Worldwide Cryptographic Products Survey: Edits and Additions Wanted

Back in September, I announced my intention to survey the world market of cryptographic products. The goal is to compile a list of both free and commercial encryption products that can be used to protect arbitrary data and messages. That is, I'm not interested in products that are specifically designed for a narrow application, like financial transactions, or products that provide authentication or data integrity. I am interested in products that people like FBI director James Comey can possibly claim help criminals communicate securely.

Together with a student here at Harvard University, we've compiled a spreadsheet of over 400 products from many different countries.

At this point, we would like your help. Please look at the list. Please correct anything that is wrong, and add anything that is missing. Use this form to submit changes and additions. If it's more complicated than that, please e-mail me.

As the rhetoric surrounding weakening or banning strong encryption continues, it's important for policymakers to understand how international the cryptographic market is, and how much of it is not under their control. My hope is that this survey will contribute to the debate by making that point.

Posted on December 3, 2015 at 7:55 AM • 48 Comments

Comments

Clive RobinsonDecember 3, 2015 8:48 AM

Hmm,

On looking down the list I see no contact details for "Mujahideen Secrets"...

Some congress critter is bound to pick up on this, you know what some of them can be like...

More pertaintly, do the non-general contact details need to be in the public facing spread sheet?

Bruce SchneierDecember 3, 2015 9:04 AM

"More pertaintly, do the non-general contact details need to be in the public facing spread sheet?"

They all came from public facing websites.

Aaron ToponceDecember 3, 2015 9:20 AM

How is GnuPG "Paid"? How is the OpenBSD and Blackberry operating systems a "cryptography product"? Why is it missing:

* BoringSSL
* miniLock
* OpenSSH
* strongSwan
* OpenSwan
* OTR
* Tor (Vidalia, etc.)
* dm-crypt
* LUKS

It needs a column for software license also. Many products are duplicated, like BitMessage, CellCrypt, Chadder, etc.

Very rough around the edges, indeed.

PatDecember 3, 2015 9:36 AM

Rough around the edges, but I'm glad this work is being done, and it seems wise to enlist the help of your readers on this one. Thanks!

CallMeLateForSupperDecember 3, 2015 9:38 AM

First click on "compiled a spreadsheet" yielded a page containing a long, raw list - lt-blue on white - of web sites.

Closing the window and clicking the same link again yielded what looked to be a spreadsheet with this overlaid, on red background:
"JavaScript isn't enabled in your browser, so
this file can't be opened. Enable and reload."

Sorry, no; Javascript is a non-starter.

ChucklesDecember 3, 2015 10:28 AM

Really appreciate the latest work, Bruce, but I must echo CallMeLateForSupper. There's no way I'll enable Javascript to access Google Drive.

SpartanusDecember 3, 2015 10:52 AM

Why is the Signal entry outdated? TextSecure and RedPhone on Android no longer exist, they've been merged into a single Signal app. So it's now Signal on both iOS and Android.

Rufo Guerreschi December 3, 2015 10:55 AM

you say "how much of it is not under their control".

Point is all of those product are under their effective control as they have access in pretty much any device setup you can assemble with them. That is because of deliberate backdoors implanted or acquired/discovered due to radically insufficient public verification relative to complexity.

ricDecember 3, 2015 10:58 AM

Subrosa has been "terminated" last October (please check the eff messaging apps scorecard)

rgaffDecember 3, 2015 10:58 AM

I think you should add "public roads" to the list. It's been proven that when all electronic communications are monitored, criminals resort to courier to communicate.

TODecember 3, 2015 11:22 AM

OT but alarming re our product of choice. Fox-IT's yara rule for ponmocup triggers on the Tails 1.7 iso. Has anybody replicated this?

Dirk PraetDecember 3, 2015 11:24 AM

I used the form to add Academic Signature, Martus, Tor Messenger, OnionMail, Tahoe-LAFS, Krypton, TextSecure (defunct) and Onion Browser for iOS. The list looks fairly incomplete to me, as there's several more I could name just from the top of my head.

jitsi_strsbrgDecember 3, 2015 11:37 AM

In the form to submit details a field for comments would be a good idea. For instance, when a modification for an existing record is planned, how do I point out what has to be modified? Comment would be a nice place to do so. Otherwise I just submit everything without pointing out, what is different in my submission compared to the table online.

WaelDecember 3, 2015 12:01 PM

I looked at the list and didn't see any White Box Cryptography solutions listed, no SED ( Self Encrypted Drives,) I saw some references to Steganography solutions, is that also included in the request? I mean we all know how much terrorists like to embed secrets and messages in pornographic movies ;)

Ray DillingerDecember 3, 2015 1:24 PM

No matter how much insecure crap / scripts I temporarily allowed, I could not get the spreadsheet to resize columns or rows. When you can read just the first ten characters of each entry, it is completely useless. So I revoked all those temporary positions and said "fugget."

Good luck and I hope you get something worthwhile out of this eventually. But why the HELL are you using Google Docs??? Seriously, you have a website, you can just host a darn spreadsheet file on it. Let people download it so we can use REAL software rather than insecure hosted crap to look at it!

WaelDecember 3, 2015 1:35 PM

@Ray Dillinger,

No matter how much insecure [...] you can just host a darn spreadsheet file on it

+1 :)

So I revoked all those temporary positions and said "fugget"

I almost did the same but then changed my mind and said: oh well, what the "fugg" I'll just look at it. I searched for "stega" and apparently there are two instances, but I couldn't see them.

AngryDecember 3, 2015 1:40 PM

Bruce, are you aware that WhatsApp have now started blocking hyperlinks to Telegram in their messaging app? Facebook, who now own WhatsApp, have deleted Telegram's page for no apparent reason.

BoppingAroundDecember 3, 2015 4:13 PM

I would chime in and play along with the posters who disdain Google and web-based stuff. Then, of all the pretty shitty ways to distribute a spreadsheet this one might be the least shittiest in this situation.

Thoughts to consider:

(i) How many people have a spreadsheet program installed these days?

(ii) The file format problem. The most universal is CSV but I am unsure as to how many people know that it can be opened with a program like LO Calc or Excel, Gnumeric, Emacs, whatever. Thus, several files in different formats might be needed. Another problem arises: keeping them synced and up to date. More hassle.

(iii) The 'add your own' form. No way to implement it otherwise than through e-mail. I presume our hospitable host has already more than enough sh... data flowing into his mail. Perhaps I'm wrong.

Reciting Wael's recent quotation, 'I do not approve but I understand.'

TazDecember 3, 2015 4:19 PM

Thank you.

Of course the first thought popping into my mind was "Better send a hard copy to that Comey ***** (really ugly, rude, epithet) + my Congressman & Senators.


Reason works....but pushback works better. We need to quit asking for our Bill of Rights.


Legal (wink,wink) ways to annoy and persecute those behind these Constitutional transgressions are of even more interest....


Provoking these clowns may be dangerous - but nothing changes until someone dies. And there is nothing like unjust death to rile the masses into doing something.


"“And how we burned in the camps later, thinking: What would things have been like if every Security operative, when he went out at night to make an arrest, had been uncertain whether he would return alive and had to say good-bye to his family? Or if, during periods of mass arrests, as for example in Leningrad, when they arrested a quarter of the entire city, people had not simply sat there in their lairs, paling with terror at every bang of the downstairs door and at every step on the staircase, but had understood they had nothing left to lose and had boldly set up in the downstairs hall an ambush of half a dozen people with axes, hammers, pokers, or whatever else was at hand?… The Organs would very quickly have suffered a shortage of officers and transport and, notwithstanding all of Stalin’s thirst, the cursed machine would have ground to a halt! If…if…We didn’t love freedom enough. And even more – we had no awareness of the real situation…. We purely and simply deserved everything that happened afterward.”

- Aleksandr Solzhenitsyn

ianfDecember 3, 2015 4:27 PM


@ Dirk Praet

Is the Onion Browser for iOS all that it takes to run TOR under iOS? And then… is it usable on an iPad, and guaranteed to preserve one's anonymity?

[btw. AppStore search for "Onion Browser" returns 18 hits… maybe it was some of the others that you meant].

Dirk PraetDecember 3, 2015 5:16 PM

@ ianf

I have been using Mike Tigas's Onion Browser on my iPads for several years. It's quite minimalistic, rather slow, doesn't do audio or video, but works just fine for sites like this forum. As usual, all Tor warnings and restrictions apply.

@BoppingAround

(i) How many people have a spreadsheet program installed these days?

Err, everyone? 8-)

Reciting Wael's recent quotation, 'I do not approve but I understand.'

Same here. Ditto for the form. How else would @Bruce have to go about it to sollicit our input in an efficient way? Have everyone send email? Have everyone register with Google for editing privileges on the spreadsheet? Have everyone download a copy, edit and save it in his/her favorite spreadsheet program, then send it back?

@ Wael

I saw some references to Steganography solutions, is that also included in the request?

Since I saw SilentEye in the list, I guess so.

@ TO

Fox-IT's yara rule for ponmocup triggers on the Tails 1.7 iso. Has anybody replicated this?

Sounds weird. AFAIK Ponmocup is Windows only and exhibits no worm-like behaviour, so I'd be quite surprised to find it on TAILS.

GodelDecember 3, 2015 5:43 PM

@ Wael

Steganos is on the list and has steganographic encryption, among other stuff.

Bruce, an entry for KeePassX but none for KeePass, the program it's derived from?

Allan EwingDecember 3, 2015 6:30 PM

Thank you for the comprehensive list. Quite informative. And also something new for me to learn. I am especially pleased about the excellent remark next to the encryption software I use! Well, you are a pro. BTW: PGP 6.5.8 still works on Win 7.

OTDecember 4, 2015 6:42 AM

@Dirk Praet, it is wierd. The rule that flags the tails 1.7 iso is this:

rule Ponmocup : plugins
{
meta:
description = "Ponmocup plugin detection (memory)"
author = "Danny Heppener, Fox-IT"
strings:
$1100 = {4D 5A 90 [29] 4C 04}
$1201 = {4D 5A 90 [29] B1 04}
$1300 = {4D 5A 90 [29] 14 05}
$1350 = {4D 5A 90 [29] 46 05}
$1400 = {4D 5A 90 [29] 78 05}
$1402 = {4D 5A 90 [29] 7A 05}
$1403 = {4D 5A 90 [29] 7B 05}
$1404 = {4D 5A 90 [29] 7C 05}
$1405 = {4D 5A 90 [29] 7D 05}
$1406 = {4D 5A 90 [29] 7E 05}
$1500 = {4D 5A 90 [29] DC 05}
$1501 = {4D 5A 90 [29] DD 05}
$1502 = {4D 5A 90 [29] DE 05}
$1505 = {4D 5A 90 [29] E1 05}
$1506 = {4D 5A 90 [29] E2 05}
$1507 = {4D 5A 90 [29] E3 05}
$1508 = {4D 5A 90 [29] E4 05}
$1509 = {4D 5A 90 [29] E5 05}
$1510 = {4D 5A 90 [29] E6 05}
$1511 = {4D 5A 90 [29] E7 05}
$1512 = {4D 5A 90 [29] E8 05}
$1600 = {4D 5A 90 [29] 40 06}
$1601 = {4D 5A 90 [29] 41 06}
$1700 = {4D 5A 90 [29] A4 06}
$1800 = {4D 5A 90 [29] 08 07}
$1801 = {4D 5A 90 [29] 09 07}
$1802 = {4D 5A 90 [29] 0A 07}
$1803 = {4D 5A 90 [29] 0B 07}
$2001 = {4D 5A 90 [29] D1 07}
$2002 = {4D 5A 90 [29] D2 07}
$2003 = {4D 5A 90 [29] D3 07}
$2004 = {4D 5A 90 [29] D4 07}
$2500 = {4D 5A 90 [29] C4 09}
$2501 = {4D 5A 90 [29] C5 09}
$2550 = {4D 5A 90 [29] F6 09}
$2600 = {4D 5A 90 [29] 28 0A}
$2610 = {4D 5A 90 [29] 32 0A}
$2700 = {4D 5A 90 [29] 8C 0A}
$2701 = {4D 5A 90 [29] 8D 0A}
$2750 = {4D 5A 90 [29] BE 0A}
$2760 = {4D 5A 90 [29] C8 0A}
$2810 = {4D 5A 90 [29] FA 0A}
condition:
any of ($1100,$1201,$1300,$1350,$1400,$1402,$1403,$1404,$1405,$1406,
$1500,$1501,$1502,$1505,$1506,$1507,$1508,$1509,$1510,$1511,$1512,$1600,$1601,$1700,$1800,$1801,
$1802,$1803,$2001,$2002,$2003,$2004,$2500,$2501,$2550,$2600,$2610,$2700,$2701,$2750,$2760,$2810)
}

Broad enough to generate false positives in a large file, conceivably - but in tails, it makes you wonder.

TNDecember 4, 2015 7:41 AM

Is is possible to capture whether the app received funding from Open Technology Fund (OTF)?

I think this would be very interesting data point.

Dirk PraetDecember 4, 2015 8:54 AM

@ OT

The rule that flags the tails 1.7 iso is this:

I read the Fox-IT paper and had a look at that yara rule. I think it's a false positive as it just doesn't make any sense to me for a Ponmocup plugin to be present in TAILS. To do what? Execute stand-alone with Wine or another by default non-present Windows emulator?

TODecember 4, 2015 10:32 AM

@Dirk Praet, we couldn't see the point either. Except that it's Java, and so theoretically cross-platform, at least for Java 7 (

Dirk PraetDecember 4, 2015 1:34 PM

@ TO

Except that it's Java, and so theoretically cross-platform, at least for Java 7

No, it isn't. It's a Windows executable. One of the infection vectors can be a .jar file.

Dean F. Valentine Jr.December 4, 2015 4:48 PM

Steganographic tools like DeepSound usually encrypt the files they hide.

TODecember 4, 2015 5:42 PM

So false positive, probably, yes. One test of that proposition is whether the IOCs would change if ponmocup were ported to Linux as Turla was. The answer is no, not necessarily.

Mike GerwitzDecember 6, 2015 7:29 AM

Unfortunately, I can't look at most of this work, as it requires me to run Google's proprietary JavaScript and prohibits me from performing my own computing. Could you host it elsewhere? Even plain text would be a good alternative; otherwise, I recommend an OpenDocument format.

Free software and non-SaaSS pitch aside: hosting this spreadsheet on Google Docs is antithetical to the topic at hand.

Would someone who does use Google Docs mind posting this in some other format for others like myself to read? Thanks!

Ole JuulDecember 7, 2015 4:43 AM

"Would someone who does use Google Docs mind posting this in some other format for others like myself to read? Thanks!"

Here you go Mike. Click my name and it'll be .ods. And I took out the stupid spaces in the file name too.

Stephen BrinichDecember 7, 2015 4:53 PM

I ended up copying and pasting the spreadsheet to a local copy so I could get the columns to widen enough to read some of the entries.

I also found and submitted something that didn't appear to be listed: Secure Space Encryptor (http://www.paranoiaworks.mobi, cross-platform).

EncryptorDecember 7, 2015 6:51 PM

Is there a way, with Debian, to get all the dependencies of all available packages?

If so, very few software reinvent the wheel cryptographically, since it's a very bad practice. Bundling modified libraries is also a bad practice and is fought by distributions because of security issues.

So if we take for granted that Debian does a good job at that, could we, without installing every package, get a list of packages using common cryptography libraries, along with their descriptions.

Then we as human, filter out the irrelevant ones.

hisToryDecember 7, 2015 6:56 PM

Hi,

What about covert channels for instance.

If you take anti-tor-blocking approaches, some are relevant here:
-> Some make traffic look like common protocols
-> One even encode data in a strategy game moves (0AD)

Given the creativity used by people wanting to publish blue ray or HDMI keys, government should expect the same kind of creativity to bypass surveillance.

Joe KDecember 10, 2015 12:41 PM

@ Encryptor

Is there a way, with Debian, to get all the dependencies of all available packages?

Is that distinct from "all available packages"?

If so, very few software reinvent the wheel cryptographically, since it's a very bad practice. Bundling modified libraries is also a bad practice and is fought by distributions because of security issues.

So if we take for granted that Debian does a good job at that, could we, without installing every
package, get a list of packages using common cryptography libraries, along with their descriptions.

Yes, you can. If PKG1 PKG2 … PKGN are the libraries of interest, then do

$ apt-cache rdepends PKG1 PGK2 PGK3 … PGKN

Nick PDecember 10, 2015 9:17 PM

@ Clive Robinson

"On looking down the list I see no contact details for "Mujahideen Secrets"..."

I was re-reading this due to a HN re-post of Bruce's survey and just noticed you comment. That was hilarious. It's like they're worried their career could be ended by publishing one cellphone number or active GPS. Such paranoia. ;)

Clive RobinsonDecember 11, 2015 3:57 AM

@ Nick P,

That's one way to read it, I was thinking more along the lines of their not being any "tech support" contact details because some Congress criter would demand that "We Send in the drones" to a call center in India or somewhere else tech support had been "outsourced" to. Then having started another war claim it as a great success in the war on Terror...

Behind the jokes though is a serious point, many do consider that the US would send in the drones on such a flimsy pretext. If not today but when the "Trump" or his like minded friends set US foreign policy. Then having set the precedent that future US leaders would use it as "case law" to go and drone somebody else just as Obama has built on Bush. Oh and of course you have to remember "Crypto is now the new Terror" as Comey and Co keep stating it's a serious or existential risk to government in their view of democratic politics...

Joe KDecember 12, 2015 4:49 AM

@ Encryptor

I just realised that the command line I suggested above will only list
available packages that immediately depend on PKG1 PKG2 … PKGN.

But that isn't quite what you asked for.

So add the --recurse option:

$ apt-cache --recurse rdepends PKG1 PGK2 … PGKN

Anyways, as usual, "$ man apt-cache" for details.

LarryDecember 23, 2015 6:31 PM

This is a decent start, but if you are trying to use this list to help convince politicians of the folly of legislation, remember that it is not all that hard to create custom apps using one of the many cryptographic libraries available. I suggest you create a similar list for cryptographic libraries.

RussellJanuary 2, 2016 1:57 PM

New product from Skyport Systems called SkySecure should qualify. It has cryptographic protection of general servers and of executable user-provided code.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.