Try http://www.yahoo.co.uk/Computers_and_Internet/Security_and_Encryption/ for a list of security and encryption references.
See http://www.cs.hut.fi/ssh/crypto/ for an introduction to cryptography by Tatu Ylönen.
Alternatively, http://www.achiever.com/freehmpg/cryptology/crypto.html is a complete course on cryptography by Ken Dunham.
RSA Labs (see below) have a FAQ list at http://www.rsa.com/rsalabs/faq/html/questions.html.
Netscape have an Introduction to Public-Key Cryptography at http://developer.netscape.com/docs/manuals/security/pkin/contents.htm.
You should be familiar with the following terms:
See http://www.cs.hut.fi/ssh/crypto/algorithms.html
DES is a secret key algorithm developed in the 1970s. It was made a standard by the US government, and has also been adopted by several other governments worldwide. It is widely used, especially in the financial industry.
DES is a block cipher with 64-bit block size. It uses 56-bit keys. This makes it fairly easy to break with modern computers or special-purpose hardware. DES is still strong enough to keep most random hackers and individuals out, but it is easily breakable with special hardware by government, criminal organizations, or major corporations. In large volumes, the cost of breaking DES keys is on the order of tens of dollars. DES is getting too weak, and should not be used in new designs.
RSA (Rivest-Shamir-Adelman) is the most commonly used public key algorithm. Can be used both for encryption and for signing. It is generally considered to be secure when sufficiently long keys are used (512 bits is insecure, 768 bits is moderately secure, and 1024 bits is good). The security of RSA relies on the difficulty of factoring large integers.
Dramatic advances in factoring large integers would make RSA vulnerable. RSA is currently the most important public key algorithm. It is patented in the United States (expires year 2000), and free elsewhere.
See http://www.rsa.com/ for more details.
IDEA (International Data Encryption Algorithm) is a secret key algorithm developed at ETH Zurich in Switzerland. It uses a 128 bit key, and it is generally considered to be very secure. It is currently one of the best public known algorithms. It is a fairly new algorithm, but it has already been around for several years, and no practical attacks on it have been published despite of numerous attempts to analyze it.
Diffie-Hellman is a commonly used public-key algorithm for key exchange. It is generally considered to be secure when sufficiently long keys and proper generators are used.
The security of Diffie-Hellman relies on the difficulty of the discrete logarithm problem (which is believed to be computationally equivalent to factoring large integers).
An unpublished algorithm, made available by CESG, and proposed for use in the NHS by the Zergo Report. See The use of encryption and related services with the NHSnet: A report for the NHS Executive by Zergo Limited (http://www.cypherspace.org/~adam/ukexport/zergo.html).
Ross Anderson's criticisms of this approach are online at http://www.cl.cam.ac.uk/users/rja14/zergo/zergo.html.
PGP (Pretty Good Privacy): E-mail and file encryption program. It also supports digital signatures. It is generally considered to be very secure (uses RSA and IDEA for encryption).
See http://www.pgp.com for more details.
Invented by Philip R. Zimmermann [http://www.pgp.com/phil/phil.asp] PGP is a response to US (and other countries') government attempts to restrict the use of strong encryption by the general public. See http://www.pgp.com/phil/phil-src-intro.asp and the Global Internet Liberty Campaign (http://www.gilc.org/crypto) for some discussion of this.
US government initiative to develop a Federal Information Processing Standard (FIPS) for Advanced Encryption Standard (AES) specifying an Advanced Encryption Algorithm (AEA). Run by the National Institute of Standards and Technology (NIST).
It is intended that the AES will specify an unclassified, publicly disclosed encryption algorithm available royalty-free world-wide that is capable of protecting sensitive government information well into the next century.
See http://csrc.nist.gov/encryption/aes/aes_home.htm for latest information including details of the candidates.
Brute force methods: what are the timescales involved for various types of system?
Ross Anderson on breaking algorithms - http://www.cl.cam.ac.uk/users/rja14/zergo/node7.html#SECTION00070000000000000000. One of the key points he makes is that any cryptography used by the NHS should not be crackable within an individual's lifetime (i.e. circa 100 years).
Another Anderson article - http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/news-items/old-news-items/961115.rjamkDFA.html.
Distributed.Net run a series of projects to crack encrypyted material using brute force methods (involving thousands of computers). See http://www.distributed.net/
Physical side-channel attacks on cryptographic systems - http://www3.interscience.wiley.com/cgi-bin/fulltext/77004227/FILE?TPL=ftx_start
Updated to