John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most
... [More] commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches. [Less]
Openwall GNU/*/Linux (or Owl for short) is a security-enhanced server platform. The primary approaches to security are proactive source code review, privilege reduction, privilege separation, careful selection of third-party software, safe defaults, "hardening" to reduce the likelihood of successful
... [More] exploitation of security flaws, and the uses of "strong" cryptography. Also available are policy enforcement and integrity checking capabilities.
Besides the security enhancements, other key properties of Owl include the ability to rebuild the entire system from source with one simple command ("make buildworld"), support for software packages found in or developed for Red Hat's and compatible Linux distributions, and support for multiple architectures (currently x86, x86-64, SPARC, and Alpha). [Less]
scanlogd is a TCP port scan detection tool, originally designed to illustrate various attacks an IDS developer has to deal with, for a Phrack Magazine article. Thus, unlike some of the other port scan detection tools out there, scanlogd is designed to be totally safe to use.
... [More] several packet capture interfaces: the raw socket interface on Linux (which does not require any libraries), libnids, and libpcap. [Less]
popa3d is a tiny POP3 daemon for Unix-like operating systems. It was designed with security as the primary goal.
popa3d has been integrated into OpenBSD base tree. It is the default POP3 server on Openwall GNU/*/Linux (Owl), recent versions of Slackware, and distributions by ALT Linux team.
... [More] popa3d is also a part of Debian GNU/Linux, Gentoo Linux, and ASPLinux. [Less]
pam_passwdqc is a simple password strength checking module for PAM-aware password changing programs, such as passwd(1). In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones. All features are optional and can be (re-)configured without
... [More] rebuilding.
The package additionally includes libpasswdqc (a password/passphrase strength checking library), pwqcheck (a standalone password/passphrase strength checking program), and pwqgen (a standalone random passphrase generator program). [Less]
phpass is a portable password hashing framework for use in PHP applications. The preferred (most secure) hashing method supported by phpass is the OpenBSD-style bcrypt (known in PHP as CRYPT_BLOWFISH), with a fallback to BSDI-style extended DES-based hashes (known in PHP as CRYPT_EXT_DES), and a
... [More] last resort fallback to an MD5-based variable iteration count password hashing method implemented in phpass itself. [Less]
crypt_blowfish is an implementation of a modern password hashing algorithm, based on the Blowfish block cipher, provided via the crypt(3) and a reentrant interface. It is compatible with bcrypt by Niels Provos and David Mazieres as used in OpenBSD.
The most important property of bcrypt (and thus
... [More] of crypt_blowfish) is that it is adaptable to future processor performance improvements, allowing you to arbitrarily increase the processing cost of checking a password while still maintaining compatibility with your older password hashes. Already now bcrypt hashes you would use are several orders of magnitude stronger than traditional Unix DES-based or FreeBSD-style MD5-based hashes. [Less]
blists is a web interface to mailing list archives that works off indexed mbox files. There are two programs: bindex and bit. bindex generates or updates the index file (incremental updates are supported). bit is a CGI/SSI program that generates web pages on the fly. Both programs are written in C and are very fast.