Cryptography

Algorithms

Blowfish - Twofish - Solitaire - Helix - Phelix - Yarrow - Fortuna - Threefish - Skein

Programs

Password Safe

Papers

Papers by year:

2015
2013
2010
2009
2008
2005
2003
2002
2001
2000
1999
1998
1997
1996
1995
1994 and earlier

Algorithm Analyses:

Akelarre
CMEA
DEAL
FROG
Magenta
MARS
Maurer-Like Stream Ciphers
n-bit Hash Functions
ORYX
Rijndael
SAFER+
Serpent
SPEED
TwoPrime
Amplified Boomerang Attacks
Mod n Cryptanalysis
Related-Key Cryptanalysis I
Related-Key Cryptanalysis II
Side Channel Cryptanalysis

Protocol Analyses:

PGP and GnuPG
PPTP
PPTPv2 (MS-CHAPv2)
Chosen Protocol Attack
SSL 3.0
Reaction Attacks
IPsec
E-Mail Encryption Protocols

Pseudorandom Number Generators:

Attacking PRNGs

Protocol Designs:

Certified E-Mail
Clueless Agents
Secure Audit Logs
Remote Access to Audit Logs
E-mail Protocol
Remote Gambling
Risks of Key Recovery
Conditional Purchase Orders
Remote Auditing
An Authenticated Camera
Authenticating Software Outputs
Software Metering
Street Performer Protocol
Street Performer 2
Distributed Proctoring
Event Stream Notarization

New Algorithms:

Blowfish
- Blowfish--One Year Later
Twofish:
- Description
- Key Schedule
- Differential Characteristics
- Key Uniqueness
- Improved Implementations
- New Results
- Key Schedule 2
- Impossible Differentials
- Related-Key Attacks
- Key Separation
Yarrow PRNG
MacGuffin
Helix
Phelix
Skein and Threefish:
- Description
- Provable Security Support

Cipher Design:

Building PRFs from PRPs
Secure Low-Entropy Keys
Fast Encryption in Software
Unbalanced Feistel Networks
Minimal Secure Key Lengths

Smart Cards:

Modeling Security Threats for Smart Cards
Authenticating Secure Tokens Using Slow Memory Access

Miscellaneous Papers:

Mandating Insecurity by Requiring Government Access
Defeating Encrypted and Deniable File Systems
The Psychology of Security
Economics of Information Security
Protecting Secret Keys with Personal Entropy
Performance Comparison of the AES Submissions
Performance Comparison of the AES Finalists
Managed Security Monitoring
Secure System Engineering Methodology
Secure Audit Logs for Computer Forensics
Ten Risks of PKI
Attack Trees
Twofish Team's Comments on AES Selection
AES Key Agility Issues
A Self Study Course in Block Cipher Cryptanalysis

Presentation Slides

Attack Trees (1999 SANS Network Security Conference)
Yarrow PRNG (Sixth Annual Workshop on Selected Areas in Cryptography)
A Hacker Looks at Cryptography (Black Hat '99)
Cryptography and Computer Security: Current Technology and Future Trends [audio] (HOPE, 1997)

Miscellaneous

Microsoft PPTP
CMEA Digital Cellular
S/MIME Cracking Screen Saver
Review of TriStrata Public Information

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc..