Ports 搜索

### WHAT IS PHPSECINFO? PHPSecInfo is a PHP environment security auditing tool modeled after the phpsecinfo() function. From a single function call, PHPSecInfo runs a series of tests on your PHP environment to identify potential security issues and offer suggestions. It can be useful as part of a multilayered security approach. #### WHAT IS PHPSECINFO NOT? * It is not a replacement for secure coding practices * It does not audit PHP code * It is not comprehensive test for either your hosting environment or your web application * It is not the "final word." PHPSecInfo identifies *potential* problems and offers suggestions for improvement. Your environment may _require_ certain settings that trigger cautions or warnings.

Off-the-Record (OTR) Messaging allows you to have private conversations over instant messaging by providing: * Encryption No one else can read your instant messages. * Authentication You are assured the correspondent is who you think it is. * Deniability The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified. * Perfect forward secrecy If you lose control of your private keys, no previous conversation is compromised.

PWman is a console application for managing passwords. It uses GPG (gpgme) for encryption and authentication.

pxytest is a command line utility to test a host for open proxies that are vulnerable to spammer abuse. It is written in perl. Unsecured proxies currently are the most significant conduit of junk email. This is a particularly vexing problem, because open proxies, unlike open mail relays, hide the origin of the spam, making it impossible to trace. This utility tests a host to see if it is vulnerable to such abuse. See http://www.unicom.com/sw/pxytest for more information. pxytest was written by Chip Rosenthal.

Pond is not email. Pond is forward secure, asynchronous messaging for the discerning. Pond messages are asynchronous, but are not a record; they expire automatically a week after they are received. Pond seeks to prevent leaking traffic information against everyone except a global passive attacker. Pond is experimental software! DO NOT USE IT FOR ANYTHING REAL!!! Use security/gnupg instead.

libpwstor is a library implementing a password storage format for C programmers. This format provides a reasonable level of security by utilizing SHA-256 in addition to a random salt to mitigate dictionary and rainbow table attacks. In addition to the core functionality, libpwstor also offers some additional functions such as Base64 encoding and decoding. All functionality is implemented and designed in such a way as to be easy to use for C programmers of varying skill levels, while preserving reasonable security in the underlying storage format.

Python-mcrypt is a comprehensive Python interface to the mcrypt library, which provides a uniform interface to several symmetric encryption algorithms.

The python mhash module provides an interface for the mhash library. The mhash library provides an easy way to access strong hashes such as MD5, SHA1 and other algorithms.

Distributed session caching tools and APIs, primarily for SSL/TLS servers though perhaps useful for other (non-SSL/TLS) circumstances. This also includes a self-contained network abstraction library (libnal), and the sslswamp SSL/TLS benchmark/test utility.

Python OpenSSL Wrappers(POW) is a set of comprehensive wrappers for Python of the OpenSSL libraries. POW will provide a 'slim' interface which will still enable Python developers to fully utilise OpenSSL.