This package provides a simple password-based encryption utility as a demonstration of the scrypt key derivation function. Scrypt is designed to be far more resistant against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.

Botan is a cryptography library, written in C++11, offering the tools necessary to implement a range of practical systems, such as TLS/DTLS, PKIX certificate handling, PKCS#11 and TPM hardware support, password hashing, and post-quantum crypto schemes. In addition to the C++, botan has a C89 API specifically designed to be easy to call from other languages. A Python binding using ctypes is included, and several other language bindings are available.

This module is intended to provide a cryptographically-secure replacement for Perl's built-in rand function. "Cryptographically secure", in this case, means:

1. No matter how many numbers you see generated by the random number generator, you cannot guess the future numbers, and you cannot guess the seed.

2. There are so many possible seeds that it would take decades, centuries, or millennia for an attacker to try them all.

3. The seed comes from a source that generates relatively strong random data on your platform, so the seed itself will be as random as possible.

Hpenc is a command-line tool for performing authenticated encryption (AES-GCM and ChaCha20-Poly1305) of streaming data. It does not perform an asymmetric key exchange, instead requiring the user to distribute pre-shared keys out of band. It is designed to handle large amounts of data quickly by using all your CPU cores and hardware acceleration.

Tomb is an application to manage the creation and access of encrypted storage files: it can be operated from commandline and it can integrate with a user's graphical desktop.

ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a fast pseudo-random number generator. It is suitable for applications where a significant amount of random data needs to be produced quickly, such as solving using the Monte Carlo method or for games. The results are uniformly distributed, unbiased, and unpredictable unless you know the seed.

This package implements the same interface as Math::Random::ISAAC.

Sodium is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc.

The currently provided message digest algorithms are:

• MD2

• MD4

• MD5

• RIPEMD-160

• SHA-1

• SHA-2 (SHA-256, SHA-384 and SHA-512)

This package provides a cryptographic hash function that is fast, secure, parallelizable, capable of incremental updates.

The Olm library implements the Double Ratchet cryptographic ratchet. This package contains its Python bindings.

ccrypt is a utility for encrypting and decrypting files and streams. It was designed as a replacement for the standard unix crypt utility, which is notorious for using a very weak encryption algorithm. ccrypt is based on the Rijndael block cipher, a version of which is also used in the Advanced Encryption Standard (AES, see http://www.nist.gov/aes). This cipher is believed to provide very strong security.

EncFS creates a virtual encrypted file system in user-space. Each file created under an EncFS mount point is stored as a separate encrypted file on the underlying file system. Like most encrypted file systems, EncFS is meant to provide security against off-line attacks, such as a drive falling into the wrong hands.

mkp224o generates valid ed25519 (hidden service version 3) onion addresses. It allows one to produce customized vanity .onion addresses using a brute-force method.

ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a fast pseudo-random number generator. It is suitable for applications where a significant amount of random data needs to be produced quickly, such as solving using the Monte Carlo method or for games. The results are uniformly distributed, unbiased, and unpredictable unless you know the seed.

This package provides a Perl interface to the ISAAC pseudo random number generator.

hash_extender is a utility for performing hash length extension attacks supporting MD4, MD5, RIPEMD-160, SHA-0, SHA-1, SHA-256, SHA-512, and WHIRLPOOL hashes.

This package provides b3sum, a command line checksum tool based on the BLAKE3 cryptographic hash function.

Enchive is a tool to encrypt files to yourself for long-term archival. It's a focused, simple alternative to more complex solutions such as GnuPG or encrypted filesystems. Enchive has no external dependencies and is trivial to build for local use. Portability is emphasized over performance.

The libdecaf library is an implementation of elliptic curve cryptography using the Montgomery and Edwards curves Curve25519, Ed25519, Ed448-Goldilocks and Curve448, using the Decaf encoding.

This package provides a crate to sign files and verify signatures.

Minisign is a dead simple tool to sign files and verify signatures. It is portable, lightweight, and uses the highly secure Ed25519 public-key signature system. Signature written by minisign can be verified using OpenBSD's signify tool: public key files and signature files are compatible. However, minisign uses a slightly different format to store secret keys. Minisign signatures include trusted comments in addition to untrusted comments. Trusted comments are signed, thus verified, before being displayed.

BLAKE2 is a cryptographic hash function faster than MD5, SHA-1, SHA-2, and SHA-3, yet is at least as secure as SHA-3.

libb2 is a portable implementation of the BLAKE2 family of cryptographic hash functions. It includes optimised implementations for IA-32 and AMD64 processors, and an interface layer that automatically selects the best implementation for the processor it is run on.

BLAKE2 (RFC 7693) is a family of high-speed cryptographic hash functions that are faster than MD5, SHA-1, SHA-2, and SHA-3, yet are at least as secure as the latest standard, SHA-3. It is an improved version of the SHA-3 finalist BLAKE.

This package provides architecture-specific implementations of the CRC32C algorithm, which is specified in RFC 3720, section 12.1.

stoken is a token code generator compatible with RSA SecurID 128-bit (AES) tokens. This package contains a standalone command-line program that allows for importing token seeds, generating token codes, and various utility/testing functions.