Note: I stopped maintaining this in 2018, so it's very out of date.
This document originated with an informal survey of Twitter and several mailing lists asking for nominations for crypto projects that "didn't suck". It is from ~2014-2018 and is very out of date. Take it as a historical document. Over 100 nominations were received and culled down to this list. Projects marked with an "☢" symbol were relatively new and considered experimental at the time. Apologies to project creators who are omitted. Corrections are welcome via pull request.
This is a quick summary of tools that are generally recommended for end users. See the EFF's Surveillance Self Defense guides or Press Freedom Foundation's Encryption Works guide for more information.
- Signal: Encrypted messaging & voice calls
- Signal Source
- EFF Signal Guide for Android or iOS
- Tor: Protect from network surveillance
- Open Whisper Systems: https://whispersystems.org/
- Moxie Marlinspike (@moxie) & open source community
- Signal: Encrypted messaging & phone calls for iPhone and Android
- Calls: ZRTP for key agreement, SRTP for call encryption
- Messaging: OTR-like forward security & Axolotl key ratcheting by @trevp__
- https://github.com/WhisperSystems?utf8=%E2%9C%93&query=Signal
- WireGuard: https://www.wireguard.com
- Modern VPN tunnel
- Built on Noise, Curve25519, etc.
- Jason Donenfeld (@zx2c4)
- Networking and Crypto Library (NaCl): http://nacl.cr.yp.to/
- Easy to use, high speed XSalsa20, Poly1305, Curve25519, etc
- No dynamic memory allocation or data-dependent branches
- DJ Bernstein (@hashbreaker), Tanja Lange (@hyperelliptic), Peter Schwabe (@cryptojedi)
- libsodium: https://github.com/jedisct1/libsodium
- Portable, cross-compatible NaCL
- OpenDNS & Frank Denis (@jedisct1)
- Tor: https://www.torproject.org/
- OpenSSL: Seriously. https://www.openssl.org/
- BoringSSL: https://boringssl.googlesource.com/boringssl/
- Google’s OpenSSL fork by Adam Langley (@agl__)
- ☢ LibreSSL: http://www.libressl.org/
- OpenBSD team and Bob Beck (@bob_beck)
- ☢ BearSSL: https://bearssl.org/
- Thomas Pornin (@bearsslnews)
- Stanford JS Crypto Lib (SJCL): https://crypto.stanford.edu/sjcl/
- Emily Stark, Mike Hamburg, & Dan Boneh
- Used in several products
- ☢ Microsoft JS Crypto Library: https://www.microsoft.com/en-us/download/details.aspx?id=52439
- 800 MB of test vectors for 9000 lines of code
- Non-commercial and research license only
- ☢ libsodium.js: https://github.com/jedisct1/libsodium.js
- libsodium crypto library compiled to pure JavaScript using Emscripten.
- Automatically generated wrappers to make it easy to use in web applications.
- Tahoe-LAFS: https://tahoe-lafs.org/
- Distributed, provider-independent cloud storage
- Least Authority Systems, Zooko (@zooko), et al.
- Tarsnap: http://www.tarsnap.com/
- Client-side encryption; must build from source
- Commercial service archives on S3
- Colin Percival (@cperciva)
- Crypto++: http://www.cryptopp.com/
- Long-lived C++ crypto library by Wei Dai
- go.crypto: https://golang.org/pkg/crypto/
- Noise Framework: http://noiseprotocol.org/
- Framework for building crypto protocols
- ☢ Cryptography.io: https://cryptography.io/
- Attempt to build a good Python crypto library
- Paul Kehrer (@reaperhulk) & Alex Gaynor (@alex_gaynor)
- ☢ ECClib: https://www.microsoft.com/en-us/research/project/msr-elliptic-curve-cryptography-library/
- Microsoft Research & Patrick Longa (@PatrickLonga)
- ☢ HACL*: https://github.com/mitls/hacl-star
- Formally verified crypto library written in F* compiled to C
- INRIA Paris & Microsoft Research
- libtomcrypt: https://github.com/libtom/libtomcrypt
- A fairly comprehensive, modular and portable cryptographic toolkit
- ☢ kyber: https://github.com/dedis/kyber
- DEDIS Advanced Crypto Library for Go
- Decentralized and Distributed Systems Research Lab at EPFL
- ☢ New Hope: https://github.com/Yawning/newhope
- Post-quantum key exchange by Peter Schwabe (@cryptojedi) et al.
- Paper: https://cryptojedi.org/papers/newhope-20160328.pdf
- ☢ Microsoft Supersingular Isogeny Diffie Hellman Library (SIDH): https://www.microsoft.com/en-us/research/project/sidh-library/
- Open Crypto Audit Project (OCAP): https://opencryptoaudit.org/
- Audited TrueCrypt. Great technical advisory board.
- Better Crypto: https://bettercrypto.org/
- Community-generated guidelines for applied crypto hardening
- Crypto Coding Standard: https://cryptocoding.net/
- CAESAR Authenticated Encryption Competition: https://competitions.cr.yp.to/caesar.html
- Password Hashing Competition: https://password-hashing.net/
- Community-driven contest for password hashing replacement
- ☢ Safe Curves: http://safecurves.cr.yp.to/
- Criteria to ensure elliptic-curve crypto security
- DJ Bernstein (@hashbreaker) & Tanja Lange (@hyperelliptic)
- ☢ Zeutro Attribute Based Encryption C++ library: https://github.com/zeutro/openabe
- Ayo Akinyele (@ja_akinyele), Matthew Green (@matthew_d_green), Brent Waters, Susan Hohenberger
- ☢ Advanced Crypto Software Collection: http://hms.isi.jhu.edu/acsc/
- ☢ Relic Toolkit: https://github.com/relic-toolkit/relic
- Bilinear maps, pairing-based crypto, ID-based crypto
- Implemented in C
- Diego Aranha (@dfaranha) and C.P. L. Gouvêa
- ☢ CHARM: http://www.charm-crypto.com/
- Tool for rapid cryptographic prototyping
- Bilinear maps, multiparty protocol engine, non-interactive ZK
- Python with native C modules
- JHU ISI: J. Ayo Akinyele (@ja_akinyele), et al.
- Let's Encrypt: Open source certificate authority & free service
- Available as a service: https://letsencrypt.org/
- Go source code: https://github.com/certbot/certbot
- ☢ CFSSL: https://github.com/cloudflare/cfssl
- Command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates
- Implemented in Go
- ☢ Red October: https://github.com/cloudflare/redoctober
- Encryption and decryption server enforcing a two-person rule
- Implemented in Go
- ☢ KeyWhiz: https://github.com/square/keywhiz
- A system for distributing and managing secrets
- Implemented in Java
- ☢ Vault: https://github.com/hashicorp/vault
- A tool for managing secrets
- Implemented in Go
- Cryptol: http://cryptol.net/
- Domain-specific language for specifying crypto algorithms
- Galois Inc. & Adam C. Foltzer (@acfoltzer)
- Works with Software Analaysis Workbench (SAW): https://galois.com/project/software-analysis-workbench/
- ☢ AutoTools: https://github.com/JHUISI/auto-tools
- Python tools for transforming cryptographic primitives in different and interesting ways
- JHU ISI: J. Ayo Akinyele (@ja_akinyele), et al.
- ☢ EasyCrypto: https://www.easycrypt.info/trac/
- Computer-Aided Cryptographic Proofs
- ☢ CertiCrypt: http://certicrypt.gforge.inria.fr/
- Computer-Aided Cryptographic Proofs in Coq
- ☢ Tamarin Security Protocol Verification: https://github.com/tamarin-prover/tamarin-prover
- ☢ gfverif: http://gfverif.cryptojedi.org/
- Fast and easy verification of finite-field arithmetic
- ☢ spiped: http://www.tarsnap.com/spiped.html
- Secure pipe daemon
- Similar to ‘ssh -L’ but requires pre-established secret
- Colin Percival (@cperciva)
- ☢ libsnark: https://github.com/scipr-lab/libsnark
- C++ library for zero-knowledge proof system with succinct proofs
- Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza
- ☢ libmacaroons: https://github.com/rescrv/libmacaroons
- Decentralized authentication for distributed systems
- Paper: Chalmers/Brown/Google; Code: Robert Escriva (@rescrv)
- ☢ magic-wormhole: https://github.com/warner/magic-wormhole
- "Get things from one computer to another, safely."
- Built on NaCL
- Brian Warner (@lotharrr)
- Matasano Crypto Challenges (@tqbf): http://cryptopals.com/
- Thomas Ptacek's Cryptographic "Right Answers": https://gist.github.com/tqbf/be58d2d39690c3b366ad
- Underhanded Crypto Contest: https://underhandedcrypto.com
- Modern Crypto mailing lists (@trevp__): https://moderncrypto.org/
- CryptoBib bibliography (@daeinar): https://cryptobib.di.ens.fr/ (Source: https://github.com/cryptobib)
- 52 Things People Should Know To Do Cryptography: http://www.cs.bris.ac.uk/Research/CryptographySecurity/knowledge.html
- Crypto101 Introductory course: https://www.crypto101.io/
- Dan Boneh's Coursera Cryptography course: https://www.coursera.org/course/crypto
- Dan Boneh's Coursera Cryptography II course: Coming any day now. Really. I promise.
- Dan Boneh & Victor Shoup's "A Graduate Course in Applied Cryptography": https://crypto.stanford.edu/~dabo/cryptobook/draft_0_3.pdf
- Christof Paar's Intro to Cryptography course: https://www.youtube.com/channel/UC1usFRN4LCMcfIV7UjHNuQg/videos
- Lars R. Knudsen & Matthew J.B. Robshaw's "The Block Cipher Companion": http://antoanthongtin.vn/Portals/0/UploadImages/kiennt2/Sach/Sach-CSDL4/The_Block_Cipher_Companion.pdf
There are many secret key value managers and I don't know which are any good. Including them here for future reference:
- AWS Secret Manager: https://aws.amazon.com/secrets-manager/
- ☢ pass: Unix password manager https://www.passwordstore.org/
- ☢ KeyWhiz: https://github.com/square/keywhiz
- ☢ Vault: https://github.com/hashicorp/vault
- ☢ Knox: https://github.com/pinterest/knox
- ☢ Confidant: https://github.com/lyft/confidant
- ☢ Secretary: https://github.com/meltwater/secretary
- ☢ Sops: https://github.com/mozilla/sops
- ☢ Summon: https://github.com/conjurinc/summon
- ☢ Biscuit: https://github.com/dcoker/biscuit