This page is an attempt to compile some of the top technical crypto and security blogs, textbooks, and websites. It’s very much a work in progress. If you think something is missing, please leave a note in comments or drop me a line.

Top Cryptography and Security Blogs

Schneier on security. One of the oldest and most famous security blogs. Bruce covers topics from block cipher cryptanalysis to airport security.

Root Labs rdist. Nate Lawson and his co-authors write on a variety of topics including hardware implementation, cryptographic timing attacks, DRM, and the Commodore 64.

Bristol Cryptography Blog. The official blog for the University of Bristol cryptography research group. It’s a group blog, primarily targeted towards cryptographers and crypto students.

Travis Goodspeed. Travis does interesting things to hardware and lives to tell. He’s a great read if you’re interested in hardware security, wireless hacking, or anything in between. 

Matasano Chargen. Unfortunately Chargen doesn’t seem to get updated anymore, but in its day it was a great resource for software and crypto exploits. You can still browse the archives.

Light Blue Touch Paper (University of Cambridge). Group blog from the University of Cambridge. Topics vary, but whatever these folks say is worth paying attention to.

Bunnie’s blog. Notes from one of the preeminent hardware hackers, the guy who first hacked the XBox and ran the first MITM attack on HDCP.

Good Enough Security. David Wachtfogel’s blog covers a whole bunch of topics, including a nice recent series entitled ‘sub-standard security’ (which really should be a blog of its own).

MPC Lounge Blog. Excellent wonky blog by researchers in the area of secure multiparty computation. Topics include fully homomorphic encryption, secure function evaluation and more.

Cryptography and Security Textbooks

The Handbook of Applied Cryptography (aka the HAC), by Menezes, van Oorschot and Vanstone. One of the fundamental textbooks in this area. Covers basic theory, symmetric and asymmetric cryptography, and protocols. This is not a quick read, mind you. It’s a serious textbook and an excellent reference. (The full text can be downloaded for free, but it’s worth purchasing.)

Security Engineering by Ross Anderson. If you’re designing or analyzing security systems and haven’t read this book, you need to do so immediately. Anderson is a cryptographer, security expert and all-around savant. (The full 2001 edition can be downloaded for free, but the 2008 edition is even better.)

Modern Cryptography by Wenbo Mao. An excellent introductory crypto textbook, a little bit less dense than the HAC. (Not available online.)

Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindell. We use this as a core text at Hopkins. A fantastic mix of practical and theoretical crypto. (Only one chapter is online.)

Foundations of Cryptography by Oded Goldreich. This two-book pair is probably the best cryptographic theory textbook. This is a great book to start with if you’re looking to understand the formal underpinnings first. But it’s not an applied crypto textbook. (A few draft chapters are available here, but you’ll have to purchase the rest.)

Online courses and lecture notes

Stanford’s online cryptography course, instructor: Dan Boneh. While this course has never been offered before (it starts 1/23/2012) it’s taught by Dan Boneh. If you’re looking for a strong online course, this is the one. (Notes, assignments and video lectures.)

Stanford & Berkeley’s online security course, instructors: Dan Boneh, Dawn Song and John Mitchell. Everything I just said about Stanford’s crypto course, but with more attitude and less crypto. Starts 2/2012. (Notes, assignments and video lectures.)

Mihir Bellare and Shafi Goldwasser’s Lecture Notes. A full set of notes (really a mini-book) for a short course offered at MIT. 

Introduction to Modern Cryptography, instructor: Philip Rogaway, UCSD. Along with Mihir Bellare, Rogaway is one of the inventors of the field of ‘Practice-oriented provable security’. (Notes and slides.)

Computer Security 161, instructor: Vern Paxson, UC Berkeley. This is Berkeley’s intro to computer security course. Covers fundamentals like threat modeling, crypto, worms, and all the rest of it. (Notes, slides and assignments). 

Practical Cryptographic Systems, instructor: Matt Green, Johns Hopkins. This is a practical systems/crypto course I teach from time to time at Johns Hopkins. While it’s hardly in the same league as the courses I’ve listed above, hey, it’s my blog. Moreover, this is one of the few that focuses on practical crypto attacks and vulnerabilities. (Slides and assignments.) 

Practical Aspects of Cryptography, instructors: Josh Benaloh and Brian LaMacchia, University of Washington & MSR. Also looks like an excellent introduction to the practical aspects of cryptography. (Slides and assignments.)

Useful websites

The IACR ePrint Archive. Hosted by the International Association of Cryptologic Research, this e-print archive hosts most of the latest academic crypto results.

Crypto StackExchange. Excellent community-oriented crypto Q&A site.

WTFCrypto. Short answers to common questions. 

Software

OpenSSL, NSS, GnuTLS, Crypto++, BouncyCastle, Pycrypto. Just a few of the standard crypto libraries used to secure data on the Internet.

The Advanced Crypto Software Collection at UT Austin. Implementations of advanced crypto schemes such as Attribute-Based Encryption, Paillier, and other interesting protocols.

NaCl. A new cryptographic library from the CACE project. 

Charm at Johns Hopkins. A Python-based framework for rapidly prototyping ‘research’ cryptosystems. Provides underlying support for common settings, including ECC and Pairing-based Cryptography. Implementations of many research cryptosystems.

Top Cryptography and Security Conferences

CRYPTO, Eurocrypt, Asiacrypt, TCC (for theoretical cryptography), PKC, RSA-CT, CHES (hardware and embedded), FSE (software encryption). A few of the better cryptography conferences, but hardly the only ones.

IEEE Security and Privacy Symposium (aka ‘Oakland’), Usenix Security, ACM CCS. A few of the top security conferences. Note that all links are for 2012.