International Cryptography Freedom

Donate for the Cryptome archive of files from June 1996 to the present

INTERNATIONAL CRYPTOGRAPHY FREEDOM

15 December 2015
Bruce Schneier's Cryptogram, 15 December 2015:
Worldwide Cryptographic Products Survey: Edits and Additions Wanted
Back in September, I announced my intention to survey the world market of cryptographic products. The goal is to compile a list of both free and commercial encryption products that can be used to protect arbitrary data and messages. That is, I'm not interested in products that are specifically designed for a narrow application, like financial transactions, or products that provide authentication or data integrity. I am interested in products that people like FBI director James Comey can possibly claim help criminals communicate securely.
Together with a student here at Harvard University, we've compiled a spreadsheet of over 400 products from many different countries.
At this point, we would like your help. Please look at the list. Please correct anything that is wrong, and add anything that is missing. Use this form to submit changes and additions. If it's more complicated than that, please e-mail me.
As the rhetoric surrounding weakening or banning strong encryption continues, it's important for policymakers to understand how international the cryptographic market is, and how much of it is not under their control. My hope is that this survey will contribute to the debate by making that point.
Original announcement:
https://www.schneier.com/blog/archives/2015/09/wanted_cryptogr.html
Current spreadsheet:
https://docs.google.com/spreadsheets/d/1VEEX2bnx06_npHTj4EcfxdSAJGmAESUpgL4RDB51QL0/edit?ts=565c9654&pli=1#gid=0&vpid=A1
Google form for submissions and comments:
https://docs.google.com/forms/d/1EOcIsz7lY_Wj4rTQcRA-FGjQNiyeBkp80NLJNFDafgI/viewform?edit_requested=true

9 March 2010.
US Allows Internet Spy Tech Export to Rogues: http://cryptome.org/0001/treas030810.htm

8 January 2005: Add United States 23.

Beginning December 10, 2001, the US Customs Service intends to ask businesses to report "suspicious" customers wanting to purchase "encryption devices" for shipping overseas. Cryptome welcomes accounts on how this reporting is being done, and whether it includes download of encryption programs such as those listed here. Send encrypted and/or anonymous accounts to: <jya@pipeline.com>. PGP public key at cryptome.org.
This a growing list. Contributions welcome; send to: <jya@pipeline.com>
Please mirror this page, or scavenge it to make your own. Let us know about additional sites or your page and we'll make a link.
See also:
Cryptome for news
Ritter's Learning About Cryptography
Ritter's Crypto Glossary and Dictionary of Technical Cryptography

UNITED STATES UNRESTRICTED CRYPTOGRAPHY

Program URL Notes

USUC 1
Cracking DES http://www.shmoo.com/~pablos/Cracking_DES/ The Shmoo Group is proud to present...
for the first time...
available legally for download in the United States...
from the jurisdiction of the 9th US Circuit Court of Appeals...

USUC 2 Secure Office http://www.filesafety.com
Mirror: http://come.to/SecureOffice
Charles Booher's site, formerly under attack by the USG

USUC 3
Secure Remote Password (SRP) distribution http://srp.stanford.edu/srp/ A cryptographically secure remote-access suite, featuring Telnet and FTP with full strength 128-bit encryption. Open Source, unrestricted downloads. Available from mirror sites worldwide.

USUC 4
PGP 2.62 http://cryptome.org/jya/pgp262-mil.zip Mirror of US military web site offering of PGP 2.62

USUC 5
Snuffle http://cryptome.org/jya/snuffle.txt
Available also at USUC 1
Bernstein's Snuffle program, centerpiece of Bernstein v. USDOJ

USUC 6
GSM A5/1 http://cryptome.org/jya/a51-pi.htm A Pedagogical Implementation of A5/1

USUC 7
PGP 5.0 http://web.qx.net/infocus/pgpinfo.html In Focus offering

USUC 8
GSM A5/1 and A5/2 http://cryptome.org/gsm-a512.htm A Pedagogical Implementation of A5/1 and A5/2

USUC 9
Des.c http://www.ixpres.com/lauraglenn/src/crypto/ Ariel Glenn's offering of
Eric Young's des.c

USUC 10
Shmoo
Moola http://www.shmoo.com/crypto/ Shmoo's offering of
"Cracking DES," the book, and Bernstein's Snuffle; Eric Cordian's PERL crypto; and more

USUC 11
Crypto++ http://www.eskimo.com/~weidai/cryptlib.html Wei Dai's Crytpo++ Library

USUC 12
PGP 6.5.8
See USUC 23
August 26, 2000: CAUTION -- Do not use v6.5.2a due to ADK bug. See: http://cryptome.org/pgp-badbug.htm
Use instead:
PGPFreeware v6.5.8 Windows 95/98/NT/2000
PGPfreeware 6.5.8 Windows 95/98/NT/2000 and
MacOS
which have ADK-bug fixed.

USUC 13
Speak Freely http://www.speakfreely.org/ Brian Wiles'
Speak Freely
Internet Telephone

USUC 14
Michael
Paul
Johnson's
Venerable
Crypto
Site
http://cryptography.org/source/ Michael Paul Johnson's Encryption Algorithms
Diamond 2 Block Cipher source code in dlock2src.zip
Diamond 2 Block Cipher and Sapphire II Stream Cipher Delphi Component in diacrypt_src.zip
One-time pad source code in onepad_src.zip
Crypto shareware object code in qcrypt11.zip
Ruby Mark 5 Hash Cipher source code in ruby_m5_src.zip
Sapphire II Stream Cipher source code in sapphire_src.zip

Pretty Good Privacy Source Code
Version 6.0.2 Macintosh source code and signature
Version 6.0.2 Windows source code and signature

RSA
RSAEuro RSA toolkit

USUC 15
Kerebos http://cryptography.org/source/index.htm
http://cryptography.org/source/kerbnet/
http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/docs/kerbnet-docs.tgz
http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/release_notes
http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/MD5SUMS
http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/source/kerbnet-source.tgz
http://cryptography.org/cgi-bin/crypto.cgi/KerbNet/source/tcl-source.tgz
Kerebos by Michael Paul Johnson

USUC 16
Variety http://www.crypto.com/exports/mail.txt Open list of crypto offerings

USUC 17
PKI http://www.mozilla.org/projects/security/pki/src/download.html This is the source code that Netscape used in Communicator and is now used in the iPlanet servers (http://www.iplanet.com/)

USUC 18
CP4Break http://cryptome.org/cp4/cp4break.html CP4Break by Eddy Jansson and Matthew Skala

USUC 19
MIT Kerberos V5 release 1.2.1 http://www.crypto-publish.org/ In order to provide people outside the US with access to open source cryptography, the Cryptography Publishing Project is making MIT Kerberos V5 release 1.2.1 available without restriction, in compliance with the changes in US export regulations since January, 2000.
The Project was started to make open source cryptographic software freely available in situations where it difficult to obtain the software from its original authors.

USUC 20
PGP 7.0.3
See USUC 23
PGP Freeware v 7.0.3 Windows (7.5 MB)
PGP Freeware v 7.0.3 MacOS (6.2 MB) PGP Freeware 7.0.3

USUC 21
PGPsdk
Source PGPsdk 2.1.1 Source Code for Mac (2.4MB)
PGPsdk 2.1.1 Source Code for Unix (1.8MB)
PGPsdk 2.1.2 Source Code for Windows (2.7MB) PGPsdk 2.1.1 Source Code
September 1, 2001

USUC 22
Shell Encrypt 2003 Program Homepage : http://www.freewebs.com/troy_a_billings/shellencrypt2003/index.html
Download URL : http://www.freewebs.com/troy_a_billings/shellencrypt2003/shencv110.zip
PAD URL : http://www.freewebs.com/troy_a_billings/shellencrypt2003/pad_file.xml
(this is for distribution of the program info, if you know about PAD files great, otherwise please ignore this)
Name: Shell Encrypt 2003
Size: about 1 MB
Version: 1.1.0
Platforms: Windows 98 or Windows XP
Date posted here: July 2003
Author: Troy A. Billings
Description: Fully functional 128-bit encryption program, the download comes with 5 Standard Keys to encrypt and decrypt messages and files.
Shell Encrypt is powerful yet easy to use, runs on both Windows 98 and Windows XP. With it you can encrypt and decrypt text files, email messages, and any type of binary files. Comes with its own Installer and Uninstaller. Excellent for personal communications and/or business transactions that require absolute confidentiality.
Optional $20 donation gets your own 5 Unique Keys, and if you want, a lifetime of program updates including any encryption or speed improvements as they're developed.

USUC 23
PGP Freeware 8.1 PGP Freeware v 8.1 Windows (8.3 MB)
PGP Freeware v 8.1 Windows (German) (9.0 MB)
PGP Freeware v 8.1 MacOS (5.5 MB) Read PGP Freeware 8.1 notice:

INTERNATIONAL MIRROR SITES

Country URL Notes

Australia 1 ftp.psy.uq.oz.au:/pub/Crypto

Australia 1 ftp.psy.uq.oz.au:/pub/Crypto

Australia 2 http://vicraves.i-o.net.au/crypto.html No access logging

Australia 3 http://www.wiretapped.net/
http://the.wiretapped.net/security/cryptography/
ftp://the.wiretapped.net/pub/security/cryptography/
A seriously vast array of other security and cryptography related material
AusMac Crypto Library

Austria 1 ftp://ftp.giga.or.at/pub/hacker/crypt Stuff related to crypto

Austria 2 ftp://ftp.giga.or.at/pub/hacker/stego Stuff related to steganography

Austria 3 ftp://ftp.giga.or.at/pub/hacker/Incoming For very welcome contributions of all sorts: binaries, texts, sources, etc. related to cryptography, cryptanalysis, steganography, information hiding, etc.

Brazil 1 http://www.nw.com.br/users/pbarreto/crypto_page.html Selected links, public domain crypto software, mostly related to elliptic curves and block ciphers

Brazil 2 http://novaware.cps.softex.br/ NOTICE: Neither Novaware nor this site are subject to restrictions from the Wassenaar Agreement on the control of Cryptography

Brazil 3 http://novaware.cps.softex.br/mirrors/cryptix-java/ Cryptix mirror

Canada 1 http://www.privacy.nb.ca/cancrypt/ CanCrypt, a directory of Canadian cryptographic resources. It is intended to be a clearing house of Canadian related cryptographic resources.
Although the relaxing of US export regulations has reduced some of its importance, Canada still has a more liberal cryptographic policy for export and usage. Compared to both the USA (re: export) and UK (re: RIP) it is very crypto-friendly.
233MB+; Apache-SSL, SSLeay, cryptlib, freeswan, gnupg, mozilla-crypto, pgpi, ssh, more

Canada 2 ftp://gwynne.cs.ualberta.ca/pub/Crypto/

Canada 3 ftp://ftp.mindlink.net/pub/crypto/
See for access procedure: ftp://ftp.mindlink.net/pub/crypto/README.html

Canada 4 http://www.interlog.com/~rguerra/www 224! PGP and Privacy Links

Canada 5 http://crypto.yashy.com/

Croatia 1 pgp.rasip.fer.hr:/pub/crypt

Denmark 1 http://www.datashopper.dk/~boo/index.html Assorted PGP Freeware

Finland 1 http://www.ssh.fi/tech/crypto/sites.html Multiple Sources

Finland 2 ftp.funet.fi:/pub/crypt PGP, symmetric and asymmetric encryption, crypto libraries, papers

Finland 3 http://www.pgpi.org/ International PGP Home Page

Finland 4 ftp://garbo.uwasa.fi/pc/crypt

France 1 http://web.cnam.fr/reseau/Crypto/ L'utilisation du chiffrement en France

France 2 ftp://ftp.lip6.fr/pub2/linux/networking/net-source/mail/pgp/ GnuPG
PGP Sendmail v1.4
Auto PGP 1.04
PGP 2.6.3is
PGP 5.0-b8

France 3 http://www.fortunecity.co.uk/skyscraper/techie/18/cryptofree-fr.htm "Liberte pour la cryptographie internationale." UK Mirror, 10MB. PGP, DOS & Unix versions, sources, GNUPG, ScramDisk, the PGP 6.0 & 2.62 french manuals, etc. All are freeware and none have been exported from USA (only PGP international versions).

France 4 http://www.cl.cam.ac.uk/~fapp2/software/Scramdisk_2.02H-fr.zip A French version of ScramDisk, the famous hard disk encryption program for Windows 95/98 written by Aman & Sam Simpson. Fabien Petitcolas, a cryptographer from the Cambridge University (UK) supervised this work: http://www.cl.cam.ac.uk/~fapp2/scramdisk/

Germany 1 ftp.darmstadt.gmd.de:/pub/crypto

Germany 2 ftp.informatik.uni-hildesheim.de:/pub/security

Germany 3 ftp://ftp.pca.dfn.de/pub/tools/crypt/

Germany 4 ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/ Disk and file encryption, PGP, stego, voice encryption

Germany 5 ftp://ftp.uni-mainz.de/pub/internet/security/SSL/ SSL site

Germany 6 http://www.d.shuttle.de/isil/gnupg/ The GNU Privacy Guard

Germany 7 http://munitions.vipul.net/
Autosyncing mirrors:
http://munitions.dyn.org/dolphin.cgi?command=index -- Amsterdam Science Park, The Netherlands
http://munitions.polkaroo.net -- Ottawa, Canada
http://munitions.cifs.org -- Sydney, Australia
http://uk1.munitions.net -- Oxford, UK
http://munitions.firenze.linux.it/ -- Italy (Files-only mirror)
munitions is a mega-archive of cryptographic software for the linux operating system. here you'll find free software tools for building and maintaining secure, tamperproof linux installations and achieving electronic privacy in the highly intrusive networked environments of today.
<network> <data haven> <email> <anonymizers> <secure ip> <secure tcp> <ssh> <ssl> <www> <key mgmt> <libraries> <maths> <pgp> <gnupg> <system> <kernel> <kerberos> <unix> <password> <filesystem> <steganography> <voice>

Hong Kong 1 ftp://ftp.futuredynamics.com/freecrypto/; or, if broken
ftp://futuredynamics.com/freecrypto/; or, if also busted
ftp://202.87.252.100/freecrypto/
Mirrors of ftp.pgpi.com; ftp.psy.uq.oz.au/pub/Crypto (SSLeay and SSH); Fortify; and the Speakfree distribution from ftp.fourmilab.ch/pub/web/speakfree.
About 180 Mb. More stuff will be hopefully added later.

Hungary 1 ftp.kfki.hu:/pub/packages/security
Full description:
http://www.kfki.hu/ftp.html#Security
SSH, SSL, SSL applications, libdes, OPIE, PGP, SRP and other non-cryptographical-security tools.

Ireland 1 ftp://ftp.heanet.ie/pub/crypto/ Contains SSH, SSL, SSL apps, PGPI. More to come.

Italy 1 idea.sec.dsi.unimi.it:/pub/security/crypt

Japan 1 http://www2.eccosys.co.jp/~tsuruta/pgp/ Tsuruta's MacPGP Page

Kyrgyzstan 1 http://www.underground.org.kg/crypto/

Netherlands 1 utopia.hacktic.nl:/pub/replay/pub/disk Apache, Applied Crypto files, encryption, Java, PGP, remailers, security, voice encryption files

Netherlands 2 http://www.replay.com

Netherlands 3 ftp://ftp.replay.com/pub/crypto/crypto/LIBS/cryptolib/crypto30.zip Crypto++ 3.0, a major revision of a free C++ class library of cryptographic primitives.

Netherlands 4 http://www.monster.org/mirror/gsm/ GSM A5/1 and A5/2.

New Zealand 1 http://www.cs.auckland.ac.nz/~pgut001/links.html A Comprehensive List of Worldwide Sources

New Zealand 2 http://www.cs.auckland.ac.nz/~pgut001/archive.html
(Not yet active; meanwhile see NZ 1 above)
Peter Guttman: This currently contains a mostly blank page because it'll take a few days to get things set up, but I thought I'd get the ball rolling. Once it's ready I'll use it to make all sorts of crypto available to anyone anywhere until ordered by a NZ court to stop doing so (this is a long way removed from being ordered by the Ministry of Foreign Affairs and Trade to stop doing so), or alternatively until the machine sh*ts itself and dies, which may happen somewhat sooner :-).
The archives (when ready) will be stored on a machine for which accesses are not logged. It may also allow SSL access (with strong encryption, obviously), which will include making available dummy files of various sizes so that it's not possible to prove (based on traffic analysis) exactly what was downloaded ("Crypto? Certainly not, I was downloading this paper on the history of Ethiopian pottery in 4000BC").

Norway 1 ftp.unit.no:/pub/unix/security

Norway 2 ftp://ftp.ifi.uio.no/pub/gnu/ Main distribution site for crypt() in glibc

Norway 3 ftp://ftp.ifi.uio.no/pub/pgp/ (the same as ftp.no.pgpi.com) Main distribution site for pgpi

Norway 4 ftp://ftp.at.pgpi.com/pub/pgpi/
ftp://ftp.au.pgpi.com/pub/pgp/
ftp://ftp.ch.pgpi.com/pub/pgp/
ftp://ftp.cz.pgpi.com/pub/pgp/
ftp://ftp.de.pgpi.com/pub/pgp/
ftp://ftp.dk.pgpi.com/pub/pgp/
ftp://ftp.es.pgpi.com/pub/pgp/
ftp://ftp.fi.pgpi.com/pub/pgp/
ftp://ftp.jp.pgpi.com/pub/pgp/
ftp://ftp.kr.pgpi.com/pub/security/pgp/
ftp://ftp.nl.pgpi.com/pub/pgp/
ftp://ftp.pl.pgpi.com/pub/pgpi/
ftp://ftp.ru.pgpi.com/pub/pgp/
ftp://ftp.se.pgpi.com/pub/pgp/
PGP International Mirrors

Norway 5 ftp://ftp.kerneli.org/pub/linux/kerneli/v2.1/
( which is verden.pvv.org which is verden.pvv.ntnu.no ) Main distribution site for the international kernel patch for Linux
(collection of crypto-patches for the linux kernel)

Norway 6 http://munitions.paranoia.no/ Munitions list of crypto software archives located in Skien, Norway.

Russia 1 ftp.kiae.su:/unix/crypto

Spain 1 http://www.kriptopolis.com/software/prog.html

Spain 2 http://www.argo.es/~jcea/cripto.htm Criptología by Jesús Cea Avión

Sweden 1 ftp.sunet.se:/pub/security/tools/crypt Swedish University Network Security Archives

Sweden 2 http://www.acc.umu.se/~mnemo/crypto/crypto.html Crypto tools by the 11th Alliance.

Switzerland 1 http://www.semper.org/sirene/outsideworld/security.html IBM Zurich Security and Cryptography Sources

Switzerland 2 http://www.semper.org/sirene/people/gerrit/secprod/
secprod.html Gerrit Bleumer's Cryptography Enhanced Products

United Kingdom 1 ftp.ox.ac.uk:/pub/crypto DES, SSL, cryptanalysis, documentation, PGP, miscellaneous

United Kingdom 2 http://www.dcs.exeter.ac.uk/~aba/ Adam Back's Resources

United Kingdom 3 ftp://ftp.cl.cam.ac.uk/users/rja14/ Ross Anderson's FTP Sources

United Kingdom 4 http://www.notatla.demon.co.uk/CRYPTO/crypto.html pgutlinks.html 245K
SSLeay-0.9.0b.tar.gz 1.3M
crypto-free.htm 28K
Fortify-README 2K
Fortify-1.3.1-unix-x86.tar.gz 372K
apache_1.3.3+ssl_1.29.tar.gz 37K
crypto30.zip 394K
nhs-rpt.wp 88K
aba_zergo.txt 142K
bnlib.tar.gz 142K
cfs-1.3.3bf-1.i386.rpm.tar.gz 192K
crypto.html 8K
ssh 1.2.27

United Kingdom 5 ftp://opensores.thebunker.net/pub/mirrors/ The Bunker open source FTP repository is housed in an ex-military data centre, buried deep below the earth in a nuclear, chemical and biological warfare proof bunker.
SSLapps, SSLeay, argus, crack5, cracklib, MD5, SHA, l6, satan, ssh, stunnel, syn, tcp_wrappers, more coming.

United
Kingdom 6 http://fp.gladman.plus.com/cryptography_technology/index.htm
http://fp.gladman.plus.com/cryptography_technology/rijndael/index.htm
Brian Gladman's cryptography offerings, the second URL is for his popular AES (Rijndael) source code.

United States 1 http://www.cryptography.org/
http://cryptography.org/cgi-bin/crypto.cgi/libraries/crypto30.zip
http://cryptography.org/cgi-bin/crypto.cgi/libraries/crypto23.zip
North American Cryptography Archives. Archive of crypto software, only available from the US and Canada. Crypto++ 3.0, a major revision of a free C++ class library of cryptographic primitives.

United States 2 http://cryptography.org/freecryp.htm Crypto Sites Outside North America

United States 3 http://www.austinlinks.com/Crypto/ Quadralay Cryptography Archive

United States 4 http://theory.lcs.mit.edu/~rivest/crypto-security.html Ron Rivest's Links

United States 5 http://www.genocide2600.com/~tattooman/cryptography/
Packet Storm is now owned by Kroll-O'Gara, an international security corporation, thanks to the cowardice of Harvard University and LEA-tool AntiOnline Ahole. The archive is to be activated in September 1999 (stripped of offensive stuff; too bad, RIP Infamous Original Packet Storm): http://www.securify.com/packetstorm/
Tattooman has blessed this "re-education," but beware of being snooped at the new site. Tattooman has zipped-lip since what smells like a forced confession.
Maintainer: Ken Williams. Contents: Crypto Libraries, SecureOffice, Source Code for all AES Candidates, Applied Crypto, Cryptanalysis, GNUGP, Kerberos, PGP, Skip, Snow, Snuffle, SSH, Steganography, Voice Encryption, source code, crypto papers, much more, and more on the way. Size: 300+ MB, 2000+ files, and growing every day.

United States 6 http://www.c4i.org/erehwon/crypto.html URL revised 29 November 2000

United States 7 http://www.eskimo.com/~weidai/cryptlib.html Crypto++ 3.0, a major revision of a free C++ class library of cryptographic primitives.

United States 8 http://www.lila.com/nautilus Nautilus, with links to non-US sites.

United States 9 http://www.counterpane.com/sites.html Bruce Schneier's Sources for Software and Source Code

United States 10 ftp://ftp.clark.net/pub/cme/ Carl Ellison's FTP Sources

United States 11 http://www.jjtc.com/Security/ Neil Johnson's Cryptography and Encryption Sources

United States 12 http://www.homeport.org/~adam/crypto/ Adam Shostack's Cryptographic Libraries

United States 13 http://www.io.com/~ritter/ Terry Ritter's Codes, Links, Tutorials

United States 14 http://www.enter.net/~chronos/cryptolog1.html Crypto-Log: Codes, papers and policies

United States 15 http://www.cryptography.com/resources/index.html Paul Kocher's Cryptography Resources Online

United States 16 http://www.cypher.net/tools/crypto-free.html Mirror of this page, updated 4 times daily.

United States 17 http://members.tripod.com/~the_cancer/Crypto/index.html PGP Crypto: QDPGP, XCrypt, MAilPGP, Peics

United States 18 http://www.theargon.com The A.R.G.O.N. Security and Crypto Site

United States 19 ftp://ftp.jpunix.com John Perry's PGPdomo for secure mailing lists, and other programs

United States 20 http://home.ptd.net/~kruslicc/ CryptoCards - strong encryption with deck of cards

United States 21 http://www.angelfire.com/md/keyshift/ PR0 Death's PGP Message Shifter Applet

United States 22 http://ciphersaber.gurus.com

United States 23 http://people.qualcomm.com/karn/code/index.html Phil Karn's Software Packages and Utilities
ACE demod - Software demodulator for Advanced Composition Explorer spacecraft telemetry
psn-patch - Linux kernel patch to disable Pentium III CPU serial number
cpuid - x86 CPU identification utility
FEC - Forward error correction with Reed-Solomon, Viterbi and Fano algorithms updated 5/99
httproute - Web router, ad blocker, cache & cookie cutter
dupmerge - Merge duplicate files in a filesystem
KA9Q NOS - Self-contained TCP/IP stack for DOS
firs.s - Finite impulse response filter for x86
DES - Fast implementation of DES/3DES in x86 asm

US 24 http://www.salts.navy.mil/ftp/pub/software/programs/NT/Netscape/ US Navy offers Netscape with 128-bit crypto. More programs in other directories.

US 25 http://www.ccd.bnl.gov/pub/IRIX/pgp-262/bin/ Brookhaven National Laboratory offers IRIS ELF for PGP 2.62

NOTES

Note 1: John Gilmore's proposal is to mirror the contents of cryptography sites not just the URLs.
We've been asked what to mirror if it is not possible to mirror large archives (200 MB and up), or you can't easily decide which programs are most important.
John Gilmore recommends:
The top things I'd suggest for a mirror site are (see sources at sites above):
PGP source code (various versions)
Matching PGP binaries (for easy downloading and use)
SSH source code and matching binaries
SSLEAY - Eric Young's crypto library from Australia
Kerberos source code (various versions)
IPSEC source code (various versions for BSD and Linux)
Crypto-Mozilla source code (web browser with good crypto)
DNS Security source code (domain name with good crypto)

My criterion for these things is: what building blocks will people be able to use every day for to improve their privacy? And then, what pieces of infrastructure will permit people to build secure networks that protect their users?
At first, the archives will be "rough and ready", but as people worldwide start writing documentation, e.g. "How to secure your MS-Windows system using this archive", "How to secure your Linux system", etc, it will become easier for the end users.

Jim Gillogly recommends:
One way to determine which programs are the best for this purpose would be to study what various governments have taken some action on. Some obvious ones (See US 5):
PGP (various versions, high level of government interest)
Snuffle (extended US litigation against Daniel Bernstein)
All the AES candidates (strictly-controlled dissemination from NIST)
SecureOffice (Charles Booher's program -- US government has taken action)
Applied Cryptography disk (US export license denied Phil Karn)

It would also be nice to have an infrastructural component, such as (when ready for mass distribution) the Linux/FreeSWAN IPSec release; this doesn't have quite the cachet of programs on which the government has already weighed in, though.

Jim Choate recommends that cryptography documentation be mirrored to encourage understanding and creation of strong encryption -- the best assurance that it will grow and spread.
Mirror whatever you can until better advice for selections comes along. Prime need: many mirrors of the strongest cryptography, especially anything allowing the use of key lengths above 40-bits, that is, anything that requires a US export license for general public use (the US standard appears to be the model for latest Wassenaar restrictions). Next, mirror any program that appears to be a target for latest Wassenaar restrictions as they may be implemented in your country.
For complaints about the restrictions on privacy to be implemented due to US pressure, contact your government's cryptography control ministry: http://www.wassenaar.org/docs/contacts.htm

Note 2: Please forward news and information on the recent Wassenaar Arrangement restrictions in your country to John Young <jya@pipeline.com>. Anonymous and encrypted messages welcome. PGP public keys of John Young on Cryptome, a crypto news site.
Note 3: For information on cryptography export issues see:
Global Internet Liberty Campaign (GILC)
EFF "Privacy - Crypto - ITAR Export Restrictions" Archive
John Gilmore's Cryptography Export Control Archives

Note 4: More mirror sites are needed in countries which are not members of the Wassenaar Arrangment so that when the doors are slammed shut by new WA laws there will still be free sources of strong encryption. For list of WA members see: http://www.wassenaar.org/docs/contacts.htm.
Note 5:
From: Richard Stallman <rms@gnu.org> Subject: Encryption software volunteers needed in countries without export control We need to find volunteers in countries which are not signatories to Wassenaar to take over development and distribution of encryption software such as the GNU Privacy Guard and PSST. We are looking for (1) an ftp site from which to distribute the software, and (2) people to carry on the development work. If you have contacts in any non-signatory country, please circulate this message as widely as possible in your country, looking for people who might want to volunteer for GNU software development. Non-signatory countries that come to mind as possible places where free encryption software can be developed include Mexico, India, Croatia, China, South Africa, and perhaps Israel. However, any country is ok if its laws do not prevent the work.

"Declan: This point is worth clarifying. The new regs remove restrictions from the posting of publicly available encryption source code for downloading. The regs say:
a) If you post encryption source code to a site on the net and anyone can access it, you do not need to have it reviewed by BXA or obtain a license.
b) Simply posting this "publicly available" encryption source code does not count as an export and does not trigger all the terrorist sanctions and other requirements created by various Federal sanctions laws.
(what this means is that if you post some code and Saddam Hussein downloads it, you are not liable. If Saddam calls you up and asks you to e-mail him the code, and you send the e-mail without applying for and receiving a license, you are liable).
c) You do need to send BXA an E-mail with the internet location of the posted source code and you are prohibited from sending (as opposed to posting) the encryption source code to a terrorist country or an individual on one of our denial lists.
d) if a foreign person makes a new product with the source code you've posted, there are no review or licensing requirements for that foreign product. If they pay you a royalty or licensing fee for a product they've developed for commercial sale, however, you may have to report some information to BXA.

It appears that the only requirement for Mr. Young is to notify us of the location of the source code (http://cryptome.org/jya/crypto.htm)."
-- James Lewis, BXA, BXA On "Is this man a crypto-criminal?", January 18, 2000

"The EAR is amended as follows: 1. In Sec. 734.2, Important EAR Terms and Principles, unrestricted encryption source code under Sec. 740.13(e), commercial encryption source code under Sec. 740.17(a)(5)(i) and retail products under Sec. 740.17(a)(3) are exempted from Internet download screening requirements in Sec. 734.2 (b)(9)(iii). A revised screening mechanism for other encryption products exported to government end-users is added. Please note that Sec. 734.2(b)(9) contains the relevant definitions for the export of encryption source code and object code software. In addition, cross-referencing changes are made to Secs. 734.7, 734.8, and 734.9. 2. In Sec. 740.13, Technology and Software Unrestricted, changes are made to reflect amendments to the Wassenaar Arrangement. Specifically, encryption software is no longer eligible for mass market treatment under the General Software Note. Encryption commodities and software are now eligible for mass market treatment under the new Cryptography Note in Category 5--Part 2 of the CCL. This Note multilaterally decontrols mass market encryption commodities and software up to and including 64-bits. Such products, after review and classification by BXA, are classified under Export Commodity Control Numbers (ECCNs) 5A992 or 5D992, thereby releasing them from ``EI'' (Encryption Items) and ``NS'' (National Security) controls, and making them eligible for export and reexport to all destinations (see Sec. 742.15(b)(1)(iii) of the EAR). Once mass market encryption software and commodities are released from ``EI'' controls they may be eligible for de minimis and publicly available treatment (see part 734 of the EAR). 3. Also in Sec. 740.13, to, in part, take into account the ``open source'' approach to software development, unrestricted encryption source code not subject to an express agreement for the payment of a licensing fee or royalty for commercial production or sale of any product developed using the source code can, without review, be released from ``EI'' controls and exported and reexported under License Exception TSU. Intellectual property protection (e.g., copyright, patent, or trademark) would not, by itself, be construed as an express agreement for the payment of a licensing fee or royalty for commercial production or sale of any product developed using the source code. To qualify, exporters must notify BXA of the Internet location (e.g., URL or Internet address) or provide a copy of the source code by the time of export. These notifications are only required for the initial export; there are no notification requirements for end-users subsequently using the source code. Notification can be made by e-mail to crypt@bxa.doc.gov."

-- Bureau of Export Administration, Revisions to Encryption Items, January 14, 2000

"Q Mr. Marshall, on her point, please. The head of the DEA and the FBI have repeatedly -- and Ms. Reno -- have repeatedly warned of the dangers of not being able to break the codes of criminals. And of course encryption legislation is being debated at length. Is this an indication that maybe that's not so great a problem after all?
MR. MARSHALL (Drug Enforcement Adminstration): Well, that was not a significant impediment in this particular investigation. We've encountered that in many, many other investigations. We're encountering it ever more frequently. And we hope that we don't lose the ability to intercept encrypted communications.
ATTY. GEN. RENO: I would point out -- I would point out in that regard that in this instance, it was not an obstacle. But as more and more drug traffickers and others engaged in organized crime and other activities, including terrorism, encrypt their communication, it is going to be more and more difficult for law enforcement. And that is the reason it is so important law enforcement work with the private sector and with others to ensure the protection of our national security interests and to make sure that we balance the privacy concerns that are so important with law enforcement's legitimate concerns."
-- DoJ Press Conference, Arrest of Colombian Drug Trafficers in Operation Millennium, October 13, 1999

"Much work remains to be done. In particular, I believe we must soon address the risks posed by electronic distribution of encryption software. Although the Wassenaar Nations have now reached agreement to control the distribution of mass market encryption software of certain cryptographic strength, some Wassenaar Nations continue not to control encryption software that is distributed over the Internet, either because the software is in the 'public domain' or because those Nations do not control distribution of intangible items. While I recognize that this issue is controversial, unless we address this situation, use of the Internet to distribute encryption products will render Wassenaar's controls immaterial."
-- US Attorney General Janet Reno, Ban Encryption on the Internet, May, 1999

"Never has our ability to shield our affairs from prying eyes been at such a low ebb. The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."
-- US Appeals Court Judge Betty Fletcher, in the Bernstein opinion, May 6, 1999.

New US section for:
Heeding Hugh Daniels' call today to let 1,000 US crypto sites flower
free of unconstitutional encryption export restrictions in the light of
the May 6 Bernstein opinion, we invite contributions of
unlimited-strengh encryption programs and/or links to such programs
for the new US unrestricted cryptography section here. See also
formerly restricted US sites below.

Dec. 3 Wassenaar Arrangement Lists in original DOC format and HTML format
Encryption and Security Tutorial
Free Crypto Logos
Free Crypto Org
Electronic Civil Disobedience (ECD) <- look to last section