Free des software for linux

Des package contains the Des extension module for Perl.

The Des extension module gives access to the DES library.

The following is a brief and over-simplified description of the relevant stuff about DES.

DES keys are 8-byte blocks. A key is passed to a perl function as an 8-byte string. Before keys can be used to encrypt or decrypt data, the key needs to be transformed into a key schedule using the function set_key. There is a certain amount of overhead in creating these key schedules (which are 128 bytes or 256 bytes depending on implementation and architecture) so they can be created and cached for later if desired. Encryption and decryption can be done in 3 modes:

ECB (electronic code book) mode

Takes a des_cblock (perl 8-byte string) and produces another des_cblock. (Very rarely useful for large amounts of plain text, subject to known plaintext attacks under certain circumstances, only slightly faster than CBC or PCBC mode, and you lose even this advantage in perl).

CBC (cipher block chaining) mode

Takes an arbitrary length string, pads it out (internally) on the right with NULs to a multiple of 8-bytes. Encrypts/decrypts the data and produces output (same size as padded input) which is an exact multiple of 8 bytes long. Changing a single bit of the cleartext affects all the following ciphertext. However, changing a single bit of the ciphertext affects only the corresponding cleartext block and the following block. This is occasionally an advantage but is usually a disadvantage.

PCBC mode

A modified CBC mode with indefinite proagation of single bit errors both from cleartext to ciphertext and from ciphertext to cleartext. "Usually" the best mode (for certain values of "usually").

Functions imported by use Des.

string_to_key (STRING)

Takes an arbitrary STRING and munges it (with a one-way function) into a DES key, which is returned.

set_key (KEY)

The DES key KEY (which must be a string of exactly 8 bytes) is turned into a key schedule which is returned.

ecb_encrypt (INPUT, SCHEDULE)

The INPUT argument (which must be a string of exactly 8 bytes) is encrypted using ECB mode using key schedule SCHEDULE (created using set_key) and the resulting 8-byte string is returned.

ecb_decrypt (INPUT, SCHEDULE)

The INPUT argument (which must be a string of exactly 8 bytes) is decrypted using ECB mode using key schedule SCHEDULE (created using set_key) and the resulting 8-byte string is returned.

cbc_encrypt (INPUT, OUTPUT, SCHEDULE, IV)

The INPUT argument can be of arbitrary length, although it will be internally padded on the right with NULs to the nearest multiple of 8 bytes. INPUT is taken and encrypted using CBC mode with key schedule SCHEDULE and initialisation vector IV. If OUTPUT is not undef then it assumed to be an lvalue which is grown (if necessary) and receives the encrypted output. Whether or not OUTPUT is undef, the output is also available as the return value of the function.

cbc_decrypt (INPUT, OUTPUT, SCHEDULE, IV)

The INPUT argument can be of arbitrary length, although it will be internally padded on the right with NULs to the nearest multiple of 8 bytes. INPUT is taken and decrypted using CBC mode with key schedule SCHEDULE and initialisation vector IV. If OUTPUT is not undef then it assumed to be an lvalue which is grown (if necessary) and receives the decrypted output. Whether or not OUTPUT is undef, the output is also available as the return value of the function.

pcbc_encrypt (INPUT, OUTPUT, SCHEDULE, IV)

The INPUT argument can be of arbitrary length, although it will be internally padded on the right with NULs to the nearest multiple of 8 bytes. INPUT is taken and encrypted using PCBC mode with key schedule SCHEDULE and initialisation vector IV. If OUTPUT is not undef then it assumed to be an lvalue which is grown (if necessary) and receives the encrypted output. Whether or not OUTPUT is undef, the output is also available as the return value of the function.

pcbc_decrypt (INPUT, OUTPUT, SCHEDULE, IV)

The INPUT argument can be of arbitrary length, although it will be internally padded on the right with NULs to the nearest multiple of 8 bytes. INPUT is taken and decrypted using PCBC mode with key schedule SCHEDULE and initialisation vector IV. If OUTPUT is not undef then it assumed to be an lvalue which is grown (if necessary) and receives the decrypted output. Whether or not OUTPUT is undef, the output is also available as the return value of the function.

pcbc_cksum (INPUT, SCHEDULE, IV)

The INPUT argument can be of arbitrary length, although it will be internally padded on the right with NULs to the nearest multiple of 8 bytes. CBC mode is used to generate an 8-byte cryptographic checksum using key schedule SCHEDULE and initialisation vector IV. This checksum is returned.
Functions in package Des which can be imported

random_key ()

Produces a random DES key based on current time, PID and a counter.
read_password (PROMPT [, VERIFY])

Prints PROMPT on the terminal, turns off echo if possible and reads a password from the keyboard. If the optional VERIFY argument is present and true than the password is prompted for a second time and the two are compared. If different, the prompting is repeated. The resulting string is turned into a DES key (using string_to_key (q.v.) internally) and that key is returned.

DirectoryPass is a very powerful, yet simple to use .htaccess management system. The project enables the user to administer both .htaccess and .htpasswd files to setup password protected directories and to add and remove users.
DirectoryPass automatically generates .htaccess files and is compatible with Cobalt RAQ and Windows .htaccess. DirectoryPass allows administration of an unlimited number of .htaccess and .htpasswd files within a particular users account/server.
DirectoryPass uses Apaches .htaccess and .htpasswd along with DES randomized salt generation and password encryption of passwords for increased security. Unlike our other products, DirectoryPass does not maintain a members database. It is simply a tool for managing your collection of .htaccess and .htpasswd files securely without the hassles of telnet or FTP.
Included in the administration panel are tools for addition and removal of users as well as the generation of .htaccess files.
Main features:
.htaccess Facilities
- Generate .htaccess files to password protect directories.
- Cobalt RAQ .htaccess compatible.
- Unix/Linux and Windows compatible.
.htpasswd Facilities
- Add user function.
- Remove user facility.
- Password are automatically encrypted with DES randomized salt encryption.
- Validation checks, checks for input and that usernames/passwords are more than 5 characters long.
- No duplicate usernames.
General Functionality
- Directory browser (flags password protected directories)
- Password protected for security.
- Ability to administer an unlimited number of .htaccess and .htpasswd files.
- Simple installation, upload one file, run via web browser and choose a password.
Version restrictions:
- DirectoryPass is available free of charge for all uses and purposes (i.e. personal, education, commercial etc.). The only requirements being that you must maintain the HTML link back to Locked-Area.com and Powered by DirectoryPass text at the footer of all the CGI scripts HTML outputs. We also require that all users of DirectoryPass register a members area account on our web site, the registration process for this requires that you input the web site URL/address that the software will be installed on and you are required to keep this information up-to-date. The compulsory link back can be removed for a small fee which can be purchased during registration. Only one account is required to download both Locked Area Lite and DirectoryPass.
Enhancements:
- This is a complete rewrite from version 1.2, including a redesigned interface allowing for directory browsing and new features such as .htaccess file removal.
- It is now Windows-compatible.

Games::WoW::PVP is a Perl module with the great new Games::WoW::PVP!

SYNOPSIS

Quick summary of what the module does.

Perhaps a little code snippet.

use Games::WoW::PVP;

my $WoW = Games::WoW::PVP->new();
# looking for a character
my %hash = $WoW->search_player(
{ country => EU, # EU europe US us
realm => conseil des ombres, # name of the realm
faction => h, # h horde a ally
character => raspa, # name of the player
}
);

# looking for top players
my %hash = $WoW->top(
{ country => EUR,
realm => elune,
faction => a,
}
);

Areca is an Open Source file backup software developped in Java.
Main features:
- Archives Compression (Zip format)
- Archives Encryption (Triple DES encryption algorithm)
- Source file filters (by extension, subdirectory or regular expression)
- Incremental / Full backup support
- Archives content explorer
- Archive description : A manifest is associated to each archive, which contains various informations such as author, title, date, description, and some technical data.
- File history explorer : Areca keeps track of your files history (creation / modifications / deletion) over your archives.
- Backup simulation : useful to check wether a backup is necessary
- Archives merges / deletion : You can merge contiguous archives in one single archive or safely delete your latest archives.
- As of date recovery : Areca allows you to recover your archives (or single files) as of a specific date.
- Transaction mechanism : All critical processes (such as backups or merges) support a transaction mechanism (with commit / rollback management) which guarantees your backups integrity.
- Users actions history : Areca keeps an history of all users actions (archives deletion, merges, backups, recoveries).
- Archives indicators : Areca computes a lot of indicators for you, which will help you in the everyday management of your archives.

phpass is a portable PHP password hashing framework.
This is a portable public domain password hashing framework for use in PHP applications. It is meant to work with PHP 3 and above, and it has actually been tested with PHP 3.0.18, 4.3.x, 4.4.x, and 5.0.x so far.
The preferred (most secure) hashing method supported by phpass is the OpenBSD-style Blowfish-based bcrypt, also supported with our public domain crypt_blowfish package (for C applications), and known in PHP as CRYPT_BLOWFISH, with a fallback to BSDI-style extended DES-based hashes, known in PHP as CRYPT_EXT_DES, and a last resort fallback to an MD5-based variable iteration count password hashing method implemented in phpass itself.
To ensure that the fallbacks will never occur, the PHP Hardening-Patch may be used. The Hardening-Patch integrates crypt_blowfish into the PHP interpreter such that bcrypt is available for use by PHP scripts even if the host system lacks support for it. Hopefully, future versions of PHP will do the same.
Included in the package are a PHP source file implementing the PasswordHash PHP class, a tiny PHP application demonstrating the use of the PasswordHash class, and a C re-implementation of the last resort password hashing method (used for testing the correctness of the primary implementation only).
Enhancements:
- The framework test program has been enhanced in numerous ways, and a minor bug which had no practical impact in the framework itself has been fixed.

TCFS project is a cryptographic network file system featuring group sharing of encrypted files. TCFS will encrypt your files before sending them to the file server and will decrypt them before they are read by the requesting application.

Because the encryption/decryption process takes place on the client host, no clean data will travel the network. This is particularly valid for the encryption key.

Recent advances in hardware and communication technologies have made possible and cost effective to share a file system among several machines over a local (but possibly also a wide) area network.

One of the most successful and widely used such applications is Suns Network File System (NFS).

NFS is very simple in structure but assumes a very strong trust model: the user trusts the remote file system server (which might be running on a machine in different country) and a network with his/her data. It is easy to see that neither assumption is a very realistic one.

The server (or anybody with superuser privileges) might very well read the data on its local filesytem and it is well known that the Internet or any local area network (e.g, Ethernet) is very easy to tap (see for example, Berkeleys tcpdump application program).
Impersonification of users is also another security drawback of NFS.

In fact, most of the permission checking over NFS are performed in the kernel of the client. In such a context a pirate can temporarely assign to his own workstation the Internet address of victim. Without secure RPC no further authentication procedure is requested. From here on, the pirate can issue NFS requests presenting himself with any (false) uid and therefore accessing for reading and writing any private data on the server, even protected data.

Given the above, a user seeking a certain level of security should take some measures. We propose a new cryptographic file system, which we call TCFS, as a suitable solution to the problem of privacy for distributed file system.

Dynamic Encryption Modules in TCFS:

The dynamic encryption module feature of TCFS allows a user to specify the encryption engine of his/her choiche to be used by TCFS. So you are not forced anymore to use what us (the developer) consider the best (i.e., more secure and efficient) encryption algorithm. The encryption engine must be given in the form of a Linux module and must conform to (the very simple) TCFS API for encryption module. Essentially, it must specify four functions:

1. An initialization function that is called by TCFS when the user pushes her key into TCFS.

Typically the initialization function takes as input the key and returns a pointer to a struct containing a the result of a preprocessing of the key to be used for the encryption and the decryption.

For the specific case of DES the initialization function computes the 16 48-bit subkeys, one for each round of DES.

2. An encryption function which takes a block of data, the length of the block in bytes and the result of the initialization function and encrypts the data.

3. A decryption function which takes a block of data, the length of the block in bytes and the result of the initialization function and decrypts the data.

The encryption and the decryption functions are called each time TCFS needs to read/write a block of data.

4. A cleanup function which performs whatever operation is needed before the key removed by TCFS.

Our work improves on Matt Blazes CFS by providing deeper integration between the encryption service and the file system which results in a complete transparency of use to the user applications.

Release 2.2 of TCFS includes the possibility of threshold sharing files among users. Threshold sharing consists in specifying a minimum number of members (the threshold) that need to be ``active for the files owned by the group to become available.

TCFS enforces the threshold sharing by generating an encryption key for each group and giving each member of the group a share using a Threshold Secret Sharing Scheme. The group encryption key can be reconstructed by any set of at least threshold keys.

A member of the group that intends to become active does so by pushing her/his share of the group key into the kernel. The TCFS module checks if the number of shares available is above the threshold and, if it is so, it attempts to reconstruct the group encryption key. By the properties of the Threshold Secret Sharing Scheme, it is guaranteed that, if enough shares are available, the group encryption key is correctly reconstructed.

Once the group encryption key has been reconstructed, the files owned by the group become accessible. Each time a member decides to become inactive, her share of the group encryption key is removed. The TCFS module checks if the number of shares available has gone under the threshold. In this case, the group encryption key is removed from the TCFS module and files owned by the group become unaccessible.

The current TCFS implementation of the group sharing facility requires each memeber to trust the kernel of the machine that reconstructs the key to actually remove the key once the number of active users goes below the threshold. Future implementations will remove this requirement by performing the reconstruction of the key in a distributed manner.

Ezail provides an application for securely transferring files of any size.

ezail is an application for securely transferring files of any size through the Internet.

Files are sent directly from senders to recipients without servers, with no limits on attachment sizes, no mailbox quotas, and no bounced messages.

Unlike email, the identity of senders and recipients is authenticated by signed certificates. Files sent are encrypted end-to-end with the Triple-DES algorithm.

Sanos is a minimalistic 32-bit x86 OS kernel for Java based server appliances running on standard PC hardware.
This enables you to run java server applications without the need to install a traditional host operating system like Windows or Linux. Only a standard Java HotSpot VM and the sanos kernel are needed.
The kernel was developed as part of an experiment on investigating the feasibility of running java server applications without a traditional operating system only using a simple kernel.
The kernel implements basic operating system services like booting, memory management, thread scheduling, local and remote file systems, TCP/IP networking and DLL loading and linking.
A win32 layer allows the Windows version of the standard HotSpot JVM to run under sanos, essentially providing a JavaOS platform for server applications. This enables you to run java based server applications, like tomcat and jboss, under sanos.
Alternatively, you can use sanos as a small kernel for embedded server applications written in C. Sanos has a fairly standard POSIX based API and an ANSI Standard C library. In this case you dont need the JVM and the win32 wrappers.
Sanos is open source under a BSD style license. Please see the COPYING file for details.
Click on the topics below for further information, or send me an e-mail if you have any questions, comments or problems regarding sanos. Please include the word sanos in the mail to prevent it from being intercepted by my spam filter.
Sanos can be downloaded as either binary or source. All the files in the binary version can be built from the source version, so you do not need the binary version, if you are building sanos from source.
The binary version contains the compiled version of sanos, with files and utilities for making a boot disk.
The source version contains all the source code and build files for building sanos from source. You will need a Microsoft Visual C compiler to build sanos from source.
Enhancements:
- GetLogicalDrives() in kernel32 implemented.
- A bug in cmd_ipconfig() in sh.c prevented proper display of network configuration if no DNS servers was configured. This problem has been fixed. (FGA)
- New -a option added to mkdfs to support file lists with alternative files names. This simplifies configurations with both debug and release builds.
- The Visual Studio wizard can now generate a floppy disk boot image configured for the application.
- Shell prompt can be configured by setting the prompt property in the [shell] section of the os.ini file.
- If command line arguments are given to the shell it now executes the built-in command and exits the shell.
- The floppy motor timeout routine now acquires the floppy mutex before turning off the motor in order to prevent race conditions.
- Advanced Power Management (APM) support implemented. The computer can now be powered off after os shutdown. The mode parameter for exitos() can be used to specify the shutdown mode (halt, reboot, poweroff, debug). A shutdown command has been added to the shell. The power status can be retrieved using /proc/apm.
- Added /proc/cpu for CPU information.
- The raise() function now returns an error if the signal number is invalid.
- Breakpoint traps are now sent to the user mode signal handler. This allows breakpoints to be handled by user mode code.
- Signals now exits the currently executing job with the signal number as exit code. However, if the debug flag in the PEB is set the debugger is entered if an unhandled signal is encountered. The debug flag can be set using the debug command in the shell. The debug flag can be configured using the debug property in the [os] section of os.ini. The default value of the debug flag is 0, unless the system is build in debug configuration.
- readv() and writev() implemented in vfs.
- The kernel log is now implemented by the device driver /dev/klog. The kernel log now support ioctl for waiting for new log entries in the kernel log. The kprintf has been extended to support different log levels.
- The syslog interface has been redesigned in to comply with POSIX. The syslog now supports logging to a syslog server by setting the loghost property in the [os] section of os.ini.
- New klog daemon to read entries from the kernel log (/dev/klog) and add them to the system log.
- The sockaddr and sockaddr_in structures has been change to conform to winsock definitions.
- The sleep() function has been renamed to msleep(). A new POSIX conformant sleep function has been added to unistd.h.
- Added sys/time.h header file. Also added tzp parameter to gettimeofday() for POSIX compliance.
- New simple text editor utility (edit.exe) added.
- The syserror() function has been moved from libc.lib to the os.dll as an exported os api call.
- readline() now uses stdin and stdout for input and output.
- Bug in iomux fixed. Now a monitored event signals the iomux and not the associated object.
- Implemented popen() and pclose(). Also added a P_SUSPEND parameter to spawn() to allow new jobs to be started suspended.
- The kernel version information is now kept in a version resource in krnl.dll. The version information is retrieved using the new module version information functions in verinfo.c.
- The build type can now be controlled by compile time switches. The kernel version can be displayed in the Windows Explorer by viewing Properties for krnl.dll and selecting the Version tab.
- User management added to kernel. Each thread is now assigned to a user and a group. A thread has both a real and an effective user and group owner. The {get|set}[e]{uid|gid}() functions can be used to change the effective and real user and group for a thread. When a new thread is created the effective user and group are inherited from the creator thread.
- Added functions to query /etc/passwd and /etc/group files.
- New whoami, id, chmod, and chown commands added to shell. The format of the output from ls has been changed to display the file permission info.
- New file system version for DFS. The new version supports user and group owner for files and directories as well as permission bits. The new DFS version also supports files larger than 2GB. The fchown() and chown() functions has been added to vfs.
- DES-based crypt() implementation added.
- The spawn() function now computes the pgm parameter from the cmdline parameter if the pgm parameter is NULL. The initpgm and initargs properties in the [os] section of /etc/os.ini has been replaced with a single property named init. The default for init has been changed to /bin/sh.
- The behavour of the initial application has been changed. Previously the os shut down after the initial application exited. Now the initial application is executed again if it exits.
- Telnet daemon moved from the shell to separate server (telnetd.exe). The new telnet daemon has a more robust handling of the telnet protocol. The telnet daemon invokes the new login utlity in order to log on user.
- FTP daemon implemented.