Tin Hat is a Linux distribution derived from hardened Gentoo. It aims to provide a very secure, stable, and fast desktop environment that lives purely in RAM. Tin Hat boots from CD, or optionally USB pen drive, but it is not a LiveCD in that it does not mount any file system from the boot device. Rather, Tin Hat employs a massive squashfs image which expands into tmpfs upon booting. This makes for long boot times, but remarkable speeds during human-computer interaction.
GnuPG Made Easy (GPGME) is a library designed to make access to GnuPG easier for applications. It provides a high-level cryptography API for encryption, decryption, signing, signature verification, and key management. It currently uses GnuPG as its backend, but the API is not restricted to this engine. In fact, support for other backends is planned.
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The implementation attempts to be self-tuning on a wide variety of hardware and includes runtime validation testing. The tarball uses the GNU build mechanism and includes a devel sub-package, self test targets, init system options, and spec file samples for building an RPM. haveged may be used independently of the /dev/random interface through the filesystem at the command line. haveged functionality may be incorporated directly into other components directly through the devel sub-package.
SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, rcp, and rdist.
Enigmail is an extension for the mail client of Mozilla, Netscape 7.x, and Mozilla Thunderbird that allows users to access the authentication and encryption features provided by the popular GnuPG software. It can encrypt/sign mail when sending, decrypt/authenticate received mail, and import/export public keys. It supports both the inline PGP format and the PGP/MIME format, which can be used to encrypt attachments, and is cross-platform, although binaries are supplied only for a limited number of platforms. Enigmail uses inter-process communication to execute GPG to carry out encryption/authentication.
BeeCrypt is an ongoing project to provide strong and fast cryptography in the form of a toolkit usable by commercial and open source projects. Included in the library are entropy sources, random generators, block ciphers, hash functions, message authentication codes, multiprecision integer routines, and public key primitives.
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
GNU Anubis is an SMTP message submission daemon. It represents an intermediate layer between the mail user agent (MUA) and mail transport agent (MTA), receiving messages from the MUA, applying to them a set of predefined changes, and finally inserting modified messages into an MTA routing network. The set of changes applied to a message is configurable on a system-wide and per-user basis. The built-in configuration language used for defining sets of changes allows for considerable flexibility and is easily extensible.
Lepton's Crack is a generic password cracker. It is easily-customizable with a simple plugin system and allows system administrators to review the quality of the passwords being used on their systems. It can perform a dictionary-based (wordlist) attack as well as a brute force (incremental) password scan, including the use of regular expressions. It supports standard MD4 hash, standard MD5 hash, NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash formats. LM (LAN Manager) plus appending and prepending of characters is available in the Development branch (strongly recommended).