Cryptography Links

General information on cryptography

• Outline of X.500 Attribute Types
• Bruce Schneier's Crypto-Gram Newsletter.
• Cipher is the newsletter of the IEEE Computer Society's Technical Committee on Security and Privacy.
• Cryptome has cryptography news and announcements.
• Index of Cryptography Papers from Counterpane.
• The Cryptology ePrint Archive and the Theory of Cryptography Library are unrefereed collections of theoretical papers in cryptography.
• The Encryption Privacy and Security Resource Page from the Center For Democracy & Technology.
• EPIC's Cryptography Policy Archives from the Electronic Privacy Information Center.
• Cryptography A-2-Z from SSH communications.
• A list of cryptography researchers maintained by David Wagner.
• Ronald Rivest's Cryptography and Security links.
• Snake Oil Warning Signs: Encryption Software to Avoid FAQ is maintained by Matt Curtin.
• RSA Data Security maintains the RSA Laboratories' FAQ on Cryptography.
• Read the sci.crypt.research FAQ before posting to the newsgroup.
• sci.crypt Newsgroup FAQs from the faqs.org site. All ten parts of the classic sci.crypt FAQ are included.
• The North American Cryptography Archive is an export controlled cryptographic software archive
• Zedz (formerly replay.com) has an extensive collection of cryptographic material

PGP and OpenPGP references

• GNUPG - The GNU Privacy Guard "GnuPG is a complete and free replacement for PGP. Because it does not use IDEA or RSA it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application."
• The OpenPGP Alliance works to facilitate technical interoperability and marketing between OpenPGP implementations.
• The International PGP Home Page at pgpi.com is a good place to look for international developments in PGP. The site contains information about the various versions of PGP and locations to download them. There is also extensive documentations and FAQ lists.
• The original official freeware PGP distribution site at MIT once again has an up to date version. It is currently a binary distribution only and does not include PGPDisk for the PC. They also have information and source downloads for PGP 2.6.2.
• Pretty Good Privacy, Inc. markest commercial versions of PGP and related products. PGP Inc. was acquired by Network Associates (NAI) in 1997 and then spun out again in 2002.
• BAL's PGP Public Key Server, the OpenPGP Public Keyserver, and the WWW Based PGP 5.0 Key Server System are available for all your Web based key server needs.
• The comp.security.pgp FAQ (tree) at pgp.net is a good place to start if you have questions. The FAQ is also available in monolithic form.
• The PGP DH vs RSA FAQ covers the use Diffie-Hellman (DH) key-exchange mechanism in PGP as well as other PGP details.
• The Where to get PGP program FAQ maintained by Michael Paul Johnson.
• PGP Interactions Page details which versions of PGP support which encryption options, particularly will handle RSA, DH, or both types of keys.
• The PGP timeline and brief history covers the early years of PGP. The document was written by Adam Back.

Open source cryptography packages

• Crypto++ is a free cross platform C++ class library of cryptographic primitives The license is a BSD derivative.
• OpenSSL is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The license is an Apache derivative. Note: CheckPoint acknowledged vuln. and a helpful cookbook for general openssl toolkit usage.
• Cryptix is an international volunteer effort to produce robust, open-source cryptographic software libraries. These include: a version of Sun's Java Cryptography Extensions (JCE). The license is a BSD derivative.
• BeeCrypt is an open source cryptography library written in C and assembler. It contains implementations of well-known algorithms including Blowfish, SHA-1, Diffie-Hellman, and ElGamal. It runs under Unix and Windows The license is LGPL.
• mcrypt and libmcrypt is a replacement of the old unix crypt. Libmcrypt is the library mcrypt is based on and supports the following algorithms: BLOWFISH, TWOFISH, DES, TripleDES, 3-WAY, SAFER, LOKI97, GOST, RC2, RC6, MARS, IDEA, RIJNDAEL, SERPENT, CAST, ARCFOUR and WAKE. Block algorithms are implemented in modes: CFB, CBC, ECB, and OFB. The license is GPL.
• The mhash library provides a uniform interface to the following hash algorithms: SHA1, GOST, HAVAL, MD5, RIPEMD160, TIGER, and CRC32 checksums. The license is LGPL.
• The logi.crypto Java Package (previously called Cryptonite) is an open source java library for using strong encryption in java 1.1 programs. The license is GPL (a commercial one is also available.)
• The OpenCA project is a collaborative effort to develop a full featured interfaces structure for currently available security-related and administrative toolkit developed for managing x509 digital certificates common operations (i.e. admission, verify, revocation, suspension, etc... ). The license in an Apache derivative.
• M2Crypto is a Python interface to OpenSSL's crypto, SSL and S/MIME functionality. The license is the Python license.

Cryptography newsgroups

• [sci.crypt] archive
• [sci.crypt.research] archive
• [comp.security.pgp.announce] archive
• [comp.security.pgp.discuss] archive
• [comp.security.pgp.tech] archive
• [comp.security.pgp.resources] archive
• [alt.security.pgp] archive
• [talk.politics.crypto] archive
• [alt.politics.org.nsa] archive
• [comp.org.cpsr.talk] archive
• [comp.org.eff.talk] archive

---