Links for the Crypto Talk

cryptolinks.md

Crypto Basics:

• https://web.archive.org/web/20050323065423/http://www.cacr.math.uwaterloo.ca/hac/
• https://www.coursera.org/course/crypto
• http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246
• http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523
• http://www.keylength.com

Elliptic Curve Cryptography

• http://safecurves.cr.yp.to/
• http://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography

Post-Snowden Position Papers:

• http://tools.ietf.org/html/draft-hallambaker-prismproof-req-00
• http://tools.ietf.org/html/draft-farrell-perpass-attack-00
• http://www.ietf.org/proceedings/88/slides/slides-88-iab-techplenary-8.pdf

TLS details:

• http://en.wikipedia.org/wiki/Transport_Layer_Security#Basic_TLS_handshake
• http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
• http://www.hyperelliptic.org/tanja/vortraege/talk-30C3.pdf Slides 37f.
• http://pic.dhe.ibm.com/infocenter/wmqv7/v7r1/index.jsp?topic=%2Fcom.ibm.mq.doc%2Fsy10660_.htm
• http://security.stackexchange.com/questions/37797/how-does-non-ephemeral-diffie-hellman-key-exchange-become-compromised-in-ssl-whe

TLS Hands on:

• https://bettercrypto.org/static/applied-crypto-hardening.pdf
• https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
• http://vincent.bernat.im/en/blog/2011-ssl-perfect-forward-secrecy.html
• https://www.imperialviolet.org/2013/06/27/botchingpfs.html
• https://github.com/blog/1734-improving-our-ssl-setup

TLS Testing:

• https://github.com/iSECPartners/sslyze
• https://ssllabs.com/ssltest
• http://checktls.com/
• https://xmpp.net/
• https://www.owasp.org/index.php/Testing_for_Weak_SSL/TSL_Ciphers,_Insufficient_Transport_Layer_Protection_(OWASP-EN-002)

Sites to watch:

• http://blog.ivanristic.com/
• http://www.thoughtcrime.org/blog/
• https://www.imperialviolet.org/
• http://vincent.bernat.im/en/blog/
• http://blog.cloudflare.com/
• http://competitions.cr.yp.to/caesar.html
• https://www.trustworthyinternet.org/ssl-pulse/

Media Links

• https://firstlook.org/theintercept/article/2014/03/12/nsa-plans-infect-millions-computers-malware/
• http://www.format.at/articles/1414/524/374054/nsa-oesterreich
• http://www.theguardian.com/uk-news/2013/nov/01/gchq-europe-spy-agencies-mass-surveillance-snowden
• https://www2.dcsec.uni-hannover.de/files/fc14_unused_cas.pdf
• http://www.wired.com/2013/10/lavabit_unsealed
• https://firstlook.org/theintercept/document/2014/03/20/hunt-sys-admins/