miscreant

  •        5

Ruby implementation of Miscreant: Advanced symmetric encryption library which provides the AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions. These algorithms are easy-to-use (or rather, hard-to-misuse) and support encryption of individual messages or message streams. AES-SIV provides nonce-reuse misuse-resistance (NRMR): accidentally reusing a nonce with this construction is not a security catastrophe, unlike it is with more popular AES encryption modes like AES-GCM. With AES-SIV, the worst outcome of reusing a nonce is an attacker can see you've sent the same plaintext twice, as opposed to almost all other AES modes where it can facilitate chosen ciphertext attacks and/or full plaintext recovery.

https://miscreant.io
https://github.com/miscreant/miscreant.rb

Tags
Implementation
License
Platform

   




Related Projects

miscreant - Misuse-resistant symmetric encryption library with AES-SIV (RFC 5297) and AES-PMAC-SIV support

  •    TypeScript

A misuse resistant symmetric encryption library designed to support authenticated encryption of individual messages, encryption keys, message streams, or large files using the AES-SIV (RFC 5297), AES-PMAC-SIV, and STREAM constructions. Miscreant is available for several programming languages, including C#, Go, JavaScript, Python, Ruby, and Rust.

Themis - Crypto library for storage and messaging for ObjC, Android, C++, JS, Python, Ruby and PHP

  •    C

Themis is open-source high-level cryptographic services library for mobile and server platforms, providing secure messaging and secure data storage. Themis provides three important cryptographic services Secure messaging, Secure session and Secure storage.

SSH.NET - SSH.NET is a Secure Shell (SSH) library for .NET, optimized for parallelism.

  •    CSharp

SSH.NET is a Secure Shell (SSH-2) library for .NET, optimized for parallelism.This project was inspired by Sharp.SSH library which was ported from java and it seems like was not supported for quite some time. This library is a complete rewrite, without any third party dependencies, using parallelism to achieve the best performance possible.

Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud

  •    Java

Cryptomator offers multi-platform transparent client-side encryption of your files in the cloud. Most cloud providers encrypt data only during transmission or they keep the keys for decryption for themselves. These keys can be stolen, copied, or misused. With Cryptomator, the key to your data is in your hands. Cryptomator encrypts your data quickly and easily. Afterwards you upload them protected to your favorite cloud service.

encryptor - A simple wrapper for the standard ruby OpenSSL library

  •    Ruby

A bug was discovered in Encryptor 2.0.0 wherein the IV was not being used when using an AES-*-GCM algorithm. Unfornately fixing this major security issue results in the inability to decrypt records encrypted using an AES-*-GCM algorithm from Encryptor v2.0.0. While the behavior change is minimal between v2.0.0 and v3.0.0, the change has a significant impact on users that used v2.0.0 and encrypted data using an AES-*-GCM algorithm, which is the default algorithm for v2.0.0. Consequently, we decided to increment the version with a major bump to help people avoid a confusing situation where some of their data will not decrypt. A new option is available in Encryptor 3.0.0 that allows decryption of data encrypted using an AES-*-GCM algorithm from Encryptor v2.0.0. Encryptor uses the AES-256-GCM algorithm by default to encrypt strings securely.


sjcl - Stanford Javascript Crypto Library

  •    Javascript

The Stanford Javascript Crypto Library is a project by the Stanford Computer Security Lab to build a secure, powerful, fast, small, easy-to-use, cross-browser library for cryptography in Javascript. SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash function; the HMAC authentication code; the PBKDF2 password strengthener; and the CCM and OCB authenticated-encryption modes.

TLS - Transport Layer Security protocol implementation in Python

  •    Python

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communication security over the Internet. This is an open source Python implementation of TLS 1.2, using the Python Cryptographic Authority's (PyCA's) Cryptography libraries for all cryptographic primitives (e.g. AES, RSA, etc.). This project is part of PyCA's efforts to standardize and improve crypto libraries in Python.

AESCrypt-Android - Simple API to perform AES encryption on Android

  •    Java

Simple API to perform AES encryption on Android with no dependancies. This is the Android counterpart to the AESCrypt library Ruby and AESCrypt-ObjC created by Gurpartap Singh. It used the same weak :'( security defaults i.e Blank IV noted below. *Using CBC with the default blank IV is vulnerable. This has been left in for compatibility with AESCrypt implementations. See Adv method for providing your own IV. If you don't need to be compatable with AESCrypt then look at java-aes-crypto it's API is just as simple and generates more secure keys.

crypto-algorithms - Basic implementations of standard cryptography algorithms, like AES and SHA-1.

  •    C

These are basic implementations of standard cryptography algorithms, written by Brad Conte (brad@bradconte.com) from scratch and without any cross-licensing. They exist to provide publically accessible, restriction-free implementations of popular cryptographic algorithms, like AES and SHA-1. These are primarily intended for educational and pragmatic purposes (such as comparing a specification to actual implementation code, or for building an internal application that computes test vectors for a product). The algorithms have been tested against standard test vectors. This code is released into the public domain free of any restrictions. The author requests acknowledgement if the code is used, but does not require it. This code is provided free of any liability and without any quality claims by the author.

ring - Safe, fast, small crypto using Rust

  •    Rust

ring is focused on the implementation, testing, and optimization of a core set of cryptographic operations exposed via an easy-to-use (and hard-to-misuse) API. ring exposes a Rust API and is written in a hybrid of Rust, C, and assembly language. ring is focused on general-purpose cryptography. WebPKI X.509 certificate validation is done in the webpki project, which is built on top of ring. Also, multiple groups are working on implementations of cryptographic protocols like TLS, SSH, and DNSSEC on top of ring.

Darkwire.io - End-to-end encrypted instant web chat

  •    Javascript

Simple encrypted web chat. Powered by socket.io, the web cryptography API. This project is an example of how client side encryption works and how you can integrate it as a chat service. Darkwire server is a Node.js application that requires redis. The Darkwire.io web client is written in JavaScript with React JS and Redux. It uses a combination of asymmetric encryption (RSA-OAEP), symmetric session keys (AES-CBC) and signing keys (HMAC) for security.

BasicCard Elliptic Curve PKS

  •    Java

A smart card-based public key cryptography system based on elliptic curves, using AES for session key generation and SHA for hashing. This project will include the smart card software, terminal software, and a public key server.

breadwallet - breadwallet - bitcoin wallet

  •    Objective-C

mode, breadwallet connects directly to the bitcoin network with the fastperformance you need on a mobile device.**the next step in wallet security:**breadwallet is designed to protect you from malware, browser security holes,*even physical theft*. With AES hardware encryption, app sandboxing, keychainand code signatures, breadwallet represents a significant security advance overweb and desktop wallets, and other mobile platforms.**beautiful simplicity:**Simplicity is breadwallet's core design pr

s2n - an implementation of the TLS/SSL protocols from Amazon

  •    C

s2n is a C99 implementation of the TLS/SSL protocols that is designed to be simple, small, fast, and with security as a priority. s2n implements SSLv3, TLS1.0, TLS1.1, and TLS1.2. For encryption, s2n supports 128-bit and 256-bit AES, in the CBC and GCM modes, 3DES, and RC4. For forward secrecy, s2n supports both DHE and ECDHE.

ejson - EJSON is a small library to manage encrypted secrets using asymmetric encryption.

  •    Go

ejson is a utility for managing a collection of secrets in source control. The secrets are encrypted using public key, elliptic curve cryptography (NaCl Box: Curve25519 + Salsa20 + Poly1305-AES). Secrets are collected in a JSON file, in which all the string values are encrypted. Public keys are embedded in the file, and the decrypter looks up the corresponding private key from its local filesystem.See the manpages for more technical documentation.

NoKey - A distributed password manager without a master password

  •    Elm

NoKey is a distributed password manager that works without a master password. Instead, you can unlock your passwords by confirming from another device. E.g. if you need a password on your PC, you only have to confirm this on your phone. No need to remember any passwords.

.NET Crypto Library (Devv.Core.Crypto)

  •    DotNet

Devv.Core.Crypto is an encryption library written in VB.NET. It supports all the major Cipher and Hash algorithms: RC2, DES, TripleDES, AES (Rijndael), SHA and MD5. The configuration can be done using the application settings file, and it's quite easy to integrate. Compatible ...

PassKeeper

  •    DotNet

A simple C# 2.0 GUI program that manages your usernames and passwords, that is, basically account information. All confidential information is saved using the latest encryption standard, AES (Advanced Encryption Standard), in the highest possible 256-bit strength. Account inf...

phpseclib - PHP Secure Communications Library

  •    PHP

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

keyshuffling - Keyshuffling Attack for Persistent Early Code Execution in the Nintendo 3DS Secure Bootchain

  •    TeX

We demonstrate an attack on the secure bootchain of the Nintendo 3DS in order to gain early code execution. The attack utilizes the block shuffling vulnerability of the ECB cipher mode to rearrange keys in the Nintendo 3DS's encrypted keystore. Because the shuffled keys will deterministically decrypt the encrypted firmware binary to incorrect plaintext data and execute it, and because the device's memory contents are kept between hard reboots, it is possible to reliably reach a branching instruction to a payload in memory. This payload, due to its execution by a privileged processor and its early execution, is able to extract the hash of hardware secrets necessary to decrypt the device's encrypted keystore and set up a persistent exploit of the system. Information in this article (especially the keyshuffling vulnerability) is original, independent work unless cited otherwise. Note that the keyshuffling vulnerability detailed here is the same one documented publicly by much of this team including "stuckpixel" (also known as "dark_samus") on sites such as 3DBrew. Additionally, note that the persistence vulnerability detailed here is the same one documented publicly as "arm9loaderhax" by "plutoo", "derrek", and "smea" at the 2015 32c3 conference.






We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.