There is a lot of great information about cryptography and computer security out there, both in print and on the Web. Here is a list of references that I think are particularly good or relevant for this class:
Material for "Security Overview"
Key Organizations and Standards Bodies/Sources
NIST (National Institute of Standards and Technology)
US Government organization defining technology standards and other useful information
NIST has a Computer Security Division which publishes the "800-series" of publications on Computer Security. See especially:
- SP 800-12 - An Introduction to Computer Security: The NIST Handbook
- SP 800-21 - Guidelines for Implementing Cryptography in the Federal Government
- SP 800-53 Rev. 3 - Recommended Security Controls for Federal Information Systems and Organizations
- SP 800-57 - Recommendation for Key Management
- SP 800-61 - Computer Security Incident Handling Guide
FIPS (Federal Information Processing Standards)
Run under the Information Technology Laboratory at NIST, publishes standards for how government systems must be run (including standard cryptographic algorithms such as AES, DSS, etc.)
IETF (Internet Engineering Task Force)
Publishes internet standards, protocol definitions (including IP, TCP, TLS, etc.), and other documents as RFCs. Non-protocol documents of particular interest include:
Miscellaneous items from overview
Designing security in
- CERT Secure Coding Standards
- Build Security In - US-CERT project to improve software assurance
- Writing Secure Code, Second Edition - Book by Michael Howard and David LeBlanc
- CWE/SANS Top 25 Most Dangerous Software Errors - very important stuff for software developers to know!
Material for "Classical Encryption Techniques"
Interesting and/or unsolved ciphers
Information on classic cryptography
- Braingle One-time Pad Demo
- Codebreakers by David Kahn is a greak book on the history of cryptography (particularly military history)
- Puzzle Baron's Cryptograms - information and online puzzles
- Good article by Gary Kessler on steganography, with examples
- Stegdetect/Outguess - detection and steganography tool from Niels Provos
- DES Animation by Kathryn Neugent
Advanced Encryption Standard (AES)
- AES Standard - FIPS 197 specification
- NSA Suite B Cryptography
- CNSSP-15 fact sheet - on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information
- AES Animation - a very cool flash-based AES animation
Security Model References
- Ciphertext Indistinguishability article at Wikipedia - this is a little terse, and the models seem to assume a public key crypto model, but otherwise it's a reasonable reference
- The Cookie Eater Project at MIT
- RSA SecureID hack explained (video)
- Google developers description of OpenID
- MD5 Collision Demo has a great overview of the vulnerability of MD5 with respect its lack of strong collision resistance. This page gives not just meaningless collisions, but very practical examples of different programs with the same MD5 hash value, and different Postscript files with the same MD5 hash value.
- Wired article on X.509 certificate forgery - this was a real attack on a Certificate Authority that demonstrated how the MD5 weakness led to forged certificates.
- The Sponge Functions Corner - the SHA-3 competition winner is based on the idea of "Sponge functions" (as opposed to prior major hash functions which used "compression functions"), and this page has some great info on Sponge functions.
- The Keccak sponge function family - the specific function family used in the winning SHA-3 entry.