Useful Forums
Cryptography Stack Exchange: Question and answer site for software developers, mathematicians and others interested in cryptography. Excellent resource.
Reddit Cryptography Forum: Worthwhile forum to follow.
Cryptography Software
Bouncy Castle Crypto Package: Java implementation of cryptographic algorithms. The package is organized so that it contains a light-weight API suitable for use in any environment. The package is distributed at no charge for commercial or non-commercial use.
Cryptography Code: Another useful collection of software.
Crypto++ Library: A free C++ class library of cryptographic schemes.
Botan: Another free C++ class library of cryptographic schemes.
CryptoCalc: An Android app that demonstrates the results of execution of a wide variety of cryptographic algorithms.
Useful Web Sites and Documents
Computer Science Student Resource Site: Help and advice for the long-suffering, overworked student.
Errata sheet: Latest list of errors, updated at most monthly will be available as soon as errors are spotted. File name is Errata-Crypto8e-mmyy. If you spot any errors, please contact me at .
Introduction to Cryptography: Provides a Web-based introduction to cryptography for non-CS majors. Although elementary, it provides a useful feel for some key concepts. Originally appeared in the on-line Journal on Educational Resources in Computing, September 2002.
Security Cartoon: A cartoon-based approach aimed at improving the understanding of security risk among typical Internet users.
Chapter 1 - Overview
Crypto Forum Research Group An Internet Research Task Force (IRTF) Research Group for the discussion and review of cryptographic mechanisms for network security in general and for the IETF in particular.
Cryptographic Key Length Recommendation: Useful summary of recommendations of various organizations for key length for various cryptographic algorithms.
Dark Reading: a comprehensive source of news, commentary and analysis on cybersecurity, designed for use by IT security professionals.
Cryptography and Network Security Links: An collection of PDF documents from a wide variety of sources.
Peter Gutmann's Home Page: Good collection of cryptography stuff.
Cryptology ePrint Archive: Provides rapid access to recent research in cryptology; consists of a collection of unrefereed papers.
IEEE Technical Committee on Security and Privacy: Home of the electronic newsletter Cipher, which provides book reviews, new crypto and security links, and links to reports and papers available online.
Computer Security Resource Center: Maintained by NIST; contains a broad range of information on security threats, technology, and standards.
European Network and Information Security Agency A source of expertise on security issues for the EU. Includes an excellent set of technical reports, plus numerous other documents and links.
United States Computer Emergency Readiness Team: US-CERT is a partnership between the Department of Homeland Security and the public and private sectors, intended to coordinate the response to security threats from the Internet. The site has a good collection of technical papers, and information and alerts on current security issues, vulnerabilities and exploits.
Computer and Network Security Reference Index: A good index to vendor and commercial products, FAQs, newsgroup archives, papers, and other Web sites.
Security Focus: A wide variety of security information, with an emphasis on vendor products and end-user concerns. Maintains the Bugtraq, a mailing list for the detailed discussion and announcement of computer security vulnerabilities.
SANS Institute: Similar to Security Focus. Extensive collection of white papers. Maintains Internet Storm Center, which provides a warning service to Internet users and organizations concerning security threats.
CrypTool A freeware program which enables you to apply and analyze cryptographic mechanisms.
Risks Digest: Forum on risks to the public in computers and related systems.
Institute for Security and Open Methodologies: An open, collaborative security research community. Lots of interesting information.
Center for Internet Security: Provides freeware benchmark and scoring tools for evaluating security of operating systems, network devices, and applications. Includes case studies and technical papers.
Crypto Resources A good collection of pointers. Especially useful is a list of open source crypto software libraries.
NSA Commercial National Security Algorithm Suite Description of the cryptographic standards approved for for the Secure Sharing of Information Among National Security Systems. The suite lists approved algorithms to be used during a transition period to quantum resistant algorithms.
Chapter 2 - Number Theory
Number Theory Web: A collection of links to online information of interest to number theorists.
The Prime Pages: Prime number research, records, and resources.
Chapter 3 - Classical Encryption Techniques
American Cryptogram Association: An association of amateur cryptographers. The Web site includes information and links to sites concerned with classical cryptography.
Crypto Corner: Simon Singh's Website. Lots of good information, plus interactive tools for learning about cryptography.
Solitaire Encryption Algorithm: Developed by Bruce Schneier. This is perhaps the most secure encryption algorithm that can be implemented without a computer.
Lanaki Classical Cryptography Course: A free online course in 24 lessons.
What is Steganography?: an extensive guide to steganography. It covers the basics of the topic but also looks at the differences to cryptography and how the two can be combined.
Steganography: Good collection of links and documents.
Chapter 5 - Finite Fields
PascGalois Project: Contains a clever set of examples and projects to aid in giving students a visual understanding of key concepts in abstract algebra.
Chapter 6 - Advanced Encryption Standard
NIST Block Ciphers: NIST documents on AES and DES.
AES Lounge: Contains a comprehensive bibliography of documents and papers on AES, with access to electronic copies.
A Stick Figure Guide to AES A fun but worthwhile explanation.
Stan Trenholme’s AES Page A series of articles which describe various aspects of AES, including annotated C code.
Chapter 7 - Block Cipher Operation
Block Cipher Modes of Operation: NIST page with full information on NIST-approved modes of operation.
Chapter 8 - Random Bit Generation and Stream Ciphers
Randomness for Cryptography: Lists online resources for collecting and processing crypto-strength randomness. Excellent collection.
NIST Random Number Generation Technical Working Group: Contains documents and tests developed by NIST that related to PRNGs for cryptographic applications. Also has useful set of links.
NIST Randomness Beacon: Generates full-entropy bit-strings and posts them in blocks of 512 bits every 60 seconds. Each such value is sequence-numbered, time-stamped and signed, and includes the hash of the previous value to chain the sequence of values together and prevent even the source to retroactively change an output package without being detected.
Quantum Random Numbers: You can access quantum random numbers on the fly here. Another source of random numbers.
A Million Random Digits: You'll never know when you're going to need some.
Can You Behave Randomly?: A set of exercises by Dr Christopher Wetzel, which are intended to help you better understand randomness by getting you to try and behave randomly. Behaving randomly is surprisingly difficult for humans.
Introduction to Probability and Statistics: A good short introduction by John Walker, highly recommended.
Chapter 9 - Public-Key Cryptography and RSA
RSA Laboratories: The research center of RSA Security, Inc., it offers an extensive collection of technical material on RSA and other topics in cryptography.
RSA Tutorial: Excellent explanation of the math of RSA.
Chapter 10 - Other Public-Key Cryptosystems
NIST ECC Program: Documents and links related to elliptic curve cryptography.
Certicom: Extensive collection of technical material on elliptic curve cryptography and other topics in cryptography.
Chapter 11 - Cryptographic Hash Functions
NIST Secure Hashing Page: SHA FIPS and related documents.
Cryptographic Hash Algorithm Competition: NIST page on its competition for a new standardized hash algorithm, to be called SHA-3.
SHA-3 Home Page: This is the home site for Keccak, the winner of the SHA-3 competition. Complete documentation.
Illustrated Guide to Cryptographic Hashes: A useful, easy-to-folllow introduction.
Chapter 12 - Message Authentication Codes
NIST Message Authentication Codes Program: Information on approved algorithms.
Chapter 13 - Digital Signatures
Digital Signatures: NIST page with information on NIST-approved digital signature options.
Chapter 14 - Lightweight Cryptography and Post-Quantum Cryptography
NIST Lightweight Cryptography Project: Home page for project to solicit, evaluate, and standardize lightweight cryptographic algorithms that are suitable for use in constrained environments where the performance of current NIST cryptographic standards is not acceptable..
NIST Post-Quantum Cryptography Project: Home page for project to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms.
ETSI Portal for Quantum-Safe Cryptography: ETSI is a European standards organization. This site has white papers and other information on post-quantum cryptography.
Chapter 15 - Key Management and Distribution
Public-Key Infrastructure Working Group: IETF group developing standards based on X.509v3.
NIST Key Management Program: Documents and other information on this topic.
NIST PKI Program: Good source of information.
Chapter 16 - User Authentication
MIT Kerberos Site: Information about Kerberos, including the FAQ, papers and documents, and pointers to commercial product sites.
MIT Kerberos Consortium: Created to establish Kerberos as the universal authentication platform for the world's computer networks.
USC/ISI Kerberos Page: Another good source of Kerberos material.
Kerberos Working Group: IETF group developing standards for Kerberos.
NIST Trusted Identities Group: Documents related to user authentication and password usage.
Chapter 17 - Transport-Level Security
IETF TLS Page: Latest RFCs and internet drafts for TLS.
OpenSSL Project: Project to develop open-source SSL and TLS software. Site includes documents, links, and software.
Chapter 18 - Wireless Network Security
Wi-Fi Alliance: An industry group promoting the interoperabiltiy of 802.11 products with each other and with Ethernet.
IEEE 802.11 Wireless LAN Working Group: Contains working group documents plus discussion archives.
Open Mobile Alliance:Consolidation of the WAP Forum and the Open Mobile Architecture Initiative.
Chapter 19 - Electronic Mail Security
Symantec PGP Page: PGP Web site of Symantec, the leading PGP commercial vendor.
International PGP Home Page: Designed to promote worldwide use of PGP. Contains documents and links of interest.
S/MIME Charter: Latest RFCs and internet drafts for S/MIME.
DANE Charter: Latest RFCs and internet drafts for DANE.
DKIM Website hosted by Mutual Internet Practices Association, this site contains a wide range of documents and information related to DKIM.
DKIM Charter: Latest RFCs and internet drafts for DKIM.
Chapter 20 - IP Security
IPsec Maintenance and Extensions Charter: Latest RFCs and internet drafts for IPsec.
Chapter 21 - Network Endpoint Security
Vmyths: Dedicated to exposing virus hoaxes and dispelling misconceptions about real viruses.
SecureList: Site maintained by commercial antivirus software provider. Good collection of useful information on viruses, hackers, and spam.
DDoS Attacks/Tools: Extensive list of links and documents
DataLossDB project Compiles a wide variety of statistics, charts, graphs, and incident report.
CERT Coordination Center: The organization that grew from the computer emergency response team formed by the Defense Advanced Research Projects Agency. Site provides good information on Internet security threats, vulnerabilities, and attack statistics.
Packet Storm: Resource of up-to-date and historical security tools, exploits, and advisories.
Honeynet Project: A research project studying the techniques of predatory hackers and developing honeypot products
Honeypots: A good collection of research papers and technical articles. Numerous links to firewall references and software resources.
Chapter 22 - Cloud Security
NIST CLoud Computing Program:Useful information, links, and documents.
Chapter 23 - IoT Security
Internet of Things World Forum: A number of useful documents and videos.