The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, lots of other hashes and ciphers are added in the community-enhanced version (-jumbo), and some are added in John the Ripper Pro.
Owl (Openwall GNU/*/Linux) is a small security-enhanced Linux distribution for servers. Owl also makes a good base system for customized virtual machine images and embedded systems, and Owl live CDs with remote SSH access are good for recovering or installing systems (whether with Owl or not). A single Owl CD includes the full live system, installable packages, the installer program, as well as full source code and the build environment capable of rebuilding the entire system from source. Owl supports multiple architectures (x86, x86-64, SPARC, and Alpha) and offers some compatibility for packages developed for other Linux distributions. The primary approaches to security are proactive source code review, privilege reduction, privilege separation, careful selection of third-party software, safe defaults, and "hardening" to reduce the likelihood of successful exploitation of security flaws.
Z1 SecureMail Gateway is a central, server-based software solution that provides encryption and digital signatures (PGP and S/MIME) for the entire email traffic of an organization. It works with organizational certificates and certificates for individual users, groups, or organizational units. It provides its services transparently to end users. Z1 SecureMail Gateway automatically finds certificates of external users or companies via Internet. Secure email traffic to customers, suppliers, and partners is easily established. Evaluation packages for Debian and Solaris are available for download.
The OpenCA Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. OpenCA is based on many Open-Source Projects. Among the supported software is OpenLDAP, OpenSSL, Apache Project, Apache mod_ssl.
tkpg is a program that provides a GUI front end to Philip Zimmermann's Pretty Good Privacy (PGP) public-key encryption system and also the GNU Privacy Guard (GnuPG/gpg) implementation. It utilizes the Clipboard Selection heavily to ease moving pgp-processed text both to and from any of your applications (such as mail reader, news reader, and editor). This removes the need to select the output text by hand or by typing in a filename, since it is usually placed in the Selection automatically for you.
The Monkeysphere enables you to use the OpenPGP web of trust to verify ssh connections. SSH key-based authentication is tried-and-true, but it lacks a true public key infrastructure for key certification, revocation, and expiration. Monkeysphere is a framework that uses the OpenPGP web of trust for these PKI functions. It can be used in both directions: for users to get validated host keys, and for hosts to authenticate users.
CODEX (the Cornell Data Exchange) is a key distribution system. It is designed for applications with a moderate number of clients (tens or hundreds) requesting keys that change often but not continuously (on the scale of minutes to hours). It employs the RSA and ElGamal encryption schemes, as well as techniques such as threshold cryptography and proactive secret sharing.