Encryption and Security-related Resources

The following are security-related resources (aka "the crypto link farm") that I've found on the net. If there's anything which needs updating or correcting, please let me know. Because of its large size, I only update the online version of the page every few months, so please be patient when waiting for updates to reported changes to appear.

Thanks to a few overseas readers there are now mirrors of this page available outside New Zealand which should provide faster access for people in Europe and the US. These mirrors are:

Austrian mirror (updated manually)
German mirror (updated automatically)
German mirror (updated automatically)
Italian mirror (updated automatically)
Norwegian mirror (updated automatically)
UK mirror (updated automatically)
UK mirror (updated manually)
UK mirror (updated manually)
US Mirror (self-extracting DOS file, updated manually)
US mirror (updated manually)

Crypto Link Farms

Alexander Geschonneck's security page: Security related papers, pages, X.509 information, publications, network security and firewall vendors, security FAQ's.
Anonymity, privacy, security.: Very nicely done collection of links to anonymity, privacy, and security resources.
Bellare - Crypto links: More link farms, conferences, organizations, electronic commerce, IETF, key forfeiture, crypto people.
Cambridge Computer Security Group Links: Huge collections of links to security-related sites - the format is a bit like this list.
Chris Vidler's Cryptography Page: Links to FTP archives, bibliographies and e-journals, disk and filesystem encryption, laws and regulations, network security, newsgroups and mailing lists, protocols and standards, software, and vulnerabilities.
Coast Security Archive - Category Index: A large archive of security software, publications, and technical information.
COAST Hotlist Contents: Gene Spaffords crypto and security link farm.
Computer Security Network Telecommunications and Physical Security @ Algonquin College: Crypto, programming, networking tutorials, firewalls, viruses, physical security, threat assessment and disaster planning, security ethics, legal resources.
Crypto-Log: Internet Guide to Cryptography: Algorithms and mathematics, FTP archives, bibliographies, key escrow, disk, file, and mail encryption, crypto laws, internet security, newsgroups and mailing lists, protocols and standards, steganography, voice encryption, security problems (the original has vanished, this looks like an old mirror).
Cryptology pointers: Conferences, books, research groups, organisations, companies, algorithms, protocols, software and hardware, legislation, history.
Cryptographic Resources On The Web: Links to encryption regulation, encryption policy and privacy, and general encryption resources.
Cryptography: PGP, encryption algorithms, legal issues.
Cryptography: The Study of Encryption: Crypto newsgroups, papers, cypherpunks, crypto policy, digital cash, and other information sources.
Cryptography Technical Report Server (CTRS): Various crypto-related tech reports.
Cryptography URL: Encryption standards, FAQ's, and FTP sites.
Datacomms Technologies cryptography archive: Encryption software, text files and information, resources and links.
DSTC Security Related Links: Links to crypto, digital signatures, e-cash, internet backing, smart cards, NT security, PKI, standards.
Email security, cryptography and related stuff: PEM, MIME, and MOSS RFCs, links to CA's, implementations, literature, PGP.
European Cryptography Resources: Recommendations, drafts, papers, new items, official bodies, research, and government meddling.
Firewall Security Jump Page: Links and summaries of a wide variety of firewall products.
Gateway to Information Security Home Page: Links to a large number of security-related sites, books, journals, and related information (imagine this page, but not all lumped together on one page).
Hideaway.Net - Security, Privacy, Anti-Virus, Linux: Privacy, crypto, software, security information and updates, publications, virus protection.
International Cryptographic Software Pages for Encryption, Decryption, Cryptanalysis, Steganography, and Related Methods: Algorithms, software packages, protocols and standards, books, journals, conferences, newsgroups, mailing lists, crypto links.
Kriptópolis: Criptografía, PGP, Seguridad en Internet: Anonymity, e-commerce, crypto, PGP, security organisations, publications, security bulletins, software.
Links Related to Terrorism, Intelligence, and Crime: A large number of intelligence, security, law enforcement, disaster planning, terrorism, crime, military, and defense agencies and organizations.
Luca Venuti's Home Page - TPC: Electronic privacy links, organisations, newsgroups.
No Big Brother Page: Links to remailers, anon proxies, crypto and stego software, file wiping tools, privacy and anti-privacy organisations.
NCSA Hot Links: Anti-virus software, firewalls, general security vendors, general infosec links, parental control, privacy, law, and ethics.
Neil's Security and Privacy Resources: Encryption, steganography, special events, research, documents, news, security archives, security organizations.
Network/Computer Security Technology: Current events, security web pages, commercial security tools, newsgroups, mailing lists, FAQ's, incident bulletins, conferences/seminars/workshops.
Security and Cryptography: Conferences, link encryption, phone and modem encryption, encrypted filesystems, PKI, research, governments and policy, companies, people, PGP.
Security Search - The Security Search Engine: Search engine for finding information on security-related issues (anonymity, conferences, legislation, security products, publications, R&D, security problems).
Spanish Crypto Resources: Spanish crypto and security-related companies, magazines, and events.
Strong Cryptography Links on the Internet: Links to crypto companies, universities, newsgroups, books, algorithms, security and crypto tools.
Technical Information - Cryptography: Links to other crypto sites, source code archives, companies and organisations, peope, and reference information.
The Rotherwick Firewall Resource - Point of Attack: Firewall basics, white papers, products, manufacturers, books, papers, training, mailing lists, links to other firewall-related resources.
Tom Dunigan's Security page: PGP, S/Key, Kerberos, crypto API's, secure applications, commercial providers, government agencies, intrusion detection, vulnerabilities.
TWISTer: Trend Watch for Information Security Technolgy: Security info search engine run by the Korean Information Security Agency.
TSA (Law Enforcement and Intelligence) Links: More links to law enforcement and intelligence agencies.
Uni-GH Siegen - Security-Server: Encryption algorithms, data protection, steganography, ecash, Internet security, viruses, conferences, security standards, newsgroups and mailing lists, RFC, journals.
University of Torino Security Resources: Links to web pages, newsgroups, FTP sites, research labs, papers, conferences, and journals.
Vince Cate's Cryptorebel/Cypherpunk Page: Cypherpunks resources, remailers, digital cash, PGP, and Clipper.
Vinnie's Crypto Links: Crypto overviews and FAQ's, link farms, encrypted comms, e-commerce, crypto libraries.

Crypto Archives

Attrition crypto archive: US-only crypto code archive.
Crypto: Links to software for email/voice/file/disk encryption, authentication, stego.
FUNET crypto archive: PGP, symmetric and asymmetric encryption, crypto libraries, papers.
munitions - cryptographic software for linux: Linux crypto software archive.
North American Cryptography Archives: Archive of crypto software, only available from the US and Canada.
Oxford Uni crypto archives: DES, SSL, cryptanalysis, documentation, PGP, miscellaneous.
Replay crypto/security archives: Apache, Applied Crypto files, encryption, Java, PGP, remailers, security, voice encryption files.
Tattooman Crypto Archive: Large selection of crypto software, but trapped behind the iron curtain.
University of Hamburg crypto archive: Disk and file encryption, PGP, stego, voice encryption.
University of Oslo PGP archive: PGP and PGP-related software.
UREC archive: French archive of CERT bulletins, dictionaries, PC, Unix, VMS security software (mostly anti-virus and access control rather than crypto).

Crypto Social Issues

[1997] 1 Web JCLI: Analysis of the UK governments policy on encryption.
Additional Comments of Philip R. Karn, Jr.: Phil Karn rebuts inaccurate and bizarre government claims in congressional testimony (this is an example of the kind of misinformation which government advisors often provide to their governments).
Adopt An MP - Homepage: UK campaign to adopt an MP and enlighten them over problems with crypto restrictions.
Adopt An MP - Letter to Jack Straw, Home Secretary: Simple photo essay showing how to get rid of politicians pushing for draconian anti-privacy laws.
America Online exploits bug in own software: AOL uses a bug in its own software to run code on users machines.
Americans for Computer Privacy: Computer privacy issues.
Baltimore - Library - UK Crypto Policy: Comments on UK crypto policy (from the person who tried to sell GAK to the NHS).
BBC News - Encryption: BBC news stories on encryption, including "UK Government dithers on encryption regulation".
Big Brother Incorporated: Companies which supply surveillance technology to non-democratic regimes.
Big Brother Inside Homepage: Privacy concerns about Intel's PIII processor ID (mis)feature.
Brookings Policy Brief No.21.: Brookings Institute study of crypto policy (pro-GAK).
C to English and English to C translator: Translates crypto code into English to allow it to be exported, then translates it back into code afterwards.
CACIB: UK government tactics for deploying GAK.
Canada's export controls: Summary of the Canadian crypto export situation.
Cato Handbook for Congress: Freedom on the Internet and Other Computer Networks: Cato Institute study of crypto policy (anti-GAK).
Centre for Democracy and Technology Crypto Page: CDT information on current US crypto policy
CIPHR'99 Conference: Cryptography & International Protection of Human Rights: Conference on crypto and human rights.
Clipper Roadshow: US government policy laundering on key escrow.
CNET features - digital life - privacy in the digital age: Digital privacy (or more specifically, the lack thereof).
Codex Surveillance & Privacy Page: Surveillance, stalking, privacy invasion, eavesdropping, and anything else related to these categories.
Comments on Encryption Transfers: Comments on new US export regulations.
Comments on Encryption Transfers - HTML: Easier-to-handle HTML versions of the above.
Confronting the New Intelligence Establishment: Lessons from the Colorado Experience: Article on NSA communications interception and attempts to have it stopped.
Coral: Traffic monitoring on an OC3 link using a Pentium PC - an example of how this sort of thing would be done.
Cracking DES: Cracking DES from the US (made available based on the Ninth Circuit Court of Appeals ruling that the export controls violate the First Amendment).
Crime, Terror & War: National Security & Public Safety in the Information Age: The sky is falling! The sky is falling!
Crypto AG: Reports of Crypto AG rigging crypto hardware to allow NSA decryption.
Crypto AG - Der Spiegel (German): Allegations of intelligence agencies subverting Crypto AG product security.
Crypto AG: The NSA's Trojan Whore?: Possible rigging of Swiss-made crypto gear by the NSA.
Crypto-Controls Advisory Services: The one organisation making money out of US export controls.
Crypto Law Survey: A survey of crypto laws in various countries.
Crypto regulation in Europe: The state of crypto regulation plans in Europe as of May 1997.
Cryptography and Liberty 1999: 1999 EPIC report on crypto controls.
Cryptography's Role in Securing the Information Society: National Academy of Sciences report on cryptography policy.
Cryptography, Scientific Freedom, and Human Rights: American Association for the Advancement of Science page on crypto and human rights.
Cryptology: Law Enforcement & National Security vs. Privacy, Security & The Future of Commerce: Good analysis of crypto politics and export control issues.
Cyberspace Law for Non-Lawyers: Privacy laws and the Internet.
Das Ministerium für Wahrheit: Information and links on Echelon, Europol/Enfopol, and other wide-scale surveillance initiatives.
Development of Surveillance Technology and Risk of Abuse of Economic Information 1/4: European parliament report on computer-based industrial espionage.
DIE ZEIT Nr. 28/1998 Leichtes Spiel: German news report on NSA industrial espionage leading to $100M loss for German company.
DIE ZEIT Nr. 39 vom 17. 9. 1998: Hintertür für Spione: Another report on Enercon industrial espionage.
Distributing encryption software by the Internet: loopholes in Australian export controls: Examination of legal implications of electronic export from Australia. Conclusion: It's OK.
DTI/UK Encryption Policy: Reply to the DTI Consultation Paper on Licensing of Trusted Third Parties for the Provision of Encryption Services.
E-commerce under threat from encryption deal: The Australian Financial Review on Wassenaar'98.
Echelon: Exposing the Global Surveillance System: Covert Action Quarterly article on wordlwide NSA surveillance.
ECHELON: America's Secret Global Surveillance Network: Free Congress Foundation report on Echelon surveillance system.
Echelon--Rights Violation in the Information Age, by Don Lobo Tiggre: Article on Echelon.
EE Times - White Paper: White paper on hackers.
Emerging Japanese Encryption Policy: How Japan, Inc, handles encryption policy (a real contrast to the US governments attitude).
Encryption: Impact on Law Enforcement: FBI's "The sky is falling" speech, revised every year or so (it's been falling since about '92).
Encryption Policy and Market Trends: Dorothy Dennings 1997 GAK forecast.
Encryption Policy for the 21st Century: Cato Institute study on the future of encryption.
EPIC Cryptography Policy: EPIC information on current US crypto policy.
EPIC Privacy Links: EPIC privacy resources.
export-a-crypto-system sig: Diminuitive crypto hacks (well-known algorithms in a few lines of Perl, Python, or C) and how to use them to poke fun at export laws.
Export Licensing of Intangibles: Commentary on likely effects of UK proposal to license export of intangibles.
Exposing the Global Surveillance System: Extracts from Nicky Hager's book "Secret Power".
FinCen: Big Brother for financial information.
Former Secrets: Declassified US government machinations to ban/restrict crypto.
French Cryptology: the takeover by force of Jospin: Article given background details on the liberalisation of crypto in France.
FUD! Home Page - Crypto legislation: Contents of and discussion over various US crypto bills.
GILC -- Cryptography and Liberty: Survey of encryption policy worldwide.
Global Monetary: Electronic implants to "aggressively build a proprietary global system of exchange, customer tracking and profiling". Not sure if these people are for real or not.
GNN on Crypto: Global Network Navigator web review: The NSA vs The Net.
Government, Cryptography, and the Right to Privacy: Paper documenting the overt and covert regulation and restriction of cryptography by governments.
Good Privacy Test Sites: Links to sites which show how easy it is to get information on your and your activities on the net.
GR Design Principles: GAK-resistant crypto protocol design guidelines.
Gray Areas Magazine: Essays and articles on the computer underground (and all sorts of other things).
Green light for limited encryption exports: Australia's interpretation of Wassenaar'98.
Growing Development of Foreign Encryption Products in the face of U.S. Export Regulations: 1999 survey of non-US companies producing crypto products.
IFIP TC11 Position on Cryptopolicies: IFIP's (very sensible) position on crypto use and crypto regulation.
Information About PGP & Encryption: Information on the creeping takeover of GAK.
Interception: Technical details on large-scale GSM and ISDN interception techniques.
Interception Capabilities 2000: Comprehensive report on worldwide communications surveillance and interception practices.
International requirements for interception: The FBI exports CALEA to the rest of the world.
Internet Privacy Coalition: Attempts to ensure privacy on the internet.
Interview with David Herson - SOGIS: Interview on European crypto policy.
ITAR Civil Disobedience: Click on this form to become an international arms trafficker.
Key Recovery Study: The risks of key recovery, key escrow, and trusted third party encryption.
KRISIS Home Page: GAK/EuroClipper home page.
Liberalization 2000: President's Export Council Subcommittee on Encryption recommendations to pretty much remove export controls.
Los Angeles County Public Defender's Office: Information on large-scale illegal wiretaps in LA.
Menwith Hill letter from Ministry of Defence: There's nothing going on there... nothing to see... move along, move along...
Microsoft, the NSA, and You: Description of NSA backdoor inserted into every (recent) version of Windows.
NCSA HTTPd/Mosaic: Using PGP/PEM auth: Early attempts to incorporate PEM and PGP encryption into web browsers torpedoed by the NSA.
NSA and Crypto-politics: Huge (1/2MB) writeup on the NSA and crypto politics.
NSA's Influence on New Zealand Crypto Policy: NSA influence on New Zealand export policy.
No Chance for Key Recovery: Paper on key recovery (GAK) vs human and political rights.
NSA's keys: NSA and MS CryptoAPI CSP signing keys.
Paul Wolf's Echelon Links: Links to information on Echelon, media coverage, and other information.
PC Week: Lies and cryptography: "We've lately had reason to wonder if our nation's cryptography policy is being made by fools. It is a mixed blessing to learn that the people in charge are merely liars [...]".
PGP 6.0: Cat out of the bag: Wired article showing just how effective US export controls really are.
Phil Zimmermann: Letters to Phil about the use of PGP by human rights groups.
Phone Tapping: Information and resources on government phone tapping plans.
Pressemitteilung - 2. Juni 1999: Germany government statement affirming the right to use the strongest crypto possible.
Privacy, Inc.: Various resources related to the (lack of) privacy, including access to databases and online information search facilities.
Privacy International Home Page: Privacy reports, interntional agreements on privacy and human rights, surveillance technologies, ID cards, privacy-related conferences.
Privacy on the Internet: Zola Times articles on Internet privacy.
Privacy on the Net: Practical Issues: Links and information on various privacy-related issues (cryptography, anonymity, secure communications).
q/depesche: Free crypto campaign logos.
Remailer list: List of anonymous remailers.
Report: U.S. Uses Key Escrow To Steal Secrets: Report on US using crypto restrictions to steal other countries economic secrets.
Roger Clarke's Privacy Page: Data surveillance and information privacy information publications, and legislation.
Roger Clarke's Public Interests on the Electronic Frontier: Paper discussing various freedoms and rights such as the right to privacy.
Roxen's General Export Application for Strong 128-bit Encrypted Denied: Swedish government refusal of export permit for 128-bit SSL.
RSA as a MIDI file: RSA encoded as a MIDI file. Technically this is a program and therefore unexportable from the US.
Self Incrimination and Cryptographic Keys: Richmond Journal of Law and Technology article on forced disclosure of crypto keys.
Services Available from Offshore Information Services Ltd.: Offshore internet services and accounts in Anguilla.
SOFTWAR Information Security: Declassified papers and resources on Clipper and key escrow, voice and mail encryption software.
Solitaire Encryption Algorithm: How to turn a deck of cards into an export-controlled item.
Special Investigation: ILETS and the ENFOPOL 98 Affair: FBI policy laundering: Persuade Europe to adopt wiretapping laws which failed in the US.
Stille, I svumpukler! Det er en andagtsfuld stund!: Information on crypto controls, Echelon, and related issues, from a Danish perspective.
Tapping into CALEA: Government surveillance server ("delivers intercepted call content and identifying information... capacity for up to 512 simulatneous call intercepts".
Telekommunikationsgesetz: East German surveillance state-style laws being applied in the unified Germany.
Telepolis Enfopol-Papiere: Documentation relating to EU telecoms surveillance plans (EU-Echelon).
The Age - Computers: DSD meddling in Australian crypto exports.
The European Surveillance Union: Story on European Enfopol massive-scale wiretapping initiative.
Threat and Vulnerability Model for Key Recovery: NSA report on why GAK is bad (yes, you read that right).
Tools For Privacy: Version 1: An online book covering threats to privacy, cryptography, PGP, and related issues.
TruePosition Wireless Location System Home Page: Cellular phone tracking.
UK Cryptographic Policy Discussion Group: ukcrypto mailing list archives.
Updated UK Proposals for Licensing Encryption Services: Critique of UK crypto licensing/GAK proposal.
U.S. Electronic Espionage: A Memoir: First exposure of the NSA and Echelon
US Spy Agency Confirms Secret Princess Diana Files: Echelon in action: APB story on NSA building up 1000+ page file on Princess Diana.
Walsh Report: Report on Australian crypto policy, originally suppressed by the government, then released in censored form after a judicial review, finally obtained as the full version by EFA. Provides most interesting reading since the bits they didn't want the public to see are now highlighted in red.
What your Browser is Sending: See what information your web browser is sending to remote servers.

Crypto Software

ABA JCE: Clean-room JCE implementation.
Abacus Project: Suite of free intrusion detection tools.
Advanced Cryptography Tool: Crypto tool using PGP 2.6.3i with triple DES and SHA-1.
AES Algorithm Efficiency: Free-world implementations of the AES algorithms.
Alex Encryption: Encryption based on automata theory (unknown security level).
Ambient Empire: Vigenere cipher cracker, Windows port scanner.
Apache HTTP Server Project: Apache secure web server.
Bastille-linux homepage: Security-tuned Linux distribution.
BSAFEeay, a public domain implementation of the BSAFE API: BSAFE API wrapper around SSLeay.
Canadian Cryptographic/cryptanalytic software: Canadian encryption software and companies.
CAP: Cryptographic analysis program (automatically analyse and break simple ciphers).
Cassandra: Windows'95/98 trojan detector (detects and disables Back Orifice, Netbus, etc etc).
Cedomir Igaly's SSH Page: Free SSH for Windows.
Cédric Gourio's Java-SSH: SSH client in Java.
CIPE: Crypto IP encapsulation - encrypting IP routers using Linux.
CipherClerk: Software emulation of various historical ciphers
CIS: SDSI (Simple Distributed Security Infrastructure): SDSI implementations and documentation.
Cisco Systems ISAKMP Distribution: A reference implementation of the IETF's ISAKMP protocol.
Claymore PureTLS: TLS in Java.
CRASHME: Random input testing.: Tests resistance of programs to random input.
Crowds Home Page: Anonymous proxying for web browsing.
cryptix: Cryptix Java crypto library.
cryptlib Information: Encryption library supporting a large number of encryption algorithms, digital signatures, key exchange, X.509/PKIX/SET certificates, CA functionality, key databases, HTTP and LDAP directory access, smart cards, S/MIME, and secure enveloping.
Crypto at Lothar: Entropy gathering daemon (random number source) for Unix.
Crypto Kong: PGP-like program using elliptic curve crypto.
Cryptographic Libraries: A comparison: Comparison of various free (and free-world) crypto libraries.
Cryptographic software: Elliptic curve and RSA public-key encryption software.
Cryptographic tools for Visual Basic: Elliptic curve OLE extension for VB.
Cryptography Blowfish Multi-thread: Command-line Blowfish encrypter.
Cryptonite Java Package: Java crypto library.
Cryptoscan: Scanned US crypto publications available outside the US.
Cyber-Knights Templar: Crypto software, brute-force encryption cracking, crypto politics issues.
CTC - PGP-compatible encryption software: PGP-compatible C library and Mac application.
Delphi crypto software: Various pieces of crypto software written in, and for, Delphi.
Delphi SkunkWorks - Data Encryption: Delphi crypto libraries.
DES in VHDL: DES in VHDL, including a Xilinx-optimised version.
Disk/File Wiping Utilities: Programs to wipe files, free disk space, slack space, the Windows swap file.
Emacs Cryptographic Library and Tools: DES, RC4, IDEA, SHA-1, MD5, and others, in elisp.
Enabling Network Security with SSLeay: Security projects based on SSLeay.
Encrypted PDFs: Code to work with encrypted PDF's (intended mainly for use with Ghostscript).
Encrypting your Disks with Linux: Various Linux disk encryption programs.
Encryption for the Masses: Windows NT disk encryption using 3DES Blowfish, IDEA, or CAST, compatible with SFS and ScramDisk. Written in the free world.
Enhancing E-Mail Security With Procmail: Using procmail to strip trojan horses/malicious HTML/buffer overflow attacks/browser attacks/etc. Unfortunately since most of these holes affect Windows and procmail runs under Unix...
Engineering Research Home Page: P1363 ECC implementation.
Enigma: PGP-compatible plugin written in Java.
Eraser: Windows file/disk/free space eraser.
Eric's Crypto Software: DES and Skipjack for the PIC.
Eric Hambuch - Linux Software: X-Windows interface to file encryption software.
Error Correcting Codes (ECC) Home Page: C source code and information on ECC's (the techniques employed are closely related to encryption techniques).
ESP Reference: Encrypted socket protocol (an open protocol for TCP/IP secure transmissions).
FileVault: File encryption using 64-bit (?) Blowfish.
Flask: Flux Advanced Security Kernel: Security kernel for the Fluke OS.
Fortify for Netscape: Free 128-bit SSL browser proxy,
Frank O'Dwyer's Homepage - Security Code: DES in Java, C++ firewall class library.
Free-DES Home Page: Free VHDL DES core.
Freefire Projektstartseite: Resource page for developers of free security software.
FreeSPEKE SDK: SPEKE toolkit.
Fresh Free FiSSH!: Free SSH client for Win'95 and NT.
Fuzzy Logic: Cryptography: The GNU encryption project.
F W T K . O R G: TIS firewall toolkit home page.
GInt: Bignum library and sample PKC code.
GMD Security Technology - SecuDE: Security toolkit for RSA, DSA, DES, DH, X.509, PKCS, PEM, X.500, and BYOG.
GNU Privacy Guard: GPL'd OpenPGP implementation from the free world.
Hamradio page of Thomas M. Sailer, HB9JNX: All sorts of neat stuff for software decoding of various radio signals.
Heimdal: Non-US Kerberos 5 implementation.
HushMail: Encrypted mail using SSL and Java.
IAIK - Javasecurity Homepage: Java cryptography extensions from the free world.
iButtons: Unix source code and software for working with iButtons.
ICE Home Page: The Information Concealment Engine block cipher.
Immunix: Adaptive System Survivability: Automatic protection against stack-smashing attacks.
International Crypto Freedom (PGP en français): French crypto archive.
International Kernel Patch: Free-world Linux kernel patch to add strong crypto services to the OS.
International PGP Home Page: How to get PGP, documentation, foreign-language support, PGP-related products and services, and other PGP resources.
Internet Locations for Materials on the Disks for Applied Cryptography: Site #1.
Introduction to the Kiwi software suite: Crypto-based spam protection software.
IRDU PGP Page: PGP information, software, key management, key server interface, PGP links.
JCSI: Free-world JCE implementation.
JGSS Package Distribution Page: Kerberos in Java.
jSSL - A free Java SSL implementation.: SSL implementation in Java.
KeyNote Web Page: The KeyNote trust management system.
Keytrap Home Page: Dcyphers keyboard sniffer.
kha0S Linux - b/c friends don't let friends s[ug]id: Linux with strong crypto built in.
Kryptographie-Chip: Open-source crypto chip (VHDL source available). Wow!
Kwik-Rite Development : Windows and WWW solutions: Archive utility with encryption, ScramDisk add-on for Delphi.
Lance Cottrell Home Page: Mixmaster remailer publications and soure code.
Leonard Janke's Homepage: Intel-optimised hashing, bignum, and crypto code.
Lewis' KEA (Key Exchange Algorithm) Page: KEA information.
Linux-PAM: Pluggable authentication modules for Linux.
libch's Homepage: P5-optimised code for various hash algorithms.
LiDIA - Main Page: C++ computational number theory library (great for crypto).
LInteger: C++ bignum library.
Linux FreeS/WAN Project: IPSEC, ISAKMP/Oakley and DNSSEC software for Linux.
Linux Packet Sniffer: IP packet sniffer for Linux.
LSH: Free SSH v2 implementation.
Mcrypt: GPL'd replacement for Unix crypt(1) written in the free world.
MD5 Message Digest algorithm in Javascript
Microsoft CryptoAPI: Microsoft's attempt at a cryptograhpy API. This page moves a lot, you may need to try a search from MS's developer pages.
MindTerm - A java implementation of SSH: SSH client in Java.
Ming-Ching Tiew Home Page: PGP key manager, PGP netscape plugin, Motif and Win32 file encrypter using cryptlib, cryptlib Java wrappers.
mod_ssl: The Apache Interface to OpenSSL: OpenSSL interface for the Apache web server.
Mozilla Crypto Group: Putting the crypto back into Netscape/Mozilla.
Nautilus Homepage: Speech encryption (with a neat anti-Clipper graphic).
Ng Pheng Siong's Home Page: Python crypto toolkit.
NiftyTelnet: SSH client for the Mac.
Nmap -- Stealth Port Scanner: Stealth scanner using TCP half open scanning, TCP FIN/Xmas/NULL stealth scanning, ftp bounce and IP fragmentation scanning, and OS identification by TCP/IP fingerprinting.
NSBD: Not-So-Bad Distribution: Internet software distribution authenticated with PGP.
NT Tools: Includes an NT security config tool to patch a number of NT security holes and flaws.
NTL: A Library for doing Number Theory: C++ bignum maths library.
Ocotillo PRNG: PRNG for Unix.
Official OpenCrypt Site: Blowfish encryption DLL for Win32.
OpenSSL: The Open Source toolkit for SSL/TLS: Free SSL/TLS implementation.
Oscar - DSTC's Public Key Infrastructure Project: PKI toolkit.
Package Acme.Crypto: Various Java crypto classes.
Package java.security: Java security package docs.
Packet Storm Security Archives: Large collection of free software and information related to security and encryption.
PC Security Software & Sources: Brief descriptions of various security programs.
PGP, logiciel de cryptographie gratuit et en français (PGP pour les français): French PGP page.
PGP Tools: PGP function library.
PGPLIB: DLL which implements various PGP functions.
PGPNet Server: A dummy home page for the www.pgp.net domain (incomplete).
Photuris Test Server: Photuris session-key management protocol software and test server.
Private Idaho User's Manual: Documentation for Private Idaho.
ppdd: Linux encrypted disk device driver using Blowfish.
PPTP-linux: Point-to-Point Tunneling Protocol: PPTP for Linux (presumably without all of Microsoft's security holes in it).
PS: (Relatively) secure encryption using 40-bit keys (designed to bypass silly French restrictions).
PuTTY: a free Win32 telnet/ssh client: Telnet/SSH client for Win32.
pyCA - Software for running a certificate authority: Python scripts for automating various parts of running a CA.
Qualcomm Australia crypto software: sendmail encryption patch, SOBER stream cipher.
RC4 Stream Cipher Library: RC4 ActiveX control.
RC4SE: Windows shell extension for file encryption using RC4 (requires 128-bit MS crypto provider to work).
Reliable Remailer: cpunk/mix remailer for Windows.
RIPEM: RIPEM source code and information.
RSA Free Utilities: RSA key generation and encryption for Linux.
RSAEURO - Cryptography For The World: European RSAREF providing full source-code compatibility with the original.
SafeGossip: TLS-based tunnel.
SCEZ - Smart Card Library: Free general-purpose smart card interface library.
SCNSM: Win3.1/95/98 non-swappable memory allocator.
ScramDisk - Free Disk Encryption Software: Win95 disk encryption using 3DES, Blowfish, IDEA, MISTY, Square, and TEA.
ScramDisk Additions: ScramDisk add-ons and a program to demonstrate a flaw in it (now fixed).
Secretz: File encryption using elliptic-curve PKC's and Blowfish.
Secure Edit: Mac program which encrypts edited files with IDEA.
Secure FileSystem Information: The world's best transparent disk encryption software for DOS and Windows (this has nothing to do with the fact the I'm the author :-).
Secure Logging: Secure logging for Unix and Windows.
Secure Memo Pad Encryptor for Palm Handhelds: ECC crypto for PalmPilots.
SecureTrayUtil: Enhanced front-end for ScramDisk.
Security: File wiping: Links to various file wiping utilities.
Simulator Index Page: Simlators for various historical cipher machines.
Sir Winston Rayburn - Crypto/Politico: Various encryption reoutines.
S/KEY Information: Information on the S/KEY authentication system.
SMB Scanner: SMB port/machine scanner.
S/MIME Freeware Library: S/MIME freeware library (export-controlled, US only).
SNOW Home Page: Whitespace steganography software.
spDES Encryption Control: ActiveX DES control.
Speak Freely: Very nice Unix and Windows speech encryption software.
Ssh (Secure Shell) Home Page: Very good encrypted, digital-signature-authentication remote access software (replaces the r* utilities, allows X11 and TCP port redirection over the encrypted connection).
SSH/SCP for Windows: ssh/scp port for Win95/NT.
SSLeay and SSLapps FAQ: Very nice, free SSL implementation (like Netscape's SSL, but without the bugs and crippled encryption).
SRP: Secure Password Authentication for the Net: Secure password-based authentication over insecure networks.
Stack Shield: Tool to add stack overflow protection to Linux programs.
Steganography - MP3Stego: Information hiding in MP3's.
Stunnel homepage: PPP over SSL tunneling software.
Systemics Software Archive: Crypto extensions for perl and Java.
TC TrustCenter TC_PKCS11: PKCS #11 software-only token implementation.
The Cryptography and PGP Page: Classic ciphers, links to crypto sites, explanations of the maths behind PGP and RSA, privacy issues.
Therapy: SSH client for Win32.
Tiny Encryption Algorithm: Description and C source code.
TinyIDEA - 128-bit File Encryption: 366-byte IDEA file encryption program.
Tom's Privacy Pages: Patching Netscape, MSIE, and Outlook to use strong crypto.
Transparent Cryptographic File System
Tresor Page: Mac file encryption using IDEA, written in the free world.
Trinux: A Linux Security Toolkit: Floppy-bootable Linux network security toolkit.
TSS PGPWord... Real Security, Real Easy: PGP encryption integrated into Word for Windows.
TTSSH: An SSH Extension to Teraterm: SSH DLL add-on for Teraterm.
UMAC -- Message Authentication Webpage: Very fast MAC.
Uni-GH Siegen - Security-Server - Kryptographie: Pointers to information on and implementations of a number of conventional, public-key, and hash algorithms.
Unix tools on Windows NT?: ssh port to NT via Cygnus gnu-win32.
Vitas DownLoad area: Windows'95 password (.PWL) viewer.
Wei Dai's Crypto++: C++ class library of cryptographic primitives.
WinPGP(tm) Home Page: Windows front-end for PGP.
wipe 0.15: Secure data deletion for Unix.
XPDF additions: Add-on to allow XPDF to decrypt encrypted PDF files.
Zen: C library for fast computation in finite extension over finite rings
ZWEKNU Central Industries: Various security-related bits of code (ARP spoofing, iButton PAM, portable firewall).

Miscellaneous Security Items

Anonymity and Privacy Aixs Net Privacy Web access anonymiser. Anonymizer Web access anonymizer. IRC4ALL Public Proxy Page Links to public WWW/FTP anonymising proxies. Lucent Personalised Web Assistant Proxy which hides personal details from intrusive web pages and blocks spam. Onion Routing Routing mechanism which resists traffic analysis. Remailer related Sources Remailer home pages, remailer techinfo, PGP introduction, PGP keyservers, crypto pages and laws. Steganography A paper on steganography.
Random Numbers /dev/random Support Page Home page of the Unix /dev/random randomness driver. Atom-Age Products Thermal-noise-based hardware RNG. Aware Electronics Corp. PC Geiger counters (great random data sources). CME's Random Number Conditioning Page Information on sources of strong random numbers. Computer Generated Random Numbers Techniques for analyzing PRNG's. DIEHARD George Marsaglia's RNG test suite. Efficient Generation of Cryptographic Confusion Sequences A survey of PRNG's for crypto applicatoins. FreeBSD Notes Various notes on /dev/random and randomness gathering. HotBits: Genuine Random Numbers Build-it-yourself radioactive-decay based random number generator (perfect for Chernobyl residents). Ideas for an RNG_DEVICE standard Proposed standard for random-number generation devices. Lavarand! Random number generation using lava lamps. Noisemaker schematic Hardware RNG. Numerical Recipes Home Page CDROM contains ~1/4GB of random numbers. ORB - Open Random Bit Generator Low-cost single-chip RNG. ORION RNG Serial-port hardware RNG. Protegrity Incorporated Cryptographically strong random number generator. Radiation Monitors for PCs Various random number sources. Random Noise Sources Designs and analyses of various zener-based generators. Random Number Generation, Taygeta Scientific Inc. Papers and software for PRNG's. Random number generators -- The pLab Project Home Page Theory and practice of random number generation. Random number generators Analyses of hardware and software randomg number generators. Random Number Generators (RNGs) Web sites and references for RNG information, information on various PRNG's. Randomness Resources Resources on secure random-number generation and the problems of insecure random number generation. RBG1210 Cryptographically strong random number generator. SG100 Hardware random number generator. Using and Creating Cryptographic-Quality Random Numbers Randomness-gathering techniques. Wayne's Random Noise Generator PN-junction based hardware RNG sampled using a sound card. Xorrox's random Zener-based noise generator. Z5000 - True Random Number Generator Incredibly expensive hardware RNG.
Algorithm benchmarks: Relative speeds of a number of encryption and hash algorithms.
AT&T PathServer: PGP web of trust tracing server.
Bletchley Park Home Page: Visitors guide to Bletchley Park.
Bob Tinsley's Steganography Pages: Steganography papers and ideas.
Building a Windows NT bastion host in practice: Presumably the idea is that attackers crash this first, cutting of the rest of your network and leaving it secure.
DigiCrime, Inc.: Online links to digital crime, blackmail services, encryption key cracking, airline rerouting, internet shoplifting, e-cash laundering, alien mind control, etc etc.
Geeks We Would LOVE to Have Dated, and WHY:: Cypherpunk groupies page. I have no idea what to file this one under...
GISUM. Information Security: University of Malaga infosec group.
GSM Wizard: GSM-related technical information and secret features of phones. NB: This page repeats the official GSM security info rather than the actual details.
Harmless Little Project: Project for a freely-available voice crypto board (moribund).
Information on VideoCrypt Hard/Software
JANUS: Anonymity for WWW content providers.
KL7/KWR37 Crypto Units: Descriptions and photos of the KL7 and KWR37.
KuesterLaw Technology Law Resource: Technology and IP law resources.
Mac OS Security and Crypto: Apple security and crypto information page for the Mac.
Matt's Unix Security Page: Unix and Internet security papers, security software, links and miscellaneous items.
Microsoft Security Advisor Program: Microsoft's interpretation of security (see many other links on this page for everyone elses interpretation of Microsoft's security).
NSA Crypto Museum Photos
Payment, Security & Internet References: X9.59 electronic payment-related references.
Prime number verification via ECPP: Bignum prime number verification via a CGI script.
Proactive Security Home Page: Distributed security measures which resist attack.
Pseudoprimes/Probable Primes: Papers on primality testing.
Quantum Computation/Cryptography at Los Alamos: Information on quantum computation and cryptography.
RADIOPHONE Top Level: Information on cellular telephony, PCS, and wireless data transfer.
S & P Calendar: Calendar of security and crypto conferences.
Securing NIS
Security on LGG: Security tools, password recovery and cracks, security information.
Sirene Home Page: Various research projects in computer security.
SourceKey - The Global Source for Key Recovery: GAK/key escrow/trusted third party/whatever centre.
SSL Browser Information: Information on the SSL implementation used by your browser.
The Square Page: The Square block cipher and links to implementations.
Toby's Cryptopage: Information and links to historical cryptosystems and encryption machines.
USDS Homepage: Yet another new (and patented) PKC.

Public Key Infrastructure

128i: New Zealand CA.
Analysing State Digital Signature Legislation: Analysis and comparison of various states' digital signature laws.
AlphaTrust.com Home Page: US CA.
ARCANVS: CA licensed under the Utah Digital Signature Act.
Architecture for Public-Key Infrastructure (APKI): Open Group PKI requirements (requires registration to access).
Australia Post - KeyPOST: Australian CA.
BelSign: Belgium and Luxemburg CA.
BiNARY SuRGEONS: Certification Services: South African CA.
BSI-Projekt Digitale Signatur: Implementation details of the German digital signature law.
C=EE, O=ESTONIAN NATIONAL PCA: Estonian CA.
CA-CERT: Spanish CA.
CALiability analysis Web doc: ABA analysis of CA liability issues (~190 pages).
Carynet Security Certificate Authority: Asian(?) CA.
Center for Standards Public Key Infrastructure (PKI) Standardization Home Page: DISA information pages on the Internet PKI.
Certificates Australia: Australian CA. GAK alert: This CA escrows all encryption keys.
Certificates shipped with Netscape: Extracting certs from Netscape's .db files.
Certification Authority Survey (DGXV Project): List of CA's worldwide.
certifikacni stranka DATANETu: Czech DATANET CA.
CERTISIGN: Brazilian CA.
Columbia Certification Authority: Columbia University (not country) CA.
Columbian Draft Proposal of Law on Electronic Commerce: Columbian draft digital signature legislation.
CompuSource Certificate Authorities Home Page: South African CA.
Digital Signature Guidelines: American Bar Association digital signature guidelines, available as WordPerfect and Word documents.
Digital Signature Legislation: Comprehensive collection of links to digital signature legislation worldwide.
Digital Signature Trust (DST) Home Page: CA licensed under the Utah Digital Signature Act.
Dunkel Certification Authority: German CA.
European Framework for Digital Signatures And Encryption: Proposed EC framework for digital signatures and encryption.
Florida Digital Signatures - Final Report: Final report on the Florida digital signature guidelines.
European Electronic Signature Standardisation Initiative: EC initiative on standardised digital signature framework.
European ICE-TEL Project: PKI for Europe
Gatekeeper: Australian PKI project.
Global Trust Register: Global trust register for public keys in molecular form.
GlobalSign - Trust On The Net: European CA.
Government Public Key Authority: Australian government PKI project.
GTE CyberTrust Home: GTE CA.
Home Banking Computer Interface: German initiative for computerised home banking.
IAIK - ICE-TEL Information Service: Austrian CA.
IBM Registry and World Registry: IBM CA and PKI products.
ICAT Home Page: Japanese CA.
ICE-TEL: Top-level CA for European ICE-TEL CA infrastructure.
ICE-TEL Certification Infrastructure: European CA.
ID.EE: Combination Estonian electronic ID card page and world's shortest URL.
IETF-PKIX Qualified Certificates: X.509/PKIX profile for certificates specifically adapted for digital signature applications where the signatures need recognition equivalent to handwritten signatures.
IKS Zertifizierungsinstanz: IKS CA.
ILPF: Digital Signature Working Group: Initiative to harmonize dozens of incompatible digital signature laws.
Individual Network: IN certification authority.
Installing certificates and root keys in Internet Explorer and IIS: Instructions on installing certificates into MSIE.
Inter Clear - The UK's first Certificate Authority: UK CA.
Introducing SSL and Certificates using SSLeay: Nice introduction to cryptographic techniques, certificates, SSL, and SSLeay.
Internet PCA Registration Authority: IPCA public key.
IPS Seguridad: Spanish CA.
Janus's homepage: PKI, PKCS #11, LDAP, general security links.
Keyserver.de: Web-based PGP keyserver.
KeyTrust: German KeyTrust CA (part of the MailTrusT initiative).
Keywitness Canada: Canadian CA.
Kommunedatas certificeringscenter: Danish CA.
Legislating Market Winners: Paper which examines problems with existing PKI legislation.
MA.US/ITD/LEGAL: Massachusetts digital siganture and online commerce guidelines and information.
MC Home Page: The meta-certificate group (an alternative to X.509/PKIX-type certificates).
Minimum Interoperability Specifications for PKI Components: NIST PKI profile.
NZPKAF: New Zealand PKI work.
Object Identifiers Registry #1: Large collection of ASN.1 object identifiers.
Object Identifiers Registry #2: Searchable collection of object identifiers.
OCSP++ - An On-line Certificate Status Protocol: Modification of OCSP to provide a more workable system.
OnWatch Service - Public Key & Security Ref.: Bell Sygma CA.
OpenLDAP: Free LDAP server/client (update of UMich software).
OpenPathCA: Siemens CA toolkit.
Payment, Security & Internet References, Lynn Wheeler: Account authority digital signature (AADS) and X9.59 electronic payment standard information.
Pequi: Experimental PKIX implementation.
PGP Keyserver Interface: WWW interface to the PGP keyservers.
PGP Public Key Server: One of several web-based PGP key servers.
PGP Public Key Server for Yashy-hack and PGP-Users: Web interface for PGP key server.
PKAF: Australian PKI initiative.
Policy Certification Authority [DFN-PCA] Home Page: German CA.
Politecnico di Torino: ICE-TEL: Italian CA.
Public Key Authentication Framework: Tutorial: A tutorial on PKI.
Public Key Infrastructure: NIST's PKI information page - interoperability guidelines, PKI panels and overviews, PKI documents.
Public-Key Infrastructure (PKIX) home page: Home page of the PKIX working group.
Public-Key Infrastructure Standards: Slides from a talk on PKI standards and work in progress.
Regole tecniche per la formazione [...], anche temporale, dei documenti informatici: Italian digital signature law. This site uses weird URL's which don't always work, there's an alternative copy at http://www.interlex.com/testi/regtecn.htm. Another part in English is at http://www.aipa.it/english[4/law[3/pdecree51397.asp.
Regulierungsbehörde für Telekommunikation und Post - Digitale Signatur: Digital signature information published by the German telecoms/post regulation authority.
Roger Clarke's PKI Position Statement: PKI position statement including links to papers on the dangers of a PKI becoming a SurveillanceI.
SACA Home Page: South African CA.
SEIS: Secure Electronic Information in Society (SEIS) project in Sweden.
SI-CA: Slovenian CA.
Signet ID Home Page: Australian CA.
Singapore Controller of Certification Authorities: Singapore digital signature and CA legislation.
SIRCA: Securities Industry Association CA.
SISCER: Spanish CA.
SoftForum Certifying Center: Korean CA (all text is in Korean).
SPKI Certificate Documentation: Documentation and links for SPKI certs.
SPKI Requirements: Simple public-key infrastructure requirements.
SSH Communications Security ISAKMP test page / Certificate request processing: SSH test CA (issues certs in response to PKCS #10 requests).
SSLeay Certificate Cookbook: Cookbook for setting up a simple CA and working with server and client certs.
SSLeay PKCS#12 patch FAQ: Guide to hacking things so Netscape and MSIE will recognise certs generated by other software.
Structured Arts: X.509-related services.
Structuring X.509 Certificates for Use with Microsoft Products: MS's idea of how to set up X.509 certs. Note: Page needs Java enabled or it won't work.
Summary of Digital Signature and Electronic Signature Legislation: McBride Baker & Coles very comprehensive summary of worldwide digital signature legislation.
Swisskey AG: Swiss CA.
TC TrustCenter Certification Authority and Security Provider: German CA.
Telecom Italia Certification Authority: Italian CA (in Italian).
Telekom Trust Center: German Telekom CA.
The e-commerce debate in South Africa: Discussion forum on e-commerce issues from a South African perspective.
The Insecurity of the Digital Signature: A lawyer's comments on problems with digital signatures.
Time-Stamping: Links to information on timestamping research, protocols, papers, and patents.
tpki: Trivial Public Key Infrastructure.
TradeAuthority: General CA.
UK Academic PCA: UK CA.
UNI-C PCA: Danish CA.
UNINETT Certification Authority - UNISA: Norwegian CA.
United Nations - Electronic Signatures: UN draft articles on electronic signatures.
VeriSign, Inc.: Major worldwide CA.
Verisign CRL's: Verisign's CRL repository.
Verisign Repository: Information on digital ID's and certificates, certificate practices, and FAQ's.
Verzeichnisdienst der Zertifizierungsstelle [...] für Telekommunikation und Post: RegTP certificate directory.
VRK/PRC: Fineid specifications-HST määritykset: Finnish PKI profile (in Finnish)
Weaving a Web of Trust: Trust management on the WWW.
WebVision Developers Corner: CA toolkit and guide ("low-budget CA").
World Wide Wedlin CA: Swedish CA.
X.500 Directory Standard: Links to X.500-related information, standards, and references.
X.500 Registration Authorities: The number of these has doubled recently... a second one has been discovered in Petropavlovsk-Kamchatsky.
X.509 Sample Certificates: Various sample certificates including oddball fields and types.
X9F Taxonomy and Glossary - Lynn Wheeler: Definitions of crypto, PKI and financial services-related terms.

Security Agencies and Organizations

13th USASAFS Assn - Hill Postings: Messages from ex-Menwith Hill staff.