Skip to content

Commit 0f1e0c2

Browse files
committed
site created
1 parent 5cec1d7 commit 0f1e0c2

49 files changed

Lines changed: 8319 additions & 11 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,3 +6,6 @@
66

77
*.pyc
88
/job
9+
/zoo
10+
CODE_OF_CONDUCT.md
11+
CODE_OF_CONDUCT.md

README.md

Lines changed: 76 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -26,17 +26,7 @@
2626
<tr>
2727
<td bgcolor="#181715" align="center">
2828
<br>
29-
<font color="#5db8a6"><b>CRYPTO ARCHIVE + SAFETY-PROFILE TOOLKIT</b></font>
30-
<h1><font color="#f4fffd">NextSSL</font></h1>
31-
<h3><font color="#cdebe6">A wide crypto archive with safe defaults you can inspect.</font></h3>
32-
<p>
33-
<font color="#d9d4cc">
34-
NextSSL is being built as a large crypto library for research, testing, and safer defaults.
35-
It tracks many algorithms, supports many platforms, and keeps risky choices away from normal users.
36-
The project is still under development, so the README is clear about what is planned and what is ready.
37-
</font>
38-
</p>
39-
<br>
29+
<font color="#5db8a6"><b>This is the most comprehensive open, documented, and engineering-actionable cryptographic reference available. Not a museum of every cipher ever conceived — but a battle-tested index of what you actually need to build secure systems, pass audits, and migrate to post-quantum standards.</b></font>
4030
</td>
4131
</tr>
4232
</table>
@@ -279,3 +269,78 @@ The current `bin` layout contains **29 target variants**. Build docs are still c
279269
</td>
280270
</tr>
281271
</table>
272+
273+
274+
275+
276+
## Scope & Exclusions
277+
278+
> **TL;DR:** This inventory aims to be the most comprehensive *openly documented* cryptographic reference for production engineering, standards compliance, and protocol design. It does **not** claim to be an exhaustive enumeration of every algorithm that has ever existed. Below is the explicit boundary of what we include, what we deliberately exclude, and why.
279+
280+
---
281+
282+
### What We Include
283+
284+
| Inclusion Criteria | Examples |
285+
|--------------------|----------|
286+
| **IETF / NIST / ISO / ITU-T standards** | AES-GCM, SHA-3, ML-KEM, ML-DSA, HKDF, X.509v3 |
287+
| **National standards** (openly published) | SM3/SM4 (China), Streebog/Kuznyechik (Russia), ARIA/SEED/LEA (Korea), Camellia (Japan) |
288+
| **Widely deployed protocol primitives** | Noise patterns, Signal X3DH/Double Ratchet, WireGuard, TLS 1.3 cipher suites |
289+
| **Production cryptographic libraries** | OpenSSL, BoringSSL, wolfSSL, libsodium, Botan, mbed TLS, ring, rustls |
290+
| **Post-quantum NIST finalists & standards** | ML-KEM, ML-DSA, SLH-DSA, plus selected alternates with significant deployment |
291+
| **Threshold / MPC primitives with active implementations** | FROST, TSS2, GG20/21 variants, DKG, VSS |
292+
| **Zero-knowledge proof systems with production usage** | Groth16, Plonk, STARKs, Bulletproofs, KZG commitments |
293+
| **Hardware security interfaces & TEE abstractions** | PKCS#11, TPM 2.0, Intel SGX/TDX, AMD SEV-SNP, Apple Secure Enclave |
294+
| **Historic algorithms relevant to migration & legacy support** | MD5, SHA-1, 3DES, RSA-PKCS1-v1.5, DSA |
295+
296+
---
297+
298+
### What We Deliberately Exclude
299+
300+
| Exclusion Category | Rationale | Examples of Omitted Items |
301+
|--------------------|-----------|---------------------------|
302+
| **Classified / proprietary government cryptography** | Not publicly documented; no verifiable specification | NSA Suite A, military tactical ciphers, diplomatic link encryption |
303+
| **Undocumented vendor-specific protocols** | Cannot be independently implemented or audited | Proprietary smart-card OS crypto, automotive ECU obfuscation, DRM cipher suites |
304+
| **Purely academic proposals with zero deployment** | Inventory would balloon to thousands of entries with no engineering value | Most eSTREAM Round 1/2 candidates, dozens of lightweight Feistel ciphers from 2005–2015 |
305+
| **Regional telecom/radio ciphers without open standards** | Specialized, often classified, and rapidly obsolete | Specific GSM A5/3 variants, satellite link ciphers, tactical radio waveforms |
306+
| **Hardware bitstream / FPGA obfuscation schemes** | Not general-purpose cryptographic algorithms | Xilinx bitstream encryption, ASIC logic locking |
307+
| **Non-cryptographic checksums / hashes** | Error detection ≠ cryptographic security | CRC variants beyond ISO 3309, Fletcher checksums, Adler-32 (already borderline) |
308+
| **Steganography and covert-channel techniques** | Out of scope; not cryptographic primitives | LSB encoding, spread-spectrum hiding, traffic morphing |
309+
| **Quantum cryptography (QKD / QRNG hardware schemes)** | Physical-layer security, not algorithmic cryptography | BB84, E91, device-independent QKD protocols |
310+
| **Ad-hoc protocol compositions without standardization** | Too many possible combinations; we track standardized integrations only | Custom corporate VPN protocols, homegrown key-derivation schemes |
311+
| **Malware / offensive tooling ciphers** | No legitimate engineering use case | Ransomware custom ciphers, C2 obfuscation algorithms |
312+
313+
---
314+
315+
### The "Almost Complete" Claim — Honest Assessment
316+
317+
**Can a team pick this inventory and say "we have all algorithms we need for any standard-compliant system"?**
318+
319+
**Yes, with two caveats:**
320+
321+
1. **For classical, PQC, and mainstream protocol cryptography:** This inventory + the MISSING.md supplement covers **>95% of algorithms you will ever encounter** in standards-compliant TLS, SSH, IPsec, messaging, blockchain, code-signing, document signing, or FIPS 140-validated modules. The remaining gaps are niche national standards (e.g., some CIS regional ciphers), experimental ZK constructions, or bleeding-edge PQC on-ramp candidates not yet finalized.
322+
323+
2. **For specialized domains, you will need domain-specific extensions:**
324+
- **Satellite/space communications** (CCSDS, specific space agencies)
325+
- **Military / defense** (NATO STANAG, national classified suites)
326+
- **Payment networks** (EMVCo specifics, PCI PTS point-to-point encryption)
327+
- **Automotive** (V2X IEEE 1609.2, SOME/IP Sec, proprietary OEM schemes)
328+
- **Medical devices** (IEC 80001, proprietary hospital network encryption)
329+
- **Industrial control** (IEC 62351, proprietary SCADA protocols)
330+
331+
**In short:** This is the most comprehensive **open, engineering-oriented** cryptographic archive available. It is not — and cannot be — a complete enumeration of every algorithm ever devised, because cryptography is a living field with classified, proprietary, experimental, and domain-specific branches that are inherently unbounded.
332+
333+
---
334+
335+
### How to Extend This Inventory
336+
337+
If you need coverage for a specific domain:
338+
339+
1. **Fork the MISSING.md** and add your domain-specific section (e.g., `# 21. Space Communications`, `# 22. Medical Device Crypto`).
340+
2. **Reference the original schema** (SQL-style tables in CRYPTO_INVENTORY.md) so your additions remain machine-parseable.
341+
3. **Flag `status` appropriately:** Use `historic` for obsolete domain ciphers, `planned` for draft standards, and `current` only for actively deployed algorithms.
342+
4. **Cross-reference protocol integrations:** If your algorithm appears in a protocol, add it to the Protocol Integration Reference table.
343+
344+
---
345+
346+
*The goal is not to be a museum of every cipher ever conceived. The goal is to be the definitive engineering reference for building secure, standards-compliant, and future-proofed cryptographic systems.*

0 commit comments

Comments
 (0)