Here you can find some software and articles that I've written.
cryptography:Crypto++, a free C++ library for cryptographyspeed benchmarks for various ciphers and hash functionsHome Pages of Cryptography Related PeopleThe VMAC Internet Drafta note about applications of Lucas sequences in cryptographythe crypto-optimization mailing listanonymity:PipeNet, a protocol for low-latency anonymous communicationtwo attacks against a PipeNet-like protocol once used by the Freedom serviceb-money, a scheme for a group of untraceable digital pseudonyms to pay each other with money and to enforce contracts amongst themselves without outside help

The accounting layer in a money system implemented in financial cryptography is responsible for reliably [1] holding and reporting the numbers for every transaction and producing an overall balance sheet of an issue.
It is in this that BitCoin may have its greatest impact -- it may have shown the first successful widescale test of triple entry [2].
Triple entry is a simple idea, albeit revolutionary to accounting. A triple entry transaction is a 3 party one, in which Alice pays Bob and Ivan intermediates. Each holds the transaction, making for triple copies.
To make a transaction, Alice signs over a payment instruction to Bob with her public-key-based signature [3]. Ivan the issuer then packages the payment request into a receipt, and that receipt becomes the transaction.
This transaction is digitally signed by multiple parties, including at least one independent party [4]. It then becomes a powerful evidence of the transaction [5].
The final receipt *is the entry*. [6]

We study the problem of preventing double spending in electronic payment schemes in a distributed fashion. This problem occurs,for instance, when the spending of electronic coins needs to be controlledby a large collection of nodes (e.g., in a peer-to-peer (P2P) system) instead of one central bank. Contrary to the commonly held belief thatthis is fundamentally impossible, we propose several solutions that doachieve a reasonable level of double spending prevention, and analysetheir efficiency under varying assumptions

The explicit introduction of money as a way to measure (a subset of) privacy invasions allows us to think about the erosion of privacy by the addition of technology. We know that the internet makes it easier, and perhaps money is that yardstick. What does it take to track down your property taxes? It’s gone from sending someone to the county records office to having someone with a browser. So Alice’s privacy with respect to Bob is not only lower, it’s no longer related to the cost of travel. We’ve zero’d out a term in the cost equation, and that leads to all sorts of chaos.

People imagine that sophisticated hacking requires sophisticated computers. The truth is that almost everything a hacker does can be done with a cheap notebook computer, or even a mobile phone.

The major exception is password cracking, and related crypto tasks like bitcoin mining and certificate forgery. In these cases, a minor investment in hardware can be warranted.

In particular, those who need to crack passwords (pen-testers, sysadmins, hackers) should buy a gaming graphics card in order to speed up cracking. Or, when buying notebooks for pen-testing, they should choose those with graphics processors

I've been learning about Bitcoin lately.

It's an electronic currency. I've seen electronic currency before - in the late 90s there were efforts to create them based on virtual banks issuing coins. The coins were basically long random serial numbers which, along with a statement of the value of the coin, were then signed by the bank. The public key of the bank is published, so people can check they're valid coins issued by the bank. The idea was that rather than withdrawing a bunch of notes from the bank, you can ask the bank to mint you a bunch of these signed numbers instead; and anyone who sees them can check their value, and eventually, return them to the bank (which can also check their value in the same way) to get their account credited.

Attention, government and corporate IT types. Repeat after me: MD5 encryption is not secure.

In the wake of the hacking of top US government contractor Booz Allen Hamilton by famous international griefers-cum-hacktivists "Anonymous" (or Anonymous-offshoot AntiSec, to be more precise), security observers are left scratching their heads as to why the company was using super-weak MD5 encryption to protect American government officials and servicemen.

Booz Allen Hamilton maintained a database of usernames and passwords of people that accessed its systems. Included were members of US Central Command (CENTCOM), US Special Operations Command (SOCOM), the Marine Corps, various Air Force facilities, Homeland Security, State Department staff, and apparently, private sector contractors.