interesting links2024-02-20T13:43:01+01:00https://roland.iwasno.net/links/https://roland.iwasno.net/links/https://roland.iwasno.net/links/Using FIDO2 Auth Keys (Yubikey, Solokeys) with MacOS and FreeBSD // hackacad.nethttps://roland.iwasno.net/links/?aEOkIQ2024-02-20T13:43:01+01:00Just what it says in the title.<br>(<a href="https://roland.iwasno.net/links/?aEOkIQ">Permalink</a>)Enchive : encrypted personal archives, by Chris Wellons (https://nullprogram.com/)https://roland.iwasno.net/links/?SDGf5g2024-02-08T02:14:00+01:00Enchive is a tool to encrypt files to yourself for long-term archival. It's a focused, simple alternative to more complex solutions such as GnuPG or encrypted filesystems. Enchive has no external dependencies and is trivial to build for local use. Portability is emphasized over performance.<br />
<br />
Supported platforms: Linux, BSD, macOS, Windows<br />
<br />
The name is a portmanteau of "encrypt" and "archive," pronounced en'kīv.<br />
<br />
Files are secured with ChaCha20, Curve25519, and HMAC-SHA256.<br />
<br />
Key pairs can be derived from a pass phrase. See <a href="https://github.com/skeeto/passphrase2pgp" rel="nofollow">https://github.com/skeeto/passphrase2pgp</a> for a tool to generate gpg key pairs in a similar way.<br>(<a href="https://roland.iwasno.net/links/?SDGf5g">Permalink</a>)DROPSAFE Security, Privacy, Digital Rights, and Nerdy Parenthoodhttps://roland.iwasno.net/links/?8aJSnw2024-01-02T12:59:19+01:00Found via a link on the TUHS mailing list to <a href="https://alecmuffett.com/article/108789" rel="nofollow">https://alecmuffett.com/article/108789</a><br />
See <a href="https://alecmuffett.com/article/108139" rel="nofollow">https://alecmuffett.com/article/108139</a> "Hot on the heels of #ChatControl and in the name of “identity” and “consumer choice” the EU seeks the ability to undetectably spy on HTTPS communication; 300+ experts say “no” to #Article45 of #eIDAS #QWAC"<br>(<a href="https://roland.iwasno.net/links/?8aJSnw">Permalink</a>)Getting started with Google OpenSKhttps://roland.iwasno.net/links/?4_a2Sw2023-11-14T07:41:40+01:00OpenSK <a href="https://github.com/google/OpenSK" rel="nofollow">https://github.com/google/OpenSK</a> released by Google is a fully open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.<br />
<br />
OpenSK is based on the FIDO2 specifications, which combine the World Wide Web Consortium’s (W3C) Web Authentication (WebAuthn) specification and FIDO Alliance’s corresponding Client-to-Authenticator Protocol (CTAP).<br />
<br />
The nRF52840 MDK USB Dongle works well with OpenSK. Taking advantage of the UF2 Bootloader, you can easily program the OpenSK by just copying the .uf2-format image to the flash drive.<br>(<a href="https://roland.iwasno.net/links/?4_a2Sw">Permalink</a>)SPARKNaCl - Two Years of Optimizing Crypto Code in SPARK (and counting)https://roland.iwasno.net/links/?GSkTIw2023-09-15T13:27:49+02:00Found on <a href="https://www.linux.com/audience/developers/hacking-the-linux-kernel-in-ada-part-1/" rel="nofollow">https://www.linux.com/audience/developers/hacking-the-linux-kernel-in-ada-part-1/</a><br>(<a href="https://roland.iwasno.net/links/?GSkTIw">Permalink</a>)Keyoxidehttps://roland.iwasno.net/links/?acPqYw2023-05-02T14:31:37+02:00Verifying online identity with cryptography.<br />
Found via Nicolas Martyanoff's page <a href="https://www.n16f.net/about/" rel="nofollow">https://www.n16f.net/about/</a><br>(<a href="https://roland.iwasno.net/links/?acPqYw">Permalink</a>)SC4: Secure Communications in a Very Small Code Basehttps://roland.iwasno.net/links/?Tew39g2023-04-21T17:16:05+02:00SC4 is a secure communications system specifically designed for (relatively) easy auditability by way of a ruthless commitment to simplicity. SC4 provides the functional equivalent of PGP from the end-user's point of view, but implements it in two order of magnitude less code. The cryptographic core of SC4 is Daniel J. Bernstein's TweetNaCl library (<800 LOC). On top of this we have a variety of UI implementations ranging from 1000 to 5000 LOC. One of these has completed a formal audit to date.<br>(<a href="https://roland.iwasno.net/links/?Tew39g">Permalink</a>)Nicolas Martyanoff — Brain dumphttps://roland.iwasno.net/links/?cZ1MSA2023-02-17T07:26:04+01:00Interesting blog, includes articles such as<br />
Using GnuPG <a href="https://www.n16f.net/blog/using-gnupg/" rel="nofollow">https://www.n16f.net/blog/using-gnupg/</a><br />
<a href="https://www.n16f.net/blog/decluttering-dired-for-peace-of-mind/" rel="nofollow">https://www.n16f.net/blog/decluttering-dired-for-peace-of-mind/</a><br />
<a href="https://www.n16f.net/blog/common-lisp-implementations-in-2023/" rel="nofollow">https://www.n16f.net/blog/common-lisp-implementations-in-2023/</a><br>(<a href="https://roland.iwasno.net/links/?cZ1MSA">Permalink</a>)The OpenSSL Projecthttps://roland.iwasno.net/links/?ZuLAZw2022-09-27T07:08:03+02:00OpenSSL software - a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication.<br>(<a href="https://roland.iwasno.net/links/?ZuLAZw">Permalink</a>)Read Practical Cryptography With Go | Leanpubhttps://roland.iwasno.net/links/?C4rbzg2022-08-10T11:50:25+02:00Found via a link on <a href="https://docs.gitlab.com/ee/user/ssh.html" rel="nofollow">https://docs.gitlab.com/ee/user/ssh.html</a><br>(<a href="https://roland.iwasno.net/links/?C4rbzg">Permalink</a>)GNU Privacy Guard is very powerful software with a terrible interface.https://roland.iwasno.net/links/?OWVyDA2022-07-01T11:31:54+02:00This document attempts to give you the tools needed to answer questions and explain the mysteries of gpg and PGP so that you too can take advantage of this tool and stop making excuses.<br />
Found on <a href="https://rgoulter.com/blog/posts/programming/2022-06-10-a-visual-explanation-of-gpg-subkeys.html" rel="nofollow">https://rgoulter.com/blog/posts/programming/2022-06-10-a-visual-explanation-of-gpg-subkeys.html</a><br />
See also <a href="https://github.com/dmshaw/paperkey" rel="nofollow">https://github.com/dmshaw/paperkey</a> and <a href="https://github.com/jonathancross/jc-docs" rel="nofollow">https://github.com/jonathancross/jc-docs</a><br>(<a href="https://roland.iwasno.net/links/?OWVyDA">Permalink</a>)A Visual Explanation of GPG Subkeys - Richard Goulter's Bloghttps://roland.iwasno.net/links/?J2USmg2022-06-27T11:17:05+02:00Found via <a href="https://rgoulter.com/blog/posts/programming/2020-08-22-early-impressions-of-bm40rgb-ortholinear-keyboard.html" rel="nofollow">https://rgoulter.com/blog/posts/programming/2020-08-22-early-impressions-of-bm40rgb-ortholinear-keyboard.html</a><br />
See also<br />
<a href="https://rgoulter.com/blog/posts/programming/2022-02-20-using-home-manager-to-manage-symlinks-to-dotfiles.html" rel="nofollow">https://rgoulter.com/blog/posts/programming/2022-02-20-using-home-manager-to-manage-symlinks-to-dotfiles.html</a><br />
<a href="https://rgoulter.com/blog/posts/programming/2014-04-26-online-resources-for-git.html" rel="nofollow">https://rgoulter.com/blog/posts/programming/2014-04-26-online-resources-for-git.html</a><br />
and probably more.<br>(<a href="https://roland.iwasno.net/links/?J2USmg">Permalink</a>)Algorand: A Better Distributed Ledger, with Silvio Micalihttps://roland.iwasno.net/links/?Fcjcyg2022-06-19T22:57:11+02:00Found on <a href="http://www.pfarrell.com/" rel="nofollow">http://www.pfarrell.com/</a><br>(<a href="https://roland.iwasno.net/links/?Fcjcyg">Permalink</a>)Real-World Cryptographyhttps://roland.iwasno.net/links/?Q4JSAw2022-06-07T17:24:27+02:00Found on <a href="https://crypto.stackexchange.com/questions/71053/soft-question-what-are-examples-of-beautiful-proofs-in-cryptography" rel="nofollow">https://crypto.stackexchange.com/questions/71053/soft-question-what-are-examples-of-beautiful-proofs-in-cryptography</a>?<br>(<a href="https://roland.iwasno.net/links/?Q4JSAw">Permalink</a>)Encrypting sensitive and personal datahttps://roland.iwasno.net/links/?BZ9vIg2022-04-06T17:01:32+02:00Available for Linux, OS X and Windows. More details can be found on <a href="https://www.primx.eu/en/encryption-software/zed-en/" rel="nofollow">https://www.primx.eu/en/encryption-software/zed-en/</a><br />
ALGORITHMS: AES (128 to 256 bits) and RSA (1024 to 4096 bits).<br />
TECHNOLOGIES: PKCS#1, PKCS#5, PKCS#11, X509, Microsoft CSP, LDAP technologies, PKIx compatible.<br />
PKCS#1 RSA Cryptography Standard <a href="https://en.wikipedia.org/wiki/PKCS_1" rel="nofollow">https://en.wikipedia.org/wiki/PKCS_1</a> <br />
PKCS#5 Password-based Encryption Standard <a href="https://en.wikipedia.org/wiki/PBKDF2" rel="nofollow">https://en.wikipedia.org/wiki/PBKDF2</a><br />
PKCS#11 Cryptographic Token Interface <a href="https://en.wikipedia.org/wiki/PKCS_11" rel="nofollow">https://en.wikipedia.org/wiki/PKCS_11</a><br />
X509 <a href="https://en.wikipedia.org/wiki/X.509" rel="nofollow">https://en.wikipedia.org/wiki/X.509</a> (ITU) standard defining the format of public key certificates.<br />
Does CSP stand for <a href="https://en.wikipedia.org/wiki/Credential_service_provider" rel="nofollow">https://en.wikipedia.org/wiki/Credential_service_provider</a> , Cloud service provide <a href="https://mymatetech.net/what-is-microsoft-csp-ab5b80519e79" rel="nofollow">https://mymatetech.net/what-is-microsoft-csp-ab5b80519e79</a> or something else?<br />
LDAP <a href="https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol" rel="nofollow">https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol</a><br />
Does PKIx stand for <a href="https://en.wikipedia.org/wiki/X.509#PKIX_Working_Group" rel="nofollow">https://en.wikipedia.org/wiki/X.509#PKIX_Working_Group</a> ?<br />
<br />
SYSTEMS: Available for Windows 11 to Windows 7, Linux (various distributions) and Mac OS.<br />
LANGUAGES: Available in 7 languages.<br />
ZED! mobile app for iOS and Android.<br>(<a href="https://roland.iwasno.net/links/?BZ9vIg">Permalink</a>)Lightweight Cryptography | CSRChttps://roland.iwasno.net/links/?zLAmNA2022-03-28T18:17:36+02:00List of the ten Finalists of the lightweight crypto standardization process.<br>(<a href="https://roland.iwasno.net/links/?zLAmNA">Permalink</a>)GitHub - seemoo-lab/fido2ext: Bring Your Own FIDO2 Extensions!https://roland.iwasno.net/links/?A5wSXA2022-03-15T13:40:16+01:00This repository documents how to implement custom FIDO2 extensions. It contains supplementary material to our paper at ETAA 2021. We describe how to implement extensions on all parts of the FIDO2 stack: On the relying party (website), on the client (browser), and on the authenticator (hardware token).<br />
<br />
Found via <a href="https://positive.security/blog/find-you" rel="nofollow">https://positive.security/blog/find-you</a> and <a href="https://github.com/seemoo-lab/openhaystack" rel="nofollow">https://github.com/seemoo-lab/openhaystack</a><br>(<a href="https://roland.iwasno.net/links/?A5wSXA">Permalink</a>)Time-based One-time Password (TOTP) - MELPAhttps://roland.iwasno.net/links/?TIISDw2021-10-19T09:50:40+02:00Create TOTP using gnutls for crypto and auth source for secure storage of shared secret.<br />
Emacs 27.1 is required for bignum support.<br />
Found on Sacha Chua's blog <a href="https://sachachua.com/blog/2021/10/2021-10-18-emacs-news/" rel="nofollow">https://sachachua.com/blog/2021/10/2021-10-18-emacs-news/</a><br>(<a href="https://roland.iwasno.net/links/?TIISDw">Permalink</a>)A few comments on ‘age’ – Neil Maddenhttps://roland.iwasno.net/links/?DWifxw2021-10-12T18:09:43+02:00Critical review of some of the design choices made in the cryptographic tool 'age'.<br />
There are other interesting articles, such as the three-part series<br />
<a href="https://neilmadden.blog/2018/11/14/public-key-authenticated-encryption-and-why-you-want-it-part-i/" rel="nofollow">https://neilmadden.blog/2018/11/14/public-key-authenticated-encryption-and-why-you-want-it-part-i/</a><br />
<a href="https://neilmadden.blog/2018/11/26/public-key-authenticated-encryption-and-why-you-want-it-part-ii/" rel="nofollow">https://neilmadden.blog/2018/11/26/public-key-authenticated-encryption-and-why-you-want-it-part-ii/</a><br />
<a href="https://neilmadden.blog/2018/12/14/public-key-authenticated-encryption-and-why-you-want-it-part-iii/" rel="nofollow">https://neilmadden.blog/2018/12/14/public-key-authenticated-encryption-and-why-you-want-it-part-iii/</a><br />
and<br />
<a href="https://neilmadden.blog/2016/09/13/critical-thinking-for-software-engineers" rel="nofollow">https://neilmadden.blog/2016/09/13/critical-thinking-for-software-engineers</a><br>(<a href="https://roland.iwasno.net/links/?DWifxw">Permalink</a>)Exploring age v 1.0 | Prevent Defaulthttps://roland.iwasno.net/links/?o-wvGg2021-10-12T16:57:17+02:00Introduction to age, a “simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.”<br />
The source code can be found at <a href="https://github.com/FiloSottile/age" rel="nofollow">https://github.com/FiloSottile/age</a> and the german Wikipedia has an entry <a href="https://de.wikipedia.org/wiki/Actually_Good_Encryption" rel="nofollow">https://de.wikipedia.org/wiki/Actually_Good_Encryption</a><br>(<a href="https://roland.iwasno.net/links/?o-wvGg">Permalink</a>)Serious Cryptography | No Starch Presshttps://roland.iwasno.net/links/?ORH3iA2021-10-11T11:31:56+02:00Looks interesting. While not brand new (2017-11), it is more up-to-date than the HAC (5th printing 2001).<br>(<a href="https://roland.iwasno.net/links/?ORH3iA">Permalink</a>)SHA-1 is a Shambleshttps://roland.iwasno.net/links/?FSkm0w2021-09-13T11:47:05+02:00Chosen-prefix collisions for SHA-1. Note that this can affect GPG 1.4.<br />
Found via <a href="https://fossil-scm.org/home/doc/trunk/www/fossil-v-git.wiki" rel="nofollow">https://fossil-scm.org/home/doc/trunk/www/fossil-v-git.wiki</a><br>(<a href="https://roland.iwasno.net/links/?FSkm0w">Permalink</a>)saltpack - a modern crypto messaging formathttps://roland.iwasno.net/links/?1R8y2w2021-06-01T22:14:50+02:00Need to encode, transmit, or store encrypted or signed data? saltpack is a streamlined, modern solution, designed with simplicity in mind. It is easy to implement & integrate. We've made few crypto decisions and instead leave almost all of the heavy lifting to the NaCl library.<br />
<br />
saltpack is a binary message format, encoded using the MessagePack format. Messages are broken up into reasonable (1MB) chunks, over which regular NaCl operations are performed. We have taken pains to address many of the shortcomings of current message formats: (1) only authenticated data is output; (2) repudiable authentication is used wherever possible; (3) chunks cannot be reordered or combined with other transmissions; (4) the public keys of senders and recipients can be hidden; and (5) message truncation is detectable.<br />
<br />
Implementations in Go and Python are available at <a href="https://saltpack.org/implementations" rel="nofollow">https://saltpack.org/implementations</a> The format is used by <a href="https://keybase.io/" rel="nofollow">https://keybase.io/</a><br>(<a href="https://roland.iwasno.net/links/?1R8y2w">Permalink</a>)Monocypher is an easy to use crypto library.https://roland.iwasno.net/links/?_veHIQ2021-04-19T09:54:52+02:00Small. Sloccount counts under 2000 lines of code, small enough to allow audits. The binaries can be under 50KB, small enough for many embedded targets.<br />
Easy to deploy. Just add monocypher.c and monocypher.h to your project. They compile as C99 or C++ and are dedicated to the public domain (CC0-1.0, alternatively 2-clause BSD).<br />
Portable. There are no dependencies, not even on libc.<br />
Honest. The API is small, consistent, and cannot fail on correct input.<br />
Direct. The abstractions are minimal. A developer with experience in applied cryptography can be productive in minutes.<br />
Fast. The primitives are fast to begin with, and performance wasn't needlessly sacrificed. Monocypher holds up pretty well against Libsodium, despite being closer in size to TweetNaCl. (More detailed benchmark)<br>(<a href="https://roland.iwasno.net/links/?_veHIQ">Permalink</a>)AEZ is an authenticated-encryption (AE) scheme optimized for ease of correct use (“AE made EZ”).https://roland.iwasno.net/links/?vYNKDA2021-04-13T13:28:03+02:00Found on <a href="https://www.metzdowd.com/pipermail/cryptography/2021-April/036859.html" rel="nofollow">https://www.metzdowd.com/pipermail/cryptography/2021-April/036859.html</a><br />
"The really important thing is the theory paper, <a href="https://www.cs.ucdavis.edu/~rogaway/aez/rae.pdf" rel="nofollow">https://www.cs.ucdavis.edu/~rogaway/aez/rae.pdf</a>, which is brilliant and anyone who wants to look at block cipher theory should read and understand it."<br>(<a href="https://roland.iwasno.net/links/?vYNKDA">Permalink</a>)cppcryptfs is an encrypted overlay filesystemhttps://roland.iwasno.net/links/?4gTOcA2021-02-12T00:12:57+01:00cppcryptfs is based on the design of gocryptfs, an encrypted overlay filesystem written in Go.<br />
<br />
cppcryptfs is an implementation of the gocryptfs filesystem in C++ for Windows. cppcryptfs is compatible with gocryptfs. Filesystems created with one can generally be mounted (and synced) with the other.<br />
<br />
Found on <a href="https://infosec-handbook.eu/recommendations/" rel="nofollow">https://infosec-handbook.eu/recommendations/</a> via <a href="https://nuetzlich.net/gocryptfs/" rel="nofollow">https://nuetzlich.net/gocryptfs/</a><br>(<a href="https://roland.iwasno.net/links/?4gTOcA">Permalink</a>)Aaron Toponcehttps://roland.iwasno.net/links/?DwL59Q2020-12-18T23:02:20+01:00Blog about cryptography, hash functions and more<br>(<a href="https://roland.iwasno.net/links/?DwL59Q">Permalink</a>)Intel(R) Intelligent Storage Acceleration Libraryhttps://roland.iwasno.net/links/?dQBOCg2020-06-15T15:26:37+02:00ISA-L is a collection of optimized low-level functions targeting storage applications. ISA-L includes:<br />
Erasure codes - Fast block Reed-Solomon type erasure codes for any encode/decode matrix in GF(2^8).<br />
CRC - Fast implementations of cyclic redundancy check. Six different polynomials supported.<br />
iscsi32, ieee32, t10dif, ecma64, iso64, jones64.<br />
Raid - calculate and operate on XOR and P+Q parity found in common RAID implementations.<br />
Compression - Fast deflate-compatible data compression.<br />
De-compression - Fast inflate-compatible data compression.<br />
BSD 3-Clause "New" or "Revised" License.<br />
According to <a href="https://github.com/catid/cm256" rel="nofollow">https://github.com/catid/cm256</a>, ISA-L uses a O(N^3) Gaussian elimination solver for decoding. The CM256 decoder solves the linear system using a fast O(N^2) LDU-decomposition algorithm from "Pivoting and Backward Stability of Fast Algorithms for Solving Cauchy Linear Equations" (T. Boros, T. Kailath, V. Olshevsky), which was hand-optimized for memory accesses.<br />
See also <a href="https://github.com/catid/leopard" rel="nofollow">https://github.com/catid/leopard</a> for a fast O(N log(N)) RS erasure decoder.<br>(<a href="https://roland.iwasno.net/links/?dQBOCg">Permalink</a>).@ Tony Finch's homepagehttps://roland.iwasno.net/links/?dN5DyQ2020-06-08T22:31:25+02:00Interesting software, such as<br />
unifdef selectively removes C preprocessor conditionals. My version of this program now shipped by all the BSDs (including Mac OS X) and is used by the Linux kernel build system.<br />
regpg safely stores server secrets using gpg, so you can keep them in version control.<br />
picoro - tiny coroutine implementations in pure C. I wrote an accompanying article, coroutines in 20 lines of standard C.<br />
Counting the days - tiny routines for converting Gregorian dates into linear counts, like Julian day numbers or Unix time_t. The date of the count - a small routine for converting linear day counts into Gregorian dates.<br />
<a href="https://dotat.at/@/2016-04-22-synergy-vs-xmodmap-fight.html" rel="nofollow">https://dotat.at/@/2016-04-22-synergy-vs-xmodmap-fight.html</a> Why you can't use xmodmap to change how Synergy handles modifier keys<br />
<a href="https://dotat.at/@/2023-05-26-whence-time.html" rel="nofollow">https://dotat.at/@/2023-05-26-whence-time.html</a> Where does my computer get the time from?<br />
His log of links, <a href="https://dotat.at/" rel="nofollow">https://dotat.at/</a>:/ which I found on the TUHS mailing list is also worth reading. He explains a bit about this log on <a href="http://dotat.at/" rel="nofollow">http://dotat.at/</a>.<br>(<a href="https://roland.iwasno.net/links/?dN5DyQ">Permalink</a>)Magic-Wormhole: Get Things From One Computer To Another, Safely — Magic-Wormhole 0.12.0+3.g95a628e.dirty documentationhttps://roland.iwasno.net/links/?p552-A2020-05-27T18:43:39+02:00This package provides a library and a command-line tool named wormhole, which makes it possible to get arbitrary-sized files and directories (or short pieces of text) from one computer to another. The two endpoints are identified by using identical “wormhole codes”: in general, the sending machine generates and displays the code, which must then be typed into the receiving machine.<br />
<br />
The codes are short and human-pronounceable, using a phonetically-distinct wordlist. The receiving side offers tab-completion on the codewords, so usually only a few characters must be typed. Wormhole codes are single-use and do not need to be memorized.<br>(<a href="https://roland.iwasno.net/links/?p552-A">Permalink</a>)The first open-source FIDO2 security keyhttps://roland.iwasno.net/links/?2StZng2020-05-24T23:29:20+02:00Open-source hard- and software for two-factor authentication.<br />
I need to test them and want to understand the differences between versions 1 and 2. The articles<br />
<a href="https://solokeys.com/blogs/news/trussed-announcement" rel="nofollow">https://solokeys.com/blogs/news/trussed-announcement</a> and<br />
<a href="https://github.com/trussed-dev/trussed-totp-pc-tutorial" rel="nofollow">https://github.com/trussed-dev/trussed-totp-pc-tutorial</a> look interesting.<br>(<a href="https://roland.iwasno.net/links/?2StZng">Permalink</a>)A New Eval Server For Emacs – Random Thoughtshttps://roland.iwasno.net/links/?5ca0_Q2020-05-08T15:18:48+02:00Code is at<br />
<a href="https://github.com/larsmagne/eval-server.el" rel="nofollow">https://github.com/larsmagne/eval-server.el</a><br>(<a href="https://roland.iwasno.net/links/?5ca0_Q">Permalink</a>)Things that use Ed25519https://roland.iwasno.net/links/?4w0KmQ2019-11-29T15:16:41+01:00Here's a list of protocols and software that use or support the superfast, super secure Ed25519 public-key signature system from Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang.<br>(<a href="https://roland.iwasno.net/links/?4w0KmQ">Permalink</a>)Open Source Password Management Solutions | Bitwardenhttps://roland.iwasno.net/links/?_JiX-Q2019-11-29T15:14:09+01:00Yet another password manager.<br>(<a href="https://roland.iwasno.net/links/?_JiX-Q">Permalink</a>)restic · Backups done right!https://roland.iwasno.net/links/?0SirRw2019-11-06T15:49:28+01:00Encrypted, deduplicated backup tool, runs on Linux, *BSD, OS X and Windows.<br>(<a href="https://roland.iwasno.net/links/?0SirRw">Permalink</a>)The Zero Knowledge Cloudhttps://roland.iwasno.net/links/?iyRqbw2019-07-04T18:34:10+02:00CryptPad is a private-by-design alternative to popular office tools and cloud services. All the content stored on CryptPad is encrypted before being sent, which means nobody can access your data unless you give them the keys (not even us).<br>(<a href="https://roland.iwasno.net/links/?iyRqbw">Permalink</a>)Installing Debian with encrypted boot using GRMLhttps://roland.iwasno.net/links/?_26b7Q2019-07-04T14:53:18+02:00These steps describe a full disk (including /boot) encrypted setup on a non coreboot enabled system using the great grml live distro.<br>(<a href="https://roland.iwasno.net/links/?_26b7Q">Permalink</a>)The Noise Protocol Frameworkhttps://roland.iwasno.net/links/?UAXVLw2019-05-26T15:05:57+02:00Noise is a framework for crypto protocols based on Diffie-Hellman key agreement. Noise can describe protocols that consist of a single message as well as interactive protocols.<br />
Used in WireGuard <a href="https://www.wireguard.com/" rel="nofollow">https://www.wireguard.com/</a><br>(<a href="https://roland.iwasno.net/links/?UAXVLw">Permalink</a>)sequoia-pgp / sequoia · GitLabhttps://roland.iwasno.net/links/?dKdefQ2019-02-27T15:01:02+01:00Sequoia is a cool new OpenPGP implementation. It consists of several<br />
crates, providing both a low-level and a high-level API for dealing<br />
with OpenPGP data.<br />
It is written in Rust<br>(<a href="https://roland.iwasno.net/links/?dKdefQ">Permalink</a>)AONT-Tolstoy: 1-click encode / decode of confidential information — no keys neededhttps://roland.iwasno.net/links/?mANlqQ2019-02-08T14:46:46+01:00AONT = All Or Nothing Transforms = a secure way to transmit a document to a recipient in such a way that the recipient either gets the entire unmolested document in originally submitted form, or nothing at all. This idea goes back to Ronald Rivest of MIT. Very clever idea. It is crypto without being crypto in a legal sense.<br />
See also <a href="https://github.com/dbmcclain/Math" rel="nofollow">https://github.com/dbmcclain/Math</a>, <a href="https://github.com/dbmcclain/LispPlotter" rel="nofollow">https://github.com/dbmcclain/LispPlotter</a>, <a href="https://github.com/dbmcclain/EBU-R128" rel="nofollow">https://github.com/dbmcclain/EBU-R128</a> and probably more.<br>(<a href="https://roland.iwasno.net/links/?mANlqQ">Permalink</a>)gopass is a simple but powerful password manager for your terminal.https://roland.iwasno.net/links/?hxQ1bA2018-09-03T16:17:01+02:00gopass is a rewrite of the pass password manager <a href="http://www.passwordstore.org" rel="nofollow">http://www.passwordstore.org</a> in Go with the aim of making it cross-platform and adding additional features. Our target audience are professional developers and sysadmins (and especially teams of those) who are well versed with a command line interface. One explicit goal for this project is to make it more approachable to non-technical users. We go by the UNIX philosophy and try to do one thing and do it well, providing a stellar user experience and a sane, simple interface.<br />
<a href="https://www.gopass.pw" rel="nofollow">https://www.gopass.pw</a><br>(<a href="https://roland.iwasno.net/links/?hxQ1bA">Permalink</a>)NeoPG - A multiversal crypto engine.https://roland.iwasno.net/links/?1tKxDQ2018-07-03T17:48:52+02:00NeoPG is a modern replacement for GnuPG 2<br />
NeoPG starts as an opinonated fork of GnuPG 2 to clean up the code and make it easier to develop.<br />
We want to provide a stable and extensible API for application developers, too.<br />
Eventually, we will add new ways to use OpenPGP that make it accessible and usable.<br />
As of 2021-12-06, the domain is no longer in use.<br>(<a href="https://roland.iwasno.net/links/?1tKxDQ">Permalink</a>)Convenient End-to-End Encryption for E-Mailhttps://roland.iwasno.net/links/?Es1kJg2018-05-07T15:50:53+02:00Autocrypt is a set of guidelines for developers to achieve convenient end-to-end-encryption of e-mails. It specifies how e-mail programs negotiate encryption capabilities using regular e-mails.<br />
<br />
For users, Autocrypt Level 1 offers single-click, opt-in encryption, eases encrypted group communications, and provides a way to setup encryption on multiple devices.<br>(<a href="https://roland.iwasno.net/links/?Es1kJg">Permalink</a>)ElsieFour: A Low-Tech Authenticated Encryption Algorithm For Human-to-Human Communicationhttps://roland.iwasno.net/links/?DGOKYQ2018-03-27T13:24:53+02:00Abstract.<br />
ElsieFour (LC4) is a low-tech cipher that can be computed by hand;<br />
but unlike many historical ciphers, LC4 is designed to be hard to break. LC4 is intended for encrypted communication between humans only, and therefore it encrypts and decrypts plaintexts and ciphertexts consisting only of the English letters A through Z plus a few other characters. LC4 uses a nonce in addition to the secret key, and requires that different messages use unique nonces. LC4 performs authenticated encryption, and optional header data can be included in the authentication. This paper defines the LC4 encryption and decryption algorithms, analyzes LC4’s security, and describes a simple appliance for computing LC4 by hand.<br />
<br />
An extended version called LS47 can be found on <a href="https://github.com/exaexa/ls47" rel="nofollow">https://github.com/exaexa/ls47</a>, which includes a 3D-printable model of the tiles.<br>(<a href="https://roland.iwasno.net/links/?DGOKYQ">Permalink</a>)Render Multimedia in Pure Chttps://roland.iwasno.net/links/?DOspBg2017-12-30T19:46:16+01:00Examples of simple audio and video synthesis in C.<br />
The blog has many other interesting articles such as<br />
<a href="http://nullprogram.com/blog/2017/10/06/" rel="nofollow">http://nullprogram.com/blog/2017/10/06/</a> A branchless UTF-8 decoder<br />
<a href="http://nullprogram.com/blog/2017/09/21/" rel="nofollow">http://nullprogram.com/blog/2017/09/21/</a> Finding the Best 64-bit Simulation PRNG<br />
<a href="http://nullprogram.com/blog/2017/09/15/" rel="nofollow">http://nullprogram.com/blog/2017/09/15/</a> Blowpipe: a Blowfish-encrypted, Authenticated Pipe<br />
<a href="https://nullprogram.com/blog/2020/05/15/" rel="nofollow">https://nullprogram.com/blog/2020/05/15/</a> w64devkit: a Portable C and C++ Development Kit for Windows<br />
<a href="https://nullprogram.com/blog/2020/01/22/" rel="nofollow">https://nullprogram.com/blog/2020/01/22/</a> A Makefile for Emacs Packages<br />
<a href="https://nullprogram.com/blog/2019/08/09/" rel="nofollow">https://nullprogram.com/blog/2019/08/09/</a> Keyringless GnuPG<br>(<a href="https://roland.iwasno.net/links/?DOspBg">Permalink</a>)Monocypherhttps://roland.iwasno.net/links/?KLz7nA2017-03-28T19:33:05+02:00Monocypher is an easy to use crypto library inspired by libsodium and TweetNaCl.<br>(<a href="https://roland.iwasno.net/links/?KLz7nA">Permalink</a>)SHAtteredhttps://roland.iwasno.net/links/?RvS0Vg2017-02-27T11:46:38+01:00First collision for SHA-1 has been constructed by researchers at CWI and Google.<br>(<a href="https://roland.iwasno.net/links/?RvS0Vg">Permalink</a>)Cryptocat - encrypted chat programhttps://roland.iwasno.net/links/?4OsacQ2017-01-31T16:40:08+01:00Cryptocat is free software with a simple mission: everyone should be able to chat with their friends in privacy.<br />
<br />
Open source. All Cryptocat software is published transparently.<br />
Encrypted by default. Every message is encrypted, always.<br />
Forward secure. Chats are safe even if your keys are stolen.<br />
Multiple devices. Devices receive messages even when offline.<br />
File sharing. Securely share files with friends.<br />
<br />
Available for Windows, Linux and Mac.<br>(<a href="https://roland.iwasno.net/links/?4OsacQ">Permalink</a>)LSH - a GNU implementation of the Secure Shell protocolshttps://roland.iwasno.net/links/?nL18pA2016-11-11T16:17:43+01:00A GNU implementation of the Secure Shell protocols<br />
<br />
lsh is a free implementation (in the GNU sense) of the ssh version 2 protocol, standardised by the IETF SECSH working group.<br>(<a href="https://roland.iwasno.net/links/?nL18pA">Permalink</a>)Copay – Secure, Shared Bitcoin Wallethttps://roland.iwasno.net/links/?uQp9MQ2016-11-06T23:28:28+01:00Open source (MIT licensed), available for iOS, Android, Windows, OS X and Linux.<br>(<a href="https://roland.iwasno.net/links/?uQp9MQ">Permalink</a>)