INTERNATIONAL CRYPTOGRAPHY FREEDOM
Last Updated 3 February 2001: Add USUC
|This a growing list. Contributions welcome; send to:
Please mirror this page, or scavenge it to make your own. Let us know about additional sites or your page and we'll make a link.
|UNITED STATES UNRESTRICTED CRYPTOGRAPHY|
|http://www.shmoo.com/~pablos/Cracking_DES/||The Shmoo Group is proud to present...
for the first time...
available legally for download in the United States...
from the jurisdiction of the 9th US Circuit Court of Appeals...
|USUC 2 Secure Office||http://www.filesafety.com
|Charles Booher's site, formerly under attack by the USG|
Secure Remote Password (SRP) distribution
|http://srp.stanford.edu/srp/||A cryptographically secure remote-access suite, featuring Telnet and FTP with full strength 128-bit encryption. Open Source, unrestricted downloads. Available from mirror sites worldwide.|
|http://jya.com/pgp262-mil.zip||Mirror of US military web site offering of PGP 2.62|
Available also at USUC 1
|Bernstein's Snuffle program, centerpiece of Bernstein v. USDOJ|
|http://jya.com/a51-pi.htm||A Pedagogical Implementation of A5/1|
|http://web.qx.net/infocus/pgpinfo.html||In Focus offering|
GSM A5/1 and A5/2
|http://cryptome.org/gsm-a512.htm||A Pedagogical Implementation of A5/1 and A5/2|
|http://www.ixpres.com/lauraglenn/src/crypto/||Ariel Glenn's offering of
Eric Young's des.c
|http://www.shmoo.com/crypto/||Shmoo's offering of
"Cracking DES," the book, and Bernstein's Snuffle; Eric Cordian's PERL crypto; and more
|http://www.eskimo.com/~weidai/cryptlib.html||Wei Dai's Crytpo++ Library|
|August 26, 2000: CAUTION -- Do not use
v6.5.2a due to ADK bug. See:
|PGPfreeware 6.5.8 Windows 95/98/NT/2000 and
which have ADK-bug fixed.
|http://cryptography.org/source/||Michael Paul Johnson's Encryption Algorithms
Diamond 2 Block Cipher source code in dlock2src.zip
Pretty Good Privacy Source Code
Version 6.0.2 Macintosh source code and signature
RSAEuro RSA toolkit
|http://cryptography.org/source/index.htm||Kerebos by Michael Paul Johnson|
|http://www.crypto.com/exports/mail.txt||Open list of crypto offerings|
|http://www.mozilla.org/projects/security/pki/src/download.html||This is the source code that Netscape used in Communicator and is now used in the iPlanet servers (http://www.iplanet.com/)|
|http://cryptome.org/cp4/cp4break.html||CP4Break by Eddy Jansson and Matthew Skala|
MIT Kerberos V5 release 1.2.1
|http://www.crypto-publish.org/||In order to provide people outside the US with access to open source
cryptography, the Cryptography Publishing Project is making MIT Kerberos
V5 release 1.2.1 available without restriction, in compliance with the changes
in US export regulations since January, 2000.
The Project was started to make open source cryptographic software freely available in situations where it difficult to obtain the software from its original authors.
|PGP Freeware v 7.0.3
Windows (7.5 MB)
PGP Freeware v 7.0.3 MacOS (6.2 MB)
|PGP Freeware 7.0.3|
|INTERNATIONAL MIRROR SITES|
|Australia 2||http://vicraves.i-o.net.au/crypto.html||No access logging|
|Australia 3||http://www.wiretapped.net/||A seriously vast array of other security and cryptography related material
AusMac Crypto Library
|Austria 1||ftp://ftp.giga.or.at/pub/hacker/crypt||Stuff related to crypto|
|Austria 2||ftp://ftp.giga.or.at/pub/hacker/stego||Stuff related to steganography|
|Austria 3||ftp://ftp.giga.or.at/pub/hacker/Incoming||For very welcome contributions of all sorts: binaries, texts, sources, etc. related to cryptography, cryptanalysis, steganography, information hiding, etc.|
|Brazil 1||http://www.nw.com.br/users/pbarreto/crypto_page.html||Selected links, public domain crypto software, mostly related to elliptic curves and block ciphers|
|Brazil 2||http://novaware.cps.softex.br/||NOTICE: Neither Novaware nor this site are subject to restrictions from the Wassenaar Agreement on the control of Cryptography|
|Brazil 3||http://novaware.cps.softex.br/mirrors/cryptix-java/||Cryptix mirror|
|Canada 1||http://www.privacy.nb.ca/cancrypt/||CanCrypt, a directory of Canadian cryptographic resources. It is intended
to be a clearing house of Canadian related cryptographic resources.
Although the relaxing of US export regulations has reduced some of its importance, Canada still has a more liberal cryptographic policy for export and usage. Compared to both the USA (re: export) and UK (re: RIP) it is very crypto-friendly.
233MB+; Apache-SSL, SSLeay, cryptlib, freeswan, gnupg, mozilla-crypto, pgpi, ssh, more
See for access procedure: ftp://ftp.mindlink.net/pub/crypto/README.html
|Canada 4||http://www.interlog.com/~rguerra/www||224! PGP and Privacy Links|
|Denmark 1||http://www.datashopper.dk/~boo/index.html||Assorted PGP Freeware|
|Finland 1||http://www.ssh.fi/tech/crypto/sites.html||Multiple Sources|
|Finland 2||ftp.funet.fi:/pub/crypt||PGP, symmetric and asymmetric encryption, crypto libraries, papers|
|Finland 3||http://www.pgpi.org/||International PGP Home Page|
|France 1||http://web.cnam.fr/reseau/Crypto/||L'utilisation du chiffrement en France|
PGP Sendmail v1.4
Auto PGP 1.04
|France 3||http://www.fortunecity.co.uk/skyscraper/techie/18/cryptofree-fr.htm||"Liberte pour la cryptographie internationale." UK Mirror, 10MB. PGP, DOS & Unix versions, sources, GNUPG, ScramDisk, the PGP 6.0 & 2.62 french manuals, etc. All are freeware and none have been exported from USA (only PGP international versions).|
|France 4||http://www.cl.cam.ac.uk/~fapp2/software/Scramdisk_2.02H-fr.zip||A French version of ScramDisk, the famous hard disk encryption program for Windows 95/98 written by Aman & Sam Simpson. Fabien Petitcolas, a cryptographer from the Cambridge University (UK) supervised this work: http://www.cl.cam.ac.uk/~fapp2/scramdisk/|
|Germany 4||ftp://ftp.informatik.uni-hamburg.de/pub/virus/crypt/||Disk and file encryption, PGP, stego, voice encryption|
|Germany 5||ftp://ftp.uni-mainz.de/pub/internet/security/SSL/||SSL site|
|Germany 6||http://www.d.shuttle.de/isil/gnupg/||The GNU Privacy Guard|
http://munitions.dyn.org/dolphin.cgi?command=index -- Amsterdam Science Park, The Netherlands
http://munitions.polkaroo.net -- Ottawa, Canada
http://munitions.cifs.org -- Sydney, Australia
http://uk1.munitions.net -- Oxford, UK
http://munitions.firenze.linux.it/ -- Italy (Files-only mirror)
|munitions is a mega-archive of cryptographic software for the linux operating
system. here you'll find free software tools for building and maintaining
secure, tamperproof linux installations and achieving electronic privacy
in the highly intrusive networked environments of today.
<network> <data haven> <email> <anonymizers> <secure ip> <secure tcp> <ssh> <ssl> <www> <key mgmt> <libraries> <maths> <pgp> <gnupg> <system> <kernel> <kerberos> <unix> <password> <filesystem> <steganography> <voice>
|Hong Kong 1||ftp://ftp.futuredynamics.com/freecrypto/;
or, if broken
ftp://futuredynamics.com/freecrypto/; or, if also busted
|Mirrors of ftp.pgpi.com; ftp.psy.uq.oz.au/pub/Crypto (SSLeay and SSH);
Fortify; and the Speakfree distribution from
About 180 Mb. More stuff will be hopefully added later.
|SSH, SSL, SSL applications, libdes, OPIE, PGP, SRP and other non-cryptographical-security tools.|
|Ireland 1||ftp://ftp.heanet.ie/pub/crypto/||Contains SSH, SSL, SSL apps, PGPI. More to come.|
|Japan 1||http://www2.eccosys.co.jp/~tsuruta/pgp/||Tsuruta's MacPGP Page|
|Netherlands 1||utopia.hacktic.nl:/pub/replay/pub/disk||Apache, Applied Crypto files, encryption, Java, PGP, remailers, security, voice encryption files|
|Netherlands 3||ftp://ftp.replay.com/pub/crypto/crypto/LIBS/cryptolib/crypto30.zip||Crypto++ 3.0, a major revision of a free C++ class library of cryptographic primitives.|
|Netherlands 4||http://www.monster.org/mirror/gsm/||GSM A5/1 and A5/2.|
|New Zealand 1||http://www.cs.auckland.ac.nz/~pgut001/links.html||A Comprehensive List of Worldwide Sources|
|New Zealand 2||http://www.cs.auckland.ac.nz/~pgut001/archive.html
(Not yet active; meanwhile see NZ 1 above)
|Peter Guttman: This currently contains a mostly blank page because it'll
take a few days to get things set up, but I thought I'd get the ball
rolling. Once it's ready I'll use it to make all sorts of crypto available
to anyone anywhere until ordered by a NZ court to stop doing so (this is
a long way removed from being ordered by the Ministry of Foreign Affairs
and Trade to stop doing so), or alternatively until the machine sh*ts itself
and dies, which may happen somewhat sooner :-).
The archives (when ready) will be stored on a machine for which accesses are not logged. It may also allow SSL access (with strong encryption, obviously), which will include making available dummy files of various sizes so that it's not possible to prove (based on traffic analysis) exactly what was downloaded ("Crypto? Certainly not, I was downloading this paper on the history of Ethiopian pottery in 4000BC").
|Norway 2||ftp://ftp.ifi.uio.no/pub/gnu/||Main distribution site for crypt() in glibc|
|Norway 3||ftp://ftp.ifi.uio.no/pub/pgp/ (the same as ftp.no.pgpi.com)||Main distribution site for pgpi|
|PGP International Mirrors|
( which is verden.pvv.org which is verden.pvv.ntnu.no )
|Main distribution site for the international kernel patch for Linux
(collection of crypto-patches for the linux kernel)
|Spain 2||http://www.argo.es/~jcea/cripto.htm||Criptología by Jesús Cea Avión|
|Sweden 1||ftp.sunet.se:/pub/security/tools/crypt||Swedish University Network Security Archives|
|Switzerland 1||http://www.semper.org/sirene/outsideworld/security.html||IBM Zurich Security and Cryptography Sources|
|Gerrit Bleumer's Cryptography Enhanced Products|
|United Kingdom 1||ftp.ox.ac.uk:/pub/crypto||DES, SSL, cryptanalysis, documentation, PGP, miscellaneous|
|United Kingdom 2||http://www.dcs.exeter.ac.uk/~aba/||Adam Back's Resources|
|United Kingdom 3||ftp://ftp.cl.cam.ac.uk/users/rja14/||Ross Anderson's FTP Sources|
|United Kingdom 4||http://www.notatla.demon.co.uk/CRYPTO/crypto.html||pgutlinks.html 245K
|United Kingdom 5||ftp://opensores.thebunker.net/pub/mirrors/||The Bunker open source FTP repository is housed in an ex-military data
centre, buried deep below the earth in a nuclear, chemical and biological
warfare proof bunker.
SSLapps, SSLeay, argus, crack5, cracklib, MD5, SHA, l6, satan, ssh, stunnel, syn, tcp_wrappers, more coming.
|United States 1||http://www.cryptography.org/||North American Cryptography Archives. Archive of crypto software, only available from the US and Canada. Crypto++ 3.0, a major revision of a free C++ class library of cryptographic primitives.|
|United States 2||http://cryptography.org/freecryp.htm||Crypto Sites Outside North America|
|United States 3||http://www.austinlinks.com/Crypto/||Quadralay Cryptography Archive|
|United States 4||http://theory.lcs.mit.edu/~rivest/crypto-security.html||Ron Rivest's Links|
|United States 5||http://www.genocide2600.com/~tattooman/cryptography/
Packet Storm is now owned by Kroll-O'Gara, an international security corporation, thanks to the cowardice of Harvard University and LEA-tool AntiOnline Ahole. The archive is to be activated in September 1999 (stripped of offensive stuff; too bad, RIP Infamous Original Packet Storm): http://www.securify.com/packetstorm/
Tattooman has blessed this "re-education," but beware of being snooped at the new site. Tattooman has zipped-lip since what smells like a forced confession.
|Maintainer: Ken Williams. Contents: Crypto Libraries, SecureOffice, Source Code for all AES Candidates, Applied Crypto, Cryptanalysis, GNUGP, Kerberos, PGP, Skip, Snow, Snuffle, SSH, Steganography, Voice Encryption, source code, crypto papers, much more, and more on the way. Size: 300+ MB, 2000+ files, and growing every day.|
|United States 6||http://www.c4i.org/erehwon/crypto.html||URL revised 29 November 2000|
|United States 7||http://www.eskimo.com/~weidai/cryptlib.html||Crypto++ 3.0, a major revision of a free C++ class library of cryptographic primitives.|
|United States 8||http://www.lila.com/nautilus||Nautilus, with links to non-US sites.|
|United States 9||http://www.counterpane.com/sites.html||Bruce Schneier's Sources for Software and Source Code|
|United States 10||ftp://ftp.clark.net/pub/cme/||Carl Ellison's FTP Sources|
|United States 11||http://www.jjtc.com/Security/||Neil Johnson's Cryptography and Encryption Sources|
|United States 12||http://www.homeport.org/~adam/crypto/||Adam Shostack's Cryptographic Libraries|
|United States 13||http://www.io.com/~ritter/||Terry Ritter's Codes, Links, Tutorials|
|United States 14||http://www.enter.net/~chronos/cryptolog1.html||Crypto-Log: Codes, papers and policies|
|United States 15||http://www.cryptography.com/resources/index.html||Paul Kocher's Cryptography Resources Online|
|United States 16||http://www.cypher.net/tools/crypto-free.html||Mirror of this page, updated 4 times daily.|
|United States 17||http://members.tripod.com/~the_cancer/Crypto/index.html||PGP Crypto: QDPGP, XCrypt, MAilPGP, Peics|
|United States 18||http://www.theargon.com||The A.R.G.O.N. Security and Crypto Site|
|United States 19||ftp://ftp.jpunix.com||John Perry's PGPdomo for secure mailing lists, and other programs|
|United States 20||http://home.ptd.net/~kruslicc/||CryptoCards - strong encryption with deck of cards|
|United States 21||http://www.angelfire.com/md/keyshift/||PR0 Death's PGP Message Shifter Applet|
|United States 22||http://ciphersaber.gurus.com|
|United States 23||http://people.qualcomm.com/karn/code/index.html||Phil Karn's Software Packages and Utilities
ACE demod - Software demodulator for Advanced Composition Explorer
|US 24||http://www.salts.navy.mil/ftp/pub/software/programs/NT/Netscape/||US Navy offers Netscape with 128-bit crypto. More programs in other directories.|
|US 25||http://www.ccd.bnl.gov/pub/IRIX/pgp-262/bin/||Brookhaven National Laboratory offers IRIS ELF for PGP 2.62|
John Gilmore's proposal is to
mirror the contents of cryptography sites not just the URLs.
We've been asked what to mirror if it is not possible to mirror large archives (200 MB and up), or you can't easily decide which programs are most important.
John Gilmore recommends:
The top things I'd suggest for a mirror site are (see sources at sites above):PGP source code (various versions)
Jim Gillogly recommends:
One way to determine which programs are the best for this purpose would be to study what various governments have taken some action on. Some obvious ones (See US 5):PGP (various versions, high level of government interest)
Jim Choate recommends that cryptography documentation be mirrored to encourage understanding and creation of strong encryption -- the best assurance that it will grow and spread.
Mirror whatever you can until better advice for selections comes along. Prime need: many mirrors of the strongest cryptography, especially anything allowing the use of key lengths above 40-bits, that is, anything that requires a US export license for general public use (the US standard appears to be the model for latest Wassenaar restrictions). Next, mirror any program that appears to be a target for latest Wassenaar restrictions as they may be implemented in your country.
For complaints about the restrictions on privacy to be implemented due to US pressure, contact your government's cryptography control ministry: http://www.wassenaar.org/docs/contacts.htm
|Note 2: Please forward news and
information on the recent Wassenaar Arrangement restrictions in your country
to John Young
and encrypted messages welcome. PGP public
keys of John Young. Check
Cryptome for news.
Note 3: For information on cryptography export issues see:
Note 4: More mirror sites are needed in countries which are not members of the Wassenaar Arrangment so that when the doors are slammed shut by new WA laws there will still be free sources of strong encryption. For list of WA members see: http://www.wassenaar.org/docs/contacts.htm.
From: Richard Stallman <firstname.lastname@example.org> Subject: Encryption software volunteers needed in countries without export control We need to find volunteers in countries which are not signatories to Wassenaar to take over development and distribution of encryption software such as the GNU Privacy Guard and PSST. We are looking for (1) an ftp site from which to distribute the software, and (2) people to carry on the development work. If you have contacts in any non-signatory country, please circulate this message as widely as possible in your country, looking for people who might want to volunteer for GNU software development. Non-signatory countries that come to mind as possible places where free encryption software can be developed include Mexico, India, Croatia, China, South Africa, and perhaps Israel. However, any country is ok if its laws do not prevent the work.
"Declan: This point is worth clarifying. The new regs remove restrictions from the posting of publicly available encryption source code for downloading. The regs say:
a) If you post encryption source code to a site on the net and anyone can access it, you do not need to have it reviewed by BXA or obtain a license.
b) Simply posting this "publicly available" encryption source code does not count as an export and does not trigger all the terrorist sanctions and other requirements created by various Federal sanctions laws.
(what this means is that if you post some code and Saddam Hussein downloads it, you are not liable. If Saddam calls you up and asks you to e-mail him the code, and you send the e-mail without applying for and receiving a license, you are liable).
c) You do need to send BXA an E-mail with the internet location of the posted source code and you are prohibited from sending (as opposed to posting) the encryption source code to a terrorist country or an individual on one of our denial lists.
d) if a foreign person makes a new product with the source code you've posted, there are no review or licensing requirements for that foreign product. If they pay you a royalty or licensing fee for a product they've developed for commercial sale, however, you may have to report some information to BXA.
It appears that the only requirement for Mr. Young is to notify us of the location of the source code (http://jya.com/crypto.htm)."
-- James Lewis, BXA, BXA On "Is this man a crypto-criminal?", January 18, 2000
"The EAR is amended as follows: 1. In Sec. 734.2, Important EAR Terms and Principles, unrestricted encryption source code under Sec. 740.13(e), commercial encryption source code under Sec. 740.17(a)(5)(i) and retail products under Sec. 740.17(a)(3) are exempted from Internet download screening requirements in Sec. 734.2 (b)(9)(iii). A revised screening mechanism for other encryption products exported to government end-users is added. Please note that Sec. 734.2(b)(9) contains the relevant definitions for the export of encryption source code and object code software. In addition, cross-referencing changes are made to Secs. 734.7, 734.8, and 734.9. 2. In Sec. 740.13, Technology and Software Unrestricted, changes are made to reflect amendments to the Wassenaar Arrangement. Specifically, encryption software is no longer eligible for mass market treatment under the General Software Note. Encryption commodities and software are now eligible for mass market treatment under the new Cryptography Note in Category 5--Part 2 of the CCL. This Note multilaterally decontrols mass market encryption commodities and software up to and including 64-bits. Such products, after review and classification by BXA, are classified under Export Commodity Control Numbers (ECCNs) 5A992 or 5D992, thereby releasing them from ``EI'' (Encryption Items) and ``NS'' (National Security) controls, and making them eligible for export and reexport to all destinations (see Sec. 742.15(b)(1)(iii) of the EAR). Once mass market encryption software and commodities are released from ``EI'' controls they may be eligible for de minimis and publicly available treatment (see part 734 of the EAR). 3. Also in Sec. 740.13, to, in part, take into account the ``open source'' approach to software development, unrestricted encryption source code not subject to an express agreement for the payment of a licensing fee or royalty for commercial production or sale of any product developed using the source code can, without review, be released from ``EI'' controls and exported and reexported under License Exception TSU. Intellectual property protection (e.g., copyright, patent, or trademark) would not, by itself, be construed as an express agreement for the payment of a licensing fee or royalty for commercial production or sale of any product developed using the source code. To qualify, exporters must notify BXA of the Internet location (e.g., URL or Internet address) or provide a copy of the source code by the time of export. These notifications are only required for the initial export; there are no notification requirements for end-users subsequently using the source code. Notification can be made by e-mail to email@example.com."
-- Bureau of Export Administration, Revisions to Encryption Items, January 14, 2000
"Q Mr. Marshall, on her point, please. The head of the DEA and the FBI have repeatedly -- and Ms. Reno -- have repeatedly warned of the dangers of not being able to break the codes of criminals. And of course encryption legislation is being debated at length. Is this an indication that maybe that's not so great a problem after all?
MR. MARSHALL (Drug Enforcement Adminstration): Well, that was not a significant impediment in this particular investigation. We've encountered that in many, many other investigations. We're encountering it ever more frequently. And we hope that we don't lose the ability to intercept encrypted communications.
ATTY. GEN. RENO: I would point out -- I would point out in that regard that in this instance, it was not an obstacle. But as more and more drug traffickers and others engaged in organized crime and other activities, including terrorism, encrypt their communication, it is going to be more and more difficult for law enforcement. And that is the reason it is so important law enforcement work with the private sector and with others to ensure the protection of our national security interests and to make sure that we balance the privacy concerns that are so important with law enforcement's legitimate concerns."
-- DoJ Press Conference, Arrest of Colombian Drug Trafficers in Operation Millennium, October 13, 1999
"Much work remains to be done. In particular, I believe we must soon address the risks posed by electronic distribution of encryption software. Although the Wassenaar Nations have now reached agreement to control the distribution of mass market encryption software of certain cryptographic strength, some Wassenaar Nations continue not to control encryption software that is distributed over the Internet, either because the software is in the 'public domain' or because those Nations do not control distribution of intangible items. While I recognize that this issue is controversial, unless we address this situation, use of the Internet to distribute encryption products will render Wassenaar's controls immaterial."
-- US Attorney General Janet Reno, Ban Encryption on the Internet, May, 1999
"Never has our ability to shield our affairs from prying eyes been at such a low ebb. The availability and use of secure encryption may offer an opportunity to reclaim some portion of the privacy we have lost. Government efforts to control encryption thus may well implicate not only the First Amendment rights of cryptographers intent on pushing the boundaries of their science, but also the constitutional rights of each of us as potential recipients of encryption's bounty."
-- US Appeals Court Judge Betty Fletcher, in the Bernstein opinion, May 6, 1999.
New US section for:
Heeding Hugh Daniels' call today to let 1,000 US crypto sites flower
free of unconstitutional encryption export restrictions in the light of
the May 6 Bernstein opinion, we invite contributions of
unlimited-strengh encryption programs and/or links to such programs
for the new US unrestricted cryptography section here. See also
formerly restricted US sites below.
Dec. 3 Wassenaar Arrangement Lists in
DOC format and HTML
Encryption and Security Tutorial
Free Crypto Logos
Free Crypto Org
Electronic Civil Disobedience (ECD) <- look to last section