Open Source encryption module loses FIPS certification The National Institute of Standards and Technology has revoked certification of the open-source encryption tool OpenSSL under the Federal Information Processing Standard.
OpenSSL in January became one of the first open-source software products to be validated under NIST?s Computer Module Validation Program for FIPS-140-2. The certificate apparently was suspended in June when questions were raised about the validated module?s interaction with outside software elements.
The revocation caught the Open Source Software Institute, which shepherded the module through the validation process, by surprise.FIPS-140-2 certification is required for cryptographic products used by agencies for unclassified but sensitive information. OpenSSL is an open-source version of Secure Sockets Layer encryption that can be used by browsers and other programs to securely exchange data.
TrueCrypt: open-source encryption software
I have been looking at applications that support file and folder encryption on Windows-based computers. The ideal application should be
reliable should be easy to use, should support multiple encryption methods, should run and mount automatically when a configured
removable device (e.g., a USB Flash Disk or a mobile USB hard drive) is activated,
and should run self-contained (no software installation needed on the host system).
Conclusion: Among the many free and commercial offerings, most appear to offer solid, basic file and folder encryption.
TrueCrypt is easy to use, runs in a self-contained, auto-mounting mode, supports a wide variety of encryption options
(including cascading options), and has good documentation and user support via its forum web site.
Open-source encryption program Developers of the open-source GnuPG encryption software have reported a security flaw that could allow an attacker to sneak malicious code into a signed e-mail message.
GnuPG, or Gnu Privacy Guard, is an open-source version of the PGP encryption program used to encrypt data and creating digital signatures. It's included with several versions of Linux as well as FreeBSD, and is also used widely used by the IT security industry.
The vulnerability allows an attacker to take a signed message and insert additional code, which then appears to the recipient as if it were part of the digitally signed content.
Someone who's able to intercept the message as it's transmitted could inject some data, and then the person who verifies the signature would be told it's a valid, unaltered message," said Thomas Kristensen, chief technology officer at security vendor Secunia in Copenhagen.
Open-source disk encryption software There are some features follows:
* Creates a virtual encrypted disk within a file and mounts it as a real disk.
* Encrypts an entire hard disk partition or a device.
* Encryption is automatic, real-time (on-the-fly) and transparent.
* Provides two levels of plausible deniability, in case an adversary forces you to reveal the password:-
(i). Hidden volume . (ii) No TrueCrypt volume can be identified (volumes cannot be distinguished from random data).
* Encryption algorithms: AES-256, Blowfish (448-bit key), CAST5, Serpent, Triple DES, and Twofish.
Mode of operation: LRW (CBC supported as legacy).
Open-Source On-the-Fly Encryption on Windows
I just came across the TrueCrypt project: free and open source disk encryption software for Windows XP, 2003, and 2000. After installing it, I tried to create an encrypted volume and noticed an option to create a ?hidden?
volume. All well and good, but while reading this, I couldn?t help but think of a situation where the (violent) adversary is someone familiar with this feature of TrueCrypt! In such a situation, it would be impossible for the adversary to be convinced that all data is being revealed to him or her (this is a known drawback in the concept of Plausible Deniability).
That said, I am impressed with the features TrueCrypt as to offer, and I will continue to test it for a while. However, given that the project is barely a year old, I?m not ready to risk using it to protect my primary data just yet.
PHP encryption for the common man open source In this increasingly virtual online world, you have to be careful to protect your data. Learn the basics of encoding and encrypting important bits of information, such as passwords, credit card numbers, and even entire messages. Get an overview of what it means to encrypt and decrypt information, as well as some practical examples involving passwords and other data, using PHP's built-in functionality.
As a PHP developer, you should be aware that strong security practices aren't just for exotic applications -- they're for the project you're working on now. This awareness runs from the pedestrian (such as not showing plaintext in a password field on a login page) to dizzying heights of cryptographic methods (such as DES, MD5, SHA1, Blowfish).
SWF Encryption, Protecting open-source data
For years, flash swf files have been scourged as practically open-source. With programs on the market today, giving a swf is almost identical to handing over the very source file. Having been a flash designer for a number of years, I know this danger all too well, and have done every swoop and dive in order to protect my chances of compromising my work.
Now there is a tool to help protect your hard work from cheap rustlers, Amayeta has produced a program that encrypts your
action script from weary viewers, and protects your work safely, without damaging the end result.
Amayeta Limited are happy to announce the release of SWF Encrypt? 3.0 for Windows! SWF Encrypt 3.0 is the latest and most powerful version of the previously entitled "Flash Incrypt" by Fenix Studio.
Open source disk encryption for Windows
There are only 4 open source disk encryption systems for Windows:
1. Truecrypt by Truecrypt Foundation
2. FreeOTFE by Sarah Dean
3. PGPdisk from PGPi package
4. Crosscrypt by Stefan Scherrer
None of these allows the encryption of the system partition. All "full disk encryption" software is closed source. The author of this site strongly discourages the use of closed source crypto. However, through special tools it is possible to effectively establish a fully encrypted Windows system with open source crypto.