Security Books, Journals, Bibliographies, and Publications

This page is a subsection of the Crypto link farm. Links to further crypto and security-related information can be found there.

ACM Transactions on Information and System Security: (Just a call for papers at the moment).
Advanced Encryption Standard (AES) Development Effort: NIST's AES information page.
Aegean Park Press: Historical books on cryptography, intelligence, military history, and related topics.
A guide to 3GPP security documents: Overview of 3GPP/UMTS security documents.
alicebob: The story of Alice and Bob.
An Analysis of Security Incidents on the Internet 1989-1995: PhD thesis analysing 4,300 Internet security incidents.
An Electronic Pearl Harbor? Not Likely: Article debunking various Infowar myths.
An Introduction to Cryptography: Online book on cryptography (only the initial section is complete).
Archives for ansi-epay: ANSI e-paymnet list archives.
Archives of CryptoAPI@DISCUSS.MICROSOFT.COM: CryptoAPI mailing list archives.
Authentication, Key Agreement, and Key Exchange Protocols: Bibliography of key agreement protocols with links to authors and online papers.
Bibliography of Molecular Computation and Splicing Sytems: Bibliography on molecular computing, including attacking encryption systems using molecular computers.
Block Cipher Lounge: List of block ciphers, characteristics, and known attacks.
Block Cipher Lounge - AES: Current state of attacks on AES proposals
Brown Computer Science S/Key access: Information on the S/Key authentication protocol.
Camelot Knowledge Center: News and information on network security and crypto issues.
CAST Encryption Algorithm: Publications pertaining to the CAST encryption algorithm.
CEE VAR News: Central and East European Secure Systems Strategies (online security journal).
CHACS Publications: Centre for high-assurance computer systems publications.
Chablis - Market Analysis of Digital Payment Systems: Very comprehensive analysis of a wide variety of electronic payment systems.
Charles Blair's Notes on Cryptography: Number theory, public-key encryption, RNG's.
Checkliste für den datenschutzgerechten Einsatz von Windows NT: Guidelines for securiny an NT system (other than by unplugging it).
Code Signing for Java Applets: Howto for Java code signing for Netscape and MS products.
The Collection of Computer Science Bibliographies: About 1000 CS bibliographies with around 800,000 references.
Collection of Lecture Notes, Survey Papers, etc: Assorted lecture notes and papers, including ones on crypto.
Communication Theory of Secrecy Systems: Scanned images of Shannon's classic communications security paper from the Bell Systems Technical Journal.
Computer & Communications Security Reviews: Abstracts of new computer security-related publications.
Computer Immune Systems -- Research: Immunology concepts applied to computer security problems.
Computer Science Technical Reports Archive Sites: Links to sites which distribute CS tech reports.
Computer Services : Administrator's Pages : NT stuff: Installing a student-proof NT setup.
Computer Virus Handbook: Seven Locks' online virus handbook.
Computer Virus Myths treatise: Comprehensive collection of virus myths, hoaxes, and vendor press releases.
Cora Research Paper Search: Security and encryption paper search engine.
Counterpane Homepage: Bruce Schneier's "Applied Cryptography" information.
Credit Card Transactions: Home Page: Overview of CC terms and mechanisms, including discussion of various online CC processing methods.
cryp.to -- The Cryptographic WWW Server: Various PGP developers list archives.
Crypt Newsletter Homepage: Various reports from the computer underground on hacking, security, viruses, hackers, and related issues. Many of the reports debunk common urban legends and media myths about computer security.
Crypto Glossary: Terry Ritter's crypto glossary (long).
Cryptography: Good overview of cryptography, digital signatures, certificates, and trust management.
Cryptography and Number Theory for Digital Cash: Introduction to crypto and number theory for digital cash.
Cryptography Reference: CryptoAPI reference from MSDN.
Cryptography: some important points for beginners: Crypto FAQ for beginners.
Cryptology ePrint Archive: IACR archive of crypto research papers.
Cryptologia.
Cryptosystems Journal Home Page
CSL Bulletins: NIST Computer Science Laboratory bulletins
CSPP - Reports: Computer Systems Policy Project reports, including several covering encryption and e-commerce.
CuD "Computer Underground E-Publications - Top Level" Archive: Cypherpunks mailing list archive.
Cypherpunks Distributed Archive: Archive of cypherpunks posts from 1992-1994.
Cypherpunks HyperArchive: Cypherpunks mailing list archive.
Dabbling in Cryptography: 1970's cryptanalysis of the M-209.
Data Encryption Page: Overview of encryption and encryption algorithms, links to further information.
Data Security by Design: Designing buildings to thwart electronic eavesdropping.
David Wagner's Crypto Posts: General cryptography, cryptanalysis, computer security.
DDJ Crypto CD: Several notable crypto books collected onto one CDROM.
DDJ, December 1998: DDJ issue on computer security including Twofish, Panama, e-commerce protocols, and smart cards.
des-coding List Archive: Archive of the des-coding mailing list.
Developer - Mac OS X Security: Mac OS X security reference.
Disk and File Shredders: A Comparison: Comparison of various (Windows-based) file erasing programs.
dp6 and the 7th USENIX security symposium: Writeup and photos from the 7th Usenix security symposium.
e$ Home Page: The e$ mailing list, information on digital cash clearing, digital bearer bonds, financial cryptography, and related topics.
eCashdev: eCash information and documentation.
[E-CARM] E-Commerce and Rights Management: E-commerce mailing list and archives.
ECC FAQ: Elliptic curve cryptography FAQ.
ECS 153 Winter 1998, Robust Programming: Tutorial on robust programming.
EIT Creations: Secure HTTP: Information on the SHTTP protocol.
Electronic Surveillance: Large archive of documents on electronic surveillance.
Electronic Voting: Papers and links to electronic voting information.
Elliptic Curve Cryptography: Tutorial on elliptic curve crypto.
Elliptic Curves and Cryptology: Elliptic curve bibliography.
Elliptic Curve Tutorials: Tutorial on elliptic-curve crypto.
Encryption and Internet Privacy in the digital age: Encryption and privacy information.
Encryption News Resource Page: Encryption and security-related news stories.
Enigma and Its Decryption: Details on the Enigma machine and software simulators.
Enigma and the Turing Bombe: Description of the Bombe and bombe simulator.
Entrust Whitepapers: Entrust white papers and tutorials on security, encryption, certification.
EPFL - LSE - Project CrySTINA: Papers and information on the Cryptographically Secured Telecommunications Information Networking Architecture.
Ernst & Young LLP - Information Systems Assurance and Advisory Services: Report on e-cash.
Evaluation of Micropayment Schemes: HP tech report evaluating various micropayment schemes.
Finding the Key: Economic Strategy Institute study on crypto markets and policy.
Firewalls mailing list: Firewalls mailing list archives.
Foundations of Cryptography by Oded Goldreich: Fragments of a book (4 of 10 chapters exist).
Frog Encryption Algorithm: Design and source code for the Frog AES submission.
Getting Started With XML Security: XML security overview.
Great Crypto & Info Security Quotes: Various neat crypto and security-related quotes.
GSM Network Security: Description of GSM network security and encryption considerations.
Hack-Tic Magazine Archive: 1989-1994 Hack-Tic magazine archive (scanned images, in Dutch).
Handbook of Applied Cryptography: Information on the book (well worth getting).
Heise News - Ticker: News ticker which often carries crypto and security-related stories (in German).
Historical Crypto Links: Links to sites containing information on Enigma, Purple, Magic, and other WWII-era crypto.
History of Computer Security: Computer security papers from the 1970's.
History of NSE Home Page: Prehistory of public-key crypto from GCHQ.
HNN - H a c k e r N e w s N e t w o r k: Security and hacking information, news, and software.
How to find security holes: Tutorial on finding (and fixing) Unix programming security holes.
How to optimize for the Pentium family of microprocessors: Useful guidelines for crypto algorithm implementation.
How to Write Secure Code: Links to information on writing secure code.
House of Commons - Trade and Industry - Seventh Report: UK DTI report on crypto policy.
HSC -- Herve Schauer Consultants: Reports and publications on security, crypto, security protocols and implementations.
HTTP Security group of W3C: W3C security resources.
IBM Patent Server Home Page: Access to over 2 million US patents, including many crypto and security-related ones
IDaSS designs: DES encription/decription device: DES ASIC designed as a student project.
IDEA Algorithm - Ascom Systec Ltd.: Information on the IDEA algorithm.
IDEA: A Cipher for Multimedia Architectures?: Paper on a fast MMX implementation of IDEA.
IEEE Computer Security and Privacy: IEEE Computer Society press online catalogue, security and privacy section.
ietf-open-pgp mailing list: PGP standardisation mailing list, RFC's, and archives.
ietf-pgp-mime mailing list: PGP/MIME RFC's and mailing list archives.
ietf-smime mailing list: S/MIME RFC's and mailing list archives.
Index of Crypto Papers Online: Bibliography of online crypto papers.
Info Security News
Information Security Glossary - The Information Security Policies Glossary: Glossary of information security terms and phrases.
Information Security Resources: Idaho State Uni security library.
Information Security Resources - Current Online Publications: Security standards and guidelines.
INFOSEC: Homepage: European Commission INFOSEC publication.
Integrity Sciences, Inc. SPEKE password authentication: Authenticated DH key exchange.
interhack publications: Various security-related publications: Firewalls, network security, Skipjack/KEA specs (more readable than the NSA originals).
Internet drafts: Current internet drafts, including many security-related ones (but you really need to know what you're looking for).
Internet Infrastructure Protection - DNS Security: DNS security RFC's and sample code.
Internet Legal Practice Newsletter: Internet-related legal issues (relevant to electronic commerce).
Internet Mail Security Alternatives: Paper exploring and comparing different versions of S/MIME and PGP.
Internet/Network Security - Welcome from The Mining Co.: Crypto/security-related news stories.
Introduction to Crypto Systems: Lecture slides from a seminar by Vinnie Moscaritolo.
Introduction to the Use of Encryption: Introductory overview to encryption systems.
Introduction to Cryptography: Ives Gobaus's easy introduction to cryptography.
ISOC: Conferences - NDSS: Network and Distributed System Security Symposium conference proceedings and info.
Java Security: Frequently Asked Questions: Java security questions and issues.
JIBC - Journal of Internet Banking and Commerce: Electronic commerce, legal issues, EDI, etc.
JILT: Home Page: Journal of Information Law and Technology.
Journal of Craptology Home Page: Crypto journal with papers the others won't print.
JYA Crypto: John Youngs collection of crypto links, mostly covering crypto social issues, laws, espionage, government regulation, and an amazing array of other interesting things.
Keyed MD5: Papers on HMAC's.
Keyserver Bibliothek: Publications on PGP, PGP keys, digital signatures, and crypto politics (most in German).
Kryptologie I - Material: Information and programs for breaking historical ciphers (monoalphabetic and polyalphabetics, transposition ciphers.
Largest Known Primes: Collection of large primes and primality-checking information.
Lawries Cryptography Bibliography: Searchable index of over 800 crypto and computer security articles.
Linux Security Home Page.: Linux security information.
LOKI97: The Loki97 block cipher (submitted for the AES).
Mac Crypto - Info: Mac-Crypto conferences and digests.
Mach5 Software Cryptography Archives: Overview of crypto, catalogue of crypto algorithms.
Maksim Otstavnov's HomeWall: Russian publications on encryption, digital finances, e-commerce.
Market Model - DBI Underwriting: A market model for digital bearer instrument underwriting.
Maximal Length LFSR Feedback Terms: Maxmimal length LFSR feedback polynomials.
Micropayments on the Internet: Overview of various micropayment schemes.
Microsoft CryptoAPI mailing list archives.
MISTY - Mitsubishi Electric's Encryption algorithm: Description of MISTY.
NameBase Book Index: Reviews of books on intelligence agencies, high-tech, military, and a potpourri of government agencies, drugs, elites, big business, organized crime, terrorism, US foreign policy, and so on.
NASA Technical Report Server (NTRS): NASA tech reports search engine.
National Information Systems Security Conference Page: Information and proceedings from NISSC conferences from 1996 onwards.
NCSTRL Home Page: Networked Computer Science Technical Library, searchable technical report repository.
Netscape DevEdge Online: Netscape security-related documentation.
Network Computing: Various articles on encryption from Network Computing magazine.
Network Encryption - history and patents: Patents on network encryption.
Network-1 White Papers: Various white papers on firewall design.
New Book Series: Information Security and Cryptography: Springer-Verlag book series on crypto and security.
NewsNow NewsLink: Cryptography - updates every 5 minutes, 24/7: News updates on crypto-related stories.
New Zealand Digital Library: Bibliogaphy/tech report/FAQ searchable index.
Nicolas Tadeusz COURTOIS home page: HFE PKC. Patented :-(.
Non_secret_encryption: Newspaper article on early (spook) PKC development in the UK.
NSA to NARA OPENDOOR Bibliographic Index: Index of NSA declassified documents.
NSA/X31 Documents: NSA firewall-related documents and firewall performance tests.
NSAM-160: Scanned copy of declassified 1960's memo on NSA public-key encryption research.
NSA Cryptographic API 2nd Edition - 01 July 1996: NSA comments on various crypto API's.
NSG Publications: IBM Network Security Group publications.
NT Domain Authentication: NT/CIFS domain authentication specification.
NT Security - Frequently Asked Questions
NTRU Cryptosystems Home Page: Another new PKC.
On cryptosystems untrustworthiness: Interesting paper on security problems due to improperly implemented encryption systems.
On Distributed Communications: Security, Secrecy, and Tamper-free Considerations: 1964 Rand Corporation report on cryptography and security.
On-The-Fly Encryption: A Comparison: Comparison of various disk/file encryption products.
OpenBSD Security: OpenBSD security advisories and information.
OSS ASN.1 Resources: ASN.1 whitepapers and resources (ASN.1 is used in various security standards).
Outlook Express Digital IDs & Encryption: FAQ on OE's use of certificates and encryption.
Overview and Analysis of Cryptographic Methods: Tutorial and analysis on RSA algorithm.
Overview of Certification Systems: Comments on various certification and certificate management systems and methods.
Patent Database Access: Search the US patent database for crypto patents.
Permissive Action Links: Technology used to control US nuclear weapons.
PGP 5 Users Guide: Online guide to PGP 5.0
PGP Attack FAQ: List of potential problems in PGP.
PGP Passphrase Survey: Survey of PGP passphrases which also indicates which key sizes people prefer when they have a choice.
PGP Quick Reference: Command reference card for PGP.
PGPfone Mailing List Archive
Phrack Magazine
President's Commission on Critical Infrastructure Protection.: Various US government agencies look at Jobsec^H^H^H^HInfosec.
Prime Page (An Index of Information on Prime Numbers): Everything you need to know about prime numbers.
Recommended Cryptography Books: Short reviews of various crypto books.
References for Human Factors in Computer Security: Papers and books on human factors in computer security. Should be required reading for anyone working on a security application.
ResearchIndex [NEC Research Institute; Steve Lawrence, Kurt Bollacker, Lee Giles]: Scientific literature search engine.
RIPEMD-160 page: RIPEMD-160 information and implementations.
RSA Labs Frequently Asked Questions: Frequently asked questions about encryption algorithms, techniques, protocols, and services.
RSADSI'S Art Gallery: Cool crypto-related pictures.
S.A.F.E.R. - Security Alert For Enterprise Resources: Free monthly security newsletter.
Safer Net - Kryptografie im Internet: German crypto book with comprehensive coverage of crypto and security protocols.
SATAN-ism: Computer Security Probes Over the Internet - Shrink Wrapped for Your Safety?: Includes a good chronology of hacking and security incidents.
Second Advanced Encryption Standard (AES) Candidate Conference: AES conference info including all the conference papers in PDF format.
Secret Code Breaker: The Books: Books on breaking various historical ciphers.
Secure Books: Protecting the Distribution of Knowledge: Protecting electronically published medical books, including problems experienced with the X.509 PKI in practice.
Secure Shell (secsh) Charter: ssh working group home page.
Secure UNIX Programming FAQ: Guide to secure Unix programming.
Securing Java: Getting Down to Business with Mobile Code: Online book (also available as molecules, 368 pages) on (trying to) secure Java.
s e c u r i t y f o c u s: Security information, papers, news, and alerts.
Security and E-Commerce Course and Tutorials: Tutorial on encryption technologies and e-payment systems.
Security Handbook: Seven Locks' online security handbook.
Security in Lotus Notes and Internet: Description of Lotus Notes differential workfactor encryption.
Security Issues in WWW: Various WWW security issues.
Security News: Links to various security and e-commerce related sites and publications.
Security Protocol Workshop'97: Preprints of papers from the workshop.
Selecting Cryptographic Key Sizes: Information on selecting safe key sizes for symmetric and asymmetric algorithms.
Selection of Computer Science Bibliographies: Meta-search-engine which allows searching of multiple security-related online bibliographies.
Self-Study Course in Block Cipher Cryptanalysis: The title says it all.
Shahram (publication): Linear cryptanalysis of DES (MSc thesis), various papers on hash functions.
Shake Security Journal: Online security journal covering various computer security issues.
Shields UP! -- Officially Unofficial ShieldsUP! FAQ: Good coverage of Internet security practices for Windows machines.
Short Course in Cryptography: Exactly what the name says.
Scrambling News: Satellite TV scrambling and descrambling methods.
Search Security Bibliography: Retrieve documents from a large archive of crypto/security papers.
Secure Electronic Mail: Overview of secure email and secure email technologies and standards.
SET: a market survey and a test implementation: Summary of GlobeSET technology and implementation.
Signing Applets for Internet Explorer and Netscape Navigator: Overview of code signing.
Signing Code with Microsoft Authenticode Technology: Microsofts online code signing docs.
Smith's Internet Cryptography Site: Chapter outline pages include links to crypto-related publications and resources.
SNDSS'96: Symposium on Network and Distributed Systems Security (SNDSS'96) proceedings.
Software Patent Institute: Database of software technology (patents, publications, etc).
Springer-Verlag New York: Publishers of LNCS (crypto and security conference proceedings).
SSL Pipermail Archive: ssl-talk mailing list archive.
SSL-Talk FAQ: The SSL discussion list FAQ.
Survey: corporate uses of cryptography: Survey of corporate applications of and attitudes towards encryption.
SystemExperts Corporation: Windows® 2000 Security Handbook: "Hardening Windows 2000" chapter from the Win2K security handbook.
Tasty Bits from the Technology Front: Free technology newsletter which includes coverage of encryption issues.
Technical Papers at Psionic Software Systems Inc.: Covert channels using TCP/IP (including source code).
Technical Report Archives in Computer Science (By Institution): Links to tech report archives at various universities.
Technical Reports Search Service: Search engines for tech reports, theses, conference proceedings and books held at universities worldwide.
Technology and Society Book Reviews: Reviews of books covering technology, privacy, commerce, security, and the law.
TECS: The Encyclopaedia of Computer Security: Monthly computer security newsletter.
The Blowfish Talk: How to Discuss Blowfish With Your Child: Metaphysical analysis of the Blowfish algorithm.
The Book point: Links to various crypto-related books.
The PDF Encryption Format
�.åíòð �.àùèòû �.íôîðìàöèè: "Theory and practice of information security", includes information on a number of security problems in current implementations.
Thin Client Security Homepage: Information on and analysis of thin client security features and issues.
Thomson EC Resources: Electronic commerce events, news, articles, and information.
TSI International: Electronic commerce and EDI resources.
Turing's Treatise on Enigma: Turing's treatise on the Enigma, c.1940.
UCL Crypto Group - Call for papers: CFP's for conferences, including crypto and security conferences.
UCSTRI -- Cover Page: Unified computer science tech report index.
Underground: Cool book on hacking in Australia.
Underground download page: Electronic version of Underground.
Understanding X.500 - The Directory: Online guide to X.500 (HTML version of a book on X.500).
United States Navy EKMS WebPage: Key management.systems as used by the US military.
USENIX Conference Proceedings: Includes material from Usenix security conferences and symposiums.
USS Pampanito - ECM Mark II: Electronic Cipher Machine (SIGABA) details.
Verifying Security Protocols Using Isabelle: Various papers on verifying security protocols.
Virtual Private Network Consortium -- VPNC: VPN (IPSEC et al) consortium, including IPSEC RFC and mailing list archives.
W* Effect Considered Harmful: Criticism of WAP.
Wim Van Eck: van Eck/TEMPEST eavedropping.
Windows-NT-Netze im Krankenhaus: Security guidelines to NT including links to other NT security resources.
Workshop on Selected Areas in Cryptography (SAC): Proceedings of the SAC conferences (abstracts only before 1996).
Writings in Esoteric Scripts from Qumran: Encryption in the Dead Sea scrolls.