I was able to present at the Triangle InfoSeCon on the Johns Hopkins University Cryptographic Knowledge Base that I am overseeing along with Seth Nelson and Matthew Green. The idea for the Cryptographic Knowledge Base came out of a presentation that I did last year at the Triangle InfoSeCon about the Standardization of Vulnerability Testing. I had a section about the cryptographic best practices for configuring SSH and TLS. An audience member asked me a question “can you find this information in one place or web site?” I responded “no” and that I had to do research across multiple websites, standards, and search the latest research papers. A graduate student from Johns Hopkins, Ren Hao, came up to me after my talk and told me his Master’s project related to the Standardization of Vulnerability Testing presentation, and we exchanged LinkedIn information. I had an idea of creating a knowledge base with the authoritative backing and expertise of Johns Hopkins University. One place with practical cryptographic knowledge written not for cryptographers, but information technology administrators, developers, and managers. I ran the idea past Ren Hao, and he thought it was a good idea. Ren decided to talk to the director of his department at JHU. I worked with Cisco to write a gift grant to Johns Hopkins to fund the knowledge base for three years, but our goal is to get other corporate sponsors so that it can stay funded.
What is the knowledge base?
It is a crowd sourced repository of practical cryptographic knowledge. The goal is to bridge the gap between the academic community and the information security community. Approved contributors can submit to the knowledge base, but all submissions will be reviewed by the JHU professors who are overseeing it.
The knowledge base is a repository for the best practices for algorithms and key sizes when configuring network devices, servers, and computers. The knowledge base is also a resource for developers writing code that includes cryptographic algorithms and key sizes. The knowledge base can also be used to formulate your product security baseline.
What is the link to the demo site for the JHU crypto knowledge base?
How can you help and get involved?
Do you have information that you can provide that relates to the definition, use, or weakness of a specific cryptographic algorithm? You can contact me via the contact link on this site. Let me know of your interest in the comments and send an email via the contact form. One professor has offered for his students to write cryptographic research papers that can be submitted to populate the knowledge base. The submissions will be reviewed by the JHU professors overseeing the cryptographic knowledge base before being published on the site.