This code appears to have only cursory resemblance to Bruce Schneier's
blowfish and twofish algorithms in that it too has a table-based decoder.
Derivation from FairKeys code by Jon Lech Johanson at nanocrew.net.
If you don't know what that is, don't bother looking here further. This is
a Pure Perl implementation. I doubt there is any need for xs coding for
what would mainly be processing 16 bytes at a time. This code is part of an
ongoing effort to clone portions of the Apple iTMS in Perl for portability.
See www.hymn-project.org for prior efforts by others.
PBKDF2 is a secure password hashing algorithm that uses the techniques of
"key strengthening" to make the complexity of a brute-force attack arbitrarily
high. PBKDF2 uses any other cryptographic hash or cipher (by convention,
usually HMAC-SHA1, but Crypt::PBKDF2 is fully pluggable), and allows for an
arbitrary number of iterations of the hashing function, and a nearly unlimited
output hash size (up to 2**32 - 1 times the size of the output of the backend
hash). The hash is salted, as any password hash should be, and the salt may
also be of arbitrary size.
See also: RFC2898, PKCS#5 version 2.0: http://tools.ietf.org/html/rfc2898
Net::Daemon is an abstract base class for implementing portable server
applications in a very simple way. The module is designed for Perl 5.005
and threads, but can work with fork() and Perl 5.004.
The Net::Daemon class offers methods for the most common tasks a daemon
needs: Starting up, logging, accepting clients, authorization,
restricting its own environment for security and doing the true work.
You only have to override those methods that aren't appropriate for you,
but typically inheriting will safe you a lot of work anyways.
Binwalk is a tool for searching a given binary image for embedded
files and executable code. Specifically, it is designed for identifying
files and code embedded inside of firmware images. Binwalk uses the
libmagic library, so it is compatible with magic signatures created
for the Unix file utility.
Binwalk also includes a custom magic signature file which contains
improved signatures for files that are commonly found in firmware
images such as compressed/archived files, firmware headers, Linux
kernels, bootloaders, filesystems, etc.
More details are available at:
Suhosin is an advanced protection system for PHP installations.
It was designed to protect servers and users from known and
unknown flaws in PHP applications and the PHP core.
Suhosin comes in two independent parts, that can be used
separately or in combination. The first part is a small patch
against the PHP core, that implements a few low-level
protections against bufferoverflows or format string
vulnerabilities and the second part is a powerful PHP extension
that implements all the other protections.
Suhosin is binary compatible to normal PHP installation,
which means it is compatible to 3rd party binary extension
like ZendOptimizer.
This package provides an interface to the cracklib (libcrack) libraries that
come standard on most Unix-like distributions. This allows you to check
passwords against dictionaries of words to ensure some minimal level of
password security.
From the cracklib README
CrackLib makes literally hundreds of tests to determine whether you've
chosen a bad password.
* It tries to generate words from your username and gecos entry to tries
to match them against what you've chosen.
* It checks for simplistic patterns.
* It then tries to reverse-engineer your password into a dictionary
word, and searches for it in your dictionary.
- after all that, it's PROBABLY a safe(-ish) password. 8-)
Off-the-Record (OTR) Messaging allows you to have private
conversations over instant messaging by providing:
* Encryption
No one else can read your instant messages.
* Authentication
You are assured the correspondent is who you think it is.
* Deniability
The messages you send do not have digital signatures that
are checkable by a third party. Anyone can forge messages
after a conversation to make them look like they came from
you. However, during a conversation, your correspondent is
assured the messages he sees are authentic and unmodified.
* Perfect forward secrecy
If you lose control of your private keys, no previous
conversation is compromised.
In short: getting and installing SSL/TLS certificates made easy.
The Let's Encrypt Client is a tool to automatically receive and install
X.509 certificates to enable TLS on servers. The client will
interoperate with the Let's Encrypt CA which will be issuing
browser-trusted certificates for free.
It's all automated:
The tool will prove domain control to the CA and submit a CSR
(Certificate Signing Request).
If domain control has been proven, a certificate will get issued and
the tool will automatically install it.
python-registry was originally written by Willi Ballenthin, a forensicator who
wanted to access the contents of the Windows Registry from his Linux laptop.
python-registry currently provides read-only access to Windows Registry files,
such as NTUSER.DAT, userdiff, and SOFTWARE. The interface is two-fold: a
high-level interface suitable for most tasks, and a low level set of parsing
objects and methods which may be used for advanced study of the Windows
Registry. python-registry is written in pure Python, making it portable across
all major platforms.
Twisted Conch is an SSHv2 implementation written in Python. SSH is a protocol
designed to allow remote access to shells and commands, but it is generic
enough to allow everything from TCP forwarding to generic filesystem access.
Since conch is written in Python, it interfaces well with other Python
projects, such as Imagination. Conch also includes a implementations of the
telnet and vt102 protocols, as well as support for rudamentary line editing
behaviors. A new implementation of Twisted's Manhole application is also
included, featuring server-side input history and interactive syntax coloring.