Hey all, I'm attempting to create an extensive archive of papers on -graphy and -analysis, locally stored and broken down by category/hierarchy, according to my own personal taxonomy. Maybe one day I'll try to figure out how to annotate their metadata in some way, possibly a bibtex-to-filename-to-hyperlink mapping, and web apps to ease data entry.
I know that taxonomies are doomed with such large collections of unique data, but the web and citeseer and Google Scholar just isn't doing the job for me, for a variety of reasons that should be obvious to anyone who has done extensive self-study in a field like this. I was wondering if anyone had suggestions on conference proceedings, individual papers, and authors that are worthy of inclusion. Quality is far more important than quantity - the web already provides the latter. Particularly, I've found cryptanalysis to be spottier in coverage. I recall Schneier had an interesting self-study course in block cipher cryptanalysis: http://www.schneier.com/paper-self-study.pdf Is there anything else out there like this? Also, here are three books I wish I had. Do they exist, or will I have to compile them over the next decade or two? 0) Cryptographic Protocol Design Something like this: http://www.subspacefield.org/security/security_concepts/index.html#tth_sEc28.6 However, I think it could be made into an entire book, and covered in far more detail and less like a "cookbook", but still accessible to security engineers, as opposed to discrete math postgrads. 1) Cryptography: A Study in Failure. Show cryptosystems and how they were broken or semi-broken, over the years. That _is_ how we learn, right? I'm thinking of knapsack, Kerb, e=3 SSL keys, hash length extension, PKCS#7 padding oracle, and so on. Note that the system doesn't have to have been designed according to best practices at the time to be instructive; sometimes how people did things wrong is far more instructive to an engineer. Psychological studies show that laws expressed in DO NOT form stick better than those which say ALWAYS DO. For yours truly, I'm intrigued by the way, say, a hash collision can affect the upper-level algorithm such as SSL certificate verification. These can be used to teach the difference between preimage-resistance and collision-resistance properties, for example, and really help an engineer to understand which he relies upon. The DO NOT BECAUSE lesson stick even better than those. I imagine this is the way they teach airplane safety, fire codes, and so on, and should be the way we teach cryptographic engineering. 2) (CS)PRNG designs I've never seen these aggregated in one place. Along those lines, if anyone has ideas on things worthy of inclusion in those yet-to-be-written books, please LMK. -- Good code works on most inputs; correct code works on all inputs. My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email [email protected] to get blacklisted.
pgp16dhzl2nJ6.pgp
Description: PGP signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
