cryptography
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 57
PyECC 0.1
A simple Python module for performing Elliptical Curve Cryptography more>>
PyECC 0.1 is yet another excellent utility for programmers. It is actually a simple Python module for performing Elliptical Curve Cryptography. This library wrapped around the libseccure library which itself is based off of code developed originally for the secure utility.
Instructions:
- Since PyECC uses setuptools to build and install the PyECC module and corresponding library, you need to run: % sudo python setup.py install
Requirements:
- Python
Added: 2009-07-10 License: LGPL v2 Price: FREE
10 downloads
OpenSSH 5.1
OpenSSH is a FREE version of the SSH connectivity tools more>> OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.
The OpenSSH suite replaces rlogin and telnet with the ssh program, rcp with scp, and ftp with sftp. Also included is sshd (the server side of the package), and the other utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server.
features:
Open Source Project
Free Licensing
Strong Encryption (3DES, Blowfish, AES, Arcfour)
X11 Forwarding (encrypt X Window System traffic)
Port Forwarding (encrypted channels for legacy protocols)
Strong Authentication (Public Key, One-Time Password and Kerberos Authentication)
Agent Forwarding (Single-Sign-On)
Interoperability (Compliance with SSH 1.3, 1.5, and 2.0 protocol Standards)
SFTP client and server support in both SSH1 and SSH2 protocols.
Kerberos and AFS Ticket Passing
Data Compression
OpenSSH is developed by the OpenBSD Project. The software is developed in countries that permit cryptography export and is freely useable and re-useable by everyone under a BSD license. However, development has costs, so if you find OpenSSH useful (particularly if you use it in a commercial system that is distributed) please consider donating to help fund the project.
OpenSSH is developed by two teams. One team does strictly OpenBSD-based development, aiming to produce code that is as clean, simple, and secure as possible. We believe that simplicity without the portability "goop" allows for better code quality control and easier review. The other team then takes the clean version and mak<<less
Download (428KB)
Added: 2009-04-29 License: Freeware Price: Free
279 downloads
Fast Secure File System 0.1.1
Fast Secure File System is a secure, distributed, scalable, user-space file system. more>>
Fast Secure File System exports existing directories securely over the network, letting users store and retrieve encrypted data in a scalable and transparent way. FSFS is written in C and works on GNU/Linux systems on x86 and PPC architectures, with help from FUSE and OpenSSL.
File systems are easily the most evident, from the point of view of users, component of an operating system. Through file systems it is possible to organize data in a wide variety of ways, and access resources through a common interface.
Users can nowadays not only store and retrieve documents, but also find information on running processes and system settings (through ProcFS), access and manipulate e-mail (for example with GmailFS), or perform several other operations.
In several circumstances and scenarios it is desirable to protect stored files and directories from manipulation by unknown or malicious users: financial or health-related data, confidential documents, or any kind of personal or sensitive data may need to be stored securely, in such a way that it can not be examined or modified freely by third parties.
Most file systems do not take action in this sense, and external cryptographic utilities are sometimes employed to secure data before storage. While this can be a perfectly secure solution, it is not transparent to users.
Distributed file systems propose efficient ways of accessing data remotely as if it resided on the local machine; when it comes to dealing with securely stored data as in the examples above, care must be taken to preserve confidentiality and integrity also during network transfer.
Not all distributed file systems accomplish this task, weakening the overall security of the system, or do so inefficiently, making it inconvenient for users.
FSFS is a secure, distributed file system in users space, written in C with much help from FUSE and OpenSSL. It lets users store and retrieve data securely and transparently, knowing that it is protected both on permanent storage devices and while in transit over the network.
It is also concerned with scalability, therefore separates data cryptography from the server, leaving it to the clients; this approach is similar to the one used in CFS, and opposite to those taken on by other secure file system solutions (like NFS on top of IPsec).
FSFS is written as a pair of user space daemons that act as client and server. Because of this, it needs no kernel support (unlike NFS over IPsec), save the FUSE loadable kernel module on clients, included in Linux since 2.6.14; servers dont use FUSE and depend only on user space OpenSSL libraries.
Servers export an existing file system (of virtually any kind) to clients over the network through two separate channels: a TLS connection set up with OpenSSL, and a clear channel. Requests from the clients to the servers are sent via the TLS socket, thus they are encrypted and authenticated, according to TLS v1 specifications, by the channel itself and decrypted on receipt, as they are usually very short and the relevant cryptography does not constitute a great overhead; simple server replies undergo the same process.
Cryptography in this case happens at both ends of the transmission.
In a distributed file system, large amounts of data may be transferred between clients and servers, thus encrypting and decrypting everything may become too cumbersome for both parties, and as more clients are added to the system the server may severely lose performance; moreover, file data should be stored encrypted anyway, so the cryptography could be moved to the clients, in such a way that each encrypts data before a write operation sends it over the network to the server, and decrypts it after a read retrieves it.
This way servers only deal with TLS details and can concentrate on serving client requests by doing the relevant I/O on the underlying, "physical" file system. As the data is already encrypted, it does not need to go through the TLS channel and the corresponding overhead, but can be sent via the clear channel, provided the messages are authenticated.
Enhancements:
- This release fixes two bugs. One bug related to socket creation and would cause problems on some systems (namely OpenSUSE 10.2). The other bug related to server configuration creation when using the Python configuration utilities. Users dont need to upgrade to this release if theyre not experiencing problems or are not using the Python configuration utilities.
<<lessFile systems are easily the most evident, from the point of view of users, component of an operating system. Through file systems it is possible to organize data in a wide variety of ways, and access resources through a common interface.
Users can nowadays not only store and retrieve documents, but also find information on running processes and system settings (through ProcFS), access and manipulate e-mail (for example with GmailFS), or perform several other operations.
In several circumstances and scenarios it is desirable to protect stored files and directories from manipulation by unknown or malicious users: financial or health-related data, confidential documents, or any kind of personal or sensitive data may need to be stored securely, in such a way that it can not be examined or modified freely by third parties.
Most file systems do not take action in this sense, and external cryptographic utilities are sometimes employed to secure data before storage. While this can be a perfectly secure solution, it is not transparent to users.
Distributed file systems propose efficient ways of accessing data remotely as if it resided on the local machine; when it comes to dealing with securely stored data as in the examples above, care must be taken to preserve confidentiality and integrity also during network transfer.
Not all distributed file systems accomplish this task, weakening the overall security of the system, or do so inefficiently, making it inconvenient for users.
FSFS is a secure, distributed file system in users space, written in C with much help from FUSE and OpenSSL. It lets users store and retrieve data securely and transparently, knowing that it is protected both on permanent storage devices and while in transit over the network.
It is also concerned with scalability, therefore separates data cryptography from the server, leaving it to the clients; this approach is similar to the one used in CFS, and opposite to those taken on by other secure file system solutions (like NFS on top of IPsec).
FSFS is written as a pair of user space daemons that act as client and server. Because of this, it needs no kernel support (unlike NFS over IPsec), save the FUSE loadable kernel module on clients, included in Linux since 2.6.14; servers dont use FUSE and depend only on user space OpenSSL libraries.
Servers export an existing file system (of virtually any kind) to clients over the network through two separate channels: a TLS connection set up with OpenSSL, and a clear channel. Requests from the clients to the servers are sent via the TLS socket, thus they are encrypted and authenticated, according to TLS v1 specifications, by the channel itself and decrypted on receipt, as they are usually very short and the relevant cryptography does not constitute a great overhead; simple server replies undergo the same process.
Cryptography in this case happens at both ends of the transmission.
In a distributed file system, large amounts of data may be transferred between clients and servers, thus encrypting and decrypting everything may become too cumbersome for both parties, and as more clients are added to the system the server may severely lose performance; moreover, file data should be stored encrypted anyway, so the cryptography could be moved to the clients, in such a way that each encrypts data before a write operation sends it over the network to the server, and decrypts it after a read retrieves it.
This way servers only deal with TLS details and can concentrate on serving client requests by doing the relevant I/O on the underlying, "physical" file system. As the data is already encrypted, it does not need to go through the TLS channel and the corresponding overhead, but can be sent via the clear channel, provided the messages are authenticated.
Enhancements:
- This release fixes two bugs. One bug related to socket creation and would cause problems on some systems (namely OpenSUSE 10.2). The other bug related to server configuration creation when using the Python configuration utilities. Users dont need to upgrade to this release if theyre not experiencing problems or are not using the Python configuration utilities.
Download (MB)
Added: 2007-08-12 License: GPL (GNU General Public License) Price:
806 downloads
Crypt::ECDSA::Curve 0.052
Crypt::ECDSA::Curve is a base class for ECC curves. more>>
Crypt::ECDSA::Curve is a base class for ECC curves.
These are for use with Crypt::ECDSA, a Math::GMPz based cryptography module.
METHODS
new
Constructor. Takes the following named pair arguments:
standard => standard-curve-name
Used for named standard curves such as the NIST standard curves.
Preferentially, these are invoked by classes which inherit
from Crypt::ECDSA::Curve, such as Crypt::ECDSA::Curve::Prime,
Crypt::ECDSA::Curve::Binary, or Crypt::ECDSA::Curve::Koblitz.
See US govenment standard publications FIPS 186-2 or FIPS 186-3.
used as:
new(standard => standard curve name), where curve name is one of:
Crypt::ECDSA::Curve::Prime->new( standard =>
[ one of ECP-192, ECP-224, ECP-256, ECP-384, ECP-521 ] )
Crypt::ECDSA::Curve::Koblitz->new( standard =>
[ one of EC2N-163, EC2N-233, EC2N-283, EC2N-409, EC2N-571 ] )
Koblitz curves are a special case of binary curves, with a simpler equation.
Non-standard curve types are supported either via specifying parameters and algorithm,
or by specifying a generic "standard" via specifying in new the pair:
standard => generic_prime or standard => generic_binary.
The following are used mainly for non-standard curve types. They are
gotten from pre-defined values for named curves:
p => $p , sets curve modulus ( for prime curve over F(p) )
a => $a, sets curve param a
b => $b, sets curve param b
N => the exponent in 2**N, where 2**N is a binary curve modulus
( for binary or Koblitz curve over F(2**N) )
h => curve cofactor for the point order
r => base point G order for prime curves
n => base point G order for binary curves
G_x => $x, a base point x coordinate
G_y => $y, a base point y coordinate
irreducible => binary curve irreducible basis polynimial in binary integer
format, so that x**233 + x**74 + 1 becomes
polynomial => [ 233, 74, 0 ] and irreducible =>
0x20000000000000000000000000000000000000004000000000000000001
a
my $param = $curve->a;
Returns parameter a in the elliptic equation.
b
my $param = $curve->b;
Returns parameter b in the elliptic equation.
p
my $param = $curve->p;
returns parameter p in the equation-- this is the field modulus parameter for prime curves
order
my $param = $curve->order;
Returns the curve base point G order if known.
curve_order
my $param = $curve->curve_order;
Returns the curve order if known. This might calculate the order some day.
It does not in this version.
infinity
my $inf = $curve->infinity;
Returns a valid point at infinity for the curve.
standard
my $param = $curve->standard;
Returns the standard type of the curve, if defined for the instance.
<<lessThese are for use with Crypt::ECDSA, a Math::GMPz based cryptography module.
METHODS
new
Constructor. Takes the following named pair arguments:
standard => standard-curve-name
Used for named standard curves such as the NIST standard curves.
Preferentially, these are invoked by classes which inherit
from Crypt::ECDSA::Curve, such as Crypt::ECDSA::Curve::Prime,
Crypt::ECDSA::Curve::Binary, or Crypt::ECDSA::Curve::Koblitz.
See US govenment standard publications FIPS 186-2 or FIPS 186-3.
used as:
new(standard => standard curve name), where curve name is one of:
Crypt::ECDSA::Curve::Prime->new( standard =>
[ one of ECP-192, ECP-224, ECP-256, ECP-384, ECP-521 ] )
Crypt::ECDSA::Curve::Koblitz->new( standard =>
[ one of EC2N-163, EC2N-233, EC2N-283, EC2N-409, EC2N-571 ] )
Koblitz curves are a special case of binary curves, with a simpler equation.
Non-standard curve types are supported either via specifying parameters and algorithm,
or by specifying a generic "standard" via specifying in new the pair:
standard => generic_prime or standard => generic_binary.
The following are used mainly for non-standard curve types. They are
gotten from pre-defined values for named curves:
p => $p , sets curve modulus ( for prime curve over F(p) )
a => $a, sets curve param a
b => $b, sets curve param b
N => the exponent in 2**N, where 2**N is a binary curve modulus
( for binary or Koblitz curve over F(2**N) )
h => curve cofactor for the point order
r => base point G order for prime curves
n => base point G order for binary curves
G_x => $x, a base point x coordinate
G_y => $y, a base point y coordinate
irreducible => binary curve irreducible basis polynimial in binary integer
format, so that x**233 + x**74 + 1 becomes
polynomial => [ 233, 74, 0 ] and irreducible =>
0x20000000000000000000000000000000000000004000000000000000001
a
my $param = $curve->a;
Returns parameter a in the elliptic equation.
b
my $param = $curve->b;
Returns parameter b in the elliptic equation.
p
my $param = $curve->p;
returns parameter p in the equation-- this is the field modulus parameter for prime curves
order
my $param = $curve->order;
Returns the curve base point G order if known.
curve_order
my $param = $curve->curve_order;
Returns the curve order if known. This might calculate the order some day.
It does not in this version.
infinity
my $inf = $curve->infinity;
Returns a valid point at infinity for the curve.
standard
my $param = $curve->standard;
Returns the standard type of the curve, if defined for the instance.
Download (0.14MB)
Added: 2007-07-13 License: Perl Artistic License Price:
861 downloads
KeyTool IUI 2.0
KeyTool IUI is a cryptography GUI tool. more>>
KeyTool IUI is a cryptography GUI tool. Its used to create/manage keys & certificates, sign/verify/encrypt/decrypt files.
Keystore file formats:
JKS
JCEKS
PKCS12
BKS
UBER
Certificate file formats:
DER
PKCS7
PEM
PKCS10
Secret Key (shared key) file formats:
DER
PEM
Private Key (keypair) file formats:
DER
PEM
Secret Key (shared key) algorithms:
AES
ARCFOUR
Blowfish
DES
DESede
HmacMD5
HmacSHA1
HmacSHA256
HmacSHA384
HmacSHA512
RC2
Private Key (keypair) algorithms:
SHA1withDSA
SHA1withRSA
MD2withRSA
MD5withRSA
SHA256withRSA
SHA384withRSA
SHA512withRSA
RIPEMD128withRSA
RIPEMD160withRSA
RIPEMD256withRSA
SHA1withECDSA
SHA224withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
<<lessKeystore file formats:
JKS
JCEKS
PKCS12
BKS
UBER
Certificate file formats:
DER
PKCS7
PEM
PKCS10
Secret Key (shared key) file formats:
DER
PEM
Private Key (keypair) file formats:
DER
PEM
Secret Key (shared key) algorithms:
AES
ARCFOUR
Blowfish
DES
DESede
HmacMD5
HmacSHA1
HmacSHA256
HmacSHA384
HmacSHA512
RC2
Private Key (keypair) algorithms:
SHA1withDSA
SHA1withRSA
MD2withRSA
MD5withRSA
SHA256withRSA
SHA384withRSA
SHA512withRSA
RIPEMD128withRSA
RIPEMD160withRSA
RIPEMD256withRSA
SHA1withECDSA
SHA224withECDSA
SHA256withECDSA
SHA384withECDSA
SHA512withECDSA
Download (MB)
Added: 2007-07-04 License: Freeware Price:
877 downloads
Crypt::UnixCrypt 1.0
Crypt::UnixCrypt is a perl-only implementation of the crypt function. more>>
Crypt::UnixCrypt is a perl-only implementation of the crypt function.
SYNOPSIS
use Crypt::UnixCrypt;
$hashed = crypt($plaintext,$salt);
# always use this modules crypt
BEGIN { $Crypt::UnixCrpyt::OVERRIDE_BUILTIN = 1 }
use Crypt::UnixCrypt;
This module is for all those poor souls whose perl port answers to the use of crypt() with the message `The crypt() function is unimplemented due to excessive paranoia..
This module wont overload a built-in crypt() unless forced by a true value of the variable $Crypt::UnixCrypt::OVERRIDE_BUILTIN.
If you use this module, you probably neither have a built-in crypt() function nor a crypt(3) manpage; so Ill supply the appropriate portions of its description (from my Linux system) here:
crypt is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.
$plaintext is a users typed password.
$salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.
By taking the lowest 7 bit of each character of $plaintext (filling it up to 8 characters with zeros, if needed), a 56-bit key is obtained. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself).
Warning: The key space consists of 2**56 equal 7.2e16 possible values. Exhaustive searches of this key space are possible using massively parallel computers. Software, such as crack(1), is available which will search the portion of this key space that is generally used by humans for passwords. Hence, password selection should, at minimum, avoid common words and names. The use of a passwd(1) program that checks for crackable passwords during the selection process is recommended.
The DES algorithm itself has a few quirks which make the use of the crypt(3) interface a very poor choice for anything other than password authentication. If you are planning on using the crypt(3) interface for a cryptography project, dont do it: get a good book on encryption and one of the widely available DES libraries.
<<lessSYNOPSIS
use Crypt::UnixCrypt;
$hashed = crypt($plaintext,$salt);
# always use this modules crypt
BEGIN { $Crypt::UnixCrpyt::OVERRIDE_BUILTIN = 1 }
use Crypt::UnixCrypt;
This module is for all those poor souls whose perl port answers to the use of crypt() with the message `The crypt() function is unimplemented due to excessive paranoia..
This module wont overload a built-in crypt() unless forced by a true value of the variable $Crypt::UnixCrypt::OVERRIDE_BUILTIN.
If you use this module, you probably neither have a built-in crypt() function nor a crypt(3) manpage; so Ill supply the appropriate portions of its description (from my Linux system) here:
crypt is the password encryption function. It is based on the Data Encryption Standard algorithm with variations intended (among other things) to discourage use of hardware implementations of a key search.
$plaintext is a users typed password.
$salt is a two-character string chosen from the set [a-zA-Z0-9./]. This string is used to perturb the algorithm in one of 4096 different ways.
By taking the lowest 7 bit of each character of $plaintext (filling it up to 8 characters with zeros, if needed), a 56-bit key is obtained. This 56-bit key is used to encrypt repeatedly a constant string (usually a string consisting of all zeros). The returned value points to the encrypted password, a series of 13 printable ASCII characters (the first two characters represent the salt itself).
Warning: The key space consists of 2**56 equal 7.2e16 possible values. Exhaustive searches of this key space are possible using massively parallel computers. Software, such as crack(1), is available which will search the portion of this key space that is generally used by humans for passwords. Hence, password selection should, at minimum, avoid common words and names. The use of a passwd(1) program that checks for crackable passwords during the selection process is recommended.
The DES algorithm itself has a few quirks which make the use of the crypt(3) interface a very poor choice for anything other than password authentication. If you are planning on using the crypt(3) interface for a cryptography project, dont do it: get a good book on encryption and one of the widely available DES libraries.
Download (0.008MB)
Added: 2007-06-19 License: Perl Artistic License Price:
857 downloads
Legion of the Bouncy Castle Java Cryptography API 1.37
The Legion of the Bouncy Castle Java Cryptography API provides a lightweight cryptography API in Java. more>>
The Legion of the Bouncy Castle Java Cryptography API provides a lightweight cryptography API in Java. A provider for the JCE and JCA, a clean-room implementation of the JCE 1.2.1, generators for Version 1 and Version 3 X.509 certificates, generators for Version 2 X.509 attribute certificates, PKCS12 support, and APIs for dealing with S/MIME, CMS, OCSP, TSP, and OpenPGP. Versions are provided for the J2ME, and JDK 1.0-1.5.
Main features:
- A lightweight cryptography API in Java.
- A provider for the JCE and JCA.
- A clean room implementation of the JCE 1.2.1.
- A library for reading and writing encoded ASN.1 objects.
- Generators for Version 1 and Version 3 X.509 certificates, Version 2 CRLs, and PKCS12 files.
- Generators for Version 2 X.509 attribute certificates.
- Generators/Processors for S/MIME and CMS (PKCS7).
- Generators/Processors for OCSP (RFC 2560).
- Generators/Processors for TSP (RFC 3161).
- Generators/Processors for OpenPGP (RFC 2440).
- A signed jar version suitable for JDK 1.4/1.5 and the Sun JCE.
<<lessMain features:
- A lightweight cryptography API in Java.
- A provider for the JCE and JCA.
- A clean room implementation of the JCE 1.2.1.
- A library for reading and writing encoded ASN.1 objects.
- Generators for Version 1 and Version 3 X.509 certificates, Version 2 CRLs, and PKCS12 files.
- Generators for Version 2 X.509 attribute certificates.
- Generators/Processors for S/MIME and CMS (PKCS7).
- Generators/Processors for OCSP (RFC 2560).
- Generators/Processors for TSP (RFC 3161).
- Generators/Processors for OpenPGP (RFC 2440).
- A signed jar version suitable for JDK 1.4/1.5 and the Sun JCE.
Download (21.2MB)
Added: 2007-06-15 License: Freely Distributable Price:
532 downloads
CODEX 1.2
CODEX is a software designed for applications with a moderate number of clients requesting authentication keys. more>>
CODEX is a software designed for applications with a moderate number of clients requesting authentication keys
When designing secure applications, it is not uncommon to assume some out-of-band mechanism for distributing keys or other secrets. Other applications without inherent security features could, given a key distribution system, employ symmetric key encryption to add a cryptographic access control mechanism. These applications motivated the development of the CODEX (the Cornell Data Exchange) key distribution system. CODEX is designed for applications with a moderate number of clients (tens or hundreds) requesting keys that change often but not continuously (on the scale of minutes to hours).
CODEX is an moving forward from the ideas implemented in COCA. It employs the RSA and ElGamal encryption schemes, as well as techniques such as threshold cryptography and proactive secret sharing. The COCA page contains a number of useful links for these topics.
Part of the development of CODEX was the creation of a general-purpose toolkit for the various primitives needed by the system. These primitives are discussed in the Implementation section, and the full source code is also available.
Since a random search on Google revealed that this project is now listed on Freshmeat, it is worth mentioning a few significant aspects of the implementation. First, the code is research-quality, not production-quality. The system employs spin-waiting, which can substantially impact the host on which a server runs. For an effective proactive-recovery system, servers must periodically be placed into a known-good state.
This typically involves rebooting from clean (and, if necessary, patched) media and installing new server-specific public/private key pairs, as well as the proactive secret sharing procedure included in the implementation. If, at this point, you still trust the implementation and your operating system enough to use CODEX, be advised that there is currently no credentials mechanism in place.
The existing policy object always accepts any credentials object as valid. Since the entire system depends on enforcing policies for access control, if you want to deploy a CODEX system (as opposed to using the libraries to build your own system) you must implement an actual policy/credentials mechanism.
Enhancements:
- This release was updated for compatibility with Doxygen 1.4.1 and to work with g++ through version 3.3.5.
- CODEX_Quorum/Socket.cc is now able to handle non-stream sockets (i.e. UDP).
- CODEX_Quorum/SocketBuilder.h now has a copy constructor.
<<lessWhen designing secure applications, it is not uncommon to assume some out-of-band mechanism for distributing keys or other secrets. Other applications without inherent security features could, given a key distribution system, employ symmetric key encryption to add a cryptographic access control mechanism. These applications motivated the development of the CODEX (the Cornell Data Exchange) key distribution system. CODEX is designed for applications with a moderate number of clients (tens or hundreds) requesting keys that change often but not continuously (on the scale of minutes to hours).
CODEX is an moving forward from the ideas implemented in COCA. It employs the RSA and ElGamal encryption schemes, as well as techniques such as threshold cryptography and proactive secret sharing. The COCA page contains a number of useful links for these topics.
Part of the development of CODEX was the creation of a general-purpose toolkit for the various primitives needed by the system. These primitives are discussed in the Implementation section, and the full source code is also available.
Since a random search on Google revealed that this project is now listed on Freshmeat, it is worth mentioning a few significant aspects of the implementation. First, the code is research-quality, not production-quality. The system employs spin-waiting, which can substantially impact the host on which a server runs. For an effective proactive-recovery system, servers must periodically be placed into a known-good state.
This typically involves rebooting from clean (and, if necessary, patched) media and installing new server-specific public/private key pairs, as well as the proactive secret sharing procedure included in the implementation. If, at this point, you still trust the implementation and your operating system enough to use CODEX, be advised that there is currently no credentials mechanism in place.
The existing policy object always accepts any credentials object as valid. Since the entire system depends on enforcing policies for access control, if you want to deploy a CODEX system (as opposed to using the libraries to build your own system) you must implement an actual policy/credentials mechanism.
Enhancements:
- This release was updated for compatibility with Doxygen 1.4.1 and to work with g++ through version 3.3.5.
- CODEX_Quorum/Socket.cc is now able to handle non-stream sockets (i.e. UDP).
- CODEX_Quorum/SocketBuilder.h now has a copy constructor.
Download (0.30MB)
Added: 2007-06-02 License: BSD License Price:
876 downloads
PGPSigner 1.0
PGPSigner project is a tool born out of the main virtues of a sysadmin: Lazyness and Impatience. more>>
PGPSigner project is a tool born out of the main virtues of a sysadmin: Lazyness and Impatience. Have you ever been to a PGP key signing party? It is fun, you verify all these ids, check the keys on the party list and then... then you get home. And find out that you have 47 different keys to sign with one or more of your private keys. You will do it tomorrow. Surely.
When I found one of these lists from an event eight months past, I decided that I do not want to do all the work by myself. So PGPSigner was born: Strong cryptography and command line completion in a single application.
This application uses strong cryptography, something that might pose problems for you if you happen to live in a region of the world where this is an issue.
To use this application, you must probably install the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" for the Sun JCE. If you encounter the following error.
java.lang.SecurityException: Unsupported keysize or algorithm parameters.
then this is most likely the problem. Download these for the Sun JDK 1.5 at http://java.sun.com/javase/downloads/index_jdk5.jsp (scroll down to the bottom of the page).
<<lessWhen I found one of these lists from an event eight months past, I decided that I do not want to do all the work by myself. So PGPSigner was born: Strong cryptography and command line completion in a single application.
This application uses strong cryptography, something that might pose problems for you if you happen to live in a region of the world where this is an issue.
To use this application, you must probably install the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" for the Sun JCE. If you encounter the following error.
java.lang.SecurityException: Unsupported keysize or algorithm parameters.
then this is most likely the problem. Download these for the Sun JDK 1.5 at http://java.sun.com/javase/downloads/index_jdk5.jsp (scroll down to the bottom of the page).
Download (3.0MB)
Added: 2007-05-22 License: The Apache License 2.0 Price:
885 downloads
JSch 0.1.33
JSch is a pure Java implementation of SSH2. more>>
JSch is a pure Java implementation of SSH2.
JSch project allows the user to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs. JSch is licensed under BSD style license.
Our intension in developing this stuff is to enable users of our pure java X servers, WiredX and WeirdX, to enjoy secure X sessions. Our efforts have mostly targeted the SSH2 protocol in relation to X window system and X11 forwarding. Of course, we are also interested in adding other functionality - port forward, file transfer, terminal emulation, etc.
Needless to say, SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data.
The SSH protocol is available in two incompatible varieties: SSH1 and SSH2. SSH2 was invented to avoid the patent issues regarding RSA (RSA patent has expired), and to fix some data integrity problem that SSH1 has, and for a number of other technical reasons.
SSH2 protocol has been standardized on IETF Secure Shell working group and drafts related to SSH2 protocol are available on the web. In developing JSch, we are now referring to following documents:
SSH Protocol Architecture
SSH Transport Layer Protocol
Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol
SSH Connection Protocol
SSH Authentication Protocol
Main features:
- JSch is in pure Java, but it depends on JavaTM Cryptography Extension (JCE). JSch is know to work with:
- J2SE 1.4.0 or later (no additional libraries required).
- J2SE 1.3 and Suns JCE reference implementation that can be obtained at http://java.sun.com/products/jce/.
- J2SE 1.2.2 and later and Bouncycastles JCE implementation that can be obtained at http://www.bouncycastle.org/.
- SSH2 protocol support.
- Key exchange: diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1
- Cipher: blowfish-cbc, 3des-cbc, aes128-cbc,aes192-cbc,aes256-cbcnew!
- MAC: hmac-md5, hmac-sha1, hmac-md5-96, hmac-sha1-96
- Host key type: ssh-dss,ssh-rsa
- Userauth: password
- Userauth: publickey(DSA,RSA)
- Userauth: keyboard-interactive
- X11 forwarding
- xauth spoofing
- connection through HTTP proxy.
- connection through SOCKS5 proxy.
- port forwarding.
- stream forwarding.
- signal sending. The unofficial patch for sshd of openssh will be found in this thread.
- remote exec.
- generating DSA and RSA key pairs.
- changing the passphrase for a private key.
- partial authentication
- SSH File Transfer Protocol(version 0, 1, 2, 3)
- packet compression. JZlib has been used.
- JSch is licensed under BSD style license.
Enhancements:
- bugfix: freeze in diffie-hellman-group-exchange-sha1. FIXED. By the default, diffie-hellman-group1-sha1 will be used and if you have not chosen diffie-hellman-group-exchange-sha1 explicitly, you dont have to worry about it.
- bugfix: there should be timeout mechanism in opening a socket for remote port forwarding. FIXED. At the failure or timeout, SSH_MSG_CHANNEL_OPEN_FAILURE will be sent to sshd.
- bugfix: there should be timeout mechanism in opening a socket for X11 forwarding. FIXED. At the failure or timeout, SSH_MSG_CHANNEL_OPEN_FAILURE will be sent to sshd.
<<lessJSch project allows the user to connect to an sshd server and use port forwarding, X11 forwarding, file transfer, etc., and you can integrate its functionality into your own Java programs. JSch is licensed under BSD style license.
Our intension in developing this stuff is to enable users of our pure java X servers, WiredX and WeirdX, to enjoy secure X sessions. Our efforts have mostly targeted the SSH2 protocol in relation to X window system and X11 forwarding. Of course, we are also interested in adding other functionality - port forward, file transfer, terminal emulation, etc.
Needless to say, SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt, authenticate, and compress transmitted data.
The SSH protocol is available in two incompatible varieties: SSH1 and SSH2. SSH2 was invented to avoid the patent issues regarding RSA (RSA patent has expired), and to fix some data integrity problem that SSH1 has, and for a number of other technical reasons.
SSH2 protocol has been standardized on IETF Secure Shell working group and drafts related to SSH2 protocol are available on the web. In developing JSch, we are now referring to following documents:
SSH Protocol Architecture
SSH Transport Layer Protocol
Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol
SSH Connection Protocol
SSH Authentication Protocol
Main features:
- JSch is in pure Java, but it depends on JavaTM Cryptography Extension (JCE). JSch is know to work with:
- J2SE 1.4.0 or later (no additional libraries required).
- J2SE 1.3 and Suns JCE reference implementation that can be obtained at http://java.sun.com/products/jce/.
- J2SE 1.2.2 and later and Bouncycastles JCE implementation that can be obtained at http://www.bouncycastle.org/.
- SSH2 protocol support.
- Key exchange: diffie-hellman-group-exchange-sha1, diffie-hellman-group1-sha1
- Cipher: blowfish-cbc, 3des-cbc, aes128-cbc,aes192-cbc,aes256-cbcnew!
- MAC: hmac-md5, hmac-sha1, hmac-md5-96, hmac-sha1-96
- Host key type: ssh-dss,ssh-rsa
- Userauth: password
- Userauth: publickey(DSA,RSA)
- Userauth: keyboard-interactive
- X11 forwarding
- xauth spoofing
- connection through HTTP proxy.
- connection through SOCKS5 proxy.
- port forwarding.
- stream forwarding.
- signal sending. The unofficial patch for sshd of openssh will be found in this thread.
- remote exec.
- generating DSA and RSA key pairs.
- changing the passphrase for a private key.
- partial authentication
- SSH File Transfer Protocol(version 0, 1, 2, 3)
- packet compression. JZlib has been used.
- JSch is licensed under BSD style license.
Enhancements:
- bugfix: freeze in diffie-hellman-group-exchange-sha1. FIXED. By the default, diffie-hellman-group1-sha1 will be used and if you have not chosen diffie-hellman-group-exchange-sha1 explicitly, you dont have to worry about it.
- bugfix: there should be timeout mechanism in opening a socket for remote port forwarding. FIXED. At the failure or timeout, SSH_MSG_CHANNEL_OPEN_FAILURE will be sent to sshd.
- bugfix: there should be timeout mechanism in opening a socket for X11 forwarding. FIXED. At the failure or timeout, SSH_MSG_CHANNEL_OPEN_FAILURE will be sent to sshd.
Download (0.20MB)
Added: 2007-05-11 License: BSD License Price:
899 downloads
Crypto++ 5.5
Crypto++ project is a free C++ class library of cryptographic schemes. more>>
Crypto++ project is a free C++ class library of cryptographic schemes.
Main features:
- a class hierarchy with an API defined by abstract base classes
- AES (Rijndael) and AES candidates: RC6, MARS, Twofish, Serpent, CAST-256
- other symmetric block ciphers: IDEA, DES, Triple-DES (DES-EDE2 and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2, TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack, Camellia, SHACAL-2
- generic cipher modes: ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR)
- stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB, BlumBlumShub
- public-key cryptography: RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN
- padding schemes for public-key systems: PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 EMSA2 and EMSA5
- key agreement schemes: Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH
- elliptic curve cryptography: ECDSA, ECNR, ECIES, ECDH, ECMQV
- one-way hash functions: SHA-1, MD2, MD4, MD5, HAVAL, RIPEMD-128, RIPEMD-256, RIPEMD-160, RIPEMD-320, Tiger, SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512), Panama, Whirlpool
- message authentication codes: MD5-MAC, HMAC, XOR-MAC, CBC-MAC, DMAC, Two-Track-MAC
- cipher constructions based on hash functions: Luby-Rackoff, MDC
- pseudo random number generators (PRNG): ANSI X9.17 appendix C, PGPs RandPool
- password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5
- Shamirs secret sharing scheme and Rabins information dispersal algorithm (IDA)
- DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support
- fast multi-precision integer (bignum) and polynomial operations, with SSE2 optimizations for Pentium 4 processors, and support for 64-bit CPUs
- finite field arithmetics, including GF(p) and GF(2^n)
- prime number generation and verification
- various miscellaneous modules such as base 64 coding and 32-bit CRC
- class wrappers for these operating system features (optional):
- high resolution timers on Windows, Unix, and MacOS
- Berkeley and Windows style sockets
- Windows named pipes
- /dev/random and /dev/urandom on Linux and FreeBSD
- Microsofts CryptGenRandom on Windows
- A high level interface for most of the above, using a filter/pipeline metaphor
- benchmarks and validation testing
- FIPS 140-2 Validated
Enhancements:
- This release added VMAC and Sosemanuk, and improved the speed of several other algorithms using x86/x86-64/MMX/SSE2 assembly.
- Random number generators and DSA-like signature algorithms were modified to reduce the risk of reusing random numbers and IVs after virtual machine state rollback.
<<lessMain features:
- a class hierarchy with an API defined by abstract base classes
- AES (Rijndael) and AES candidates: RC6, MARS, Twofish, Serpent, CAST-256
- other symmetric block ciphers: IDEA, DES, Triple-DES (DES-EDE2 and DES-EDE3), DESX (DES-XEX3), RC2, RC5, Blowfish, Diamond2, TEA, SAFER, 3-WAY, GOST, SHARK, CAST-128, Square, Skipjack, Camellia, SHACAL-2
- generic cipher modes: ECB, CBC, CBC ciphertext stealing (CTS), CFB, OFB, counter mode (CTR)
- stream ciphers: Panama, ARC4, SEAL, WAKE, WAKE-OFB, BlumBlumShub
- public-key cryptography: RSA, DSA, ElGamal, Nyberg-Rueppel (NR), Rabin, Rabin-Williams (RW), LUC, LUCELG, DLIES (variants of DHAES), ESIGN
- padding schemes for public-key systems: PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 EMSA2 and EMSA5
- key agreement schemes: Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF, XTR-DH
- elliptic curve cryptography: ECDSA, ECNR, ECIES, ECDH, ECMQV
- one-way hash functions: SHA-1, MD2, MD4, MD5, HAVAL, RIPEMD-128, RIPEMD-256, RIPEMD-160, RIPEMD-320, Tiger, SHA-2 (SHA-224, SHA-256, SHA-384, and SHA-512), Panama, Whirlpool
- message authentication codes: MD5-MAC, HMAC, XOR-MAC, CBC-MAC, DMAC, Two-Track-MAC
- cipher constructions based on hash functions: Luby-Rackoff, MDC
- pseudo random number generators (PRNG): ANSI X9.17 appendix C, PGPs RandPool
- password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5
- Shamirs secret sharing scheme and Rabins information dispersal algorithm (IDA)
- DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and zlib (RFC 1950) format support
- fast multi-precision integer (bignum) and polynomial operations, with SSE2 optimizations for Pentium 4 processors, and support for 64-bit CPUs
- finite field arithmetics, including GF(p) and GF(2^n)
- prime number generation and verification
- various miscellaneous modules such as base 64 coding and 32-bit CRC
- class wrappers for these operating system features (optional):
- high resolution timers on Windows, Unix, and MacOS
- Berkeley and Windows style sockets
- Windows named pipes
- /dev/random and /dev/urandom on Linux and FreeBSD
- Microsofts CryptGenRandom on Windows
- A high level interface for most of the above, using a filter/pipeline metaphor
- benchmarks and validation testing
- FIPS 140-2 Validated
Enhancements:
- This release added VMAC and Sosemanuk, and improved the speed of several other algorithms using x86/x86-64/MMX/SSE2 assembly.
- Random number generators and DSA-like signature algorithms were modified to reduce the risk of reusing random numbers and IVs after virtual machine state rollback.
Download (0.98MB)
Added: 2007-05-06 License: BSD License Price:
921 downloads
RSA-Haskell 2.0.1
RSA-Haskell is a collection of command-line cryptography tools and a cryptography library written in Haskell. more>>
RSA-Haskell is a collection of command-line cryptography tools and a cryptography library written in Haskell. The project is intended to be useful to anyone who wants to secure files or communications or who wants to incorporate cryptography in their Haskell application.
The libraries include Haskell implementations of SHA1, EME-OAEP, EMSA-PSS, MGF, RSAES-OAEP, and RSA-PSS. These standards implement signature/verification, strong cryptography, and hashing.
Enhancements:
- Documentation is now available for the command line utilities.
- An easy-to-use Windows binary release is available.
<<lessThe libraries include Haskell implementations of SHA1, EME-OAEP, EMSA-PSS, MGF, RSAES-OAEP, and RSA-PSS. These standards implement signature/verification, strong cryptography, and hashing.
Enhancements:
- Documentation is now available for the command line utilities.
- An easy-to-use Windows binary release is available.
Download (0.37MB)
Added: 2007-05-03 License: Public Domain Price:
904 downloads
OpenBSD 4.1
The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. more>>
The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography.
OpenBSD project supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. OpenBSD is freely available from our FTP sites, and also available in an inexpensive 3-CD set.
<<lessOpenBSD project supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSD/OS, SunOS and HP-UX. OpenBSD is freely available from our FTP sites, and also available in an inexpensive 3-CD set.
Download (4.9MB)
Added: 2007-05-01 License: Freeware Price:
909 downloads
Coinflip 1.1
Coinflip provides a cryptographically secure server/client program and protocol for choosing random bits. more>>
Coinflip provides a cryptographically secure server/client program and protocol for choosing random bits.
Coinflip is a client/server based program that can generate random bits for 2 people over the internet. The 2 people dont have to trust each other in order to convince each other that the bit is truly a random bit.
Its called coinflip, of course, because flipping a coin in the real world is the equivalent of generating a random bit on a computer. (Its either heads or tails. Its either a 1 or a 0.)
Coinflip uses a slightly modified version of the "Coin Flipping Using One-Way
Functions" protocol outlined in Bruce Schneiers Applied Cryptography 2nd
edition.
This attack would work everytime Alice acted as the server in a coinflip procedure, providing Bob never realized that Alice was sending him the same y value every time. Or she could us it to trick multiple Bobs.
While it is supposed to be computationally infeasible to compute collisions in one-way hash functions, recent papers suggest that if you have enough money and time, collisions can be precalculated. P. van Oorschot and M. Wiener in their paper, "Parallel collision search with application to hash functions and discreet logarithms", estimate that for $10 million (in 1994 US dollars), a collision could be found for MD5 in 24 days on average. (Thanks for the info, defrost).
The solution is actually quite simple: Have both parties choose part of the random data, and use whatever size random number you like. Since Bob is expecting to see x contain his random data, Alices collision attack is nullified, and since Alice gets to put in her own data, she can make Bobs array attack infeasible.
<<lessCoinflip is a client/server based program that can generate random bits for 2 people over the internet. The 2 people dont have to trust each other in order to convince each other that the bit is truly a random bit.
Its called coinflip, of course, because flipping a coin in the real world is the equivalent of generating a random bit on a computer. (Its either heads or tails. Its either a 1 or a 0.)
Coinflip uses a slightly modified version of the "Coin Flipping Using One-Way
Functions" protocol outlined in Bruce Schneiers Applied Cryptography 2nd
edition.
This attack would work everytime Alice acted as the server in a coinflip procedure, providing Bob never realized that Alice was sending him the same y value every time. Or she could us it to trick multiple Bobs.
While it is supposed to be computationally infeasible to compute collisions in one-way hash functions, recent papers suggest that if you have enough money and time, collisions can be precalculated. P. van Oorschot and M. Wiener in their paper, "Parallel collision search with application to hash functions and discreet logarithms", estimate that for $10 million (in 1994 US dollars), a collision could be found for MD5 in 24 days on average. (Thanks for the info, defrost).
The solution is actually quite simple: Have both parties choose part of the random data, and use whatever size random number you like. Since Bob is expecting to see x contain his random data, Alices collision attack is nullified, and since Alice gets to put in her own data, she can make Bobs array attack infeasible.
Download (0.020MB)
Added: 2007-04-20 License: GPL (GNU General Public License) Price:
919 downloads
IP::Anonymous 0.04
IP::Anonymous is a Perl port of Crypto-PAn to provide anonymous IP addresses. more>>
IP::Anonymous is a Perl port of Crypto-PAn to provide anonymous IP addresses.
SYNOPSIS
use IP::Anonymous;
@key = (0..31);
my $object = new IP::Anonymous(@key);
print $object->anonymize("192.0.2.0")."n";
This is a Perl port of Crypto-PAn. Crypto-PAn is a cryptography-based sanitization tool for network trace or log data. The tool has the following properties:
One-to-one
The mapping from original IP addresses to anonymized IP addresses is one-to-one.
Prefix-preserving
The IP address anonymization is prefix-preserving. That is, if two original IP addresses share a k-bit prefix, their anonymized mappings will also share a k-bit prefix.
Consistent across traces
Multiple traces can be sanitized in a consistent way, over time and across locations, even though the traces might be sanitized separately at different time and/or at different locations.
Cryptography-based
To sanitize traces, trace owners provide a secret key. Anonymization consistency across multiple traces is achieved by the use of the same key. The construction of IP::Anonymous preserves the secrecy of the key and the (pseudo)randomness of the mapping from an original IP address to its anonymized counterpart.
This Perl port of Crypto-PAn uses similar logic to that found in Crypto-PAn 1.0, but most importantly maintains consistency in the process so that regardless of implementation, using the same key in each will give consistent results.
USAGE
$object = new IP::Anonymous(@key)
Initializes the electronic codebook object with a 32 8-bit decimal array. This array, consisting of 32 decimals between 0 and 255 inclusive, is the user defined private key for this anonymization session. This 256 bit key should be kept private. The key can be used across sessions to maintain consistent mappings between the original and the anonymized IP addresses.
$object->anonymize($address)
Called with a dotted quad IP address string (e.g. 192.0.2.0). Returns an anonymized version of that IP address as a dotted quad string.
<<lessSYNOPSIS
use IP::Anonymous;
@key = (0..31);
my $object = new IP::Anonymous(@key);
print $object->anonymize("192.0.2.0")."n";
This is a Perl port of Crypto-PAn. Crypto-PAn is a cryptography-based sanitization tool for network trace or log data. The tool has the following properties:
One-to-one
The mapping from original IP addresses to anonymized IP addresses is one-to-one.
Prefix-preserving
The IP address anonymization is prefix-preserving. That is, if two original IP addresses share a k-bit prefix, their anonymized mappings will also share a k-bit prefix.
Consistent across traces
Multiple traces can be sanitized in a consistent way, over time and across locations, even though the traces might be sanitized separately at different time and/or at different locations.
Cryptography-based
To sanitize traces, trace owners provide a secret key. Anonymization consistency across multiple traces is achieved by the use of the same key. The construction of IP::Anonymous preserves the secrecy of the key and the (pseudo)randomness of the mapping from an original IP address to its anonymized counterpart.
This Perl port of Crypto-PAn uses similar logic to that found in Crypto-PAn 1.0, but most importantly maintains consistency in the process so that regardless of implementation, using the same key in each will give consistent results.
USAGE
$object = new IP::Anonymous(@key)
Initializes the electronic codebook object with a 32 8-bit decimal array. This array, consisting of 32 decimals between 0 and 255 inclusive, is the user defined private key for this anonymization session. This 256 bit key should be kept private. The key can be used across sessions to maintain consistent mappings between the original and the anonymized IP addresses.
$object->anonymize($address)
Called with a dotted quad IP address string (e.g. 192.0.2.0). Returns an anonymized version of that IP address as a dotted quad string.
Download (0.005MB)
Added: 2007-04-17 License: Perl Artistic License Price:
935 downloads
Secleted [ 0 ] software to compare
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above cryptography search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
