This is Encrypted MAC (EMAC), formerly known as Double MAC (DMAC).
Unlike HMAC, which reuses an existing one-way hash function, such as
MD5, SHA-1 or RIPEMD-160, EMAC reuses an existing block cipher to
produce a secure message authentication code (MAC).
Using the block cipher, a message is encrypted in CBC mode. The last
block is taken as the MAC of the message. For fixed-length messages,
this method is provably secure. In reality, however, messages have
arbitrary lengths, and this method is not secure. To make secure MACs
for variable length messages, the last block is encrypted once again
with a different key. The security of this construction has been proved
in the paper, ``CBC MAC for Real-Time Data Sources'' by Erez Petrank
and Charles Rackoff. The security can be proved on the assumption that
the underlying block cipher is pseudo-random.
The performance and key-agility of EMAC are reasonable. EMAC is
preferable for short messages because the block length is smaller
compared to the schemes based on a hash function. EMAC is also chosen
as one of the NESSIE winners for Message Authentication Codes, along
with UMAC, TTMAC and HMAC. The current NESSIE specification chooses the
AES as block cipher.
This is Encrypted MAC (EMAC), formerly known as Double MAC (DMAC).
Unlike HMAC, which reuses an existing one-way hash function, such as
MD5, SHA-1 or RIPEMD-160, EMAC reuses an existing block cipher to
produce a secure message authentication code (MAC).
Using the block cipher, a message is encrypted in CBC mode. The last
block is taken as the MAC of the message. For fixed-length messages,
this method is provably secure. In reality, however, messages have
arbitrary lengths, and this method is not secure. To make secure MACs
for variable length messages, the last block is encrypted once again
with a different key. The security of this construction has been proved
in the paper, ``CBC MAC for Real-Time Data Sources'' by Erez Petrank
and Charles Rackoff. The security can be proved on the assumption that
the underlying block cipher is pseudo-random.
The performance and key-agility of EMAC are reasonable. EMAC is
preferable for short messages because the block length is smaller
compared to the schemes based on a hash function. EMAC is also chosen
as one of the NESSIE winners for Message Authentication Codes, along
with UMAC, TTMAC and HMAC. The current NESSIE specification chooses the
AES as block cipher.
This module gives you a basic interface to create CAPTCHAs (Completely
Automated Public Turing Test to Tell Computers and Humans Apart) also known
as "Security Images".
The final output is the actual graphic data, the mime type of the graphic and
the created random string.
KDE Wallet Manager is a tool to manage the passwords on your KDE
system. By using the KDE wallet subsystem it not only allows you to
keep your own secrets but also to access and manage the passwords of
every application that integrates with the KDE wallet.
This module implements a interface to the information contained in an nmap
scan. It is implemented by parsing the xml scan data that is generated by
nmap. This will enable anyone who utilizes nmap to quickly create fast and
robust security scripts that utilize the powerful port scanning abilities of
nmap.
This set of modules provides perl class wrappers for the network mapper
(nmap) scanning tool (see http://www.insecure.org/nmap/). Using these
modules, a developer, network administrator, or other techie can create
perl routines or classes which can be used to automate and integrate
nmap scans elegantly into new and existing perl scripts.
SecretService provides a way to securely storing passwords and other secrets in
Python.
It uses DBus Secret Service API that is supported by GNOME Keyring (>= 2.30) and
KWallet (>= 4.8).
It allows to create new passwords, delete and search for passwords matching
given attributes. It also supports graphical prompts when unlocking is needed.
This is a tiny, auditable script that you can throw on your server to issue and
renew Let's Encrypt certificates. Since it has to be run on your server and
have access to your private Let's Encrypt account key, I tried to make it as
tiny as possible (currently less than 200 lines). The only prerequisites are
python and openssl.
cryptography is a package designed to expose cryptographic recipes and
primitives to Python developers. Our goal is for it to be your "cryptographic
standard library". It supports Python 2.6-2.7, Python 3.2+, and PyPy.
cryptography includes both high level recipes, and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message digests
and key derivation functions.
The two programs tcpsuck and udpsuck run out of the Inetd daemon on
unused ports. They log the contents of packets or connections to these
ports. This allows you to read the contents of the network strobe
attacks on your machine. It also slows the strobes down, as they think
you're actually running a service on several ports when you aren't.