Practical Applications of Public-key Cryptography: Securing Email Communications with PGP. An 11 page tutorial that discusses practical uses of PGP desktop, the commercial version of PGP.
190fece747e9805af22848e10674c48feb4476aac8d5a9c2a691f4039cdc098bBrief paper discussing the basics of cryptography and the difference between symmetric and asymmetric cryptography.
93735bfd1dfecd82ceb55801288ec1b11f69cb6aa350d743d7867aee56f469d7White paper discussing the new ASH family of hashing algorithms. They are based off of modifications to the existing SHA-2 family and were designed with two main goals in mind: Providing increased collision resistance and increasing mitigation of security risks post-collision.
150fa7a85ac85ec3d91ca4a2ddc89e7acfe8f22d268b5d91541cd64b1165ebccWhite paper discussing the misuse of RC4 in Microsoft Word and Excel, where the initialization vector of RC4 remains the same when an encrypted document gets modified and saved,
c0ffc3250bcd2bd52681029cee361fe09da9a492aa3c261827312bb2d9e3c5bbStripwire is a tool which demonstrates vulnerabilities in md5 checks described in this paper. Contains a perl script which proves that if md5(x) == md5(y), then md5(x+q) == md5(y+q) (assuming length(x) and length(y) are 0 mod 64, and q is any arbitrary data). This is true because once two blocks converge upon the same hash, the nature of them being different has thereafter been lost.
fa4f1a1f3b2cd2098eef127cc9d5b5b38193af9ffa1fb17e7563d8a8214d60ddCollision vulnerabilities in MD5 Checksums - It is possible to create different executables which have the same md5 hash. The attacks remain limited, for now. The attack allows blocks in the checksumm'd file to be swapped out for other blocks without changing the final hash. This is an excellent vector for malicious developers to get unsafe code past a group of auditors, perhaps to acquire a required third party signature. Alternatively, build tools themselves could be compromised to embed safe versions of dangerous payloads in each build. A tool to demonstrate these vulnerabilities is available here.
cac2fbb0fa5442eda45b2a7a2412eb69fc74e574eb60d2a15209e44acf7e5bf8Whitepaper written on MD5 collisions that have been discovered.
0513838a8a73686d1626fe59ec75db5be286d44a7cc977a9826318662ea3a27dA paper written on timing attacks against OpenSSL 0.9.7. In this experiment, it shows that the extraction of private keys from an OpenSSL-based webserver is realistic. Monitoring about a million queries allows an attackers to remotely extract a 1024-bit RSA private key.
3d4961ee75c84a008149b8dd877da26a4c5981aca08e27f73afa074a0c1cf0a5Stenographied File Transfer Using Posix File Locks - How to transfer information to other users on secure systems by communicating with locked files. Includes some sample code that uses 32 locked files to transfer data on Posix systems.
946de361a7741cef70570cb8e2a840356929f865101a429898f20fd3d294b852Substitution Ciphers - This paper discusses the five classic substitution ciphers and how they are solved.
f946254eec745aa69631a45b0f3ff7eec21fda672e2b0778aee8b478b76f9938Basic Transposition Ciphers - All they do is shuffle the characters.
a6cef088fd83129f4d008c1646791990e5efefbb135dda28f1594c9f51b57eb6Timing Analysis of Keystrokes and Timing Attacks on SSH - Watching the timing between keystrokes sent over SSH and other encrypted protocols, some information can be obtained about the contents of the packet.
16113d5b2e15a06d9b17c1cbf6a6dc1812913daf27141c3a46816d73465b0e86Quantum Encryption: just how does the whole thing works anyway? (Diagrams included)
57904fd44c7ca790d7c326dede72af1fda867ed1f0247671db29bc67f98f8a07Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure. Real security is never that simple, and that is especially true with PKI.
2926ad11fff203d81cb0566ec64e3e3a591e8b4c1615f063f61f1551104e045aThe Cocaine Auction Protocol: On the Power of Anonymous Broadcast. This paper builds on a case study, of an anonymous auction between mistrustful principals with no trusted arbitrator, to introduce "anonymous broadcast" as a new protocol building block.
2f16d0a33c26665f4722f2e8a65ae5abe50817696ba1995bbed8c0b49e19e0bfThe Basics of Cryptography: Learn the basic of cryptography and how to break it in this short, simple and easy-to-understand text.
fff2de46b4df67eeb9c1cb05c58195d52ac5d84f72c6759cc86ade1fa67e5484Don't know anything about PGP? Wanna know what is it good for? How to use it? What are the advantages of encrypting your files and your Email? How PGP works? Why is it so hard to crack? Want a simple tutorial to teach you all this? Then go for this one! Simple, easy to understand and relatively small.
4463f8f5e7bbb27c5b104cb8b41cfd2dd3abc45de190a40487ed476b83466913Codes, Keys, and Conflicts: Issues in US Crypto Policy: A report of a special panel of the ACM (Association for Computing Machinery) US Public Policy Committee.
e40d79fba5b578f7df4b941686666a68d40a9153fe087dce1a467be7c604fdbbAugmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise: An extension of the protocol described in nekeps that removes the requirement that the host store passwords in cleartext .
501401b51463c5696021410a8329a152582020b94dcba5e0425bbb263f7bfca9A Cryptographic File System for Unix: A description of a UNIX file system implementation that provides transparent encryption and decryption of files stored on the disk.
abe024a893463e58101009bb5db2c160935e9ba2a713aa31b5f69f33bc1d71baKey Management in an Encrypting File System: A description of how "smart cards" can be used to manage the keys used by the encryption file system described in cfsps.
460ad69e4aff632d4927d125ca05e4f7cfa3c64bbd17512f39ae6a29386ef374A High-Speed Software DES Implementation: Describes a high-speed software implementation of the Data Encryption Standard.
6206030c01bb372697d282880a3683a89dc0cba68f94fe4136f7e44a2f868be2Using Content-Addressable Search Engines to Encrypt and Break DES: A very simple parallel architecture using a modifed version of content-addressable memory can be used to cheaply and efficiently encipher and decipher data with DES-like systems Describes how to implement these systems, and also how to construct a large scale engine for exhaustively searching the keyspace of DES.
5e55b0aba87fe238d2120e62ab8564c49a7b5d05fa9174b4bb4ebcc6ceccf37eProtocol Failure in the Escrowed Encryption Standard: A description of some protocol weaknesses in the Clinton administration's Escrowed Encryption Standard, also known as the Clipper Chip.
d35f3f7d28ebe7cad90fab4d270ef02dd8b8d2368edfc12a351b4a6389e3dd17Why Cryptosystems Fail: A survey of the failure modes of retail banking systems, the second largest application of cryptography.
076a85b4fb07ed526a2753244b705fdfe8e5d571faea8214b7d39c524261694b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed