LinOTP is a solution for strong two-factor authentication with one time passwords. It features a modular architecture into which UserIdResolver, authentication, and OTP calculation modules can be plugged. It includes UserIdResolver modules for LDAP/AD, SQL, and flat file user databases, and authentication modules for PAM and RADIUS. New modules can be developed easily. Supported tokens are HMAC-OTP/HOTP (RFC 4226/ OATH compliant), Aladdin eToken PASS, eToken NG-OTP, Safeword Alpine, Yubikey, Google Authenticator, motp, SMS OTP/Mobile TAN, email token, and a Simple Pass token for users without token hardware. TOTP is supported, along with a new algorithm for daily passwords for applications not supporting RADIUS. OCRA tokens are supported to allow transaction signing in banking environments. CLI, Web, and GTK+ GUI clients are available for management. LinOTP features multi-client capability, redundancy, and a self-service portal. It has been used with PAM for local and SSH logins, Apache, VPN, and Windows Terminal Server, and is OATH certified.
The OATH Toolkit makes it easy to build one-time password authentication systems. It contains shared libraries, commandline tools, and a PAM module. Supported technologies include the event-based HOTP algorithm (RFC4226) and the time-based TOTP algorithm (RFC6238). OATH stands for Open AuTHentication, which is the organization which specifies the algorithms. For managing secret key files, the Portable Symmetric Key Container (PSKC) format described in RFC6030 is supported.
txtorcon is a Twisted-based asynchronous Tor control protocol implementation. Twisted is an event-driven networking engine written in Python, and Tor is an onion-routing network designed to improve people’s privacy and security on the Internet. It includes unit-tests with 96%+ coverage, multiple examples, and documentation. There are abstractions to track Tor configuration and state (circuits, streams), launch private instances, support Hidden Service, and more.
Hiawatha is a secure and advanced Web server for Unix. It has been written with security as its main goal. It features advanced access control, prevention of SQL injection and cross-site scripting, banning of clients who try such exploits, the ability to run CGIs under any UID/GID you want, and many other features. These features make Hiawatha an interesting Web server for those who need more security than what the other available Web servers are offering. Hiawatha is also fast and easy to configure.
php_mt_seed finds possible seeds given the very first PHP mt_rand() output after possible seeding with mt_srand(). With advanced invocation modes, php_mt_seed is also able to match multiple, non-first, and/or inexact mt_rand() outputs to possible seed values. php_mt_seed is written in C with optional SIMD intrinsics (SSE4.1/AVX, XOP, AVX2, MIC) and OpenMP. On a modern quad-core CPU, it is able to search the full 32-bit seed space in one minute (or in just seven seconds on Xeon Phi).
John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. It supports several crypt(3) password hash types commonly found on Unix systems, as well as Windows LM hashes. On top of this, lots of other hashes and ciphers are added in the community-enhanced version (-jumbo), and some are added in John the Ripper Pro.
Shishi is a (still incomplete) implementation of Kerberos 5, which can be used to authenticate users in distributed systems. It contains a library that can be used by application developers, and a command line utility for users. Shishi supports Kerberos authenticated telnet client/server, IMAP client/server (via GSSAPI), SSH client/server (via GSSAPI), rsh/rlogin client, and a PAM module for host security.
MatrixSSL is an embedded SSL and TLS implementation designed for small footprint devices and applications requiring low overhead per connection. The library is less than 50K on disk with cipher suites. It includes SSL and TLS client and server support, session resumption, and implementations of RSA, AES, 3DES, ARC4, SHA1, and MD5. The source is well documented and contains portability layers for additional operating systems, cipher suites, and cryptography providers.
A reasonable way to achieve a long term backup of OpenPGP (GnuPG, PGP, etc) keys is to print them out on paper. Due to metadata and redundancy, OpenPGP secret keys are significantly larger than just the "secret bits". In fact, the secret key contains a complete copy of the public key. Since the public key generally doesn't need to be backed up in this way (most people have many copies of it on various keyservers, Web pages, etc), only extracting the secret parts can be a real advantage. Paperkey extracts just those secret bytes and prints them. To reconstruct, you re-enter those bytes (whether by hand or via OCR), and paperkey can use them to transform your existing public key into a secret key.