Practical Applications of Public-key Cryptography: Securing Email Communications with PGP. An 11 page tutorial that discusses practical uses of PGP desktop, the commercial version of PGP.
190fece747e9805af22848e10674c48feb4476aac8d5a9c2a691f4039cdc098b
Brief paper discussing the basics of cryptography and the difference between symmetric and asymmetric cryptography.
93735bfd1dfecd82ceb55801288ec1b11f69cb6aa350d743d7867aee56f469d7
White paper discussing the new ASH family of hashing algorithms. They are based off of modifications to the existing SHA-2 family and were designed with two main goals in mind: Providing increased collision resistance and increasing mitigation of security risks post-collision.
150fa7a85ac85ec3d91ca4a2ddc89e7acfe8f22d268b5d91541cd64b1165ebcc
White paper discussing the misuse of RC4 in Microsoft Word and Excel, where the initialization vector of RC4 remains the same when an encrypted document gets modified and saved,
c0ffc3250bcd2bd52681029cee361fe09da9a492aa3c261827312bb2d9e3c5bb
Stripwire is a tool which demonstrates vulnerabilities in md5 checks described in this paper. Contains a perl script which proves that if md5(x) == md5(y), then md5(x+q) == md5(y+q) (assuming length(x) and length(y) are 0 mod 64, and q is any arbitrary data). This is true because once two blocks converge upon the same hash, the nature of them being different has thereafter been lost.
fa4f1a1f3b2cd2098eef127cc9d5b5b38193af9ffa1fb17e7563d8a8214d60dd
Collision vulnerabilities in MD5 Checksums - It is possible to create different executables which have the same md5 hash. The attacks remain limited, for now. The attack allows blocks in the checksumm'd file to be swapped out for other blocks without changing the final hash. This is an excellent vector for malicious developers to get unsafe code past a group of auditors, perhaps to acquire a required third party signature. Alternatively, build tools themselves could be compromised to embed safe versions of dangerous payloads in each build. A tool to demonstrate these vulnerabilities is available here.
cac2fbb0fa5442eda45b2a7a2412eb69fc74e574eb60d2a15209e44acf7e5bf8
Whitepaper written on MD5 collisions that have been discovered.
0513838a8a73686d1626fe59ec75db5be286d44a7cc977a9826318662ea3a27d
A paper written on timing attacks against OpenSSL 0.9.7. In this experiment, it shows that the extraction of private keys from an OpenSSL-based webserver is realistic. Monitoring about a million queries allows an attackers to remotely extract a 1024-bit RSA private key.
3d4961ee75c84a008149b8dd877da26a4c5981aca08e27f73afa074a0c1cf0a5
Stenographied File Transfer Using Posix File Locks - How to transfer information to other users on secure systems by communicating with locked files. Includes some sample code that uses 32 locked files to transfer data on Posix systems.
946de361a7741cef70570cb8e2a840356929f865101a429898f20fd3d294b852
Substitution Ciphers - This paper discusses the five classic substitution ciphers and how they are solved.
f946254eec745aa69631a45b0f3ff7eec21fda672e2b0778aee8b478b76f9938
Basic Transposition Ciphers - All they do is shuffle the characters.
a6cef088fd83129f4d008c1646791990e5efefbb135dda28f1594c9f51b57eb6
Timing Analysis of Keystrokes and Timing Attacks on SSH - Watching the timing between keystrokes sent over SSH and other encrypted protocols, some information can be obtained about the contents of the packet.
16113d5b2e15a06d9b17c1cbf6a6dc1812913daf27141c3a46816d73465b0e86
Quantum Encryption: just how does the whole thing works anyway? (Diagrams included)
57904fd44c7ca790d7c326dede72af1fda867ed1f0247671db29bc67f98f8a07
Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure. Real security is never that simple, and that is especially true with PKI.
2926ad11fff203d81cb0566ec64e3e3a591e8b4c1615f063f61f1551104e045a
The Cocaine Auction Protocol: On the Power of Anonymous Broadcast. This paper builds on a case study, of an anonymous auction between mistrustful principals with no trusted arbitrator, to introduce "anonymous broadcast" as a new protocol building block.
2f16d0a33c26665f4722f2e8a65ae5abe50817696ba1995bbed8c0b49e19e0bf
The Basics of Cryptography: Learn the basic of cryptography and how to break it in this short, simple and easy-to-understand text.
fff2de46b4df67eeb9c1cb05c58195d52ac5d84f72c6759cc86ade1fa67e5484
Don't know anything about PGP? Wanna know what is it good for? How to use it? What are the advantages of encrypting your files and your Email? How PGP works? Why is it so hard to crack? Want a simple tutorial to teach you all this? Then go for this one! Simple, easy to understand and relatively small.
4463f8f5e7bbb27c5b104cb8b41cfd2dd3abc45de190a40487ed476b83466913
Codes, Keys, and Conflicts: Issues in US Crypto Policy: A report of a special panel of the ACM (Association for Computing Machinery) US Public Policy Committee.
e40d79fba5b578f7df4b941686666a68d40a9153fe087dce1a467be7c604fdbb
Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise: An extension of the protocol described in nekeps that removes the requirement that the host store passwords in cleartext .
501401b51463c5696021410a8329a152582020b94dcba5e0425bbb263f7bfca9
A Cryptographic File System for Unix: A description of a UNIX file system implementation that provides transparent encryption and decryption of files stored on the disk.
abe024a893463e58101009bb5db2c160935e9ba2a713aa31b5f69f33bc1d71ba
Key Management in an Encrypting File System: A description of how "smart cards" can be used to manage the keys used by the encryption file system described in cfsps.
460ad69e4aff632d4927d125ca05e4f7cfa3c64bbd17512f39ae6a29386ef374
A High-Speed Software DES Implementation: Describes a high-speed software implementation of the Data Encryption Standard.
6206030c01bb372697d282880a3683a89dc0cba68f94fe4136f7e44a2f868be2
Using Content-Addressable Search Engines to Encrypt and Break DES: A very simple parallel architecture using a modifed version of content-addressable memory can be used to cheaply and efficiently encipher and decipher data with DES-like systems Describes how to implement these systems, and also how to construct a large scale engine for exhaustively searching the keyspace of DES.
5e55b0aba87fe238d2120e62ab8564c49a7b5d05fa9174b4bb4ebcc6ceccf37e
Protocol Failure in the Escrowed Encryption Standard: A description of some protocol weaknesses in the Clinton administration's Escrowed Encryption Standard, also known as the Clipper Chip.
d35f3f7d28ebe7cad90fab4d270ef02dd8b8d2368edfc12a351b4a6389e3dd17
Why Cryptosystems Fail: A survey of the failure modes of retail banking systems, the second largest application of cryptography.
076a85b4fb07ed526a2753244b705fdfe8e5d571faea8214b7d39c524261694b