The tool is a simple flow-analyzing passive L7 fingerprinter. It
examines the sequence of client-server exchanges, their relative
layer 7 payload sizes, and transmission intervals (as opposed to
inspecting the contents, which is what most passive fingerprinters
and "smart" sniffers would do to analyze transmissions). This is
then matched against a database of traffic pattern signatures to
infer some interesting facts about the traffic.
According to the Wikipedia, a nonce is an arbitrary number used only
once in a cryptographic communication. This package contain helper
functions for generating nonces. There are many kinds of nonces used in
different situations. It's not guaranteed that by using the nonces from
this package you won't have any security issues. Please make sure that
the nonces generated via this package are usable on your design.
Lasso is a free software C library aiming to implement the Liberty Alliance
standards; it defines processes for federated identities, single sign-on and
related protocols. Lasso is built on top of libxml2, XMLSec and OpenSSL and
is licensed under the GNU General Public License (with an OpenSSL exception).
Lasso first focused on implementing the Liberty Alliance ID-FF 1.2 protocols.
It now supports a good part of ID-WSF, and SAML 2.0 support has also been
completed.
The Blowfish Library
Blowfish is a block cipher that operates on 64bit (8 byte) quantities.
It uses variable size key, but 128bit (16 byte) key would normally be
considered good. It can be used in all the modes that DES can be
used. This library implements the ecb, cbc, cfb64, ofb64 modes.
Blowfish is quite a bit faster that DES, and much faster than IDEA
or RC2. It is one of the faster block ciphers.
-- Jim Geovedi
jim@corebsd.or.id
Generic Counter Mode implementation in pure Perl. The Counter Mode module
constructs a stream cipher from a block cipher or cryptographic hash funtion
and returns it as an object. Any block cipher in the Crypt:: class can be
used, as long as it supports the blocksize and keysize methods. Any hash
function in the Digest:: class can be used, as long as it supports
the add method.
Generic CFB implementation in pure Perl. The Cipher Feedback Mode module
constructs a stream cipher from a block cipher or cryptographic hash funtion
and returns it as an object. Any block cipher in the Crypt:: class can be
used, as long as it supports the blocksize and keysize methods. Any hash
function in the Digest:: class can be used, as long as it supports the
add method.
This module is a complete working Perl implementation of the Enigma Machine
used during World War II. The cipher calculations are based on actual Enigma
values and the resulting ciphered values are as would be expected from an
Enigma Machine.
The implementation allows for all of the Rotors and Reflectors available to the
real world Enigma to be used. A Steckerboard has also been implemented,
allowing letter substitutions to be made.
The Digest::SHA1 module allows you to use the NIST SHA-1 message
digest algorithm from within Perl programs. The algorithm takes as
input a message of arbitrary length and produces as output a 160-bit
"fingerprint" or "message digest" of the input.
You will need Perl version 5.004 or better to install this module.
Copyright 1999-2001 Gisle Aas.
Copyright 1997 Uwe Hollerbach.
This library is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Module::Signature adds cryptographic authentications to CPAN
distributions, via the special SIGNATURE file.
If you are a module user, all you have to do is to remember
running "cpansign -v" (or just "cpansign") before issuing
"perl Makefile.PL" or "perl Build.PL"; that will ensure the
distribution has not been tampered with.
For module authors, you'd want to add the SIGNATURE file to
your MANIFEST, then type "cpansign -s" before making a distribution.
PScan is a C source code security scanner, which looks for misuse of
libc functions which use varargs and printf-style formatting
operators. In many situations these can cause security vulnerabilities
in the application if it runs with privileges (setugid, or listening
to a network socket, etc).
An example of the kind of situation pscan looks for is the following:
variable = "%s"; /* or malicious user input */
sprintf(buffer, variable); /* BAD! */