto campaign.
Internet drafts: RFC drafts.
Internet Mail Standards: Including S/MIME, PGP/MIME, MSP security in MIME, simple authentication and security layer (SASL), and mail ubiquitous security extensions (MUSE).
IESS Specs: Intelsat specs - roll your own Echelon.
IP Security Protocol (ipsec) Charter: IPSEC drafts and RFC's.
IP Security Working Group News: IPSEC specifications, drafts, related drafts, mailing list archives, and implementations.
ISAKMP and Oakley Information: Internet security association and key management protocol information.
ISO SC27 Standing Document 7: Abstracts for various ISO security standards.
ISO Standards: X.400, 500, 600, 700, 800. Get 'em quick before the ISO forces them offline.
ISO-IEC-9594: X.500 standards (including X.509) as Postscript files.
ISO/IEC 7816 in HTML: Online version of the ISO 7816 series (non-ISO copyrighted version, save a small fortune).
ISO/IEC JTC1/SC17 Website: ISO smart card standards group home page.
IT Baseline Protection Manual: BSI (German NSA) infosec manual.
ITU series X Recommendations - Data networks and open system communication: This includes X.400 and X.500 security-related standards. Note that you can get a lot of these free elsewhere if you know where to look (check some of the links on this page).
Maßnahmenkataloge zum Gesetz zur digitalen Signatur: BSI guidelines for implementing the German digital signature law (algorithms, protocols, and services).
MEDSEC: EU medical security and privacy project.
Microsoft Security Technologies: Authenticode, CryptoAPI, SSL and PCT, SET.
MISSI v2.0 Architecture Documents: MISSI/MSP/SDNS/MSP+MIME specifications.
Netscape Certificate Extensions Specification: Netscapes private extensions to X.509.
NIAP: NIST/NSA Common Criteria security evaluation program.
NIST Computer Security Standards: FIPS and NIST special publications
NIST's DES Validation List: List of NIST-validated DES implementations.
NORMOS: Internet Engineering Standards Repository: Access to IETF, RIPE, W3C, IANA, and SET standards and drafts by name, number, full-text search, etc.
NOT the Orange Book: Far more readable (and therefore useful) form of the Orange Book and other bits of the rainbow.
Novell Certificate Extension Attributes: Novell's X.509v3 certificate extensions.
NT Security - Frequently Asked Questions
OECD Draft Guidelines fpr Cryptography Policy: Leaked copies of the OECD crypto guidelines.
OECD guidelines comments: Stewart Bakers comments on the creation of the OECD crypto guidelines.
OID assignments from the top node: Play the ASN.1 object identifier game! See if you can find an OID for the algorithm you're looking for (and if not, invent your own). Win magnificant prizes, etc etc.
OII - Electronic Data Interchange Standards: Links to various EDI standards.
Open Systems Environment Implementors Workshop: You may be able to find bits and pieces of X.500 (including X.509) information here which are a lot more up to date than the ISO/ITU ones.
OSS - ASN.1 Reference - ASN.1 Reference Books: ASN.1 reference material.
PKCS: RSADSI Public Key Cryptography Standards.
Posix.1e: Never-finished Posix standard for security interfaces to handle ACL's, auditing, capabilities, and information labelling.
Public Key Infrastructure References: Public-key infrastructures (X.509, X-509-related, RFC's, other documents).
Rainbow Books: The DoD rainbow books and other security publications.
Rainbow Series Library: DOD Rainbow books as text, PDF, or Postscript.
RFCs about Security: Security RFC's sorted by title (also available sorted by number and author(s)).
Secure HTTP Information: S-HTTP specs and information.
Security Algorithms & Codes: ETSI security algorithms and codes. Most require NDA's (the usual telecom industry security through obscurity practice).
Security & Electronic Commerce: X/Open security, DCE, and GCS-API.
Security- and Privacy-Related Standards: A list of (mainly ANSI) security-related standards.
Security Guidelines: Australia/NZ GOSIP security guidelines.
Security Multiparts for MIME: Various security extensions for MIME.
Security Standards: Catalogue of international security-related standards and standards organisations.
Security Technologies: Microsofts security standardisation efforts.
SET (Secure Electronic Transactions): SET message definitions.
SET Electronic Commerce: SET standards, and updates.
Signature Directive Consultation: Comments on proposed EU digital signature directive.
SKIPJACK and KEA Algorithms: Specifications for Skipjack and KEA from Clipper.
Skipjack: KEA Errata: Errata for KEA test vectors in original spec.
Software Industry Issues: Digital Signatures: Links to various digital signature law initiatives.
Source Code Review Guidelines: General guidelines for writing security-conscious code.
Speech Recognition API (SRAPI) Home Page: Speech recognition/speaker verification AP.
SSL 3.0 Specification: SSL 3.0 spec (online version and as a PS file.
Summary of Changes to WA List: Summary of the changes made from Wassenaar'96 to Wassenaar'99.
TACACS+ FAQ: Cisco's TACACS+ FAQ.
Technical Advisory Committee to Develop a Federal Infomation Processing Standard for the Federal Key Management Infrastructure: US attempt at a GAK standard. One-sentence summary of the results: "We have no idea how to make this thing work".
Technical Security Standard for Information Technology (TSSIT): RCMP security standard.
Teletrust Algorithmenbeschreibung: Teletrust security architecture algorithms specification.
Teletrust Deutschland e.V.: Industry group/standards body formed to support security and authentication in communications. Page requires Java to be enabled to work.
The Wassenaar agreement.: The successor to COCOM, which restricts movements of dangerous technology such as biological, nuclear, and chemical weapons, missiles, artillery, and encryption software.
TNO-FEL: Common Criteria: Common security evaluation criteria.
Transport Layer Security (TLS) Working Group: Home page of the TLS WG.
UNCITRAL Home Page: UN Commission on International Trade Law home page (includes UNCITRAL draft e-commerce law).
UK ITSEC scheme: UK ITSEC documentation and information.
Unix secure source code checklist: AusCERT checklist for programmers writing security-conscious Unix code.
Visa-Smart Cards-Protection Profile: VISA's profile of the Common Criteria for smart cards.
WA-LIST (98): 1998 Wassenaar (more correctly US State Department) control lists as Word and PDF files.
WA-LIST (98) / HTML: As above but translated into HTML
Wassenaar an der Donau: Article about the Wassenaar Secretariat in Vienna.
Wassenaar Arrangement: The Wassenaar Arrangement as obtained from leaks or freedom-of-information lawsuits.
Wassenaar Arrangement - US control lists: The Wassenaar control lists as crowbarred from the US State Department by an FOIA request.
Wassenaar Arrangement: The final solution to the crypto problem.
What is DMS?: The Defense Messaging System - like X.400 and X.500, but not as simple.
Windows Cryptosystem Guidelines: Security guidelines for encryption under Windows.
WWW-Security Reference page: Internet standards bodies, HTTP security proposals, IETF working groups, Internet standards, mailing lists.
X9 Home Page: ANSI X.9 standards (including crypto standards).

Security and Encryption-related Resources and Links / Peter Gutmann / pgut001@cs.auckland.ac.nz

Encryption and Security-related Resources

Crypto Link Farms

Crypto Archives

Crypto Social Issues

Crypto Software

Miscellaneous Security Items

Anonymity and Privacy

Random Numbers

Public Key Infrastructure

Security Agencies and Organizations

Security Books, Journals, Bibliographies, and Publications

Security People

Security Problems

Security Products

Access Control

Data Encryption

Interception and Monitoring

Investigative Tools

Misc

Online Commerce and Banking

Smart Cards

Snake Oil

Security Standards, Laws, and Guidelines