Encryption and Security-related Resources

The following are security-related resources (aka "the crypto link farm") that I've found on the net. If there's anything which needs updating or correcting, please let me know. Because of its large size, I only update the online version of the page every few months, so please be patient when waiting for updates to reported changes to appear.

Thanks to a few overseas readers there are now mirrors of this page available outside New Zealand which should provide faster access for people in Europe and the US. These mirrors are:

Austrian mirror (updated manually)

Italian mirror (updated automatically)

Norwegian mirror (updated automatically)

UK mirror (updated automatically)

UK mirror (updated manually)

UK mirror (updated manually)

US Mirror (self-extracting DOS file, updated manually)

US mirror (updated manually)

US mirror (updated manually)

Crypto Link Farms

Alexander Geschonneck's security page
Security related papers, pages, X.509 information, publications, network security and firewall vendors, security FAQ's.
Anonymity, privacy, security.
Very nicely done collection of links to anonymity, privacy, and security resources.
Bellare - Crypto links
More link farms, conferences, organizations, electronic commerce, IETF, key forfeiture, crypto people.
Cambridge Computer Security Group Links
Huge collections of links to security-related sites - the format is a bit like this list.
Chris Vidler's Cryptography Page
Links to FTP archives, bibliographies and e-journals, disk and filesystem encryption, laws and regulations, network security, newsgroups and mailing lists, protocols and standards, software, and vulnerabilities.
Comprehensive list of Public Key Infrastructure (PKI) links
Links to PKI documents, specifications, CA's, and sites with PKI-related useful information.
Coast Security Archive - Category Index
A large archive of security software, publications, and technical information.
COAST Hotlist Contents
Gene Spaffords crypto and security link farm.
Crypto-Log: Internet Guide to Cryptography
Algorithms and mathematics, FTP archives, bibliographies, key escrow, disk, file, and mail encryption, crypto laws, internet security, newsgroups and mailing lists, protocols and standards, steganography, voice encryption, security problems.
Cryptographic Resources On The Web
Links to encryption regulation, encryption policy and privacy, and general encryption resources.
PGP, encryption algorithms, legal issues.
Cryptography: The Study of Encryption
Crypto newsgroups, papers, cypherpunks, crypto policy, digital cash, and other information sources.
Cryptography Technical Report Server (CTRS)
Various crypto-related tech reports.
Cryptography URL
Encryption standards, FAQ's, and FTP sites.
Datacomms Technologies cryptography archive
Encryption software, text files and information, resources and links.
DSTC Security Related Links
Links to crypto, digital signatures, e-cash, internet backing, smart cards, NT security, PKI, standards.
Email security, cryptography and related stuff
PEM, MIME, and MOSS RFCs, links to CA's, implementations, literature, PGP.
European Cryptography Resources
Recommendations, drafts, papers, new items, official bodies, research, and government meddling.
Firewall Security Jump Page
Links and summaries of a wide variety of firewall products.
Gateway to Information Security Home Page
Links to a large number of security-related sites, books, journals, and related information (imagine this page, but not all lumped together on one page).
Home-Page of Markus Hübner
Security, cryptography, hacking, business on the Internet, security software, satellite hacking.
International Cryptographic Software Pages for Encryption, Decryption, Cryptanalysis, Steganography, and Related Methods
Algorithms, software packages, protocols and standards, books, journals, conferences, newsgroups, mailing lists, crypto links.
Links Related to Terrorism, Intelligence, and Crime
A large number of intelligence, security, law enforcement, disaster planning, terrorism, crime, military, and defense agencies and organizations.
Luca Venuti's Home Page - TPC
Electronic privacy links, organisations, newsgroups.
No Big Brother Page
Links to remailers, anon proxies, crypto and stego software, file wiping tools, privacy and anti-privacy organisations.
NCSA Hot Links
Anti-virus software, firewalls, general security vendors, general infosec links, parental control, privacy, law, and ethics.
Neil's Security and Privacy Resources
Encryption, steganography, special events, research, documents, news, security archives, security organizations.
Network/Computer Security Technology
Current events, security web pages, commercial security tools, newsgroups, mailing lists, FAQ's, incident bulletins, conferences/seminars/workshops.
PGP Resources
Resources related to PGP such as mailer add-ons and front-ends, key servers, and related information.
PGP-Users Mailing List Home Page
PGP-related information, remailers, privacy information, security and crypto links.
Spanish Crypto Resources
Spanish crypto and security-related companies, magazines, and events.
Stego papers, references, research groups, related resources.
Strong Cryptography Links on the Internet
Links to crypto companies, universities, newsgroups, books, algorithms, security and crypto tools.
Technical Information - Cryptography
Links to other crypto sites, source code archives, companies and organisations, peope, and reference information.
The Rotherwick Firewall Resource - Point of Attack
Firewall basics, white papers, products, manufacturers, books, papers, training, mailing lists, links to other firewall-related resources.
Tom Dunigan's Security page
PGP, S/Key, Kerberos, crypto API's, secure applications, commercial providers, government agencies, intrusion detection, vulnerabilities.
TSA (Law Enforcement and Intelligence) Links
More links to law enforcement and intelligence agencies.
Uni-GH Siegen - Security-Server
Encryption algorithms, data protection, steganography, ecash, Internet security, viruses, conferences, security standards, newsgroups and mailing lists, RFC, journals.
University of Torino Security Resources
Links to web pages, newsgroups, FTP sites, research labs, papers, conferences, and journals.
Vince Cate's Cryptorebel/Cypherpunk Page
Cypherpunks resources, remailers, digital cash, PGP, and Clipper.
Vinnie's Crypto Links
Crypto overviews and FAQ's, link farms, encrypted comms, e-commerce, crypto libraries.

Crypto FTP Archives

FUNET crypto archive
PGP, symmetric and asymmetric encryption, crypto libraries, papers.
North American Cryptography Archives
Archive of crypto software, only available from the US and Canada.
Oxford Uni crypto archives
DES, SSL, cryptanalysis, documentation, PGP, miscellaneous.
Replay crypto/security archives
Apache, Applied Crypto files, encryption, Java, PGP, remailers, security, voice encryption files.
Tattooman Crypto Archive
Large selection of crypto software, but trapped behind the iron curtain.
University of Hamburg crypto archive
Disk and file encryption, PGP, stego, voice encryption.
University of Oslo PGP archive
PGP and PGP-related software.
UREC archive
French archive of CERT bulletins, dictionaries, PC, Unix, VMS security software (mostly anti-virus and access control rather than crypto).

Crypto Social Issues

" ADD_DATE="889737435" LAST_VISIT="889737144" LAST_MODIFIED="889737144">Crypto AG: The NSA's Trojan Whore?
Possible rigging of Crypto AG hardware by the NSA.

[1997] 1 Web JCLI
Analysis of the UK governments policy on encryption.
Additional Comments of Philip R. Karn, Jr.
Phil Karn rebuts inaccurate and bizarre government claims in congressional testimony (this is an example of the kind of misinformation which government advisors often provide to their governments).
Adopt An MP - Homepage
UK campaign to adopt an MP and enlighten them over problems with crypto restrictions.
Americans for Computer Privacy
Computer privacy issues.
BBC News - Encryption
BBC news stories on encryption, including "UK Government dithers on encryption regulation".
Big Brother Incorporated
Companies which supply surveillance technology to non-democratic regimes.
Brookings Policy Brief No.21.
Brookings Institute study of crypto policy (pro-GAK).
C to English and English to C translator
Translates crypto code into English to allow it to be exported, then translates it back into code afterwards.
UK government tactics for deploying GAK.
Canada's export controls
Summary of the Canadian crypto export situation.
Cato Handbook for Congress: Freedom on the Internet and Other Computer Networks
Cato Institute study of crypto policy (anti-GAK).
Centre for Democracy and Technology Crypto Page
CDT information on current US crypto policy
CIPHR'99 Conference: Cryptography & International Protection of Human Rights
Conference on crypto and human rights.
Clipper Roadshow
US government policy laundering on key escrow.
CNET features - digital life - privacy in the digital age
Digital privacy (or more specifically, the lack thereof).
Codex Surveillance & Privacy Page
Surveillance, stalking, privacy invasion, eavesdropping, and anything else related to these categories.
Comments on Encryption Transfers
Comments on new US export regulations.
Comments on Encryption Transfers - HTML
Easier-to-handle HTML versions of the above.
Crime, Terror & War: National Security & Public Safety in the Information Age
The sky is falling! The sky is falling!
Crypto AG
Reports of Crypto AG rigging crypto hardware to allow NSA decryption.
Crypto AG - Der Spiegel (German)
Allegations of intelligence agencies subverting Crypto AG product security.
Crypto-Controls Advisory Services
The one organisation making money out of US export controls.
Crypto Law Survey
A survey of crypto laws in various countries.
Crypto regulation in Europe
The state of crypto regulation plans in Europe as of May 1997.
Cryptography's Role in Securing the Information Society
National Academy of Sciences report on cryptography policy.
Cyberspace Law for Non-Lawyers
Privacy laws and the Internet.
DIE ZEIT Nr. 28/1998 Leichtes Spiel
German news report on NSA industrial espionage leading to $100M loss for German company.
DIE ZEIT Nr. 39 vom 17. 9. 1998: Hintertür für Spione
Another report on Enercon industrial espionage.
Distributing encryption software by the Internet: loopholes in Australian export controls
Examination of legal implications of electronic export from Australia. Conclusion: It's OK.
DTI/UK Encryption Policy
Reply to the DTI Consultation Paper on Licensing of Trusted Third Parties for the Provision of Encryption Services.
E-commerce under threat from encryption deal
The Australian Financial Review on Wassenaar'98.
Echelon: Exposing the Global Surveillance System
Covert Action Quarterly article on wordlwide NSA surveillance.
ECHELON: America's Secret Global Surveillance Network
Free Congress Foundation report on Echelon surveillance system.
EE Times - White Paper
White paper on hackers.
Emerging Japanese Encryption Policy
How Japan, Inc, handles encryption policy (a real contrast to the US governments attitude).
Encryption Policy and Market Trends
Dorothy Dennings 1997 GAK forecast.
Encryption Policy for the 21st Century
Cato Institute study on the future of encryption.
EPIC Cryptography Policy
EPIC information on current US crypto policy.
EPIC Privacy Links
EPIC privacy resources.
export-a-crypto-system sig
Diminuitive crypto hacks (well-known algorithms in a few lines of Perl, Python, or C) and how to use them to poke fun at export laws.
Export Licensing of Intangibles
Commentary on likely effects of UK proposal to license export of intangibles.
Exposing the Global Surveillance System
Extracts from Nicky Hager's book "Secret Power".
Big Brother for financial information.
Former Secrets
Declassified US government machinations to ban/restrict crypto.
FUD! Home Page - Crypto legislation
Contents of and discussion over various US crypto bills.
GILC -- Cryptography and Liberty
Survey of encryption policy worldwide.
GNN on Crypto
Global Network Navigator web review: The NSA vs The Net.
Government, Cryptography, and the Right to Privacy
Paper documenting the overt and covert regulation and restriction of cryptography by governments.
Good Privacy Test Sites
Links to sites which show how easy it is to get information on your and your activities on the net.
GR Design Principles
GAK-resistant crypto protocol design guidelines.
Gray Areas Magazine
Essays and articles on the computer underground (and all sorts of other things).
Green light for limited encryption exports
Australia's interpretation of Wassenaar'98.
IFIP TC11 Position on Cryptopolicies
IFIP's (very sensible) position on crypto use and crypto regulation.
Information About PGP & Encryption
Information on the creeping takeover of GAK.
Technical details on large-scale GSM and ISDN interception techniques.
Internet Privacy Coalition
Attempts to ensure privacy on the internet.
Interview with David Herson - SOGIS
Interview on European crypto policy.
ITAR Civil Disobedience
Click on this form to become an international arms trafficker.
Key Recovery Study
The risks of key recovery, key escrow, and trusted third party encryption.
KRISIS Home Page
GAK/EuroClipper home page.
NSA and Crypto-politics
Huge (1/2MB) writeup on the NSA and crypto politics.
NSA's Influence on New Zealand Crypto Policy
NSA influence on New Zealand export policy.
No Chance for Key Recovery
Paper on key recovery (GAK) vs human and political rights.
PGP 6.0: Cat out of the bag
Wired article showing just how effective US export controls really are.
Phone Tapping
Information and resources on government phone tapping plans.
Privacy, Inc.
Various resources related to the (lack of) privacy, including access to databases and online information search facilities.
Privacy International Home Page
Privacy reports, interntional agreements on privacy and human rights, surveillance technologies, ID cards, privacy-related conferences.
Privacy on the Internet
Zola Times articles on Internet privacy.
Privacy on the Net: Practical Issues
Links and information on various privacy-related issues (cryptography, anonymity, secure communications).
Free crypto campaign logos.
Remailer list
List of anonymous remailers.
Roger Clarke's Privacy Page
Data surveillance and information privacy information publications, and legislation.
Roger Clarke's Public Interests on the Electronic Frontier
Paper discussing various freedoms and rights such as the right to privacy.
Roxen's General Export Application for Strong 128-bit Encrypted Denied
Swedish government refusal of export permit for 128-bit SSL.
RSA as a MIDI file
RSA encoded as a MIDI file. Technically this is a program and therefore unexportable from the US.
Self Incrimination and Cryptographic Keys
Richmond Journal of Law and Technology article on forced disclosure of crypto keys.
Services Available from Offshore Information Services Ltd.
Offshore internet services and accounts in Anguilla.
SOFTWAR Information Security
Declassified papers and resources on Clipper and key escrow, voice and mail encryption software.
Tapping into CALEA
Government surveillance server ("delivers intercepted call content and identifying information... capacity for up to 512 simulatneous call intercepts".
East German surveillance state-style laws being applied in the unified Germany.
Telepolis Enfopol-Papiere
Documentation relating to EU telecoms surveillance plans (EU-Echelon).
The Age - Computers
DSD meddling in Australian crypto exports.
Threat and Vulnerability Model for Key Recovery
NSA report on why GAK is bad (yes, you read that right).
Tools For Privacy: Version 1
An online book covering threats to privacy, cryptography, PGP, and related issues.
TruePosition Wireless Location System Home Page
Cellular phone tracking.
UK Cryptographic Policy Discussion Group
ukcrypto mailing list archives.
Updated UK Proposals for Licensing Encryption Services
Critique of UK crypto licensing/GAK proposal.
U.S. Electronic Espionage: A Memoir
First exposure of the NSA and Echelon
US Spy Agency Confirms Secret Princess Diana Files
Echelon in action: APB story on NSA building up 1000+ page file on Princess Diana.
Walsh Report
Report on Australian crypto policy, originally suppressed by the government, then released in censored form after a judicial review, finally obtained as the full version by EFA. Provides most interesting reading since the bits they didn't want the public to see are now highlighted in red.
What your Browser is Sending
See what information your web browser is sending to remote servers.

Crypto Software

Clean-room JCE implementation.
Advanced Cryptography Tool
Crypto tool using PGP 2.6.3i with triple DES and SHA-1.
AES Algorithm Efficiency
Free-world implementations of the AES algorithms.
Alex Encryption
Encryption based on automata theory (unknown security level).
Ambient Empire
Vigenere cipher cracker, Windows port scanner.
Apache HTTP Server Project
Apache secure web server.
BSAFEeay, a public domain implementation of the BSAFE API
BSAFE API wrapper around SSLeay.
Canadian Cryptographic/cryptanalytic software
Canadian encryption software and companies.
Cryptographic analysis program (automatically analyse and break simple ciphers).
Cedomir Igaly's SSH Page
Free SSH for Windows.
Cédric Gourio's Java-SSH
SSH client in Java.
Crypto IP encapsulation - encrypting IP routers using Linux.
Software emulation of various historical ciphers
Cisco Systems ISAKMP Distribution
A reference implementation of the IETF's ISAKMP protocol.
CRASHME: Random input testing.
Tests resistance of programs to random input.
Crowds Home Page
Anonymous proxying for web browsing.
Cryptix Java crypto library.
cryptlib Information
Encryption library supporting a large number of encryption algorithms, digital signatures, key exctange, key certificates, CA functionality, key databases, smart cards, and secure enveloping.
Crypto Kong
PGP-like program using elliptic curve crypto.
Cryptographic Libraries: A comparison
Comparison of various free (and free-world) crypto libraries.
Cryptographic software
Elliptic curve and RSA public-key encryption software.
Cryptographic tools for Visual Basic
Elliptic curve OLE extension for VB.
Cryptography Blowfish Multi-thread
Command-line Blowfish encrypter.
Cryptonite Java Package
Java crypto library.
Scanned US crypto publications available outside the US.
CTC - PGP-compatible encryption software
PGP-compatible C library and Mac application.
Delphi crypto software
Various pieces of crypto software written in, and for, Delphi.
DES in VHDL, including a Xilinx-optimised version.
Disk/File Wiping Utilities
Programs to wipe files, free disk space, slack space, the Windows swap file.
Emacs Cryptographic Library and Tools
DES, RC4, IDEA, SHA-1, MD5, and others, in elisp.
Enabling Network Security with SSLeay
Security projects based on SSLeay.
Encrypted PDFs
Code to work with encrypted PDF's (intended mainly for use with Ghostscript).
Engineering Research Home Page
P1363 ECC implementation.
PGP-compatible plugin written in Java.
Error Correcting Codes (ECC) Home Page
C source code and information on ECC's (the techniques employed are closely related to encryption techniques).
ESP Reference
Encrypted socket protocol (an open protocol for TCP/IP secure transmissions).
FastCAST's Homepage
P5-optimised code for CAST-128/CAST5.
Fortify for Netscape
Free 128-bit SSL browser proxy,
Frank O'Dwyer's Homepage - Security Code
DES in Java, C++ firewall class library.
Fresh Free FiSSH!
Free SSH client for Win'95 and NT.
Fuzzy Logic: Cryptography
The GNU encryption project.
G10 - A Free PGP Replacement
GPL'd PGP clone.
Bignum library and sample PKC code.
GMD Security Technology - SecuDE
Security toolkit for RSA, DSA, DES, DH, X.509, PKCS, PEM, X.500, and BYOG.
Hamradio page of Thomas M. Sailer, HB9JNX
All sorts of neat stuff for software decoding of various radio signals.
Non-US Kerberos 5 implementation.
IAIK - Javasecurity Homepage
Java cryptography extensions from the free world.
ICE Home Page
The Information Concealment Engine block cipher.
Immunix: Adaptive System Survivability
Automatic protection against stack-smashing attacks.
International PGP Home Page
How to get PGP, documentation, foreign-language support, PGP-related products and services, and other PGP resources.
Internet Locations for Materials on the Disks for Applied Cryptography
Site #1.
PGP information, software, key management, key server interface, PGP links.
Free-world JCE implementation.
JGSS Package Distribution Page
Kerberos in Java.
jSSL - A free Java SSL implementation.
SSL implementation in Java.
Keytrap Home Page
Dcyphers keyboard sniffer.
kha0S Linux - b/c friends don't let friends s[ug]id
Linux with strong crypto built in.
Lance Cottrell Home Page
Mixmaster remailer publications and soure code.
Pluggable authentication modules for Linux.
libch's Homepage
P5-optimised code for various hash algorithms.
LiDIA - Main Page
C++ computational number theory library (great for crypto).
C++ bignum library.
Linux FreeS/WAN Project
IPSEC, ISAKMP/Oakley and DNSSEC software for Linux.
Linux Packet Sniffer
IP packet sniffer for Linux.
MD5 Message Digest algorithm in Javascript
Microsoft CryptoAPI
Microsoft's attempt at a cryptograhpy API. This page moves a lot, you may need to try a search from MS's developer pages.
MindTerm - A java implementation of SSH
SSH client in Java.
Ming-Ching Tiew Home Page
PGP key manager, PGP netscape plugin, Motif and Win32 file encrypter using cryptlib, cryptlib Java wrappers.
Mozilla Crypto Group
Putting the crypto back into Netscape/Mozilla.
Nautilus Homepage
Speech encryption (with a neat anti-Clipper graphic).
SSH client for the Mac.
Nmap -- Stealth Port Scanner
Stealth scanner using TCP half open scanning, TCP FIN/Xmas/NULL stealth scanning, ftp bounce and IP fragmentation scanning, and OS identification by TCP/IP fingerprinting.
NSBD: Not-So-Bad Distribution
Internet software distribution authenticated with PGP.
Oscar - DSTC's Public Key Infrastructure Project
PKI toolkit.
Package Acme.Crypto
Various Java crypto classes.
Package java.security
Java security package docs.
PC Security Software & Sources
Brief descriptions of various security programs.
PGP, logiciel de cryptographie gratuit et en français (PGP pour les français)
French PGP page.
PGP Tools
PGP function library.
DLL which implements various PGP functions.
PGPNet Server
A dummy home page for the www.pgp.net domain (incomplete).
Photuris Test Server
Photuris session-key management protocol software and test server.
Private Idaho User's Manual
Documentation for Private Idaho.
PPTP-linux: Point-to-Point Tunneling Protocol
PPTP for Linux (presumably without all of Microsoft's security holes in it).
(Relatively) secure encryption using 40-bit keys (designed to bypass silly French restrictions).
PuTTY: a free Win32 telnet/ssh client
Telnet/SSH client for Win32.
Qualcomm Australia crypto software
sendmail encryption patch, SOBER stream cipher.
RC4 Stream Cipher Library
RC4 ActiveX control.
Reliable Remailer
cpunk/mix remailer for Windows.
RIPEM source code and information.
RSA Free Utilities
RSA key generation and encryption for Linux.
RSAEURO - Cryptography For The World
European RSAREF providing full source-code compatibility with the original.
Win3.1/95/98 non-swappable memory allocator.
ScramDisk - Free Disk Encryption Software
Win95 disk encryption using 3DES, Blowfish, IDEA, MISTY, Square, and TEA.
File encryption using elliptic-curve PKC's and Blowfish.
Secure FileSystem Information
The world's best transparent disk encryption software for DOS and Windows (this has nothing to do with the fact the I'm the author :-).
Secure Logging
Secure logging for Unix and Windows.
Security: File wiping
Links to various file wiping utilities.
Sir Winston Rayburn - Crypto/Politico
Various encryption reoutines.
S/KEY Information
Information on the S/KEY authentication system.
Skygate Technology
Windows NT disk encryption.
SMB Scanner
SMB port/machine scanner.
S/MIME Freeware Library
S/MIME freeware library (export-controlled, US only).
SNOW Home Page
Whitespace steganography software.
spDES Encryption Control
ActiveX DES control.
Speak Freely
Very nice Unix and Windows speech encryption software.
Ssh (Secure Shell) Home Page
Very good encrypted, digital-signature-authentication remote access software (replaces the r* utilities, allows X11 and TCP port redirection over the encrypted connection).
SSH/SCP for Windows
ssh/scp port for Win95/NT.
SSLeay and SSLapps FAQ
Very nice, free SSL implementation (like Netscape's SSL, but without the bugs and crippled encryption).
SRP: Secure Password Authentication for the Net
Secure password-based authentication over insecure networks.
Systemics Software Archive
Crypto extensions for perl and Java.
TC TrustCenter TC_PKCS11
PKCS #11 software-only token implementation.
The Cryptography and PGP Page
Classic ciphers, links to crypto sites, explanations of the maths behind PGP and RSA, privacy issues.
SSH client for Win32.
Tiny Encryption Algorithm
Description and C source code.
TinyIDEA - 128-bit File Encryption
366-byte IDEA file encryption program.
Tom's Privacy Pages
Patching Navigator and Explorer to use strong crypto.
Transparent Cryptographic File System
Tresor Page
Mac file encryption using IDEA, written in the free world.
Trinux: A Linux Security Toolkit
Floppy-bootable Linux network security toolkit.
TSS PGPWord... Real Security, Real Easy
PGP encryption integrated into Word for Windows.
TTSSH: An SSH Extension to Teraterm
SSH DLL add-on for Teraterm.
Uni-GH Siegen - Security-Server - Kryptographie
Pointers to information on and implementations of a number of conventional, public-key, and hash algorithms.
Unix tools on Windows NT?
ssh port to NT via Cygnus gnu-win32.
Vitas DownLoad area
Windows'95 password (.PWL) viewer.
Wei Dai's Crypto++
C++ class library of cryptographic primitives.
WinPGP(tm) Home Page
Windows front-end for PGP.
Wipe 0.02
Heavy-duty file wiper for Linux.
XPDF additions
Add-on to allow XPDF to decrypt encrypted PDF files.

Miscellaneous Security Items

Random Numbers

Aware Electronics Corp.
PC Geiger counters (great random data sources).
CME's Random Number Conditioning Page
Information on sources of strong random numbers.
Computer Generated Random Numbers
Techniques for analyzing PRNG's.
George Marsaglia's RNG test suite.
Efficient Generation of Cryptographic Confusion Sequences
A survey of PRNG's for crypto applicatoins.
HotBits: Genuine Random Numbers
Build-it-yourself radioactive-decay based random number generator (perfect for Chernobyl residents).
Ideas for an RNG_DEVICE standard
Proposed standard for random-number generation devices.
Random number generation using lava lamps.
Noisemaker schematic
Hardware RNG.
Numerical Recipes Home Page
CDROM contains ~1/4GB of random numbers.
Serial-port hardware RNG.
Protegrity Incorporated
Cryptographically strong random number generator.
Radiation Monitors for PCs
Various random number sources.
Random Number Generation, Taygeta Scientific Inc.
Papers and software for PRNG's.
Random number generators -- The pLab Project Home Page
Theory and practice of random number generation.
Random number generators
Analyses of hardware and software randomg number generators.
Random Number Generators (RNGs)
Web sites and references for RNG information, information on various PRNG's.
Randomness Resources
Resources on secure random-number generation and the problems of insecure random number generation.
Cryptographically strong random number generator.
Hardware random number generator.
Using and Creating Cryptographic-Quality Random Numbers
Randomness-gathering techniques.
Wayne's Random Noise Generator
PN-junction based hardware RNG sampled using a sound card.

Algorithm benchmarks
Relative speeds of a number of encryption and hash algorithms.
AT&T PathServer
PGP web of trust tracing server.
Bletchley Park Home Page
Visitors guide to Bletchley Park.
Bob Tinsley's Steganography Pages
Steganography papers and ideas.
DigiCrime, Inc.
Online links to digital crime, blackmail services, encryption key cracking, airline rerouting, internet shoplifting, e-cash laundering, alien mind control, etc etc.
GISUM. Information Security
University of Malaga infosec group.
GSM Wizard
GSM-related technical information and secret features of phones. NB: This page repeats the official GSM security info rather than the actual details.
Information on VideoCrypt Hard/Software
Anonymity for WWW content providers.
KL7/KWR37 Crypto Units
Descriptions and photos of the KL7 and KWR37.
KuesterLaw Technology Law Resource
Technology and IP law resources.
Matt's Unix Security Page
Unix and Internet security papers, security software, links and miscellaneous items.
Microsoft Security Advisor Program
Microsoft's interpretation of security (see many other links on this page for everyone elses interpretation of Microsoft's security).
NSA Crypto Museum Photos
Payment, Security & Internet References
X9.59 electronic payment-related references.
Prime number verification via ECPP
Bignum prime number verification via a CGI script.
Pseudoprimes/Probable Primes
Papers on primality testing.
Quantum Computation/Cryptography at Los Alamos
Information on quantum computation and cryptography.
Information on cellular telephony, PCS, and wireless data transfer.
Remailer related Sources
Remailer home pages, remailer techinfo, PGP introduction, PGP keyservers, crypto pages and laws.
S & P Calendar
Calendar of security and crypto conferences.
Securing NIS
Sirene Home Page
Various research projects in computer security.
SourceKey - The Global Source for Key Recovery
GAK/key escrow/trusted third party/whatever centre.
SSL Browser Information
Information on the SSL implementation used by your browser.
A paper on steganography.
The Square Page
The Square block cipher and links to implementations.
Toby's Cryptopage
Information and links to historical cryptosystems and encryption machines.
USDS Homepage
Yet another new (and patented) PKC.

Public Key Infrastructure

New Zealand CA.
Analysing State Digital Signature Legislation
Analysis and comparison of various states' digital signature laws.
CA licensed under the Utah Digital Signature Act.
Australia Post - KeyPOST
Australian CA.
Belgium and Luxemburg CA.
BiNARY SuRGEONS: Certification Services
South African CA.
BSI-Projekt Digitale Signatur
Implementation details of the German digital signature law.
Estonian CA.
Spanish CA.
Carynet Security Certificate Authority
Asian(?) CA.
Center for Standards Public Key Infrastructure (PKI) Standardization Home Page
DISA information pages on the Internet PKI.
Certificates Australia
Australian CA. GAK alert: This CA escrows all encryption keys.
Certificates shipped with Netscape
Extracting certs from Netscape's .db files.
Certification Authority Survey (DGXV Project)
List of CA's worldwide.
certifikacni stranka DATANETu
Brazilian CA.
Columbia Certification Authority
Columbia University (not country) CA.
Columbian Draft Proposal of Law on Electronic Commerce
Columbian draft digital signature legislation.
CompuSource Certificate Authorities Home Page
South African CA.
Digital Signature Guidelines
American Bar Association digital signature guidelines, available as WordPerfect and Word documents.
Digital Signature Trust (DST) Home Page
CA licensed under the Utah Digital Signature Act.
Dunkel Certification Authority
German CA.
European Framework for Digital Signatures And Encryption
Proposed EC framework for digital signatures and encryption.
Florida Digital Signatures - Final Report
Final report on the Florida digital signature guidelines.
European ICE-TEL Project
PKI for Europe
Australian PKI project.
Global Trust Register
Global trust register for public keys in molecular form.
GlobalSign - Trust On The Net
European CA.
Government Public Key Authority
Australian government PKI project.
GTE CyberTrust Home
IAIK - ICE-TEL Information Service
Austrian CA.
IBM Registry and World Registry
IBM CA and PKI products.
ICAT Home Page
Japanese CA.
Portuguese CA.
ICE-TEL Certification Infrastructure
European CA.
IKS Zertifizierungsinstanz
Individual Network
IN certification authority.
Installing certificates and root keys in Internet Explorer and IIS
Instructions on installing certificates into MSIE.
Inter Clear - The UK's first Certificate Authority
Introducing SSL and Certificates using SSLeay
Nice introduction to cryptographic techniques, certificates, SSL, and SSLeay.
Internet PCA Registration Authority
IPCA public key.
IPS Seguridad
Spanish CA.
Web-based PGP keyserver.
German KeyTrust CA (part of the MailTrusT initiative).
Keywitness Canada
Canadian CA.
Legislating Market Winners
Paper which examines problems with existing PKI legislation.
Massachusetts digital siganture and online commerce guidelines and information.
MC Home Page
The meta-certificate group (an alternative to X.509/PKIX-type certificates).
Object Identifiers Registry
Large collection of ASN.1 object identifiers.
OCSP++   -   An On-line Certificate Status Protocol
Modification of OCSP to provide a more workable system.
OnWatch Service - Public Key & Security Ref.
Bell Sygma CA.
Free LDAP server/client (update of UMich software).
Siemans CA toolkit.
Payment, Security & Internet References, Lynn Wheeler
Account authority digital signature (AADS) and X9.59 electronic payment standard information.
PGP Keyserver Interface
WWW interface to the PGP keyservers.
PGP Public Key Server
One of several web-based PGP key servers.
PGP Public Key Server for Yashy-hack and PGP-Users
Web interface for PGP key server.
Australian PKI initiative.
Politecnico di Torino: ICE-TEL
Italian CA.
Public Key Authentication Framework: Tutorial
A tutorial on PKI.
Public Key Infrastructure
NIST's PKI information page - interoperability guidelines, PKI panels and overviews, PKI documents.
Public-Key Infrastructure (PKIX) home page
Home page of the PKIX working group.
Public-Key Infrastructure Standards
Slides from a talk on PKI standards and work in progress.
Regole tecniche per la formazione [...], anche temporale, dei documenti informatici
Italian digital signature law.
Roger Clarke's PKI Position Statement
PKI position statement including links to papers on the dangers of a PKI becoming a SurveillanceI.
SACA Home Page
South African CA.
Secure Electronic Information in Society (SEIS) project in Sweden.
Slovenian CA.
Signet ID Home Page
Australian CA.
Singapore Controller of Certification Authorities
Singapore digital signature and CA legislation.
Securities Industry Association CA.
Spanish CA.
SoftForum Certifying Center
Korean CA (all text is in Korean).
SPKI Certificate Documentation
Documentation and links for SPKI certs.
SPKI Requirements
Simple public-key infrastructure requirements.
SSLeay Certificate Cookbook
Cookbook for setting up a simple CA and working with server and client certs.
SSLeay PKCS#12 patch FAQ
Guide to hacking things so Netscape and MSIE will recognise certs generated by other software.
Structured Arts
X.509-related services.
Summary of Digital Signature and Electronic Signature Legislation
McBride Baker & Coles summary of worldwide digital signature legislation.
Swisskey AG
Swiss CA.
TC TrustCenter Certification Authority and Security Provider
German CA.
Telecom Italia Certification Authority
Italian CA (in Italian).
Links to information on timestamping research, protocols, papers, and patents.
General CA.
UK Academic PCA
Danish CA.
UNINETT Certification Authority - UNISA
Norwegian CA.
United Nations - Electronic Signatures
UN draft articles on electronic signatures.
VeriSign, Inc.
Major worldwide CA.
Verisign CRL's
Verisign's CRL repository.
Verisign Repository
Information on digital ID's and certificates, certificate practices, and FAQ's.
VRK/PRC: Fineid specifications-HST määritykset
Finnish PKI profile (in Finnish)
Weaving a Web of Trust
Trust management on the WWW.
WebVision Developers Corner
CA toolkit and guide ("low-budget CA").
World Wide Wedlin CA
Swedish CA.
X.500 Directory Standard
Links to X.500-related information, standards, and references.
X.500 Registration Authorities
The number of these has doubled recently... a second one has been discovered in Petropavlovsk-Kamchatsky.
X.509 Sample Certificates
Various sample certificates including oddball fields and types.
X9F Taxonomy and Glossary - Lynn Wheeler
Definitions of crypto, PKI and financial services-related terms.

Security Agencies and Organizations

Ajax U.S. & International Government Military, Intelligence & Law Enforcement Agency Access
Links to intelligence and law enforcement agencies, defence agencies and laboratories, military and other government agencies.
An interview with the NSA
Description of a job interview with the NSA.
Automated System Security Incident Support Team (US DoD CERT).
AUSCERT - Australian Computer Emergency Response Team
CERT Australia home page.
Biometric Consortium
Biometrics standards, publications, and other information.
Bundesamt fuer Sicherheit in der Informationstechnik
The German version of the NSA.
Canadian Security Forum
Canadian computer security information.
Cerulean Technology - Law Enforcement Links
CESG Home Page
CESG (aka GCHQ) home page (pretty meagre).
CERT Coordination Center
Computer Emergency Response Team home page.
Codes and Codewords
Codes and codewords used in military projects.
Communications Security Establishment Official Page
The Canadian CSE's official web page.
Communications Security Establishment Unofficial Page
The Canadian CSE's unofficial web page, which is much more interesting than the official one.
Computer and Network Security Group
Politecnico de Torino computer and network security group.
Covert Action Quarterly
Articles on covert action and surveillance.
WPI cryptography and information security research lab.
Crypto Drop Box
American Cryptogram Association home page.
CSIS - Main Menu
Canadian Security Intelligence Service.
Cypherpunks Home Page
The cypherpunks archive via HTTP. PGP, remailers, crypto papers, clipper, and pointers to further information.
Cypherpunks Tonga
Cypherpunks Tonga - various cypherpunks projects and work in progress.
DefenseLINK News Overview
US Department of Defence news releases, with an extensive archive of older material.
DoD classified spending for FY 1997
US classified military programs spending for 1997.
Defence Signals Directorate - Information Security Branch
The Australian NSA subsidiary.
GCHQ Homepage
The home page shows satellite SIGINT gear... most appropriate.
Ground Truth: Intelligence and Related Facilities
Spy bases worldwide.
IEEE Cipher Newsletter Archive
Archives of the IEEE cipher newsletter containing a great deal of general news on crypto issues.
IFIP TC11 homepage
IFIP security in information systems technical committee home page.
Info-Sec Super Journal
An online InfoSec journal.
Intelligence and Counter-Intelligence Link Farm
Spying, US intelligence agencies, DoD, air force, navy, army, foreign intelligence agencies, whistleblowers, online intelligence archives, military intelligence, weapons technology transfer, industrial espionage, security companies.
Intelligence Zone
Assorted intelligence-related links and information.
International Association for Cryptologic Research
IACR home page.
L0pht Heavy Industries
Hacking central, and a great source of information on security problems.
Menwith Hill US Spy Base
CND's Menwith Hill page.
NAIS Online Newsletter
National Association of Investigative Specialists newsletter. Information of interest to investigators, video surveillance, search and seizure, privacy techniques, legal issues.
National Computer Security Association
National Counterintelligence (NACIC) Home Page
Information on economic espionage.
National Security Agency High-Performance Computing Projects
Various high-performance computing projects sponsored by the NSA.
National Security Agency
The NSA's home page.
National Security Agency Unofficial Page
The NSA's unofficial home page (much more interesting than the official one).
National Security Archive Home Page
Archives, electronic briefing books, declassified documents, related information.
NSA: America's Fortress of Spies
The Baltimore Sun's six-part series on the NSA.
NIST Computer Security Resource Clearinghouse
NIST computer security resources.
NIST Computer Security Publications
NIST computer security publications.
NZ Intelligence Agencies
NZ Intelligence agencies.
Pine Gap
US spy base in Australia.
Preparing for the 21st Century
GPO appraisal of the US intelligence community
Project on Intelligence Agency Reform
Lots of information on intelligence agencies which their home pages will never tell you.
SAS- und Chiffrierdienst der DDR
Crypto devices used by East Germany.
Secret Kingdom
Various spook agencies in the UK.
Security Resource Net
Intelligence, corporate and computer security, counterterrorism, personal security, legislation, news bulletins, upcoming events.
Seven Locks Software
Security news and information, software, online discussion forums, products and services, calendar of security events, firewalls, viruses, security courses and policies.
SPAWAR Information Systems Security Office Homepage
Space and Naval Warfare Systems Command information.
Wullenweber or CDDA Antennas
Wullenweber antennas as used by the NSA.

Security Books, Journals, and Bibliographies, and miscellaneous short publications

ACM Transactions on Information and System Security
(Just a call for papers at the moment).
Aegean Park Press
Historical books on cryptography, intelligence, military history, and related topics.
An Analysis of Security Incidents on the Internet 1989-1995
PhD thesis analysing 4,300 Internet security incidents.
An Electronic Pearl Harbor? Not Likely
Article debunking various Infowar myths.
An Introduction to Cryptography
Online book on cryptography (only the initial section is complete).
US army field manuals, schools, strategies and systems.
Authentication, Key Agreement, and Key Exchange Protocols
Bibliography of key agreement protocols with links to authors and online papers.
Bibliography of Molecular Computation and Splicing Sytems
Bibliography on molecular computing, including attacking encryption systems using molecular computers.
Block Cipher Lounge
List of block ciphers, characteristics, and known attacks.
Block Cipher Lounge - AES
Current state of attacks on AES proposals
Brown Computer Science S/Key access
Information on the S/Key authentication protocol.
CAST Encryption Algorithm
Publications pertaining to the CAST encryption algorithm.
Central and East European Secure Systems Strategies (online security journal).
CHACS Publications
Centre for high-assurance computer systems publications.
Charles Blair's Notes on Cryptography
Number theory, public-key encryption, RNG's.
Code Signing for Java Applets
Howto for Java code signing for Netscape and MS products.
Collection of Computer Science Bibliographies
About 1000 CS bibliographies with around 800,000 references.
Communication Theory of Secrecy Systems
Scanned images of Shannon's classic communications security paper from the Bell Systems Technical Journal.
Computer Science Technical Reports Archive Sites
Links to sites which distribute CS tech reports.
Computer Services : Administrator's Pages : NT stuff
Installing a student-proof NT setup.
Computer Virus Handbook
Seven Locks' online virus handbook.
Computer Virus Myths treatise
Comprehensive collection of virus myths, hoaxes, and vendor press releases.
Counterpane Homepage
Bruce Schneier's "Applied Cryptography" information.
Credit Card Transactions: Home Page
Overview of CC terms and mechanisms, including discussion of various online CC processing methods.
cryp.to -- The Cryptographic WWW Server
Various PGP developers list archives.
Crypt Newsletter Homepage
Various reports from the computer underground on hacking, security, viruses, hackers, and related issues.
Crypto Glossary
Terry Ritter's crypto glossary (long).
Good overview of cryptography, digital signatures, certificates, and trust management.
Cryptography and Number Theory for Digital Cash
Introduction to crypto and number theory for digital cash.
Cryptography: some important points for beginners
Crypto FAQ for beginners.
Cryptosystems Journal Home Page
CSL Bulletins
NIST Computer Science Laboratory bulletins
CSPP - Reports
Computer Systems Policy Project reports, including several covering encryption and e-commerce.
CuD "Computer Underground E-Publications - Top Level" Archive
Cypherpunks Archive Index
Cypherpunks mailing list archive.
Cypherpunks Archive
Searchable archive of the cypherpunks mailing list.
Cypherpunks HyperArchive
Cypherpunks mailing list archive.
Dabbling in Cryptography
1970's cryptanalysis of the M-209.
Data Encryption Page
Overview of encryption and encryption algorithms, links to further information.
Data Security by Design
Designing buildings to thwart electronic eavesdropping.
Dave's Crypto Index
Collection of misc.papers and publications on crypto algorithms and implementations.
David Kahn Interviews
Transcripts of interviews with David Kahn
David Wagner's Crypto Posts
General cryptography, cryptanalysis, computer security.
DDJ, December 1998
DDJ issue on computer security including Twofish, Panama, e-commerce protocols, and smart cards.
des-coding List Archive
Archive of the des-coding mailing list.
dp6 and the 7th USENIX security symposium
Writeup and photos from the 7th Usenix security symposium.
e$ Home Page
The e$ mailing list, information on digital cash clearing, digital bearer bonds, financial cryptography, and related topics.
[E-CARM] E-Commerce and Rights Management
E-commerce mailing list and archives.
Elliptic curve cryptography FAQ.
ECS 153 Winter 1998, Robust Programming
Tutorial on robust programming.
EIT Creations: Secure HTTP
Information on the SHTTP protocol.
Electronic Surveillance
Large archive of documents on electronic surveillance.
Elliptic Curve Cryptography
Tutorial on elliptic curve crypto.
Elliptic Curves and Cryptology
Elliptic curve bibliography.
Elliptic Curve Tutorials
Tutorial on elliptic-curve crypto.
Encryption News Resource Page
Encryption and security-related news stories.
Enigma and Its Decryption
Details on the Enigma machine and software simulators.
Enigma and the Turing Bombe
Description of the Bombe and bombe simulator.
Enigma bibliography
Entrust Whitepapers
Entrust white papers and tutorials on security, encryption, certification.
EPFL - LSE - Project CrySTINA
Papers and information on the Cryptographically Secured Telecommunications Information Networking Architecture.
Evaluation of Micropayment Schemes
HP tech report evaluating various micropayment schemes.
Finding the Key
Economic Strategy Institute study on crypto markets and policy.
Firewalls mailing list
Firewalls mailing list archives.
Foundations of Cryptography by Oded Goldreich
Fragments of a book (4 of 10 chapters exist).
Frog Encryption Algorithm
Design and source code for the Frog AES submission.
GSM Network Security
Description of GSM network security and encryption considerations.
Hack-Tic Magazine Archive
1989-1994 Hack-Tic magazine archive (scanned images, in Dutch).
Handbook of Applied Cryptography
Information on the book (well worth getting).
Heise News - Ticker
News ticker which often carries crypto and security-related stories (in German).
Historical Crypto Links
Links to sites containing information on Enigma, Purple, Magic, and other WWII-era crypto.
History of Computer Security
Computer security papers from the 1970's.
History of NSE Home Page
Prehistory of public-key crypto from GCHQ.
How to find security holes
Tutorial on finding (and fixing) Unix programming security holes.
HTTP Security group of W3C
W3C security resources.
IBM Patent Server Home Page
Access to over 2 million US patents, including many crypto and security-related ones
IDEA: A Cipher for Multimedia Architectures?
Paper on a fast MMX implementation of IDEA.
IEEE Computer Security and Privacy
IEEE Computer Society press online catalogue, security and privacy section.
ietf-open-pgp mailing list
PGP standardisation mailing list, RFC's, and archives.
ietf-pgp-mime mailing list
PGP/MIME RFC's and mailing list archives.
ietf-smime mailing list
S/MIME RFC's and mailing list archives.
Index of Crypto Papers Online
Bibliography of online crypto papers.
Info Security News
Information Security Resources
Idaho State Uni security library.
INFOSEC: Homepage
European Commission INFOSEC publication.
Integrity Sciences, Inc. SPEKE password authentication
Authenticated DH key exchange.
interhack publications
Various security-related publications: Firewalls, network security, Skipjack/KEA specs (more readable than the NSA originals).
Internet drafts
Current internet drafts, including many security-related ones (but you really need to know what you're looking for).
Internet Infrastructure Protection - DNS Security
DNS security RFC's and sample code.
Internet Legal Practice Newsletter
Internet-related legal issues (relevant to electronic commerce).
Internet Mail Security Alternatives
Paper exploring and comparing different versions of S/MIME and PGP.
Internet/Network Security - Welcome from The Mining Co.
Crypto/security-related news stories.
Introduction to Crypto Systems
Lecture slides from a seminar by Vinnie Moscaritolo.
Introduction to the Use of Encryption
Introductory overview to encryption systems.
Introduction to Cryptography
Ives Gobaus's easy introduction to cryptography.
Java Security: Frequently Asked Questions
Java security questions and issues.
JIBC - Journal of Internet Banking and Commerce
Electronic commerce, legal issues, EDI, etc.
JILT: Home Page
Journal of Information Law and Technology.
Journal of Craptology Home Page
Crypto journal with papers the others won't print.
JYA Crypto
John Youngs collection of crypto links, mostly covering crypto social issues, laws, espionage, government regulation, and an amazing array of other interesting things.
Keyed MD5
Papers on HMAC's.
Keyserver Bibliothek
Publications on PGP, PGP keys, digital signatures, and crypto politics (most in German).
Kryptologie I - Material
Information and programs for breaking historical ciphers (monoalphabetic and polyalphabetics, transposition ciphers.
Lawries Cryptography Bibliography
Searchable index of over 800 crypto and computer security articles.
Linux Security Home Page.
Linux security information.
The Loki97 block cipher (submitted for the AES).
Mac Crypto - Info
Mac-Crypto conferences and digests.
Mach5 Software Cryptography Archives
Overview of crypto, catalogue of crypto algorithms.
Maksim Otstavnov's HomeWall
Russian publications on encryption, digital finances, e-commerce.
Market Model - DBI Underwriting
A market model for digital bearer instrument underwriting.
Maximal Length LFSR Feedback Terms
Maxmimal length LFSR feedback polynomials.
Micropayments on the Internet
Overview of various micropayment schemes.
Microsoft CryptoAPI mailing list archives.
MISTY - Mitsubishi Electric's Encryption algorithm
Description of MISTY.
NameBase Book Index
Reviews of books on intelligence agencies, high-tech, military, and a potpourri of government agencies, drugs, elites, big business, organized crime, terrorism, US foreign policy, and so on.
NASA Technical Report Server (NTRS)
NASA tech reports search engine.
National Information Systems Security Conference Page
Information and proceedings from NISSC conferences from 1996 onwards.
Netscape DevEdge Online
Netscape security-related documentation.
Network Computing
Various articles on encryption from Network Computing magazine.
Network Encryption - history and patents
Patents on network encryption.
Network-1 White Papers
Various white papers on firewall design.
New Zealand Digital Library
Bibliogaphy/tech report/FAQ searchable index.
NSA to NARA OPENDOOR Bibliographic Index
Index of NSA declassified documents.
NSA/X31 Documents
NSA firewall-related documents and firewall performance tests.
Scanned copy of declassified 1960's memo on NSA public-key encryption research.
NSG Publications
IBM Network Security Group publications.
NT Domain Authentication
NT/CIFS domain authentication specification.
NT Security - Frequently Asked Questions version
NTRU Cryptosystems Home Page
Another new PKC.
On Distributed Communications: Security, Secrecy, and Tamper-free Considerations
1964 Rand Corporation report on cryptography and security.
OpenBSD Security
OpenBSD security advisories and information.
OSS ASN.1 Resources
ASN.1 whitepapers and resources (ASN.1 is used in various security standards).
Overview of Certification Systems
Comments on various certification and certificate management systems and methods.
Patent Database Access
Search the US patent database for crypto patents.
Permissive Action Links
Technology used to control US nuclear weapons.
PGP 5 Users Guide
Online guide to PGP 5.0
PGP Attack FAQ
List of potential problems in PGP.
PGP Passphrase Survey
Survey of PGP passphrases which also indicates which key sizes people prefer when they have a choice.
PGP Quick Reference
Command reference card for PGP.
PGPfone Mailing List Archive
Phrack Magazine
President's Commission on Critical Infrastructure Protection.
Various US government agencies look at Jobsec^H^H^H^HInfosec.
Prime Page (An Index of Information on Prime Numbers)
Everything you need to know about prime numbers.
RIPEMD-160 page
RIPEMD-160 information and implementations.
RSA Labs Frequently Asked Questions
Frequently asked questions about encryption algorithms, techniques, protocols, and services.
RSADSI'S Art Gallery
Cool crypto-related pictures.
S.A.F.E.R. - Security Alert For Enterprise Resources
Free monthly security newsletter.
Safer Net - Kryptografie im Internet
German crypto book with comprehensive coverage of crypto and security protocols.
SATAN-ism: Computer Security Probes Over the Internet - Shrink Wrapped for Your Safety?
Includes a good chronology of hacking and security incidents.
Secret Code Breaker: The Books
Books on breaking various historical ciphers.
Secure Books: Protecting the Distribution of Knowledge
Protecting electronically published medical books, including problems experienced with the X.509 PKI in practice.
Secure Shell (secsh) Charter
ssh working group home page.
Securing Java: Getting Down to Business with Mobile Code
Online book (also available as molecules, 368 pages) on (trying to) secure Java.
Security Handbook
Seven Locks' online security handbook.
Security in Lotus Notes and Internet
Description of Lotus Notes differential workfactor encryption.
Security Issues in WWW
Various WWW security issues.
Security Policy Models
Descriptions of various security models (only partially complete).
Security Protocol Workshop'97
Preprints of papers from the workshop.
Selection of Security/Encryption Bibliographies
Meta-search-engine which allows searching of multiple security-related online bibliographies.
Self-Study Course in Block Cipher Cryptanalysis
The title says it all.
SET Journal
Journal devoted to SET and SET implementations.
SET Protocol: Business Implications and Implementation
A good general overview of the implications of SET.
Shahram (publication)
Linear cryptanalysis of DES (MSc thesis), various papers on hash functions.
Shake Security Journal
Online security journal covering various computer security issues.
Short Course in Cryptography
Exactly what the name says.
Scrambling News
Satellite TV scrambling and descrambling methods.
Search Security Bibliography
Retrieve documents from a large archive of crypto/security papers.
Secure Electronic Mail
Overview of secure email and secure email technologies and standards.
Selection of Computer Science Bibliographies
Crypto and security-related bibliographies (conferences, journals, papers, and tech reports).
Signing Applets for Internet Explorer and Netscape Navigator
Overview of code signing.
Signing Code with Microsoft Authenticode Technology
Microsofts online code signing docs.
Smith's Internet Cryptography Site
Chapter outline pages include links to crypto-related publications and resources.
Symposium on Network and Distributed Systems Security (SNDSS'96) proceedings.
Springer-Verlag New York
Publishers of LNCS (crypto and security conference proceedings).
SSL Pipermail Archive
ssl-talk mailing list archive.
The SSL discussion list FAQ.
Survey: corporate uses of cryptography
Survey of corporate applications of and attitudes towards encryption.
Tasty Bits from the Technology Front
Free technology newsletter which includes coverage of encryption issues.
Technical Papers at Psionic Software Systems Inc.
Covert channels using TCP/IP (including source code).
Technical Report Archives in Computer Science (By Institution)
Links to tech report archives at various universities.
Technical Reports Search Service
Search engines for tech reports, theses, conference proceedings and books held at universities worldwide.
Technology and Society Book Reviews
Reviews of books covering technology, privacy, commerce, security, and the law.
The Collection of Computer Science Bibliographies
Large collection of computer-science-related bibliographies, including encryption and security issues.
The PDF Encryption Format
TSI International
Electronic commerce and EDI resources.
UCL Crypto Group - Call for papers
CFP's for conferences, including crypto and security conferences.
UCSTRI -- Cover Page
Unified computer science tech report index.
Cool book on hacking in Australia.
Understanding X.500 - The Directory
Online guide to X.500 (HTML version of a book on X.500).
United States Navy EKMS WebPage
Key management.systems as used by the US military.
USENIX Conference Proceedings
Includes material from Usenix security conferences and symposiums.
USS Pampanito - ECM Mark II
Electronic Cipher Machine (SIGABA) details.
Verifying Security Protocols Using Isabelle
Various papers on verifying security protocols.
Wim Van Eck
van Eck/TEMPEST eavedropping.
Workshop on Selected Areas in Cryptography (SAC)
Proceedings of the SAC conferences (abstracts only before 1996).
Writings in Esoteric Scripts from Qumran
Encryption in the Dead Sea scrolls.

Security People

Links to home pages of cryptographers
Large list of links to cryptographers home pages.
Links to cryptographers
Berkeley list of cryptographers.
Ross Anderson
Mihir Bellare
Steven Bellovin
Eli Biham
Wei Dai
Dorothy Denning
Oded Goldreich
Shafi Goldwasser
Bob Jenkins
Phil Karn
Lars Knudsen
Markus Kuhn
Markus Kuhn
(Another version of the amazing relocatable home page).
Stefan Lucks
Terry Ritter
Ron Rivest
Phil Rogaway
Greg Rose
Ken Shirriff
William Stallings
Doug Stinson
Serge Vaudenay
Boudewijn Visser
Bennet Yee
Yuliang Zheng

Security Problems

$10,000 DES Challenge
RSADSI's encryption-breaking challenge.
Access Key
MS Access password recovery.
ActiveX - Conceptual Security Flaw
Using ActiveX to steal money via fake bank transfers.
AOL-Security Pages
AOL security problems (some fairly scary).
Architectural considerations for cryptanalytic hardware
Breaking RC4, A5, DES, and CDMF with FPGA's.
Archive of Hacked Websites
Various web pages which have been altered by hackers.
Packet sniffing and spoofing.
Back Orifice
Backdoor access to Windows machines which allows them to be controlled from anywhere via the net.
Back Orifice Removal - BORED
Tool to scan for and remove Back Orifice.
Basement Research
SMB session sniffer, NT TCP/IP connection killer.
Bokler's Guide to "CRACKER" Software
Programs to break the "encryption" on a number of DOS and Windows programs.
Buchanan International
Password recovery (apparently they're just a reseller for Access Data).
Wintel PC bugs, including occasional security problems and holes.
Bugtraq Archives for July 1995 - present
Security vulnerability archives.
Bugtraq mailing list archives
Security vulnerability archives, 1993-present.
CCC klont D2 Kundenkarte
CCC cloning of GSM SIM's and software SIM emulator (in German).
Cellular Telephone Experimentors Kit
Completely control an OKI900 through a computer (including many neat things you're not supposed to be able to do).
Channel 1 File Library:Unprotects
Unprotects for a large amount of software.
Chaos Computer Club
Computer Crime Reference Index
Organisations, publications, legal resources, security advisories, mailing lists.
Computer Security Information
Information on password cracking, denial-of-service attacks, and NT security holes.
Cookie Jar
Control which web servers can get cookies.
CooL_MoDe's Kewl World
Exploit files for a wide variety of Unix security problems.
Craaack Labs
"We make the things that break the things that you make".
CRAK Software
Password-recovery software for Word, Excel, 123, Quattro Pro, WordPerfect, Quicken, etc.
Crash Netscape
This URL will crash Netscape (and make Windows unusable for Win 3.x) when connected to.
Crashing IE4
Combines the MSIE res security hole and the Pentium F00F bug to lock up any Pentium machine running MSIE.
Crypto & Hacker Linkz
Links to crypto and password-recovery pages.
Cryptography Research - Differential Power Analysis
Powerful noninvasive analysis technique for recovering information (eg encryption keys) from smart cards.
Cybercrime on the Internet
Cyberciminals and cybercrime buzzword buzzword hacking buzzword fnord child pornography buzzword fnord.
Cypherpunks Key Cracking Ring
The cypherpunks attack crippled US export-approved encryption.
Cypherpunks SSL challenge broken
The cypherpunks break crippled US export-approved encryption.
Death by ActiveX
More ActiveX security holes.
Decompilation of Binary Programs - dcc
Decompiler for reverse-engineering 80x86 software.
Defiants Eurosat.com
Pay TV and smart card hacking information.
Déjà Vu All Over Again
BYTE article in plethora of NT security holes.
DES Challenge Coordinated Effort
SolNET RSADSI DES challenge.
DES Challenge Attack
Distributed software attack on DES
Denial-of-Service FAQ
The denial-of-service FAQ.
Device Object Security
Problems with Windows NT device object security.
Digital Signals Monitoring with your scanner
Monitoring trunked radio nets with scanners.
distributed.net - Node Zero
Distributed computing applications (such as encryption breaking).
D.O.E. SysWorks
Links and information on security weaknesses, password recovery, key recovery tools, reverse engineering. Of particular interest is the information on the large number of snake oil crypto programs out there.
Ericsson Unlock Devices
Unlock and generally mess with Ericsson GSM and PCN phones.
ERL PTT: Monitoring Inmarsat
Inmarsat interception using standard commercial gear, with an example of interception of sensitive political information and electronics smuggling to the Iraqi internal security organisation.
Factorization of RSA-130
Forbes ASAP: Hack Attack
Forbes interview with hackers over industrial espionage. NB: Some of this is pure "Let's see how gullible the reporter is" stuff.
Forbes addendum: EMP weapons: Calling Victor von Doom
Debunking some of the more outrageous parts of the Forbes story.
Forbes addendum: The Netly News - EMP Gun
Another writeup on the EMP gun urban legend.
Fravia's page of reverse engineering
Much information on reverse-engineering software.
Fravia's Steganography Starting Page
Stego information, including how to defeat various steganography-based watermarking techniques.
Fun and Games with PGP
Potential PGP weaknesses and problems.
Georgia SoftWorks - Windows NT Password Guard!
NT password grabber.
Greg Miller's Home Page: Crypto, AI, and Networking
Netware-related security problems and issues.
GSM cellphone cloning
The Smartcard Developers Association proves that GSM security isn't nearly as good as the vendors claim.
GSM Cloning
The ISAAC group's page on the GSM security breach.
Hack Watch News
Satellite TV security and insecurities
Hacker's Encyclopedia CDROM
CDROM full of files on every aspect of computer security and how to bypass it.
Hacker's Homepage
Web interface to anonymisers, Internet tracing/lookups, white pages, reverse phone directories, satellite imaging, DNS scanning.
Hacking Novell Netware FAQ
HAM Radio Software
POCSAG decoder for monitoring pager messages.
Hardware Hacks
Hardware hacks, mainly mag.card related.
Hostile Applets Home Page
Various hostile Java applets.
H/P/C/V Utilities
Password crackers, carding, war diallers, key generators, hex editors, links to related sites.
Hyperlink Spoofing
SSL server authentication attack.
ICKiller can be deadly
Warning about ICQ toolz/ICKiller, which installs nasty trojans in your system.
Infilsec - Vulnerabilities
Vulnerabilities database for various OS's.
Inside the Windows 95 Registration Wizard
What the Windows 95 Registration Wizard is *really* doing with your system.
Internet Attacks
A (very complete) taxonomy of Internet attacks.
Internet browser access to your hard drive
How to access your local hard drive with a web browser.
Internet Explorer Expoit #4
IE security hole which allows your logon username and password hash to be grabbed over the net, regardless of firewalls or use of "strong" passwords. 14,000 passwords grabbed so far by this site alone, with no apparent attempt by MS to fix it.
IOPUS Software: Automatic, invisible POP3 / SMTP email sender sender
Secretly monitor and mail files to other machines.
ISS NT Security Library
Links to sites covering NT security issues.
Java Code Engineering: engineer & reverse engineer Java class files
Links to books and articles, disassemblers, decompilers, and deobfuscators.
John the Ripper
Unix password cracker, including MMX version which is 30% faster than the standard one.
K^KakO^B Cracking Tools Page
Password breakers for Trumpet Winsock, Eudora, Win95 screen saver, Netscape mail, Win95 shared items, Pegasus mail.
Key Code Generators
Key and unlock code generators for large amounts of software.
Key Recovery Alliance
Communicate secure in the knowledge that only the US government is listening.
Key Recovery Technologies
How to implement espionage-enabled software.
Key Recovery Utilities and Resources
Key recovery utilities, tutorials, programs (including ones to break Arj, BIOS passwords, Compuserve, Contraband 9G, Crypt-o-Text, Cryptic Writer, CuteFTP, CyberSitter, Encrypt-It, Eudora, MS Access, MS Word, MS Excel, Norton Diskreet, Novell Netware, RAR, 40-bit S/MIME, Stacker, Turbo Encrypto, Wincrypt, Windows NT password, WordPerfect, WS_FTP, and Zip), and resources.
M2mike's Corner of the Web
Information on breaking various security systems used by schools (mostly Win95-related - this is "security" for very small values of security).
Maximum Security
Updates on Internet and Internet software security problems.
MDT Monitor for Windows
Software to decode police mobile data terminal messages.
Microsoft CD Key Authentication Revealed!
Microsoft FrontPage 98 Security Hell
The infinite security holes in FP for Unix.
Microsoft IIS Web Server Security Bugs
Security holes and bugs in Microsofts Internet Information Server.
Microsoft Password Recovery Software
Recover passwords for MS Word, Excel, Access, Money, and VBA projects.
MS Word & Excel security weakness
Recover passwords for all newer versions of Word and Excel.
Mini-FAQ: NT Password Attack & defences
NT password cracking FAQ.
Money Protocols
Things which can go wrong with smart cards.
Cellular signal destruction unit (in other words a GSM jammer).
Windows backdoor access server.
Netscape Security Problems
Security flaws in Netscape.
Netware/Windows NT/Web Hack FAQ
Security problems in Netware, NT, web servers and browsers.
New Media Laboratories - Crypto
Distributed attack on RC5.
No First Virtual
Security problems with First Virtual.
(Not only) Russian Password Crackers
Good collection of oassword breakers and crackers for a variety of programs.
Nowhere to Run
TEMPEST monitoring.
NSClean information
Clean up various Netscape files which record information on you and your net activity.
Change the Windows NT administrator password.
NT Crack
Very effective NT password cracker.
NT Exploits
Windows NT security holes and exploits.
NT Internals
Not directly security-related, but contains a lot of useful technical information and source code to bypass or upset NT's security controls.
NT offline pw-util, bootdisk
Password change and general system editing utility for NT.
NT Security Home
NT security issues and concerns, security tools.
Nurse your Net Nanny!
How to disable various Internet blockers (and these things are supposed to be childproof!).
Various hacker zines.
On the topic of Firewall Testing
mjr on firewall testing and certification.
Palmtop plunder
Breaking into cars using a PalmPilot.
Assorted information on security problems and programs (AOL, Netware, boxing, carding, encryption, password-cracking, virii, satellite TV, text files).
Reverse-engineering Novell's directory services (includes Novell password breaker).
Paradox Specs
Decode Paradox tables without knowing the password.
Password Removal Tactics
How to remove/bypass password/"encryption" protection for a variety of software.
Pavel Semjanov's Home Page
Assorted key and password breakers (partially in Russian).
Phrack Magazine Home Page
Security problems, hacking, hacker conferences, general news.
PIC16C84 Security
How to bypass the 16C84 security fuse.
Ping o' Death Page
Problems with remote machines crashing whens sent long ping packets (this affects Unix systems, Macs, Netware, routers, printers, ...).
PIR8 Underground : Home Of KeyGenz
Crackz, Keygenz, and other things ending in z (including cracks for a large number of copy protection schemes like Vbox, SalesAgent, softSENTRY, TimeLock, and many others).
PkCrack - Breaking PkZip-encryption
An implementation of the Biham/Kocher paper (complexity 2^38).
Random Credit Card/Check Card Fraud with Small Charges
Warnig about an online credit card fraud technique.
Read text/HTML file with Internet Explorer
Demo of MSIE bug which allows arbitrary files to be read from your machine.
Reverse Engineering the LEGO RCX
Tutorial on reverse-engineering a microcontroller.
RISKS Forum Archives
Archives of the ACM forum on risks to the public in computers and related systems (use the arrow icons to move to other risks volumes).
Risks Of "Key Recovery," "Key Escrow," And "Trusted Third-Party" Encryption
Report on GAK risks by noted cryptographers.
Searchable archive of Windows and Unix security problems.
RSA Challenge '97--Break the Key
RSA encryption-breaking challenge (40 bits in 3.5 hours, 48 bits in 13 days).
Satellite Code Network
Network of ~300 sites devoted to satellite TV hacking and related topics (eg smart cards, decoders, smart card programming).
SatHack HomePage
Satellite TV hacking, cards, software, programmers, and codes.
School Security Flaws
Collection of typical security problems and holes in school computers.
Scott Schnoll's Unofficial Microsoft Internet Explorer Security FAQ
Bugs and design flaws in MS Internet Explorer.
Sécurité & Piratage
French security page with information on security problems, backdoors, and patches.
Security Survey of Key Internet Hosts
Security survey which found that two thirds of the WWW hosts checked had security problems.
SecurID Weaknesses
Paper on potential weaknesses in SecurID.
Sekcia bugs
Large collection of security bugs in most major OS's.
Shutdown Windows
Shut down Windows 95/98 from Java. So much for the sandbox.
S/MIME Screen Saver
Screen saver which breaks 40-bit S/MIME encryption.
Snake Oil FAQ
Snake oil warning signs - encryption software to avoid.
Snoopie, a TCP login tracer for DOS-machines
TCP/IP login tracer which sniffs logins for FTP, telnet, POP3 connections.
SSL implementation bugs
List of known SSL implemetation bugs.
Stack Smashing Security Vulnerabilities
Resources related to stack-overwriting security holes.
Stealth Keyboard Interceptor
Completely invisible interceptor which logs keystrokes, URL's, executed, dates, times, mouse click events, etc, with optional encryption.
StealthLogger official homepage
Windows 95 and NT keystroke logger.
Supplementary Analysis of the Royal Holloway Key Escrow Scheme
More weaknesses in Euro-Clipper.
Broadcast everything in your home all over the neighbourhood, secured with 40-bit crypto.
The BioArchive
Novell Netware, cellular phone, and other security problems.
The Codebreakers
Assorted virii, including a PGP keyfile-stealing virus.
The Hacker's Choice - Official HomePage
THC home page.
T H E · L E G A C Y
Hacking/phreaking information and links. Load this one with Java disabled.
The Sanctuary
Satellite TV hacking info: D2Mac, Eurocrypt, Videocrypt, Multimac, etc.
"The Stalker's Home Page"
What others can find out about you using online search engines.
The TEMPEST Information page
Much information on TEMPEST eavesdropping and its prevention.
Threats to your security on the Internet
Information on various NT trojans (Back Orifice, Netbus, etc).
Crackers for MS Office, Excel, Word Perfect, Word, Pkzip, and other programs.
Underground Railroad
Filez! Warez! D00D!
(Various encryption-breaking utilities and other programs. There's a main page for this, but it's so encrusted with Java and animated graphics and sounds that it's unusable).
unix / net / hack page
Unix security problems, software, documentation, RFC's.
Unofficial Microsoft Internet Explorer Security FAQ
Security (hole) FAQ for MSIE.
VBA password recovery (allows viewing of VBA source code).
Vulnerability Database
Database of common security vulnerabilities in RPC's, sendmail, firewalls, and various other categories.
Weaknesses in Euro-Clipper
Various weaknesses in the Royal Holloway "trusted third party" ley escrow scheme.
Web Pages we’d like to see:
(This one's good enough to deserve its own reference).
Whitehats.com Internet Security Good Guys
Unix security advisories and updates.
Why I Don't Like Microsoft's FrontPage Web Authoring Tool
Long list of gaping security holes in FrontPage for Unix.
Why You Need ACG
Grabbing car alarm codes.
Windows 95 *.PWL Cracks
Security problems with Windows'95 (and Win3.x) password files.
Windows 95 and MSIE Security Hole
Security hole which allows your Win'95 password to be obtained from anywhere on the net.
Windows NT Password Cracker
Windows NT Password Recovery Service
Recover passwords for Windows NT servers, domain controllers, and workstations.
Windows NT Security Administrator
Windows NT security problems and solutions.
Windows NT Security Issues
Windows NT security issues.
Winternals Software
Edit NT partitions, change the password for any account (including administrator).
WinXFiles Reversing
Reverse-engineering and breaking WinXFiles "encryption".
www.lostpassword.com - Home
Password-recovery software for MS Office, Outlook, Schedule, VBA, Access, and Money.

Security Products

Access Control

ActivCard Home Page
Authentication/single sign-on card.
Argus Products & Services Page
Extra security measures for Java programs, Orange Book/ITSEC security modules.
Cambridge Neurodynamics
Biometric identification systems.
Capella Electronics - Security Systems
Access control and security sensors.
Check Point FireWall-1
FireWall-1 firewall.
Cerberus Homepage
Win 3.1/Win95 access control.
Network scanners, authentication and security modules.
Cryptocard Corporation
User authentication and remote access management tools.
CYCON Labyrinth og CYCON technologies and Cypress Consulting
The Cycon labyrinth firewall.
e.g. Software
Auditing, security alerts, password analysis, and security software for Netware.
Hardcastle Electronics
Firewalls, security gateways, F-secure.
Java-based access control over SSL.
Intracept - X-Ray Vision
Blocks Java, ActiveX, and cookies to web browsers.
Kalliopi: DELPHI Security - We've got it covered!!
Access control to Delphi apps.
Keyware Technologies
Biometric security products.
MARX CRYPTO-BOX Software Copy Protection
Software and hardware-based copy protection.
medcom Home Page
Firewalls, tiger team testing, WWW security.
Micah Development
Access control for DOS and Windows.
New-Tech Systems
DOS/Windows access control software.
PC access control and encryption software.
SAGUS Products Page
Security gateway, firewall, Winsock interface.
Schumann Products for Enterprise Security
Single sign-on, access control management.
Watchguard firewall and security management software.
PalmPilot based challenge-response authentication supporting a variety of popular protocols.
Secure Storage
High-security storage facility.
SOL - Security On Line
Phsyical security items and information.
Technical Incursion Countermeasures
Auditing, consulting, and training for networks, firewalls, security policies, and assurance testing.
The ULTIMATELY Secure Firewall
Wingate Lan to Internet Software
Windows Internet proxy.

Data Encryption

Aegis Research Corporation
Windows PGP shell.
American Stealth Messenger
Email encryption software which is probably some form of rebadged PGP.
File, email, disk, voice encryption including IDE data channel encryption hardware. Proprietary algorithms.
Archsoft Security Software Solutions -Cerberus
Desktop encryption for Windows using Blowfish.
ASIC International - Cryptographic Cores and Technologies
DES, SHA-1, MD5, bignum maths cores.
Network and internet security processors and solutions.
Australian Privacy Home Page
Australian PGP vendor.
Avalanche Java Cryptography Toolkit
Encryption, hash functions, and secure random number generation in Java.
ISDN BRI and PRI online encryption hardware, secure servers, VPN products, all using RSA with triple DES (single DES optional). Frame relay and X.25 encryption using DES or proprietary algorithm.
Baltimore | Products
Crypto systems toolkit - DES, IDEA, RSA, DSA, RIPEMD, SHA1, MD2, MD5, X.509/CA toolkit, email security software.
BBN Security
SafeKeyper tamperproof hardware key storage.
BestCrypt family of Data Protection systems
GOST and DES software/hardware encryption for DOS/Windows.
Blowfish Advanced Download Site
Blowfish file encryption for DOS and Win95.
Bokler Software's Home Page
DES and hashing DLL's and OCX's.
Briggs Softworks: Software
Directory snoopper/file eraser, file encryption for Windows.
Brivida, Inc. - Technology for Virtual Private Networks "VPN"
VPN's using IPSEC DES encryption.
Brokat X*PRESSO Home Page
Secure non-US encryption by adding another layer of 128-bit encryption over the top of the US crippled 40-bit version.
Business Security home page
Fax, video, voice, and modem encryption.
carrick Encryption Home Page
DES and Blowfish file encryption.
CE Infosys GmbH
Fast DES hardware, encrypting SCSI controllers, PCMCIA cards, from a non-US source.
CellCase Key Agile ATM Encryptor
RSA/triple DES ATM link encryptor.
Elliptic curve cryptosystem products.
CES Home Page
Phone and fax encryption add-on (questionable algorithm).
Chrysalis ITS - Product Information
PCMCIA encryption cards.
Cisco Network Encryption Services
DSA-signed DH for link and session encryption.
Citadel Products
Firewall/VPN, Windows file encryption.
Clipper and Fortezza: Pictures and Info
Drag-and-drop DES encryption for Win95/NT.
Cold Fusion Power Packs
Encryption/decryption, credit card processing, for Cold Fusion.
Communication Security Corporation Home Page
Diffie-Hellman and triple DES speech encryption. No GAK.
Computer Development Systems Crypto Page
Link encryption hardware, file and fax encryption software (unknown algorithm).
ComScire QNG From Quantum World
Johnson-noise-based RNG for PC parallel ports.
Condor - Secure Ubiquitous Portable Interoperable Communications Buzzword Buzzword
Secure Fortezza-protected voice and data over celluylar links.
Confidentiel : Présentation
Mac file encryption, approved by the French secret service.
Royalty-free Verilog PKC core.
CRYTEK Communications - Secure Telephone Adaptor
Key-based subband voice scrambler. Uses Diffie-Hellman key exchange, but a questionable encryption function "based on matrix multiplication".
Win95/NT 4 encryption shell extension.
Crypto AG Switzerland
Encryption software and hardware of all kinds (but see also the links in the "Crypto Social Issues" section).
CryptoEx 1.0
PGP add-on for MS Exchange.
Cryptomathic homepage
Encryption and security software and consulting.
CSM Proxy Server - The Ultimate Gateway to the Internet
Proxy which includes SSL tunnelling.
PEM software, bignum maths package.
Cylink Corporation
Lockheed Martin's crypto processor.
Data Encryption Key PANDORA
DES/RC4 file encryption using a USB dongle, unfortunately keys are hardcoded into the dongle.
File and file transfer encryption (unknown algorithm).
DataGuard® - The Software Safe
IDEA and SEAL file encryption for Win32.
Deming Software
S/MIME software for MS Exchange and Eudora.
DES Core
VHDL DES core.
Design Automation - CyberLock
DES-based encryption program. Fairly standard stuff, but the marketing smells of snake oil ("most secure file encryption available", "patented encryption enhancement technology", etc).
D.I.C.A. ISDN Encryptor
ISDN link encryption using FEAL 16, IDEA, or DES.
Digital Delivery
Secure (encrypted) software and information distribution systems.
Diskcrypt 95
Floppy drive encryption for Windows 95.
docSpace Direct
Secure data transmission via a web browser and SSL, but intermediate storage is unencrypted on a third-parties sever.
Very fast bignum maths card for PC's.
e-Lock, Security Solution from Frontier Technologies,Home
Digital signature/encryption software and interfaces (implemented as wrappers around crypto toolkits like BSAFE and CryptoAPI).
DOS, Win95, and NT file, drive, and email encryption using IDEA, file wiping,
EES Family Data Sheet
Clipper chips.
EMD Enterprises
Win95/NT anti-virus and encryption software.
Encrypt-It Plus
DLL/VBX/OLE control providing DES and 3 other (unknown) encryption algorithms.
Encryption Plus
Encryption for Visual Basic.
DES file encryption for Windows.
Entrust - Home Page
(Formerly Nortel) Entrust cryptography product family. GAK alert: These products are GAK-ready.
ERACOM - Encryption Adaptors
Encryption toolkits, DES encryption hardware for PC's.
F-Secure Cryptography Products
Windows/Unix <-> Windows/Unix link encryption with secure telnet, X11, port forwarding, etc. The link is encrypted with algorithms like triple DES or Blowfish, with 1024-bit RSA for key exchange an authentication.
Formal Systems
X.509 certificate viewer, PKI, encryption services and consulting.
FORTEZZA Developers Home Page
Fortezza ISA Bus Crypto Card
Fortezza on an ISA card.
Fortress Technologies
Frontier Technologies e-Lock Home Page
PKCS/X.509 and S/MIME key management, signing, secure email and browser.
Fulltime RSA
RSA speech encryption for PSTN lines.
GDS: Encryption, Authentication, Transaction Security
Link encryption hardware from ISDN up to T3 speeds.
Global Technologies Group, Inc.
Products based on the German SuperCrypt DES/triple DES chip.
Hammercore DES Cores
FPGA DES cores for Altrea FPGA's.
Hide Me for Windows
Windows file encryption, unknown algorithm.
HRB Systems
Data encryption products (an division of E-Systems)
IBM cryptography: cryptographic cards home page
IBM's (really cool) 4758 crypto module.
IBM SecureWay
Data encryption, security, consulting.
I.D.E.A Encryption for Windows
Win95 file encryption.
IDS - Products
Disk encryption using Blowfish, PGP-compatible mail encryption using RSA+IDEA, smart cards.
INFOSEC Products
Triple DES file encryption for Windows.
International Cryptography Framework
HP's international big brother design.
Internet Solution Security (Pty) Ltd
Access control, electronic commerce, 128-bit SSL proxy.
Internet Security Group
CryptoSwift public-key encryption hardware accelerator.
Internet Smartsec
Internet security technology (knowledge of Swedish useful).
Inventra Soft Cores Current Documentation
DES cores.
Invincible Data Systems, Inc.
PGP - compatible encryption software for e-mail, hard disk encryption, access control hardware tokens.
iPower Home Page
National's PCMCIA crypto card.
IRE Product Catalog
Network and link encryption hardware.
ISC Products
Email encryption, crypto toolkits, encrypted Zmodem.
ISDN Encryptor
Java Cryptography Extension
Java crypto extensions (JCE).
Win95/NT drag-and-drop file encryption.
Kryptology Home Page
Snake oil for the masses.
Langley System Web Site
Floppy disk encryption software.
Lintel Security
DES and RSA encryption chips and hardware.
LUC ENcryption Technology (LUCENT) Limited
Lucas-function based PKC.
MAILguardian and MAILguardian Enterprise
Email encryption using DES, 3DES, Blowfish and DH (but will automatically and transparently fall back to sending cleartext - this is listed as a feature of the software).
Markus Hahn's Software Page
File/data encryption using Blowfish, Twofish, RC4, Cobra128, GOST, triple DES, and CAST.
Motorola Advanced INFOSEC Machine (AIM)
Motorola crypto processor.
Motorola SSTG Secure Telecom Products
Morotola secure phones and fax and data communications products.
nCipher products
Hardware crypto accelerators.
Network link encryption.
NetLOCK(tm) Network Security
Encryption and authentication for LANs and WANs.
Netseal Product Specifications
IPSEC/ISAKMP/OAKLEY drives for ODI, NDIS, and Linux.
Next Wave Software
DES-based file encryption for the Mac.
NEXUS Solutions NTrust
Blowfish encryption for Windows.
Blowfish file encryption.
Ocean Logic DES
VHDL/Verilog DES core.
Okiok Data Security Products
Crypto processors.
Opera Software - Bringing speed and fun back into Internet browsing
Non-US web browser with strong SSL encryption.
PC-Encrypt Email Security
Blowfish file encryption (web page smells slightly of snake oil).
PGP -- Pretty Good Privacy, Inc. Home Page
PGP Tools from Net Services
Windows front-end for PGP.
Phaos Technology
SSL in Java.
Cool RSA/bignum and DES/triple DES encryption hardware.
PowerCrypt Website
PEM and S/MIME encryption for the Power Mac.
Private Data - Protecting your privacy with innovative products
Disk encryption for Win95 (unknown algorithm).
DES EDI encryption.
Racal/Airtech Security
Various access control and security products.
Rainbow Technologies Internet Security Group
CryptoSwift crypto hardware accelerator.
RAMPART for DOS/Windows
DES encryption software and other utilities.
Reflex Magnetics - homepage
Secure FTP, mail, modem encryption using DES, 3DES, Blowfish, or IDEA.
RPK Public Key Cryptography
Crypto SDK and email software utilising a new, fast discrete-log-over-GF(2^k) based PKC.
RS Cryptographic Development Kit
Public-key crypto toolkit.
RSA Data Security, Inc.
SAFE Folder
Transparent Win95 file encryption.
SafeHouse Drive Encryption
DES disk encryption for Win3.x/Win95 (exportable 56-bit because it's GAK-ready).
SafePassage Web Proxy
Full-strength encrypting web proxy which bypasses US export restrictions.
File encryption using Blowfish, CAST-128, and Diamond2.
SCI Web Page
PCMCIA-based disk and file encryption.
Win32 SSH client.
Secure Link Services Ltd (SLS), DataGuard Family
Disk and file encryption using IDEA, SEAL, and PKC's). Note that this company is located in the free world (Switzerland), despite the .net address.
File encryption and signing for Win95/NT
SECURE...Encryption and Security for all
DES and IDEA encryption software for Windows.
Triple DES encryption add-on for MS Office.
SecureStore Homepage
File encryption using DES, triple DES< Blowfish, CAST-128, Diamond2, RC4.
Win95/NT file encryption using RSA and the BSAFE conventional algorithms, other security tools (eg secure delete, secure shutdown).
Security Domain: electronic message security
Public-key file encryption, CA software.
SICAN DesignObject (TM): DES Data Encryption System
ASIC DES core.
Sioux: Sophisticated & Secure
Apache-based secure web server.
SKIP Information
Simple Key management for Internet Protocols - papers, information, implementations (US only).
SKIP in Russia
As above, without the export restrictions.
SMARTCrypt by WetStone
ActiveX interface to PKCS #11 modules.
Soft Concepts
Ncrypt file archiving, compression, and encryption utilities.
SoftWings Enterprises Inc
DES/triple DES protected OS/2 data transfer.
SoftWinter - Shade page
Disk encryption for Windows NT.
SoundCode, Inc.
Crypto libraries and software.
SSL HTTP Security Solution
128-bit SSL proxy - turns crippled SSL browsers into full-strength encryption ones.
SSL Plus (Product)
SSL Plus SSL integration suite.
SSL 3.0 implemented in Java.
SSLP Reference Implementation Project
An SSL reference implementation (still under development).
Secure sockets relay - full-strength SSL proxying.
Stealth Drive
Encrypted virtual disk volumes (the standards compliance section looks a bit odd).
Stronghold Homepage
Apache-based secure web server.
File and email encryption using Elgamal, Blowfish, IDEA, and triple DES.
Win95/NT, OS/2, DOS file encryption using DES, IDEA, Blowfish, NewDES, and Lucifer.
TeamWARE Crypto
ICL's Windows file encryption software.
TecApro Internacional - Home page
Win95 file encryption.
Templar Software and Services
Secure EDI over the Internet.
TimeStep - The Network Security Standard
VPN encryption systems using DES encryption and X.509 certificates and digital signatures for authentication.
TorDisk HomePage
NT disk encryption for hard drives, CDROM's, networks, using DES, triple DES, Safer, Blowfish, CAST-128.
Transcrypt Product Overview
Phone encryption devices and add-ons.
Intranet ACL-based security and encryption using RSA and triple DES.
TSS OfficeLock - Data Security for Microsoft Office
Strong encryption for MS Office documents.
DES, triple DES, GOST, Blowfish, 3-Way, RC5, TEA, Safer, Shark, Diamond-2, and others.
Utimaco Safeware AG
DOS, OS/2, Windows encryption software, encryption hardware.
V-Disk Official site
Win95 drive encryption using Blowfish, with smart card support.
Virtually Online
SEMS email encryption using the RPK algorithm.
VPNet: Products
WAN VPN encryption products using DES and triple DES with SKIP key management.
Worldtalk Worldsecure
S/MIME encryption software.
Wormhole technologies
PKC-based email encryption software.
Xcert Software
Access control, X.509-related software.
X_DES Core Page
Verilog DES core.
XETI technologies supporting secure business collaboration over the Internet
Java PKIX toolkit, data conferencing over SSL.
XF-DES: Data Encryption Standard Engine Core
Xilinx DES core.
Zergo WWW Site - Information Security Specialists
Crypto and CA products. They'll also design GAK protocols for backdoor access to your medical records if required.

Interception and Monitoring

Hardware and software for intercepting and monitoring information, and stopping of the same.

Applied Signal Technology Product Summary Introduction
Signals interception and monitoring gear.
Candes Systems Inc. - TEMPEST Computers and Peripherals
TEMPEST-shielded computer gear.
Cellular Monitoring Interface (via Electronic Countermeasures Inc)
Computer interface for intercepting cellphone traffic.
Computer Aided Technologies
Scanner software.
Datascan TEMPEST monitoring system
Electroconductive Concrete ELFINCO
Makes for great TEMPEST shielding.
Win95/NT port scanner.
Fax Analyzer
PC fax interception card.
Force-Ten Online Catalog
Surveillance, wiretaps, spying equipment.
GENESIS Group online
Assorted bugs, transmitters, receivers, cellphone tracking and interception, fax interception, and other bugging and interception gear.
GCOM Technologies
GSM, cellphone, computer, and fax interception and monitoring equipment (the GSM interception unit features real-time, off-air interception of up to 1000 voice/data/fax transmissions, traffic targetting and screening, and call tracking, all with a friendly Windows interface).
GSM Monitoring - GSTA-1400
Complete GSM monitoring/interception system with call and target tracking and location features.
Kansmen Corporation
LittleBrother Internet monitoring call.
NDG Software Products
Various network monitoring and snopping tools.
Monitor and intercept TCP/IP sessions.
Pager Decoding Interface (via Electronic Countermeasures Inc)
Computer interface for intercepting pager traffic.
Win95/98/NT keystroke logger.
Radte KG - Spytec
Bugs, speech and telephone interception gear, information on industrial espionage.
Spies:Law Enforcement
Cellular, GSM, and fax interception and monitoring equipment.
SPY - Networkspy / -agent / -analysator
Sophisticated network sniffer which can extract files and data sent via FTP, HTTP, NNTP, SMTP, POP3, NetBIOS, search the data stream for keywords, and log usernames and passwords.
SpyZone Tools and Techniques
Industrial espionage and surveillance tools and techniques, security equipment, secure communications systems, disaster recovery, bug sweeps.
The Codex Privacy Site
Electronic eavesdropping detection, anti-bugging, privacy protection, secure communications.
The Watcher Network Monitoring Program
Monitor and control any IP connection on a network.
TIRIS Products & Technology
RF identification and tracking devices.
TSCM.COM Counterintelligence Home Page
Technical Surveillance Countermeasures - bugs and wiretapping, detecting bugs, intelligence agencies, and counterintelligence.
Virtual ISA Proto Board
Xilinx 5210/4013E card.

Investigative Tools

Tools for investigating the security aspects of various things.

APS Powerful, yet Affordable EDA Tools
Developmemt boards from as low as $199.
Chip Express Corporation
Fast turn-around ASICs.
IC reverse engineering.
Code Classifier
Classify encrypted data by likelihood of encryption system used ("especially recommended for cipher generated outside North America where DES and private-key systems are not as dominant").
Convar Systeme Deutschland - Service Center
Disk data recovery.
Digital Instruments
Scanning probe microscopy (used to investigate magnetic media).
FPGA, CPLD: OptiMagic's Programmable Logic Jump Station
Starting point for hardware crypt-breaking information and tools.
Hack Watch News
Satellite and terrestrial TV scrambling systems.
IBAS Laboratories - Professional Data Recovery
Recovery of data from damaged or overwritten/erased magnetic media.
Investigating the Suspect Computer
DOS forensic software for recovering evidence from PC's.
MUSIC Semiconductors
Various content-addressable memories, useful for investigating encryption algorithms.
Neuroptics Technologies, Inc.
Neural network hardware.
NTI Home Page
Computer forensic training, consulting, and tools.
Picosecond Imaging Circuit Analysis
IBM technique for imaging signals in chips.
Programmable Logic Jump Station ( FPGA, CPLD )
More investigative tools for encryption keys.
Xilinx Product Information
Perfect for investigating currently unknown DES and RC4 keys.


APM - EMI Shielding Products
EMI shielding, useful for TEMPEST shielding.
AR Products
RF interference generators.
Argus Systems Group, Inc.
Operating system security add-on products for Solaris and Windows NT.
Automatic Response Systems
Document destructions products and services.
Portable TEMPEST-shielding enclosures.
Computer Security Update
Links to security-related bug fixes for MSIE and Windows NT.
COMSEC Solutions
Cryptography and biometric countermeasures consulting.
Consensus Products/Services
SSL Plus integration suite, RSAREF, IDEA licensing, code security screening.
Digital ID Center
Web interface to Verisign's digital ID (CA) service.
Disk Zapper
Floppy disk bulk eraser.
Emcom Products and Services
TEMPEST PC's, monitors, and comms gear.
Framework Executive Back Orifice removal and protection tool
Program to remove Back Orifice.
Hackers Catalog Books
Various standards for satellite TV scrambling, cellphones, and scrambling-related encryption.
IBM SecureWay Home Page
IBM's security hardware and software, consulting, technology, and general information.
IP Packet Filter
Highly configurable kernel-level IP packet filters.
Kilben Business Services
Computer enclosures and alarms.
List of FPGA-based Computing Machines
Fast encryption hardware (with a little programming...).
NIC Law Enforcement Supply CATALOG - MAIN SITE
Law enforcement supplies.
Minatronics Corporation
Physical security products.
Proton Engineering Degausser & Declassification Systems
Magnetic and optical media degaussing and declassification systems.
Security Engineering Services, Inc
TEMPEST and COMSEC engineering and consulting.
SEM - Security Engineered Machinery
Data destruction equipment and information.
Tempest Products
TEMPEST-secure communications and data processing devices.
TNO physics and electronics laboratory (information security, electronic warfare, electronic security, sensor and weapons electronics).
Wang Government Services Secure System's HOME PAGE
Wang's TEMPEST products and secure services.

Online Commerce and Banking

We do e-commerce because that's where the money and the suckers are.

Canada Trust
Online access to account balances, stock quotes, and other banking services.
Credit Suisse Direct Net
Full online banking using 128-bit SSL proxies.
EMJ America
Internet security and e-commerce products.
ICVerify Home Page
Online credit card, debit card, and cheque verification.
Internet-based digital cash
Links to various e-cash resources.
Netbill-related publications
Various online electronic transaction protocols.
Payment mechanisms designed for the Internet
Welcome to Online Banking!
Wells Fargo online banking.

Smart Cards

Smart cards? A certain animal cunning, perhaps.

A safe Internet communication channel with smartcards
Masters thesis on secure client-server communication using smart cards.
A8 Corp
Smart card personalization and card management software.
Advanced Card Systems, Ltd.
Smart cards, card readers, development kits.
ACOLAs Homepage -Communication, Terminal Server and Data Collection Products
Smart card and RF card products.
AD-Teknik, Mainpage
Smart card emulators, PCB's, readers.
AMC Smart Card Reader Products
Smart card/mag stripe reader/writer.
ASE - The Aladdin Smartcard Environment
Smartcard development kit.
Basic programmable smartcard
Bill's idea of a JavaCard?
B&C Data Systems
Smart card reader/writer.
Card Europe Main Index Page
Smart card and security card conference information.
Catalyst Serial E2PROMs -- I2C Bus
Smart card EEPROMs.
Programmers, smart cards, add-ons.
CITI Smart Cards
University of Michigan smart card research project.
Compelson Labs
Smart-card based key storage, file encryption, access control.
CompInfo - Smartcard Technology - Information Sources and Manufacturers
Links to sources of information on smart cards and card and card reader manufacturers.
Cop Card Site
Programming information and keys for COP cards.
Crownhill Associates Ltd
Smart cards, PIC programming, code recovery/reverse engineering.
CryptoCard's Security Products
Various access-control systems.
Dallas Semiconductor Corp: Home Page
Identification and authorization chips, secure microcontrollers.
Dallas Semiconductor Corp. iButton: Home Page
Digital credentials/timestamping/crypto in a button.
Datakey Home Page
Smart card reader/writers, smart cards.
DataMega I/O Products
Smart card readers.
Die branchenübergreifende elektronische Geldbörse
Overview of smartcard-based payment systems (undergaduate thesis, in German).
Edgar Online - EdCard
C-based smartcard API.
EMV Technical Specifications
EMV card, terminal, and application specifications for smart card credit and debit applications.
Encotone Ltd. Home Page
Smart-card and smart-card-like authentication and security devices.
Fun With Smartcards
Notes from the HIP'97 Fun with Smartcards session.
GeldKarte and electronic banking home page
Information on various smart-card based electronic purse systems.
Gemplus Smart Card Home Page
German Smartcard Hacker Org.
GIS Home Page
Smart card readers, terminals, and developer kits.
Guru's Lair: Scads of PIC microprocessor web site links
Links to PIC sites including PIC-based smart cards and card programmers.
HIP Smartcard Homepage: Cards
HIP'97 smart cards info.
How to do it: Private Key Encryption (A method)
"emulation of the One-time key system using large psuedo-random number generators" (linear congruential generators).
IBM Smart Card Solutions
IBM smart card technology and products.
IBM Student Chipcard Innovation Team Homepage
Dutch student-designed card reader and software.
IC Card Reader / Writer
Smart card reader, PINpad, card authorisation terminal.
IC Card with Combined National ID and Health Insurance Card Functions
Taiwanese smart card/ID card project.
Identity Systems Security Inc.
Smart-card based identification.
Implementing Airline Electronic Ticketing Using Integrated Circuit Cards
Electronic ticketing project using smart cards.
Java(TM) Card(TM) Technology
Java kludged to run on a smart card.
KeyBlitz Project
Various smart card hacking initiatives, mostly targetting European pay tv systems.
Litronic, Inc.
Smart cards, card API's, Fortezza cards.
Magtek Products
Magnetic card reader/writers.
Microchip Memory Data Sheets
Includes EEPROM memory for smart cards..
Micromodule Pte Lte, Singapore
Smart cards, readers, development kits.
Motorola SmartCards (TM)
Databooks for Motorola microcontrollers (including smart card micros).
Motorola SmartCards (TM)
A different access point for Motorola smart card information.
Multos - the smartcard gets smarter
Framework for running multiple applications in a card (pretty light on detail).
Nexus Products and Services
Mag card and smart card readers, PINpads.
OKI Personal Smart Card Reader
Electronic wallet balance checker.
Ordacard Israel
Mag stripe and smart cards
OpenCard Framework
Java smart card middleware.
OTI - OnTrack Innovations Israel
Contactless smart cards.
Paul Maxwell-King For Pic Chips, 16c84, sathack, ISO7816, sat-hack, satellite cards, codes, programmers, sky, D2MAC, DSS, season, blockers, crack, satellite, satellite TV, hacking, cracking, satellite hardware, videocrypt, filmnet, sky cards, smartcard, smartcard interface
Smart-card hacking-related hardware.
PEP Products & Services Page
Smart card readers, RFID products, crypto and flash cards.
Philips Smart Card Services
Philips smart cards.
Smart cards and readers.
Proton World
Smart-card based electronic wallet.
SCAD toolkit
Smart card application developer toolkits for Windows.
SCARD - Smartcard Resources
Smart card standards, interface software, hardware.
Schlumberger Universe of Smart Cards
Smart card readers, tools, SDK's.
SCM Microsystems - Products
Smart card readers, writers, and interface products.
SGS-Thomson Smartcard Products
Smart card information and data sheets.
Siemens Smart Card Integrated Circuits
No technical information, unfortunately.
Smart Cards: A Case Study
IBM Redbook case study on smart cards.
Smart Cards, Credit Cards, Internet Security.
Smart card resources link farm.
Smart Card Cyber Show
Smart card news, trade information, vendors, and projects.
Smart Card Developer's Kit
Home page for the book, as well as individual card sales, ATR catalogue, and pointers to smart card info.
Smart Card News
Smart card publicatiosn, technology, and information.
Smart Card Reader/Writer
Card readers/writers/PINPads.
Smart Card Resource Center
Links to chip manufacturers, companies, conferences, mag cards, readers, RF cards, and other smart-card related information.
Smartcard Information Page
Smart card information, card types, and links to manufacturers.
Smartcard Security Information Page
Smartcard security news, standards, attacks, and links.
Smart Dynamics, LLC -- Software Products
Smart card interface tools for various environments and languages.
Smart Semiconductor Search
Search engine which links to most major embedded semi vendors.
Smartcards and other cards
Links to smart cards, memory cards, smart card readers, mag cards and barcode cards.
The Smart Card Forum
General information on smart cards.
TOWITOKO homepage
Smart card readers.
Tritheim Technologies
Smart card readers and writers.
UNIPROG Universalprogrammer
CCC universal smart card programmer.
Xicor Inc.
EEPROM's, smart cards, flash memories.
ZeitControl Cardsystems
Mag and smart cards, card readers, contactless cards.

Snake Oil

Proprietary guaranteed unbrekable crypto we invented this morning in the shower.

ASK ToolKit Home Page
"not an encryption algorithm, but an accessory that can enhance and simplify any symmetric encryption algorithm". Apparently it's a keyed RNG, and you're expected to pay for this (presumably the extensive use of buzzwords adds value).
Ciphile Software
"Absolute online privacy - Level 3(tm)(c)(patent pending)" - "the best encryption software available today" - "unbreakable".
Control Communications Systems
"Absolute security - a morphing encryption rate of at least 20 kilobytes"..."will protect your data from the most sophisticated decryption systems that exist now or are likely to exist for years to come".
CyberEncode.com Encryption Software and Technology
"Possibly the world's fastest and most secure encryption algorithms"... "This new encryption is an amazing accomplishment. Cypher Mind had to be re-programmed over 10 times". This site has an entire suite of snake oil algorithms.
Crypto98 beta
Proof that you can do snake oil in QuickBasic as well as C ("it works by generating permutations").
Not the usual snake oil, but there's a program available (CrackCot) which breaks it.
Cryptor Homepage
Cellular-automata-based OS/2 file encryption.
"Maximum security encryption... we use our own snake oil because public-key encryption has been proven to be insecure".
CyberAngel EXR - Product Information
Crypto using Blowfish or DES, but it transmits your password to a monitoring center in the US (this isn't snake oil in the usual sense but... sheesh).
"Uses a unique encryption process"... "the 4-cycle data stream encryption process".
Data Protect: DaProMas
Online banking fully protected by GSM security (that's the same GSM security which was broken in early 1998, and which (when not broken) at best offers you 54-bit crypto broadcast over the air where anyone can get it).
Data Protect
Self-proclaimed leading security expert Kimble analyses your security problems.
DataTech Systems - Home Page
Software which is "ABSOLUTELY IMPOSSIBLE TO CRACK. This can be proved as never has a file that has been encrypted... been cracked, even with utilising some of the best cryptographers living" [sic].
Encryption Plus
"bitwise exclusive OR encryption" with a password... "virtually impregnable".
Encryption provides benefits and risks
"it has been mathematically proven that only a brute-force attack can break encryption"... "a Cray can break a 128-bit key in two days"..."perhaps passing an electric current through a leaf will solve the problem" (or you could smoke it and then write a crypto article).
Encryptor 4.0 The Ultimate in Securing Files On Your Computer
"uses a revolutionary newly discovered incremental base shift algorithm that makes
unauthorized decryption of your files near impossible".
Enigma-7 Windows Superencryption Software
"The most powerful Windows encryption software available".
Evolv - Skipjack IC Info & Pricing
Encryption using "proprietary artificial intelligence engines", "light years beyond the security level offerend by any other encryption method". Incidentally, this Skipjack has nothing in common (apart from the name) with the USG's Skipjack.
"a family of block ciphers that are distinguished by their speed of encryption and decryption". Another distinguishing feature is their breakability, and the performance isn't so hot either.
"will shift the bytes in any file in a way that can only be re-aligned using the correct password".
GCC Chaos Encryption Overview
Georgia SoftWorks Windows NT Telnet Server: Security
"Georgia SoftWorks provides unmatched security"..."designed specifically for Windows NT to handle the most demanding
commercial and industrial applications"... "can be legally exported around the world"... "The key size for the version for domestic and international mass market is 40 bits".
ICM Data Security Technologies
"electronic data security empowering technology" (it looks like just a reinvention of the smart card, but the marketing hype makes it snake oil).
Internet Opencode Padlock
"a 10 key, negative residual, binary kedged, 'maybe' logic coding process", leading to 'maybe' security.
Jaws Technologies Inc.
"the first unbreakable suite of public and private-key encryption schemes known". Uses "a Base 13 cumlative XOR trapdoor calculation algorithm ... making it mathematically impossible given a large enough key [sic]".
KeyGen Automatic Synchronized Key Generator (TM) for Encryption Without Key Management
"No key management! No certificate authorities!". No visible means of security.
MaeDae Enterprises
"MaeDae's ENCRYPT-IT is one of the most respected programs in the encryption industry" (using an easily-broken proprietary algorithm in the unregistered and international version, although you get DES when you register it if you're in the US). This product is ICSA-certified snake oil.
Meganet VME Encryption
"A breakthrough new Encryption method, using innovative new technology...The Meganet VME can not be compromised". These guys have set new standards in snake oil marketing, down to getting accounts on newswire sites (eg Businesswire) and injecting bogus press releases mentioning big names like IBM (who have never heard of them, but whose lawyers are now aware of their existence) in order to get more coverage.
Microsort CA
"the ultimate file protection utility"... "file Locker uses an advanced and quite unconventional encryption technology to lock your files".
Navaho Lock
"In the second world war the Japanese were masters at breaking every code the Allies produced"..."Navaho lock uses 128 bit symmetric key encryption, the strongest legally available in North America, and Symmetric Keys are easier to use and more secure than Public Keys".
Net Titan page
Amazing what you can do in an afternoon with Visual Basic.
NetLib® 32-bit Security Encryption Component
"uses a secure encryption algorithm which is not subject to U.S. export restrictions".. ."the password you pick can be embedded in the application, if you chose".
One-Time-Pad Frequently Asked Questions
OTP's turn up in a lot of snake oil crypto. This FAQ explains why snake oil OTP's are never really OTP's.
One Time Pad (TM) makes Internet Access Secure!
"One Time Pad (TM) authentication" (a very primitive, non-free alternative to S/Key).
Various ways of misusing a strong algorithm (Twofish) to make the application which uses it insecure.
"Do you like the idea of unwanted viewers to be able to read ALL your files?". With our proprietary (and easily-breakable) algorithm, they can!
This thing was listed in the "10 proven security programs" by PC Answers, in the 75 best Windows utilities by Windows News, was listed as a Featured Jewel in FileMine, got five stars from Shareware Junkies, rated "unbeatable and excellent" by PC Format, five stars from ZD Interactive, rated an "excellent application" in the Windows 95 Applications list, and got four smileys from RocketDownload. Just goes to show what happens when you rate crypto apps based on the user interface.
Safeguard Fractal Encryption Software
Fractal encryption - even though it only uses a 40-bit key, it's a 40-bit key with *fractals*, which makes it magically safe.
Safe Send 1.0
"Uses a prearranged cryptic code which is all but impossible to crack by any individual or government".
Security and Encryption Software
"Randomly selects a KeyCode which consists of 32 bits... the 32-bit KeyCodes of ENC32 have over 4 BILLION different possible codes!!!!!... Unless you know someone who has over 8 THOUSAND years to spend breaking a code, then you can be pretty sure your files will be SAFE wit h ENC32".
Shades White Paper
"A newly patented mode of encryption which is quick and particularly reassuring".
TRIAX GmbH Gesellschaft für Kommunikation und Datensicherheit
TRIAX(TM) encryption, now with OTPS(TM).
TRICRYPTION - IBM File Encryption Programs
Amazing keyless cryptography! Quadrillions of combinations!
TriStrata Security - Products
Yet another unreakable one-time-pad system, but this time with GAK. Note the amusing definition of infinity as just above 3.5e33.
"a simulation of an electron's path in a semi-sparse proton field to generate pseudo-random bits".
Turbo Encrypto HomePage
"Your documents are guaranteed to be safe an secure" (unless your opponent is using one of several Turbo-Crypto breakers, that is).
UnBreakable Encryption
"The strongest encryption algorithm in the world" - pity it uses a fixed key with a stream cipher, so you can recover the data with a simple XOR. In any case you can use an all-zero password. There's also a backdoor put in by the programmer (see the next entry).
UBE98 Backdoor
Backdoor in UBE98 discovered by a 14-year-old.
Breaking the "Unbreakable"
More simple ways to break UBE.
Universal Data Cryptography Module
More advanced than RSA, DES, IDEA, and PGP! More advanced than all other algorithms put together! May even work on your system (after extensive patching and modifications).
UGEM System Characteristics
Military Lightning Server(TM) using a "Multi-sensory portable battle management network state space (patent pending)" with "digital microbe thunder clouds". This gem of programming will infiltrate any machine, "assimilate it", install itself, and take over. Oh yes, there's the obligatory "revolutionary new UGEM unbreakable encryption mechanism". "If you think this is a joke or science fiction ... then you are a fool". PS: I am not a crank.
Ultrimate Privacy
"Ultimate Privacy Corporation is the only commercial company offering a robust implementation [...] All other encryption systems are crackable". There's also a
million dollar challenge in which the company bets a million dollars that their challenge is cooked to the point that noone can claim the prize.
Veil UltiMail System
Anonymous email. This product is sold by spamming, so it qualifies for the "avoid at all costs" category even if it isn't strictly snake oil.
Secure email encryption from the people who brought you SoftRam95.

Security Standards, Laws, and Guidelines

A Guide to Understanding Data Remanence in Automated Information Systems
Security guidelines for Australian government IT systems (typical unclassified-level security guidelines).
Advanced Encryption Standard (AES) Development Effort
NIST's AES home page.
An Analysis of PGP's Trust Model
ATM Security Page
Asynchronous Transfer Mode security standards, products, publications, and work in progress.
Außenhandelsgesetz - Dual Use Güter
Austrian (EU-derived) export restrictions.
Australian Controls on the export of Defence and Strategic Goods
Australia's Legal Framework for Electronic Commerce
Australian government work on establishing a legal framework for e-commerce.
Banking technology resource home page
Links to info on ATM's, crypto, standards, publications.
Biometric Application Programming Interface (BAPI)
Biometric API documentation and information.
Canadian Cryptography
Canadian government position and information on cryptography.
CAVE encryption algorithm
The (deliberately crippled) US cellular phone "encryption" algorithm.
CDSA - Common Data Security Architecture
CDSA specs from the OpenGroup.
Cloud Cover
Commerce At Light Speed-EDI
Various links to EDI/EDIFACT information.
Commercial Encryption Export Controls
ITAR (under new management).
Common Data Security Architecture
Intel's proposed API for adding an encryption/authentication layer to Windows systems.
Computer seizure guidelines
US federal guidelines for searching and siezing computers.
Computer Security Objects Register
NIST security-related object identifier registry.
Cryptographic Standards Library
FIPS 140-1, 46-2, 74, 81, 171, 180, DOD 5200.28-STD (TCSEC), 5220.22-M, NCSC-TG-25.
Cryptographic Standards Validation Programs at NIST
Validation information and suites for DES, Skipjack, DSA, and crypto modules.
CSP Designators
Crypto designators for WWII-era and early postwar comsec gear.
DAP Malaysia National Homepage
Malaysian computer crimes, digital signature, and telemedecine bills.
DCE Security
DCE security specs and literature, DCE security program group and research efforts.
Derived Test Requirements for FIPS 140-1
Requirements for FIPS 140-1 compliance testing.
Digital Signature Guidelines
ABA Digital Signature Guidelines
Draft UN law on electronic commerce.
Digital Signature Standard Validation System (DSSVS) User's Guide
Validation suite for DSA and SHA.
DTI - Strategic Export Controls
DTI report on tightening export controls further to provide the illision of stopping all crypto getting out.
Electronic commerce: Commission proposes electronic signatures Directive
EU digital signature directive.
Export Administration Regulations (EAR)
Latest version of the ITAR (which became the DTR, and now the EAR).
ECMA Standards (Blue cover)
EDI Security
An overview of EDI security.
EDIFACT Security Implementation Guidelines
EDIFACT security... dear oh dear.
Electronic Commerce: A Guide for the Business and Legal Community
NZ Law Commision report on e-commerce.
Electronic Commerce, EDI, EDIFACT and Security
Internet electronic commerce security (PEM, PGP, SHTTP, S/MIME, SET, SSL, etc), EDI security (X.12, EWOS), EDIFACT security, other EDI and EDIFACT standards.
EMV sets standards for global integration of Chip cards
Standards for smart cards. smart card terminals, and applications.
ETSI Publications
All ETSI standards documents available online for free.
ETSI TC SEC Homepage
ETSI technical committee on security home page.
Excerpts from the Export Control List of Canada
The sections which apply to crypto software/hardware.
Extended Log File Format
WWW common logfile format.
Extensions to PGP Key Format
Extensions to the PGP key format for PGP 5.
FIPS Home Page
Federal Information Processing Standards (including many crypto standards).
German Digital Signature Law
Draft of the law with related press releases and information.
GSM Security and Encryption
Overview of GSM security and encryption.
Human Authentication API (biometrics AP).
IEEE P1363
RSA, Diffie-Hellman, elliptic curve, and related public-key cryptography (P1363)
RFC's indexed in various ways.
Information about IDEA cipher
Details on the design and development of IDEA.
Information Technology Security Branch
RCMP IT security bulletins and information.
International Wassenaar Crypto Campaign
EFA-coordinated Wassenaar crypto campaign.
Internet drafts
RFC drafts.
Internet Mail Standards
Including S/MIME, PGP/MIME, MSP security in MIME, simple authentication and security layer (SASL), and mail ubiquitous security extensions (MUSE).
IESS Specs
Intelsat specs - roll your own Echelon.
IP Security Protocol (ipsec) Charter
IPSEC drafts and RFC's.
IP Security Working Group News
IPSEC specifications, drafts, related drafts, mailing list archives, and implementations.
ISAKMP and Oakley Information
Internet security association and key management protocol information.
ISO SC27 Standing Document 7
Abstracts for various ISO security standards.
ISO Standards
X.400, 500, 600, 700, 800. Get 'em quick before the ISO forces them offline.
X.500 standards (including X.509) as Postscript files.
IT Baseline Protection Manual
BSI (German NSA) infosec manual.
ITU series X Recommendations - Data networks and open system communication
This includes X.400 and X.500 security-related standards. Note that you can get a lot of these free elsewhere if you know where to look (check some of the links on this page).
Maßnahmenkataloge zum Gesetz zur digitalen Signatur
BSI guidelines for implementing the German digital signature law (algorithms, protocols, and services).
EU medical security and privacy project.
Microsoft Security Technologies
Authenticode, CryptoAPI, SSL and PCT, SET.
MISSI v1.0 Architecture Documents
MISSI/MSP/SDNS/MSP+MIME specifications.
Netscape Certificate Extensions Specification
Netscapes private extensions to X.509.
NIST Computer Security Standards
FIPS and NIST special publications
NIST's DES Validation List
List of NIST-validated DES implementations.
NOT the Orange Book
Far more readable (and therefore useful) form of the Orange Book and other bits of the rainbow.
Novell Certificate Extension Attributes
Novell's X.509v3 certificate extensions.
NT Security - Frequently Asked Questions
OECD Draft Guidelines fpr Cryptography Policy
Leaked copies of the OECD crypto guidelines.
OECD guidelines comments
Stewart Bakers comments on the creation of the OECD crypto guidelines.
OID assignments from the top node
Play the ASN.1 object identifier game! See if you can find an OID for the algorithm you're looking for (and if not, invent your own). Win magnificant prizes, etc etc.
OII - Electronic Data Interchange Standards
Links to various EDI standards.
Open Systems Environment Implementors Workshop
You may be able to find bits and pieces of X.500 (including X.509) information here which are a lot more up to date than the ISO/ITU ones.
RSADSI Public Key Cryptography Standards.
Public Key Infrastructure References
Public-key infrastructures (X.509, X-509-related, RFC's, other documents).
Rainbow Books
The DoD rainbow books and other security publications.
Rainbow Series Library
DOD Rainbow books as text, PDF, or Postscript.
RFCs about Security
Security RFC's sorted by title (also available sorted by number and author(s)).
Secure HTTP Information
S-HTTP specs and information.
Security Algorithms & Codes
ETSI security algorithms and codes. Most require NDA's (the usual telecom industry security through obscurity practice).
Security & Electronic Commerce
X/Open security, DCE, and GCS-API.
Security- and Privacy-Related Standards
A list of (mainly ANSI) security-related standards.
Security Guidelines
Australia/NZ GOSIP security guidelines.
Security Multiparts for MIME
Various security extensions for MIME.
Security Standards
Catalogue of international security-related standards and standards organisations.
Security Technologies
Microsofts security standardisation efforts.
SET (Secure Electronic Transactions)
SET message definitions.
SET Electronic Commerce
SET standards, and updates.
Signature Directive Consultation
Comments on proposed EU digital signature directive.
SKIPJACK and KEA Algorithms
Specifications for Skipjack and KEA from Clipper.
Skipjack: KEA Errata
Errata for KEA test vectors in original spec.
Software Industry Issues: Digital Signatures
Links to various digital signature law initiatives.
Source Code Review Guidelines
General guidelines for writing security-conscious code.
Speech Recognition API (SRAPI) Home Page
Speech recognition/speaker verification AP.
SSL 3.0 Specification
SSL 3.0 spec (online version and as a PS file.
Cisco's TACACS+ FAQ.
Technical Advisory Committee to Develop a Federal Infomation Processing Standard for the Federal Key Management Infrastructure
US attempt at a GAK standard. One-sentence summary of the results: "We have no idea how to make this thing work".
Technical Security Standard for Information Technology (TSSIT)
RCMP security standard.
Teletrust Algorithmenbeschreibung
Teletrust security architecture algorithms specification.
Teletrust Deutschland e.V.
Industry group/standards body formed to support security and authentication in communications. Page requires Java to be enabled to work.
The Wassenaar agreement.
The successor to COCOM, which restricts movements of dangerous technology such as biological, nuclear, and chemical weapons, missiles, artillery, and encryption software.
TNO-FEL: Common Criteria
Common security evaluation criteria.
Transport Layer Security (TLS) Working Group
Home page of the TLS WG.
UN Commission on International Trade Law home page (includes UNCITRAL draft e-commerce law).
Unix secure source code checklist
AusCERT checklist for programmers writing security-conscious Unix code.
USAF E-Pubs: Communications and Information
US Air Force documents including ones on security and encryption.
WA-LIST (98)
1998 Wassenaar (more correctly US State Department) control lists as Word and PDF files.
As above but translated into HTML
Wassenaar an der Donau
Article about the Wassenaar Secretariat in Vienna.
Wassenaar Arrangement
The Wassenaar Arrangement as obtained from leaks or freedom-of-information lawsuits.
Wassenaar Arrangement - US control lists
The Wassenaar control lists as crowbarred from the US State Department by an FOIA request.
Wassenaar Arrangement
The final solution to the crypto problem.
What is DMS?
The Defense Messaging System - like X.400 and X.500, but not as simple.
Windows Cryptosystem Guidelines
Security guidelines for encryption under Windows.
WWW-Security Reference page
Internet standards bodies, HTTP security proposals, IETF working groups, Internet standards, mailing lists.
X9 Home Page
ANSI X.9 standards (including crypto standards).

Security and Encryption-related Resources and Links / Peter Gutmann / pgut001@cs.auckland.ac.nz