SP 800-67

Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher,
May 2004

Adobe .pdf (960 KB)

SP 800-59

Guideline for Identifying an Information System as a National Security System,
August 2003

Adobe .pdf (95.5 KB)
Zipped .pdf file (72.9 KB)


SP 800-48

Wireless Network Security: 802.11, Bluetooth, and Handheld Devices,
November 2002

Adobe .pdf (1,027 KB)
Zipped .pdf file (780 KB)

SP 800-41

Guidelines on Firewalls and Firewall Policy,
January 2002

Adobe .pdf (1,180 KB)

SP
800-27 Rev. A

Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A,
June 2004

Adobe .pdf (291 KB)

SP 800-22

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications,
October 2000

Revised: May 15, 2001:
Adobe .pdf (1,422 KB)
Errata sheet for originally published version (.pdf file)


SP
800-60

Guide for Mapping Types of Information and Information Systems to Security Categories,
June 2004

Volume I Adobe .pdf file (444 KB)
Volume II: Appendixes Adobe .pdf (2,003 KB)


*****************************************

Lots of good info there. Check it out.

http://csrc.nist.gov/publications/nistpubs/

A huge Geek you are, yes...
In particular:
"A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications"

My oh my.... and to think I've been accused of being a geek.

crypto is cool !

geek priceless eheh

http://www.dannysdailys.com/Priceless3/puter-geek.jpg

oooo I got a good idea! Geek Pictures thread .. muahahaha

crypto is cool !

From a technical and historical perspective, definately!

The drudgery and severe accountabilty for KEYMAT and Type 1 encryption devices takes some of the coolness out of crypto for me... several years worth of secret squirrel duty...

Have you read Cryptonomicon by Neal Stephenson?

From a technical and historical perspective, definately!

The drudgery and severe accountabilty for KEYMAT and Type 1 encryption devices takes some of the coolness out of crypto for me... several years worth of secret squirrel duty...

Have you read Cryptonomicon by Neal Stephenson?


Ya I read some of it, but my friend had it so I wasn't able to keep it for very long. Its on my list of things to read :D

I agree Secret Squirrel Duty is ghey ! I never had to worry about implementation,(outside of messing with it) I guess I have always been interested in it from as you say a "technical and historical perspective".

Oh... and speaking of security, did you hear that MD5 was broken? Possibly SHA-1 may be next to fall.

That is misinformation.


This clearly shows that the resistance of MD5 against collision attacks
is significantly lower than 2^64 indicated by its 128-bit digest. Since the
attack allows free selection of IV, these attacks mean that MD5 should
not be used for any serious cryptographic purpose.


http://www.tcs.hut.fi/~mjos/md5/


MD5 is used to verify that you downloaded something successfully, both to make sure that the entire file is there and also that the file hasn't been tampered with. I doubt anyone is really going to trust it to encrypt mission critical data.

Yes, I am aware what md5sums are used for. It's still broken though... md5sums are used for software package (tarball or other) or document integrity tests. Give someone has enough time on their hands, however, they could potentially create trojan packages and no one would know the difference until a code audit. We'll see in time... Linux/Unix should not have enough exposure to make such an effort likely. To what extent does Microsoft use MD5? I'll have to do some reading....

Let me correct myself... instead of using the word "broken", let use the term "statistically weaker". :)