CryptNET Passgen (passgen) is a password generator. It generates a list of password candidates for the user to choose from by mapping operating system sources of pseudo-randomness into printable character arrays using a mod operation. A number of available command line options gives it a great deal of flexibility. It is capable of generating passwords composed of printable characters, alphanumeric characters, alphabetic characters, or only numeric characters.
Secure GnuPG Form is a Web form that sends encrypted email and attachments using GnuPG, without the sender needing to have GnuPG installed. Versions are available with Recaptcha.net support and two-factor authentication using a username and password and the free PhoneFactor.com service.
crypt_blowfish is an efficient implementation of a modern password hashing algorithm, based on the Blowfish block cipher, provided via the crypt(3) and a reentrant interface. It is compatible with bcrypt as used in OpenBSD. It is adaptable to future processor performance improvements, allowing you to arbitrarily increase the processing cost of checking a password while still maintaining compatibility with your older password hashes. The hashes it produces are several orders of magnitude stronger than traditional Unix DES-based or FreeBSD-style MD5-based hashes.
The Openwall Linux kernel patch is a collection of security "hardening" features for the Linux kernel. In addition to the new features, some versions of the patch contain various security fixes. The "hardening" features of the patch, while not a complete method of protection, provide an extra layer of security against the easier ways to exploit certain classes of vulnerabilities and/or reduce the impact of those vulnerabilities. The patch can also add a little bit more privacy to the system by restricting access to parts of /proc so that users may not see what others are doing.
Lard is a Logging and Rotation Daemon that can replace the functionality of sysklogd and logrotate together. Logging is done almost exactly the same as syslogd, with added features such as regex matching and command triggers. Rotation can be triggered while the daemon is running safely by sending it a simple signal.
smtpfilter is a filter for an SMTP session which passes the session through transparently in real time, except for the DATA command which is intercepted in order to scan the data for spam and/or viruses with the scanner of your choice. The sources are heavily commented. The default spam filtering is a hybrid approach that uses spamassassin to self-train the excellent spamprobe Bayesian filter which works on a per-site rather than per-user basis. The virus checking can use clamav or NAI, or any other command- line scanner.
Gircap is a set of tools to help you use the widely unknown "capabilities" that Linux has in place of conventional Unix superuser privilege. That means you can give programs and processes only as much privilege as they need and greatly limit your security exposure due to system bugs. A Linux kernel patch fixes some basically broken aspects of capabilities. setcap and getcap let you set and show capabilities of a running process. capexec runs a program with certain capabilities, UID, GID, and supplemental GIDs. It can be used to have init start a daemon with only a subset of init's privileges. binfmt_capx is an executable interpreter in the form of a loadable kernel module. It lets you do a setuid kind of thing for files, only with fine grained capabilities. This is a cheap substitute for real "file capabilities."
SmartSign is a set of modules which allow integration of smartcard technology into an OpenCA based Public Key Infrastructure in order to provide smartcard-based digital signature and local authentication security services. It allows direct signing of e-mail and e-news from within Netscape using smartcards and supports signing of generic files from command line. The package includes a PAM module too, which allows system administrators to integrate smartcard-based authentication for local users. A modified version of the OpenSSH client allows secure authentication to a remote server. A couple of command line tools allow signing and verifying generic files from the shell. Finally, a command line interactive shell supports all operations on the card, and can be used to write scripts that automate particular tasks on the card. Currently only Schlumberger Cyberflex Access 16K is supported.