0

I am learner of cryptographic algorithms and security standards. I usually Google it to understand the basics of the algorithm or the protocol, and to find an implementation of a protocol. However I can never be sure if the algorithm I am looking for is in its globally accepted form. The source can be either books or websites.

To explain what I want to read from the trustable sources, I can give the examples below;

About a cryptographic algorithm: AES Algorithm or AES-CBC mode algorithm ,Implementation of AES-CBC , Implementation of SHA-256

Protocol: The Transport Layer Security (TLS) Protocol Version 1.2

A security standard: PKCS - Public Key Cryptography Standards

Information security is improving and changing very fast. And I always want to keep myself updated as soon as possible. I would like to know the most recent sources. In addition, when I write an article, I would like to refer to globally accepted sources. It would not be good practice to refer an information from Wikipedia or a random website. I think that one source that I can refer is NIST. Also, I can trust to the official publication of an algorithm.

To conclude, which sources can I use without doubt while doing my research about a security standard, or algorithm?

M'vy
  • 13,033
  • 3
  • 47
  • 69
Pilfility
  • 442
  • 4
  • 14
  • What kind of information about a security standard? You can find test vectors for most popular algorithms from official sources. – forest Jul 03 '18 at 11:32
  • I mean the main principles of security standard. For example, if I want to develop a public key algorithm myself, I can take it as my guidelines. The standards usually include their own test vectors as you said for the algorithms. Random number generation standards and tests can be an example for it. – Pilfility Jul 03 '18 at 11:43
  • 1
    Just as a reminder : https://security.stackexchange.com/questions/18197/why-shouldnt-we-roll-our-own – M'vy Jul 03 '18 at 11:47
  • Thank you @M'vy. I am aware the danger of implementing own algorithms and protocols. My work is only for implementing and referencing them properly. I have no intent to create my own. – Pilfility Jul 03 '18 at 11:53
  • Sure, I am just covering the bases. And it's also for others who might read the question. – M'vy Jul 03 '18 at 11:56

1 Answers1

2

There is no central repository from where to get this kind of source.

What you should do, is to get the official publication of any standard you want to refer too. You can either find it by yourself, with a search engine, or by reading other article that cite this particular standard.

A lot of protocols are RFC, published by the IETF.

Good Wikipedia articles usually reference the main paper in its sources.

M'vy
  • 13,033
  • 3
  • 47
  • 69
  • Yes, so I think I can simply follow the references of Wikipedia. And what about NIST? Is it good to reference its articles and recommendations? – Pilfility Jul 03 '18 at 11:47