I've finally got around to finishing a major update of my Godzilla crypto and security tutorial to cover newer material like WEP, WPA, and WPA2. It's available from http://www.cs.auckland.ac.nz/~pgut001/tutorial/index.html and comprises 784 slides in 10 parts.
The tutorial covers security threats and requirements, services and mechanisms, and sercurity data format templates, historical ciphers, cipher machines, stream ciphers, RC4, block ciphers, DES, breaking DES, brute-force attacks, other block ciphers (AES, Blowfish, CAST-128, GOST, IDEA, RC2, Skipjack, triple DES), block cipher encryption modes (ECB, CBC, CFB, encrypt+MAC modes), public-key encryption (RSA, DH, Elgamal, DSA), using PKCs, elliptic curve algorithms, hash and MAC algorithms (MD2, MD4, MD5, SHA-1, SHA-2, RIPEMD-160, the HMAC's), pseudorandom functions, key management, key distribution, the certification process, X.500 and X.500 naming, certification heirarchies, X.500 directories and LDAP, the PGP web of trust, certificate revocation, X.509 certificate structure and extensions, certificate profiles, setting up and running a CA, CA policies, RA's, timestamping, PGP certificates, SPKI, why do we need digital signature legislation, what is a signature, paper vs.electronic signatures, non- repudiation, trust, and liability, existing approaches, examples of existing legislation of various types including advantages and drawbacks, the Digital Signature Law litmus test, user authentication, Unix password encryption, LANMAN and NT domain authentication and how to break it, GSM security, S/Key, OPIE, TANs, PPP PAP/CHAP, PAP variants (SPAP, ARAP, MSCHAP), RADIUS, DIAMETER, TACACS/XTACACS/TACACS+, EAP and variants (EAP-TTLS, EAP-TLS, LEAP, PEAP) Kerberos 4 and 5, Kerberos-like systems (KryptoKnight, SESAME, DCE), authentication tokens, SecurID, X9.26, FIPS 196, Netware 3.x and 4.x authentication, biometrics, PAM, SSL, TLS, TLS-PSK, SGC, SSH, TLS vs.SSH, IPsec, AH, ESP, IPsec key management (Photuris, SKIP, ISAKMP, Oakley, SKEME), IKE, IPsec problems, OpenVPN, WEP, WEP problems, WPA, TKIP, AES-CCM, DNSSEC, S-HTTP, SNMP, email security mechanisms, PEM, the PEM CA model, PGP, PGP keys and the PGP trust model, MOSS, PGP/MIME, S/MIME and CMS, MSP, opportunistic email encryption (STARTTLS/STLS/AUTH TLS), electronic payment mechanisms, Internet transactions, payment systems, Netcash, First Virtual, Cybercash, book entry systems, Paypal, Digicash, e- cheques, SET, the SET CA model, SET problems, prEN 1546, TeleQuick, Geldkarte, EMV, micropayments, smart cards, smart card file structures, card commands, PKCS #11, PC/SC, JavaCard/OCF, multiapplication cards, iButtons, contactless cards, vicinity cards, attacks on smart cards, traffic analysis, anonymity, mixes, onion routing, mixmaster, crowds, LPWA, steganography, watermarking, misc. crypto applications (hashcash, PGP Moose), TEMPEST, snake oil crypto, selling security. TCSEC/Orange Book, crypto politics, digital telephony, Clipper, Fortezza and Skipjack, US export controls, effects of export controls, legal challenges, French and Russian controls, non-US controls (Wassenaar), Menwith Hill, Echelon, blind signal demodulation, Echelon and export controls, Cloud Cover, UK DTI proposals, and various GAK issues. Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
