RACE is an open source project aimed at developing technologies to provide metadata-anonymous, secure, and resilient messaging for users around the world. RACE provides anonymity by routing messages through an overlay network of volunteer servers using cryptographic algorithms that prevent a malicious subset of these servers from determining who is messaging whom. RACE uses specialized networking protocols to prevent connections between individual members of the network from being detected or blocked. RACE is built to run in a dockerized linux environment and on Android devices.
This document defines the FediE2EE-PKD (Fediverse End-to-End Encryption Public Key Directory), which consists of ActivityPub-enabled directory server software, a protocol for communicating with the directory server, and integration with a transparent, append-only data structure (e.g., based on Merkle trees).
CryFS encrypts your files, so you can safely store them anywhere. It works well together with cloud services like Dropbox, iCloud, OneDrive and others. Easy to setup and works with a lot of cloud storage providers. It runs in the background - you won't notice it when accessing your files in your daily workflow. Your data only leaves your computer in encrypted form. File contents, metadata and directory structure are all secure from someone who hacked your cloud. Released under LGPL.
Can be used locally but that's not its primary use case.
Two directories: A basedir that holds the encrypted files, and a mountdir which you interact with. The basedir is what gets stored remotely, synced, or whatever. Note: Not safe for concurrent access!
Files are split into equal size blocks, encrypted individually. Metadata and directory structures are also represented as those blocks for obfuscation. Block cipher used, random key generated, key encrypted with passphrase.
In Apt, Pacman, Homebrew, Nix repositories.
Default encryption algorithm: XChaCha20-Poly1305, scrypt for key derivation.
Github: https://github.com/cryfs/cryfs
Poezio is a free console XMPP client (the protocol on which the Jabber IM network is built). Its goal is to let you connect very easily (no account creation needed) to the network and join various chatrooms, immediately. It tries to look like the most famous IRC clients (weechat, irssi, etc). Many commands are identical and you won't be lost if you already know these clients. Configuration can be made in a configuration file or directly from the client. You'll find the light, fast, geeky and anonymous spirit of IRC while using a powerful, standard and open protocol.
Says it can even be used without an account. Maybe link-layer chat via mDNS?
This is a free communication tool that is designed for simplicity, privacy, and security. All interaction between you and your online peers is encrypted. There is no record of your conversation once you all leave.
Serverless, decentralized, ephemeral. Peer to peer whenever possible. Explicitly designed to be self-hostable. Public and private rooms. Audio and video chat. File transfer.
The purpose of the cable wire protocol is to facilitate the members of a group chat to exchange cryptographically signed documents with each other, such as chat messages, spread across various user-defined channels.
A list of public attacks on BitLocker. Any public attack with the potential to attack BitLocker but where the exact method is still not public (like baton drop) is out of scope.
Most of the attacks are for where the VMK is sealed by TPM only, which is the default setting, and is what automatic BitLocker uses alongside recovery key escrow to a Microsoft account.
Crack legacy zip encryption with Biham and Kocher's known plaintext attack.
A ZIP archive may contain many entries whose content can be compressed and/or encrypted. In particular, entries can be encrypted with a password-based symmetric encryption algorithm referred to as traditional PKWARE encryption, legacy encryption or ZipCrypto. This algorithm generates a pseudo-random stream of bytes (keystream) which is XORed to the entry's content (plaintext) to produce encrypted data (ciphertext). The generator's state, made of three 32-bits integers, is initialized using the password and then continuously updated with plaintext as encryption goes on. This encryption algorithm is vulnerable to known plaintext attacks as shown by Eli Biham and Paul C. Kocher in the research paper A known plaintext attack on the PKZIP stream cipher. Given ciphertext and 12 or more bytes of the corresponding plaintext, the internal state of the keystream generator can be recovered. This internal state is enough to decipher ciphertext entirely as well as other entries which were encrypted with the same password. It can also be used to bruteforce the password with a complexity of nl-6 where n is the size of the character set and l is the length of the password.
A software (and optionally, hardware) project for automating the creation of offsite backups on flash drives. The idea is that you have a large-ish flash drive on your keyring; when you take your keys out of your pocket, plug the flash drive into the device. The specific use case is a hanging key holder with a RasPi inside of it. The files in the backup script are automatically encrypted and copied onto the flash drive. That way, if anything happens while you're out and about you have the latest and greatest copies of the files already with you.
Many common and unusual algorithms, implemented in Python as learning exercises. If you want to get a sense of what, say, data structures or fuzzy logic would look like in Python, this is a good place to start.
Yopass is a project for sharing secrets in a quick and secure manner*. The sole purpose of Yopass is to minimize the amount of passwords floating around in ticket management systems, Slack messages and emails. The message is encrypted/decrypted locally in the browser and then sent to yopass without the decryption key which is only visible once during encryption, yopass then returns a one-time URL with specified expiry date.
There is no perfect way of sharing secrets online and there is a trade off in every implementation. Yopass is designed to be as simple and "dumb" as possible without compromising on security. There's no mapping between the generated UUID and the user that submitted the encrypted message. It's always best send all the context except password over another channel.
Messages can only be viewed once. Message can self-destruct automatically. No accounts or registration is required.
Has CLI functionality built in.
Uses memcached or redis as its back-end.
Public instance: https://yopass.se/
CryptoLyzer is a fast and flexible server cryptographic settings analyzer library for Python with an easy-to-use command line interface with both human- and machine-readable output. It works with multiple cryptographic protocols (SSL/TLS, opportunistic TLS, SSH) and
analyzes additional security mechanisms (web security related HTTP response header fields, JA3 tag).
This repository contains open-source libraries and tools to perform fully homomorphic encryption (FHE) operations on an encrypted data set.
Fully Homomorphic Encryption (FHE) is an emerging data processing paradigm that allows developers to perform transformations on encrypted data. FHE can change the way computations are performed by preserving privacy end-to-end, thereby giving users even greater confidence that their information will remain private and secure.
This is not an officially supported Google product.
A daemon which implements an API bridge to the Signal network. This is for hooking bots into the Signal messaging network as well as connecting other kinds of software and webhooks in.
Banana Split uses Shamir's secret sharing to make your paper backups more resilient and secure.
After you type in your secret into Banana Split, it will be encrypted with a autogenerated passphrase and split into N QR-codes, ready to be printed out. You'll need N/2+1 of those printouts to reconstruct the secret, and then the passphrase to decrypt it.
Banana Split tries to protect your secret from the attack vectors like "attacker is able to intercept everything you're sending to your printer", and that's why you'll have to write down the passphrase on your printouts by hand.
Banana Split is a self-contained HTML page, and should only be opened from your local Documents folder, while browser is in the Offline mode — this way the risk of compromise will be minimal.
Recovery can be done on any device with a webcam — just show your QR codes to the webcam and follow the notifications on screen in the process.
Saved to Keybase.
Utilities for cracking encrypted zip files that use weak encryption. CUDA enabled.
A Python module for accessing a Matrix server that is built using the no-I/O methodology - it conceals all of the input and output so development is focused on assembling what is sent and using what is received. Asynchronous in nature. In Pypi. Also end-to-end encryption capable. I don't know how flexible this library is so more investigation is required.
An implementation of Textsecure/Signal in Golang as a CLI tool. Can send and receive one-to-one and group messages.
A web application that sits in front of a command line Signal client that lets you send messages from a web browser. Seems to also have a REST API. Requires a second phone number to set up an account, it's not an extension to an existing Signal setup. Looks like all-Docker-all-the-time but it looks like you can also run it as a system service (a systemd .service file is in the docs, and it says nothing about using Docker for that).
Interestingly, it's a couple of shell scripts.
Our mission is to promote new technologies, protect privacy and protection of human rights. When you yourself encrypt your messages and using jabber, we can not know what you're talking about.