Free otp software for linux

OTP is an encryption program that uses the one-time pad algorithm to allow two parties to communicate securely, without worrying about unauthorized people listening in. OTP compresses plaintext input to save pad, has features that assist with the bureaucracy of pad management, and comes with built-in help. OTP project is written in the Python programming language and requires a Python interpreter to run.

To use OTP reliably, you need a source of good random data. On modern Unix systems, the /dev/random device is probably good enough (I havent done the math myself, Im just taking other peoples word for it). On non-Unix systems, youre on your own. Whatever your source of random data, store the data in a file (thats the "pad") and point to it using OTPs -p option when you encrypt; the recipient must use the same pad to decrypt, of course.

Note that the one-time pad method depends completely on the quality of the pad data; if the pad is not truly random, the security of your messages cannot be guaranteed. Never encrypt different plaintexts with the same stretch of pad — doing so could reveal some or all of the used pad to eavesdroppers. OTPs default behavior is to always avoid reusing pad data, unless you explicitly tell it otherwise.

And here is the output of otp --help:

OTP version 1.61, an encoder/decoder for one-time pads. Standard usage:

otp -e -p PAD INPUT (encrypt, write output to INPUT.otp)
otp -d -p PAD INPUT.otp (decrypt, strip .otp suffix on output)

Other usage modes:

otp [-e|-d] -p PAD INPUT -o OUTPUT (both INPUT and OUTPUT are files)
otp [-e|-d] -p PAD INPUT -o - (output goes to stdout)
otp [-e|-d] -p PAD (input from stdin, output to stdout)
otp [-e|-d] -p PAD -o OUTPUT (input from stdin, output to OUTPUT)

OTP remembers what ranges of what pad files have been used, and avoids re-using those ranges when encoding. Because OTP compresses plaintext input to save pad, encoding and decoding are not symmetrical; thus, OTP needs to be told whether it is encoding or decoding (-e or -d).

All options:

-e Encrypt
-d Decrypt
-p PAD | --pad=PAD Use PAD for pad data.
-o OUT | --output=OUT Output to file OUT ("-" for stdout)
--offset=N Control the pad data start offset
-n | --no-trace Leave no record of pad usage in your config
--no-vc Ignore SVN/CVS control of the config area
-C DIR | --config=DIR Specify DIR (instead of ~/.otp) as the config area
--intro Show an introduction to OTP and one-time pads
-v | -V | --version Show version information
-? | -h | --help Show usage

pam_sotp PAM module provides support for One Time Passwords (OTP) authentication. The "s" in "sotp" stands for "simple"; pam_sotp aims to be a simple, easy to configure, module.
pam_sotp is still under early stages of development. Although it seems to work pretty well be warned that this software could contain severe bugs that may put at risk the security of your system. Until a stable release is reached you are advised to not use pam_sotp on mission-critical systems or production servers.
Having said that, it seems that the software is reaching an stable stage. Ive received several reports about pam_sotp being used without problems in several configurations.
This project is way too small to have a serious roadmap, but anyways I guess that some of you would like to know what are my short/medium term plans for pam_sotp, so here they are:
Release pam_sotp 0.4.0, with some patches I received and other improvements I have in mind
Maintain the 0.4.x branch until it becomes stable
Release a couple of 1.0 release candidates and then finally pam_sotp 1.0
Maintain the 1.0 branch
Enhancements:
- Added disable and enable commands to otppasswd
- Bugfix: SGID shadow applications could not authenticate against pam_sotp (some SUID code somehow remained in pam_sotp)

Fetchmail is a full-featured, robust, well-documented remote-mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). Fetchmail supports every remote-mail protocol now in use on the Internet: POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP, ETRN, and ODMR. It can even support IPv6 and IPSEC.
Fetchmail retrieves mail from remote mail servers and forwards it via SMTP, so it can then be read by normal mail user agents such as mutt, elm(1) or BSD Mail. It allows all your system MTAs filtering, forwarding, and aliasing facilities to work just as they would on normal mail.
Fetchmail offers better security than any other Unix remote-mail client. It supports APOP, KPOP, OTP, Compuserve RPA, Microsoft NTLM, and IMAP RFC1731 encrypted authentication methods including CRAM-MD5 to avoid sending passwords en clair. It can be configured to support end-to-end encryption via tunneling with ssh, the Secure Shell.
Fetchmail can be used as a POP/IMAP-to-SMTP gateway for an entire DNS domain, collecting mail from a single drop box on an ISP and SMTP-forwarding it based on header addresses. (We dont really recommend this, though, as it may lose important envelope-header information. ETRN or a UUCP connection is better.)
Fetchmail can be started automatically and silently as a system daemon at boot time. When running in this mode with a short poll interval, it is pretty hard for anyone to tell that the incoming mail link is not a full-time "push" connection.
Fetchmail is easy to configure. You can edit its dotfile directly, or use the interactive GUI configurator (fetchmailconf) supplied with the fetchmail distribution. It is also directly supported in linuxconf versions 1.16r8 and later.
Fetchmail is fast and lightweight. It packs all its standard features (POP3, IMAP, and ETRN support) in 196K of core on a Pentium under Linux.
Fetchmail is open-source software. The openness of the sources is your strongest possible assurance of quality and reliability.
Main features:
- STARTTLS is supported in both POP and IMAP.
- ESMTP AUTH (RFC 2554) is supported.
- Has the capability of adding trace information to the Received header to faciliate mail filtering by mailserver and remote account.
- Fetchmail now has options to handle SSL certificate validation.
- Fetchmail can be told to fall back to delivering via local sendmail if it cant open port 25.
- Support for AUTH=CRAM-MD5 under POP3, a la RFC2195.
- Support for ODMR (On-Demand Mail Relay), RFC 2645.
- Its now easy to deliver mail to a local LMTP socket.
- The interface option now checks both local and remote interface IPs.
- The plugin facility has been enhanced; %h and %p options are now available to pass in the hostname and service port number.
- Added a dropdelivered option to discard Delivered-To headers. This addresses a problem with using fetchmail and postfix as a relay inside a domain; when postfix sees incoming messages with delivered-to headers looking exactly the same as the ones it adds himself, it bounces the message.
- Added --smtpname to set username and domain portion of SMTP "RCPT TO" command. - Added "from" servers IP address to inserted Received line.
- Fetchmail now runs on BeOS, thanks to David Reid .
- In IMAP, unseen-message counting and indexing is now done by SEARCH UNSEEN at the beginning of each poll or re-poll (rather than with the UNSEEN and RECENT responses and FLAGS queries on individual messages). This significantly cuts down on traffic to and from the server, and gives more reliable results.
- The aka option now matches hostname suffixes, so (for example) saying `aka netaxs.com will match not just netaxs.com but also (say) pop3.netaxs.com and mail.netaxs.com.
- Fetchmail can optionally use the RFC 2177 IDLE extension on an IMAP server that supports it. On IMAP servers that dont, it can simulate it using periodic NOOP commands.
- Fetchmail now recognizes the RFC 2449 extended responses [IN-USE] and [LOGIN-DELAY].
- Fetchmail running in daemon mode now restarts itself quietly when the rc file is touched.
- Following recent court decisions and changes in U.S. federal regulatory policy, hooks for Secure Sockets Layer (SSL) are now part of the main fetchmail distribution. The distribution still contains no actual cryptographic code.
- NTLM support under IMAP, so fetchmail can query Microsoft Exchange servers.
- Expunge option can now be used to break POP3 retrieval into subsessions.
- Support for AUTH=CRAM-MD5 under IMAP, a la RFC2195.

Erlang is a programming language designed at the Ericsson Computer Science Laboratory.
Open-source Erlang is being released to help encourage the spread of Erlang outside Ericsson.
Installation
When installed, the entire system, except for a small start-up script, resides in a single directory tree. The location of this directory tree can be chosen arbitrarily by the installer, and it does not need to be in the users $PATH.
The only requirements are that the file system where it is placed has enough free space, and that the users who run Erlang/OTP have read access to it. In the example below, the directory tree is assumed to be located at /usr/local/erlang, which is here called the top-level directory.
It is assumed that you have the compressed tar file, the name of which is < PREFIX >.tar.gz, where < PREFIX > is a string denoting the particular Erlang/OTP release, e.g. otp_LXA_11930_sunos5_R9B.
Wherever the string < PREFIX > is used below, it should be replaced by the actual name prefix of the compressed tar file.
The tape archive file does not have one single directory in which all other files are rooted. Therefore the tape archive file must be extracted into an empty (newly created) directory.
1. If the top-level directory does not already exist, create it:
mkdir /usr/local/erlang
2. Change the current directory to the top level directory:
cd /usr/local/erlang
3. Create the installation directory with an appropriate name. For example:
mkdir otp_r7b
4. Change to the installation directory, e.g.
cd otp_r7b
5. Assuming the compressed tar file resides in the directory ,. extract the compressed tar file into the current directory:
gunzip -c / .tar.gz | tar xfp -
6. Read the README file in the installation directory for last minute updates, before proceeding.
7. Run the Install script in the installation directory, with the absolute path of the installation directory as argument,
./Install /usr/local/erlang/otp_r7b
and supply answers to the prompts.
In most cases, there is a default answer in square brackets ([]). If the default is satisfactory, just press . In general you are only prompted for one thing:
- "Do you want to use a minimal system startup instead of the SASL startup?"
In a minimal system, only the Kernel and STDLIB applications are loaded and started. If the SASL startup is used, the SASL application is included as well. Normally, the minimal system is enough.
8. Make Erlang/OTP available for users, either by putting the path /usr/local/erlang/otp_r7b/bin in users $PATH variable, or link the executable /usr/local/erlang/otp_r7b/bin/erl accordingly, e.g.:
ln -s /usr/local/erlang/otp_r7b/bin/erl /usr/local/bin/erl
Enhancements:
- Among other things, SMP support was added.

ejabberd is a multi-platform, scalable, distributed, and fault-tolerant XMPP Jabber and XMPP server.
Moreover, it supports several advanced features such as multi-user chat, IRC transport, publish and subscribe services, Jabber user directory, a Web-based administration interface, an HTTP polling service, SSL and TLS support, LDAP and external authentication.
Main features:
Multiplatform
- Works on most popular platforms. Tested on Linux, FreeBSD, NetBSD, Solaris, Mac OS X and Windows NT/2000/XP.
Distributed
- You can run ejabberd on a cluster of machines and all of them will serve one Jabber domain. When you want to expand your Jabber server you can simply add a new cheap node to your cluster. So you dont need to buy an expensive high-end machine to support hundreds of concurrent users.
Fault-tolerant
- The nodes on the ejabberd cluster share some or all tables in the database, so all the information required for a properly working service will be stored permanently on more than one node. If one of the nodes crashes the other nodes will continue working without disruption. You can also add or replace nodes on the fly.
Easy Setup
- ejabberd is built on top of Open Source Erlang/OTP. So you dont need to setup an external database, an external web server, etc because everything is already installed, and ready to run out of the box.
- improved in 1.0.0
Virtual Hosts
- Several Jabber hosts can be hosted on the same ejabberd instance. As simple as adding a new domain name to the list of hosts in the configuration file.
IPv6 Support
- It supports IPv6 both for c2s and s2s.
Enhancements:
- A security fix for the roster ODBC module.