Overview
Peter Gutmann's Godzilla crypto course includes 509 slides in 8 parts. The first 7 parts comprise the technical tutorial while the 8th is extra material on crypto politics. The actual source site can be reached at Tutorial. Peter also maintains one of the most comprehensive security link farms in existence. He can be reached by Email and snail mail:
Department of Computer Science
University of Auckland
Private Bag 92019
Auckland, New Zealand
Many books cover DES encryption at the bit-flipping level, but here the author discusses multiple encryption protocols, weaknesses, applications, and other crypto security issues from a higher level. Since the slides are support material for a complete lecture course, a great deal of background context is not available from simply reading the slides. Some of the claims and comments should be viewed in the context of a complete instructor-led course. Approximately 150 images accompany the slides which cannot be distributed for copyright reasons.
The Tutorial
Security threats and requirements, services and mechanisms, historical ciphers, cipher machines, stream ciphers, RC4, block ciphers, DES, breaking DES, brute-force attacks, other block ciphers (triple DES, RC2, IDEA, Blowfish, CAST-128, Skipjack, GOST, AES), block cipher encryption modes, public-key encryption (RSA, DH, Elgamal, DSA), elliptic curve algorithms, hash and MAC algorithms (MD2, MD4, MD5, SHA-1, RIPEMD-160, the HMAC's).
Key management, key distribution, the certification process, X.500 and X.500 naming, certification hierarchies, X.500 directories and LDAP, the PGP web of trust, certificate revocation, X.509 certificate structure and extensions, certificate profiles, setting up and running a CA, CA policies, RA's, timestamping, PGP certificates, SPKI, digital signature legislation.
IPSEC, ISAKMP, Oakley, Photuris, SKIP, ISAKMP/Oakley, SSL, non-US strong SSL, SGC, TLS, S-HTTP, SSH, SNMP security, email security mechanisms, PEM, the PEM CA model, PGP, PGP keys and the PGP trust model, MOSS, PGP/MIME, S/MIME and CMS, MSP.
User authentication, Unix password encryption, LANMAN and NT domain authentication and how to break it, Netware 3.x and 4.x authentication, Kerberos 4 and 5, Kerberos-like systems (KryptoKnight, SESAME, DCE), authentication tokens, SecurID, S/Key, OPIE, PPP PAP/CHAP, PAP variants (SPAP, ARAP, MSCHAP), RADIUS, TACACS/XTACACS/TACACS+, ANSI X9.26, FIPS 196, biometrics, PAM.
Electronic payment mechanisms, Internet transactions, payment systems (Netcash, Cybercash, book entry systems in general), Digicash, SET, the SET CA model.
Why security is hard to get right, buffer overflows, protecting data in memory, storage sanitization, data recovery techniques, random number generation, TEMPEST, snake oil crypto, selling security.
Smart cards, smart card file structures, card commands, electronic purse standards, attacks on smart cards, voice encryption, GSM security and how to break it, traffic analysis, anonymity, mixes, onion routing, mixmaster, crowds, steganography, watermarking, misc. crypto applications (hashcash, PGP Moose).
History of crypto politics, digital telephony, Clipper, Fortezza and Skipjack, post-Clipper crypto politics, US export controls, effects of export controls, legal challenges, French and Russian controls, non-US controls (Wassenaar), Menwith Hill, Echelon, blind signal demodulation, Echelon and export controls, Cloud Cover, UK DTI proposals, various GAK issues
