Madhu's Corner :: Security and Cryptography

Some thoughts, links and other trivia on Security and Cryptography
Stuff that I've found over time.

Cryptography

Cryptography is the science of converting easy to understand information (plaintext) into undecipherable junk (ciphertext). That may be an oversimplification, but hey, it helps. Here are some useful links to startup with:

• Cryptography FAQ
  The basic starting point for anyone interested in cryptography.
  


• CRYPTO-GRAM
  A very useful newsletter from Bruce Scheider.
  


• SSH algorithms
  Very good basic information on algorithms
  


• IPSEC
  The SWAN implementation of IPSEC for Linux.
  


• Terry Ritter's site
  A good place for Crypto's Randomness and other things..
  

I'm pretty sad at the number of times that poor cryptography (known as snake-oil) is passed off, esp in the name of "advanced" "proprietary" "patent pending" algorithms. Don't reinvent the wheel - stick to things well understood.

Security

Security and Cryptography are often allied subjects, but that's all that can be said. Security is a complex and difficult mechanism to create, setup or maintain. It's been said before, and I'll say it again - "Security is a process, not a product!"

• Security Focus
  The most comprehensive site, hosts BuqTraq.
  


• Security Portal
  Another very useful site - loads fast as hell.
  


• Linux Security
  A useful spot to look at Linux Security Issues.
  


• The RISKS Digest
  A Moderated digest approx. equal to comp.risks.
  


• Security Talks
  I've given some talks with my good friend Kalyan Verma Alluri for the Indian Linux Users Group Bangalore (ILUG - B) on Security.
  


• Buffer Overflows
  This is a paper that I presented at the Computer Society of India's Karnataka State Convention. It won the best paper in the convention award.
  

Projects

Some of my projects (both active and dormant) are available here.