Hyperlink: Security: Protocols & Applications
Meta-Reference on Information Technology

Cryptographic Tunneling in Networks

SSH - Secure Shell

• SSH - Secure Shell
  By SSH Communications Security, also as ssh.com.
  SSH Tectia - Secure Shell client, server, tools. Support - Cryptography A-Z, Resources.
  SSH Non-commercial Downloads, Official download FTP site & mirrors.
• OpenSSH
  OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools. It contains support for SSH1 and SSH2 protocols. Also as openssh.org.
• Ssh (Secure Shell) FAQ
  By Thomas König, 1997.
  Mirrors: MIT FAQs, FAQs.org.
• Secure Shell (secsh) Charter - SSH protocol, IETF
• FreeSSH.org
  SSH Resources. SSH Clients/Servers on Windows, Unix, Java and others.
• PuTTY: A Free Win32 Telnet/SSH Client
  PuTTY is a free implementation of SSH, Telnet and Rlogin client for Win32 platforms, along with an xterm terminal emulator. It is written and maintained primarily by Simon Tatham. PuTTY Companion utilities: PSCP, Plink, Pageant and PuTTYgen. Legal warning: Use of PuTTY, PSCP, PSFTP and Plink is illegal in countries where encryption is outlawed. Telnet-only binary (PuTTYtel) has unrestricted use, since it uses no cryptography.
  Download PuTTY Windows on Intel x86: HTML, FTP.
• Le Putty
  "Le Putty" is a ssh suite for Windows based on the very popular Putty project, but with added functionality that can not be included in the regular Putty. "Le Putty" should be as much as possible compatible with the original Putty. Added features: z modem transfers, keep alive with plink (useful when using plink for doing port forwarding), cleaned up command line options.
  Brought to you by Nicolas Barry, proud supporter of vim.
  SourceForge Project: leputty.
• WinSCP
  WinSCP is a freeware SCP (Secure CoPy) client for Windows using SSH (Secure SHell). Its main function is safe copying of files between a local and a remote computer. Beyond this basic function, WinSCP manages some other actions with files. By Martin Prikryl.
• SSHTools.com - Open Source SSH Toolkits for Java
  SSHTools.com is dedicated to the open source development of Java enabled SSH servers, client applications and development libraries. Hosted by SourceFforge.net, the site is the central resource for all the SSHTools open source projects.
  SSHTools Sourceforge, SourceForge Project: SSHTools - Java SSH Solutions.
• FreSSH
  FreSSH is a free implementation of the SSH communication protocol. It is compact, modular, portable, and designed for security and performance. It is a completely new implementation sharing no code with any other implementation of the SSH communication protocol.
• SSHDOS
  SSHDOS is a DOS port of SSH, SCP, SFTP and Telnet clients. Needs a packet driver (or a PPP driver for dialup connection) only.
  See WATTCP, Erick Engelke's free and easy way to add TCP/IP connectivity to your DOS applications.
  sshdos SourceForge Project.
• Google Directory: Internet Protocols: SSH
  SSH Clients, Servers, Documentation. See also Computer Security: Cryptography.

TLS - Transport Layer Security & SSL - Secure Sockets Layer

• Transport Layer Security
  From Wikipedia, the free encyclopedia. See also HTTP Secure.
• SSL 3.0 Specification by Netscape
  SSL - Secure Sockets Layer Protocol, especifications of this criptography protocol for secure transactions trought the Web.
• CSI: Overview of SSL 3.0
  Presentation by Jeff Treuhaft
  Netscape Internet Developer Conference 1996 - Commerce and Security
  Netscape Developer's Edge Archived Conference Materials.
• Planet SSL
  RSA Security, Inc., Ronald L. Rivest. Developer Resources - Standards.
• OpenSSL Project
  The Open Source toolkit for SSL/TLS
  The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The project is managed by a worldwide community of volunteers via Internet.
• SSLeay
  By and .
• mod_SSL: The Apache Interface to OpenSSL
  This module provides strong cryptography for the Apache webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols by the help of the Open Source SSL/TLS toolkit OpenSSL. The mod_ssl package is licensed under a BSD-style licence, which basically means that you are free to get and use it for commercial and non-commercial purposes.
• Apache-SSL
  Apache-SSL is a secure Webserver, based on Apache and SSLeay/OpenSSL. It is licensed under a BSD-style licence, which means, in short, that you are free to use it for commercial or non-commercial purposes. Apache-SSL is different from mod_ssl.
• Phaos SSL Resource Center
• Transport Layer Security (tls) Charter, IETF
• RFC 2246 - The TLS Protocol, Version 1.0, January 1999
• Network Security Services (NSS) by Mozilla.org
  SSL/TLS Module. NSS - Mozilla Developer Center.

Virtual Private Network (VPN)

• Virtual Private Network Consortium (VPNC)
  VPNC's archive of the IPsec mailing list
• Virtual Private Network Daemon
  By Andreas Steinmetz, Denmark.
  The virtual private network daemon (vpnd) is a daemon which connects two networks on network level either via TCP/IP or a (virtual) leased line attached to a serial interface. All data transfered between the two networks are encrypted using the unpatented free Blowfish encryption algorithm.
• FirstVPN Research
  Articles, White Papers.
• VPN's: IPSec vs. SSL
  By Tony Bradley, CISSP, MCSE2k, MCSA, A+. About.com Network Security.

IPSec - IP Security

IPsec is a suite of cryptographic extensions to the normal TCP/IP protocol suite. Before IPsec, applications had to handle their own cryptography functions (like SSL for HTTP). With IPsec, this logic can be pushed down to the network layer.

• Linux FreeS/WAN
  Linux FreeS/WAN is a free implementation of IPSEC & IKE for Linux. FreeS/WAN derives its name from S/WAN, which is a trademark in the USA of RSA Data Security, Inc; used by permission.
• Zebedee: Secure IP tunnel
  Zebedee is a simple program to establish an encrypted, compressed "tunnel" for TCP/IP or UDP data transfer between two systems. This allows traffic such as telnet, ftp and X to be protected from snooping as well as potentially gaining performance over low-bandwidth networks from compression.
  The main goals for Zebedee are to: Provide full client and server functionality under both UNIX and Windows 32-bit. Be easy to install, use and maintain with little or no configuration required. Have a small footprint, low wire protocol overhead and give significant traffic reduction by the use of compression. Use only algorithms that are either unpatented or for which the patent has expired. Be entirely free for commercial or non-commercial use and distributed under the term of the GNU General Public Licence.
• IP Security Protocol (ipsec) Charter, IETF
• IP Security (IPSEC) Resources
  Theodore Ts'o (co-chair of the IPSEC working group), MIT
  Minutes of the IPSEC Meetings from 1997 to 1998.
• IETF IP Security Working Group News (old)
  Minutes of the IPSEC Meetings 1995.
• NIST IPsec Project
  National Institute of Standards and Technology (NIST), USA.
  NIST Cerberus, An IPsec Reference Implementation for Linux
  IP Security Web Based Interoperability Tester (IPsec-WIT), NIST.
• KAME Project
  KAME Project is a joint effort of seven companies in Japan to provide a free IPv6 and IPsec (for both IPv4 and IPv6) stack for BSD variants to the world.
  OpenBSD IPSec FAQ.
  NetBSD IPsec.
• IPSec RFCs and How-To
  Maintained by Tina Bird.
• IPSec Developers Forum
• SSH Sentinel IPSec
  By SSH Communications Security.

---

Cryptographic Hash & Message Digest

• MessageDigest Algorithms
  By Wei Day.
• File Fingerprints: The Goods, the Bads, and the Unknowns
  Paper (PDF) by Simson L. Garfinkel, 2003.
• Authenticators and signatures
  By prof. Daniel J. Bernstein, Department of Mathematics, Statistics, and Computer Science, UIC.
  Poly1305-AES: A state-of-the-art message-authentication code.
• The Hash Function Lounge
  By Paulo S. L. M. Barreto, Doctor Professor, USP, Brazil.
• The WHIRLPOOL Hash Function
  By Paulo S. L. M. Barreto, co-author of Whirlpool function; Doctor Professor, USP, Brazil.
• Wikipedia: RIPEMD
  From Wikipedia, the free encyclopedia. RACE Integrity Primitives Evaluation Message Digest (RIPEMD).
  Research and Development in Advanced Communications Technologies in Europe (RACE) is a program launched in 1988 by the Commission of the European Communities to pave the way for Integrated Broadband Communications in Europe.
• The hash function RIPEMD-160
  By Antoon Bosselaers, co-author of RIPEMD algorithm, Katholieke Universiteit Leuven, Belgium.
• ISO/IEC 10118-3:2004
  ISO/IEC 10118-3:2004 specifies the following seven dedicated hash-functions, i.e. specially-designed hash-functions:
  • RIPEMD-160 (Clause 7) provides hash-codes of lengths up to 160 bits;
  • RIPEMD-128 (Clause 8) provides hash-codes of lengths up to 128 bits;
  • SHA-1 (Clause 9) provides hash-codes of lengths up to 160 bits;
  • SHA-256 (Clause 10) provides hash-codes of lengths up to 256 bits;
  • SHA-512 (Clause 11) provides hash-codes of lengths up to 512 bits;
  • SHA-384 (Clause 12) provides hash-codes of a fixed length, 384 bits; and
  • WHIRLPOOL (Clause 13) provides hash-codes of lengths up to 512 bits.
  For each of these dedicated hash-functions, ISO/IEC 10118-3:2004 specifies a round-function that consists of a sequence of sub-functions, a padding method, initializing values, parameters, constants, and an object identifier as normative information, and also specifies several computation examples as informative information.
• MSDN Library: Security - Cryptography - Hashing
• Digest:: - Perl Modules that calculate message digests
  MD5, SHA1, HMAC, MD2.
• Microsoft File Checksum Integrity Verifier (FCIV) utility
  The File Checksum Integrity Verifier (FCIV) is a command-prompt Windows utility that computes and verifies cryptographic hash values of files. FCIV can compute MD5 or SHA-1 cryptographic hash values. These values can be displayed on the screen or saved in an XML file database for later use and verification. FCIV is freely provided by Microsoft support for download.
• HandyArchive Free Checksum Downloads

MD5 - Message Digest #5

• RFC 1321 - The MD5 Message-Digest Algorithm
  By Ronald Rivest, MIT Laboratory for Computer Science and RSA Data Security, April 1992.
  Includes a Reference Implementation in C.
  RSA intellectual property information on its MD algorithms.
• MD5 (Message-Digest algorithm 5)
  From Wikipedia, the free encyclopedia.
• MD5 Homepage (unofficial)
  Introduction and links to implementations for the message authentication (data integrity validation) algorithm MD5 developed by prof. Ronald L. Rivest (MIT/RSA), available for several programming languagens: C, C++, JavaScript, Miva, Perl, PHP, VB.
• RSA-MD5 Signature Suite - Version 1.0
  By Philip A. DesAutels and Peter Lipp, W3C Digital Signature Initiative (DSig).
• GNU Core Utilities - Coreutils
  Formerly Textutils - GNU Project, FSF. Includes md5sum - compute and validate MD5 message digest, besides sha1sum, cksum, sum, and other common Unix text utilities.
  Source-code download. TextUtils for Windows @ GnuWin32. Textutils for Solaris @ Sunfreeware & md5sum Information @ Sun - Solaris.
• MD5summer
  Windows MD5 sum generator/validator with graphical interface. Postcardware (if you like MD5summer, please send a postcard to the author).
• md5deep
  md5deep is a cross-platform set of programs to compute MD5 message digests or SHA-1 message digests on an arbitrary number of files. The programs run on Windows, Linux, FreeBSD, OS X, Solaris, and should run on most other platforms. md5deep is similar to the md5sum program from GNU Coreutils package, but has additional features. Free.
• etree.org | md5sum.exe
  md5sum console utility for Win32.
• Fast MD5 Implementation in Java
  By Timothy W Macinta.
• MD5sums
  By PC-Tools.Net. Freeware Windows console tools and utilities.
• WinMD5 - Windows MD5 Hashes
  Compute MD5 checksums on Win32 platforms. Supports drag and drop. Free software.
  WinMD5-2.07.zip para Windows.
• MD5 in Delphi - IRsoft
  This is a lightweight implementation of the MD5 checksum algorithm in Delphi. It uses Windows' Crypto API. You need the Crypto API headers (Interface for Microsoft CryptoAPI version 2.0) for Delphi from JEDI . Add Wcrypt2 to your uses clause.

SHA/SHS - Secure Hash Algorithms / Standard

The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions. The most commonly used function in the family, SHA-1, is employed in a large variety of popular security applications and protocols, including SSL, PGP, SSH, S/MIME, and IPSec. SHA-1 is considered to be the successor to MD5, an earlier, widely-used hash function. The algorithms were designed by the National Security Agency (NSA) and published as a US government standard. (From Wikipedia)

• NIST Cryptographic Toolkit: Secure Hashing - SHS/SHA
  Secure Hash Standard (SHS) & Secure Hash Algorithms (SHA).
  By National Institute of Standards and Technology (NIST) - Computer Security Resource Center (CSRC), USA.
  NIST CSRC Cryptographic Algorithm Validation Program (CAVP).
• FIPS PUB 180-2 - Secure Hash Signature Standard (SHS) [PDF]
  This Standard specifies four secure hash algorithms - SHA-1, SHA-256, SHA-384, and SHA-512 - for computing a condensed representation of electronic data (message). Change Notice to include SHA-224. Federal Information Processing Standards (FIPS) Publication 180-2, August 2002. Category: Computer Security Standard, Cryptography.
  FIPS PUB 180-1: SHA-1, April 1997.
• SHA (Secure Hash Algorithm) hash functions
  From Wikipedia, the free encyclopedia.
• sha.cpp Source File
  SHA-2 C++ implementation by Wei Dai, modified from SHA-1 C implementation by Steve Reid. Both are in the public domain.
  Part of the Crypto++ Library, by Wei Dai.

ssdeep

ssdeep is a open source (GPL) program for computing and matching Context Triggered Piecewise Hashing(aka Fuzzy Hashing) values, created and maintained by Jesse Kornblum. It is based on a spam detector called spamsum by Andrews Trigdell.

• Fuzzy Hashing and ssdeep
  Quickstart guide. Sourceforge project: ssdeep.
• Forensics Wiki: Ssdeep
• Wikipedia: Jesse Kornblum
  From Wikipedia, the free encyclopedia.
  Jesse Kornblum (1975-) is a computer forensics researcher and former US Air Force Office of Special Investigations agent who has written a number of papers and tools. His most notable computer forensics tool, ssdeep, made use of a combination of hashing algorithms to help identify highly similar but not identical files; a vexing problem with no previous solutions.
• Jesse Kornblum home-page
  Blog: A Geek Raised by Wolves.
• Partial file matching in host intrusion prevention systems
  By Mariusz, 2006-09-08, in his blog.
• pyssdeep
  pyssdeep - python bindings for kornblum's ssdeep fuzzy hasher. Google Code, new BSD licence.

HMAC - Keyed-Hash Message Authentication Code

• FIPS PUB 198-1 - The Keyed-Hash Message Authentication Code (HMAC) [PDF]
  Federal Information Processing Standards (FIPS) Publication 198-1, July 2008.
• RFC 2104 - HMAC: Keyed-Hashing for Message Authentication
  RFC-2104, February 1997. By H. Krawczyk (IBM), M. Bellare (UCSD), R. Canetti (IBM).
• The HMAC papers
  By Mihir Bellare, UCSD.

---

Public-Key Cryptography

Public-Key Cryptography Standards (PKCS)

The Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. First published in 1991 as a result of meetings with a small group of early adopters of public-key technology, the PKCS documents have become widely referenced and implemented. Contributions from the PKCS series have become part of many formal and de facto standards, including ANSI X9 documents, PKIX, SET, S/MIME, and SSL.

• Public-Key Cryptography Standards (PKCS) RSA Laboratories.
• PKCS
  From Wikipedia, the free encyclopedia.
• RFC 3447 - Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1
  By J. Jonsson, B. Kaliski, RSA Laboratories, February 2003. This document obsoletes RFC 2437, PKCS #1 v2.0 (October 1998), RFC 2313, v1.5 (March 1998).
• OpenSC - tools and libraries for smart cards
  OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too.

Cryptographic Message Syntax (CMS) & PKCS #7

• RFC 2315 - PKCS #7: Cryptographic Message Syntax, Version 1.5
  By B. Kaliski, RSA Laboratories, March 1998. PKCS #7 version 1.5 was developed outside of the IETF and further documented in this Informational RFC; it was originally published as an RSA Laboratories Technical Note in November 1993. Since that time, the IETF has taken responsibility for the development and maintenance of the Cryptographic Message Syntax (CMS) standard, which is derived from PKCS #7 version 1.5.
• RFC 3852 - Cryptographic Message Syntax (CMS)
  By R. Housley, Vigil Security (formerly at RSA Laboratories), July 2004. This document describes the new Cryptographic Message Syntax (CMS). This syntax is used to digitally sign, digest, authenticate, or encrypt arbitrary message content. This document obsoletes RFC 3369 (August 2002) and RFC 2630 (June 1999).
• RFC 4853 - Cryptographic Message Syntax (CMS) - Multiple Signer Clarification
  By R. Housley, Vigil Security, April 2007.
• RFC 5083 - Cryptographic Message Syntax (CMS) - Authenticated-Enveloped-Data Content Type
  By R. Housley, Vigil Security, November 2007.
• RFC 3370 - Cryptographic Message Syntax (CMS) Algorithms
  By R. Housley, RSA Laboratories, August 2002. This document describes the conventions for using several cryptographic algorithms with the Cryptographic Message Syntax (CMS).
• RFC 3274 - Compressed Data Content Type for Cryptographic Message Syntax (CMS)
  By P. Gutmann, University of Auckland, June 2002.

S/MIME - Secure MIME

• IETF S/MIME Working Group
  By Internet Mail Consortium (IMC).
• S/MIME Mail Security (smime) Charter
  Internet Engineering Task Force (IETF).
• RFC 3851 - Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification
  By B. Ramsdell, editor, Sendmail Inc., July 2004. This document obsoletes RFC 2633, S/MIME Version 3 (June 1999).
• RFC 2311 - S/MIME Version 2 Message Specification
  By S. Dusse (RSA Data Security), P. Hoffman (Internet Mail Consortium), B. Ramsdell (Worldtalk), L. Lundblade (Qualcomm), L. Repka (Netscape). March 1998.
• S/MIME Central
  RSA Security, Inc., Ronald L. Rivest. Developer Resources - Standards.

PGP - Pretty Good Privacy

PGP is a practical utility for cryptography and digital signature (certificate), based on the most modern, safe and efficient cryptography systems known. PGP was originally created and developed by Philip R. Zimmermann in 1991.

The U.S. Government was against Phil Zimmermann claiming violation of export restrictions on PGP criptography. Only in January 1996 the U.S. Courts definetively dropped the legal case. In March of the same year, PGP Inc. was formed, dealing with commercial versions of PGP, with Phil Zimmermann as CEO. In Dezember 1997, Network Associates Inc. (NAI) acquired the property of PGP Inc. company and Phil stayed on with NAI as Senyor Member to provide technical guidance for PGP's continued development, and to ensure the integrity of produced version (up to 7.0.3), free of back doors and with public release of complete source code.

In February 2001, he quits NAI to move on to his own projects on protect personal privacy. Phil launched OpenPGP Consortium, to facilitate interoperability of different implementations of the OpenPGP standard. In June 2002, PGP products and intellectual property were acquired from Network Associates by a new company called PGP Corporation, where Zimmermann now serves as special advisor and consultant. And Phil Zimmermann himself is now also a PGP reseller.

• Pretty Good Privacy (PGP)
  From Wikipedia, the free encyclopedia.
• International PGP Home Page - PGPi
  Maintained by PGP activist Stale Schumacher, in an independent site in Norway (www.ifi.uio.no/pgp/), also accessible as pgpi.com and pgpi.net.
  Download International PGP Freeware.
  Why do you need PGP? - by Phil Zimmermann.
• PGP Corporation
  Pretty Good Privacy (PGP).
  PGP Desktop Professional Technical Specifications - Public Key Formats: OpenPGP (RFC 2440), X.509; Public Key Algorithms: Diffie-Hellman (DH), DSS, RSA (v4 up to 4096-bit); Symmetric Key Algorithms: AES (up to 256-bit), CAST, TripleDES, IDEA, Twofish; Hashes: SHA-1, MD5, RIPEMD-160; Network Protocols: TLS/SSLv3, IKE, SECSH.
  PGP Freeware from PGP Corporation.
  PGP Europe.
• Phil Zimmermann's Home Page
  Philip R. Zimmermann, the creator of Pretty Good Privacy (PGP).
  Where to Get PGP.
• RFC 4880 - OpenPGP Message Format
  By J. Callas (Network Associates), L. Donnerhacke (IN-Root-CA Individual Network e.V.), H. Finney (Network Associates), R. Thayer (EIS Corporation). November 2007. This document obsoletes RFC 2440 (November 1998), RFC 1991 (August 1996).
  An Open Specification for Pretty Good Privacy (openpgp) Charter, IETF.
  IETF Open PGP mailing list.
• RFC 3156 - MIME Security with Pretty Good Privacy (PGP)
  By M. Elkins (Network Associates), D. Del Torto (CryptoRights Foundation), R. Levien ( University of California at Berkeley), T. Roessler. August 2001. This document updates RFC 2015 (October 1996).
• OpenPGP Alliance
  OpenPGP is the most widely used email encryption standard in the world. It is defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) Proposed Standard RFC 2440.
  The OpenPGP Alliance is a growing group of companies and other organizations that works to facilitate technical interoperability and marketing synergy between OpenPGP implementations.
• GnuPG - The GNU Privacy Guard
  GnuPG is a complete and free replacement for PGP. Because it does not use patented IDEA algorithm, it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) standard compliant application. GnuPG is Free Software.
• gpg4Win
  EMail-Security using GnuPG for Windows. Project Gpg4Win provides a installer package for Windows with computer programs and handbooks for e-mail and file encryption, including Windows version of GnuPG, several front-ends and some documentation.
• PGP Freeware MIT Distribution
  MIT distributes PGP Freeware without cost for personal, non-commercial use, in cooperation with Philip Zimmermann, Network Associates, and with RSA Security. This PGP distribution supports RSA public-key encryption technology. PGP Freeware is distributed by MIT only to United States and Canada.
• Enigmail extension for Mozilla/Netscape
  Enigmail is an extension to the mail client of Mozilla / Netscape 7.x which allows users to access the authentication and encryption features provided by the popular GnuPG software. Enigmail is open source and dually-licensed under the GNU General Public License (GPL) and the Mozilla Public License.
• WinPT: Windows Privacy Tools
  Windows Privacy Tools (WinPT) is a collection of multilingual applications for easy digital encryption and signing of content. It's GnuPG-based, compatible with OpenPGP compliant software (like PGP) and free for commercial and personal use under the GPL.
• GPG Shell
  GPGshell is a graphical interface for GnuPG (GNU Privacy Guard). It requires an already working installation of GnuPG v1.2.2, since it does not have any cryptographic code itself. GPGshell is Freeware.
• Site sobre PGP, em português: Servidor de chaves públicas, Tutorial, FAQ.
• PGP Timeline and brief History, by Adam Back
• Servidores de chaves públicas PGP:
  • PGPnet - worldwide network of synchronized PGP Keyservers
    WWW Based PGP 5.0 Key Server System
  • keys.pgp.com
  • pgpkeys.mit.edu
  • pgp.ai.mit.edu
  • Swiss PGP Keyserver at ETH Zürich
• Google Directory: PGP

---

Secret-Key Cryptography

Advanced Encryption Standard (AES) & Rijndael

Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen, selected by NIST for the Advanced Encryption Standard (AES).

• Advanced Encryption Standard (AES)
  NIST AES Archive.
• FIPS PUB 197 - Announcing the Advanced Encryption Standard (AES) [PDF]
  Federal Information Processing Standards (FIPS) Publication 197, 2001-11-26.
• The Rijndael Block Cipher
  Page dedicated to the fans of the Rijndael Block Cipher, whose selection, in an upset of Karelinean proportions, as the NIST Advanced Encryption Standard (AES) has brought down the Feistal cipher dynasty.
• Rijndael Page
• Implementations of AES (Rijndael) in C/C++ and Assembler
  By Dr. Brian Gladman, Ph.D., UK.
• Advanced Encryption Standard (AES) Libraries
  AES libraries source code for download.
• AxCrypt - File Encryption for Windows
  AxCrypt File Encryption - Personal Privacy and Security free open source for Windows with AES-128 File encryption, compression, wipe and transparent decrypt and open in the original application, with a few mouse clicks and integrated with Windows Explorer. Cryptographic primitives are AES-128 and SHA-1. By Svante Seleborg/Axon Data.

---

Authentication and Access Control

Existing authentication methodologies involve three basic factors:

• Something the user knows (e.g., password, PIN);
• Something the user has (e.g., ATM card, smart card); and
• Something the user is (e.g., biometric characteristic, such as a fingerprint).

Authentication methods that depend on more than one factor are more difficult to compromise than single-factor methods. (FFIEC)

Multi-factor Authentication

• Wikipedia: Multi-factor authentication
  Two-factor authentication.
  From Wikipedia, the free encyclopedia.
• The Failure of Two-Factor Authentication
  By Bruce Schneier, 2005-03-15.
• FFIEC Information Technology Examination Handbook
  Booklets. Authentication in an Internet Banking Environment (PDF). By Federal Financial Institutions Examination Council (FFIEC), US Government.
• PhoneFactor
  PhoneFactor adds a second factor of authentication to any existing corporate or website login, creating a two factor authentication, based on a phone call.

HTTP Authentication

• RFC 2617 -- HTTP Authentication: Basic and Digest Access Authentication
  RFC 2617 Draft Standard, June 1999; RFC 2617 at FAQs.org.
• Basic access authentication
  Digest access authentication
  From Wikipedia, the free encyclopedia.
• Authentication, Authorization, and Access Control
  Apache HTTP Server, Version 2.2 How-To.
  Version 2.0, Version 1.3.
• HTTP Authentication with HTML Forms
  By Paul James, 2007-11-07.
• HTTP Authentication Setup - A Quick-Step Guide
  By Hagan Fox, 2006, Qdig - Quick Digital Image Gallery.

Kerberos

• Kerberos: The Network Authentication Protocol
  By Massachusetts Institute of Technology (MIT).
• USC/ISI Kerberos Page
  The Kerberos Network Authentication Service site, by USC/ISI's GOST Group. Documentation & Papers, Software Distributions, FAQ, Related systems, Additional help sources, Commercial support, Open issues.
• Kerberos Working Group (krb-wg) Charter, IETF

SOCKS

SOCKS is a generic proxy protocol for TCP/IP-based networking applications. SOCKS includes two components, the SOCKS server and the SOCKS client. The SOCKS server is implemented at the application layer. The SOCKS client is implemented between applications and transport layer.

• SOCKS
  By NEC Networking Systems Laboratory.
  About Socks - Overview: Technical information.
• RFC 1928 - SOCKS Protocol Version 5, March 1996
• Dante - A Free Socks Implementation
  By Inferno Nettverk A/S, Oslo, Norway.

PAM - Pluggable Authentication Modules

• OpenPAM
  OpenPAM is an open source PAM library that focuses on simplicity, correctness, cleanliness, and portability. OpenPAM aims to gather the best features of Solaris PAM, XSSO and Linux-PAM, plus some innovations of its own. In areas where these implementations disagree, OpenPAM tries to remain compatible with Solaris, at the expense of XSSO conformance and Linux-PAM compatibility.
  OpenPAM is an open-source implementation of the Sun PAM API, developed by ThinkSec under DARPA contract. OpenPAM currently implements the full PAM API as specified in the X/Open Single Sign-on (XSSO) preliminary specification, minus token mapping and secondary authentication (which are not part of the original PAM API). It is intended to be source-code compatible with Solaris 9 PAM.
  SourceForge Project: OpenPAM.
• Solaris PAM (Pluggable Authentication Modules)
  PAM allows integration of various authentication technologies such as UNIX, Kerberos, RSA, smart cards and DCE into system entry services such as login, passwd, rlogin, telnet, ftp, and su without changing any of these services. PAM is integrated into the Solaris 2.6 release.
• Linux-PAM (Pluggable Authentication Modules) for Linux
  Linux-PAM provides a flexible mechanism for authenticating users. PAM was invented by SUN Microsystems.
  SourceForge Project: PAM.
  PAM for Apache.
• PAM (Pluggable Authentication Modules)
  In Linux User Authentication HOWTO, Peter Hernberg, 2000.
• Authen::PAM
  Authen::PAM is a perl module which provides an interface to the PAM library. By Nikolay Pelov. Authen-PAM at CPAN, Perldoc Authen::APAM.
• Making Login Services Independent of Authentication Technologies
  By Vipin Samar & Charlie Lai, Sun Microsystems. Article on Pluggable Authentication Module (PAM) framework.
• Using LDAP & PAM for SSO Authentication
  SAAS - Guide to using LDAP with PAM on Linux.
• Pam-list: Pluggable Authentication Modules List
  PAM Discussion List Archive Mirror.

Single Sign-On (SSO)

• Single sign-on
  From Wikipedia, the free encyclopedia.
• CoSign - Collaborative single sign-on
  CoSign is an open source Web Single Sign-On, for secure, intra-institutional web authentication. Also as weblogin.org. By University of Michigan.
• Central Authentication Service (CAS)
  The JA-SIG Central Authentication Service was originally developed by Yale University Information Technology Services (ITS). It has since become a JA-SIG project. Additional CAS client implementations available for Apache (MOD_CAS, AuthCAS mod_perl), ISAPI (CCCI CAS agent), Java (J2SE, JSP, JSR-168 portlets, Spring/Acegi), ColdFusion, PAM, Perl, PHP (PHP client, Prado), Ruby on Rails, uPortal, WebObjects, Zope (CASUserFolder).
• ESOE - Enterprise Sign On Engine
  Integrated identity management, single sign on, authorization, federation and accountability for enterprise resources access, in a very extensible manner. The ESOE is built using the OASIS SAML 2.0 specification, and the ESOE's engine is built around a reduced version of the OASIS XACML 2.0 standard which they have called Lightweight XACML (LXACML). ESOE is open source, licensed under Apache 2.0.
  ESOE Users wiki: Installation and Administration Documentation, Support and Mailing Lists, Downloads.
• X/Open Single Sign-on Service (XSSO)
  XSSO Architecture, XSSO Sign-on Services, Pluggable Authentication Modules (PAM), XSSO Account Management Services.
• See: Java APIs: Security: Single Sign-On (SSO)

---

Other Protocols and Applications

• Security Protocols and Specifications
  Cryptographic APIs, Secure Internet Protocols, Secure IP/Datagrams, Random Number Generators, Certificates, Envelopes and MIME, Digital Signing and Content Rating, Privacy Enhancement for Internet MAIL (PEM), Public Key Exchange, Cryptographic Specifications, Public Source, Other References, Privacy & Politics.
• advICE : Reference : Networking
  Internet Security Systems Reference by Internet Security Systems (ISS, formerly Network ICE).
• TechFest - Networking Protocols
  By TechFest. Links of general information on networking protocols. TCP/IP, IPv6 & NGI, Routing, IAN, ICMP, E-Mail (POP, IMAP, SMTP), FTP, TFTP, Telnet, HTTP, HTML, UDP, PPP, SLIP, DNS, DHCP, SOCKS, NNTP, NTP, LDAP, NHRP, MPLS, IP Multicast, RSVP, , diffserv, intserv, IPSec, Firewalls, IP over ATM, Voice Over IP (VoIP), Multimedia, OSI, FTAM, Netware IPX, AppleTalk, DECnet, Xerox XNS, Banyan Vines, NETBIOS, SNA, DLS, VLANs, Bridging, Trunking / Link Aggregation, Jini.
• Cryptomak Cipher Tools
  Cryptomak is collection of php scripts for encryption and decryption purpose. Cryptomak is using Phrame as web application platform which implements MVC (Model, View, Controller) design. At the view layer, Cryptomak is using Smarty as template engine.
  Cryptomak live Demos - Cipher: Simple Shift, Monoalphabetic Substitution, Columnar Transposition, Vigenere Cipher, Permutation, Affine Cipher, Xoft Cipher, Base64 Cipher - Tool: Frequency Distribution, Index of Coincidence.
• Server Gateway Cryptography (SGC)
  By Microsoft.