| |
| |
| Foreword | |
| |
| |
| Preface | |
| |
| |
| |
| Safe Initialization | |
| |
| |
| |
| Sanitizing the Environment | |
| |
| |
| |
| Restricting Privileges on Windows | |
| |
| |
| |
| Dropping Privileges in setuid Programs | |
| |
| |
| |
| Limiting Risk with Privilege Separation | |
| |
| |
| |
| Managing File Descriptors Safely | |
| |
| |
| |
| Creating a Child Process Securely | |
| |
| |
| |
| Executing External Programs Securely | |
| |
| |
| |
| Executing External Programs Securely | |
| |
| |
| |
| Disabling Memory Dumps in the Event of a Crash | |
| |
| |
| |
| Access Control | |
| |
| |
| |
| Understanding the Unix Access Control Model | |
| |
| |
| |
| Understanding the Windows Access Control Model | |
| |
| |
| |
| Determining Whether a User Has Access to a File on Unix | |
| |
| |
| |
| Determining Whether a Directory Is Secure | |
| |
| |
| |
| Erasing Files Securely | |
| |
| |
| |
| Accessing File Information Securely | |
| |
| |
| |
| Restricting Access Permissions for New Files on Unix | |
| |
| |
| |
| Locking Files | |
| |
| |
| |
| Synchronizing Resource Access Across Processes on Unix | |
| |
| |
| |
| Synchronizing Resource Access Across Processes on Windows | |
| |
| |
| |
| Creating Files for Temporary Use | |
| |
| |
| |
| Restricting Filesystem Access on Unix | |
| |
| |
| |
| Restricting Filesystem and Network Access on FreeBSD | |
| |
| |
| |
| Input Validation | |
| |
| |
| |
| Understanding Basic Data Validation Techniques | |
| |
| |
| |
| Preventing Attacks on Formatting Functions | |
| |
| |
| |
| Preventing Buffer Overflows | |
| |
| |
| |
| Using the SafeStr Library | |
| |
| |
| |
| Preventing Integer Coercion and Wrap-Around Problems | |
| |
| |
| |
| Using Environment Variables Securely | |
| |
| |
| |
| Validating Filenames and Paths | |
| |
| |
| |
| Evaluating URL Encodings | |
| |
| |
| |
| Validating Email Addresses | |
| |
| |
| |
| Preventing Cross-Site Scripting | |
| |
| |
| |
| Preventing SQL Injection Attacks | |
| |
| |
| |
| Detecting Illegal UTF-8 Characters | |
| |
| |
| |
| Preventing File Descriptor Overflows When Using select() | |
| |
| |
| |
| Symmetric Cryptography Fundamentals | |
| |
| |
| |
| Representing Keys for Use in Cryptographic Algorithms | |
| |
| |
| |
| Generating Random Symmetric Keys | |
| |
| |
| |
| Representing Binary Keys (or Other Raw Data) as Hexadecimal | |
| |
| |
| |
| Turning ASCII Hex Keys (or Other ASCII Hex Data) into Binary | |
| |
| |
| |
| Performing Base64 Encoding | |
| |
| |
| |
| Performing Base64 Decoding | |
| |
| |
| |
| Representing Keys (or Other Binary Data) as English Text | |
| |
| |
| |
| Converting Text Keys to Binary Keys | |
| |
| |
| |
| Using Salts, Nonces, and Initialization Vectors | |
| |
| |
| |
| Deriving Symmetric Keys from a Password | |
| |
| |
| |
| Algorithmically Generating Symmetric Keys from One Base Secret | |
| |
| |
| |
| Encrypting in a Single Reduced Character Set | |
| |
| |
| |
| Managing Key Material Securely | |
| |
| |
| |
| Timing Cryptographic Primitives | |
| |
| |
| |
| Symmetric Encryption | |
| |
| |
| |
| Deciding Whether to Use Multiple Encryption Algorithms | |
| |
| |
| |
| Figuring Out Which Encryption Algorithm Is Best | |
| |
| |
| |
| Selecting an Appropriate Key Length | |
| |
| |
| |
| Selecting a Cipher Mode | |
| |
| |
| |
| Using a Raw Block Cipher | |
| |
| |
| |
| Using a Generic CBC Mode Implementation | |
| |
| |
| |
| Using a Generic CFB Mode Implementation | |
| |
| |
| |
| Using a Generic OFB Mode Implementation | |
| |
| |
| |
| Using a Generic CTR Mode Implementation | |
| |
| |
| |
| Using CWC Mode | |
| |
| |
| |
| Manually Adding and Checking Cipher Padding | |
| |
| |
| |
| Precomputing Keystream in OFB, CTR, CCM, or CWC Modes (or with Stream Ciphers) | |
| |
| |
| |
| Parallelizing Encryption and Decryption in Modes That Allow It (Without Breaking Compatibility) | |
| |
| |
| |
| Parallelizing Encryption and Decryption in Arbitrary Modes (Breaking Compatibility) | |
| |
| |
| |
| Performing File or Disk Encryption | |
| |
| |
| |
| Using a High-Level, Error-Resistant Encryption and Decryption API | |
| |
| |
| |
| Performing Block Cipher Setup (for CBC, CFB, OFB, and ECB Modes) in OpenSSL | |
| |
| |
| |
| Using Variable Key-Length Ciphers in OpenSSL | |
| |
| |
| |
| Disabling Cipher Padding in OpenSSL in CBC Mode | |
| |
| |
| |
| Performing Additional Cipher Setup in OpenSSL | |
| |
| |
| |
| Querying Cipher Configuration Properties in OpenSSL | |
| |
| |
| |
| Performing Low-Level Encryption and Decryption with OpenSSL | |
| |
| |
| |
| Setting Up and Using RC4 | |
| |
| |
| |
| Using One-Time Pads | |
| |
| |
| |
| Using Symmetric Encryption with Microsoft's CryptoAPI | |
| |
| |
| |
| Creating a CryptoAPI Key Object from Raw Key Data | |
| |
| |
| |
| Extracting Raw Key Data from a CryptoAPI Key Object | |
| |
| |
| |
| Hashes and Message Authentication | |
| |
| |
| |
| Understanding the Basics of Hashes and MACs | |
| |
| |
| |
| Deciding Whether to Support Multiple Message Digests or MACs | |
| |
| |
| |
| Choosing a Cryptographic Hash Algorithm | |
| |
| |
| |
| Choosing a Message Authentication Code | |
| |
| |
| |
| Incrementally Hasing Data | |
| |
| |
| |
| Hashing a Single String | |
| |
| |
| |
| Using a Cryptographic Hash | |
| |
| |
| |
| Using a Nonce to Protect Against Birthday Attacks | |
| |
| |
| |
| Checking Message Integrity | |
| |
| |
| |
| Using HMAC | |
| |
| |
| |
| Using OMAC (a Simple Block Cipher-Based MAC) | |
| |
| |
| |
| Using HMAC or OMAC with a Nonce | |
| |
| |
| |
| Using a MAC That's Reasonably Fast in Software and Hardware | |
| |
| |
| |
| Using a MAC That's Optimized for Software Speed | |
| |
| |
| |
| Constructing a Hash Function from a Block Cipher | |
| |
| |
| |
| Using a Block Cipher to Build a Full-Strength Hash Function | |
| |
| |
| |
| Using Smaller MAC Tags | |
| |
| |
| |
| Making Encryption and Message Integrity Work Together | |
| |
| |
| |
| Making Your Own MAC | |
| |
| |
| |
| Encrypting with a Hash Function | |
| |
| |
| |
| Securely Authenticating a MAC (Thwarting Capture Replay Attacks) | |
| |
| |
| |
| Parallelizing MACs | |
| |
| |
| |
| Public Key Cryptography | |
| |
| |
| |
| Determining When to Use Public Key Cryptography | |
| |
| |
| |
| Selecting a Public Key Algorithm | |
| |
| |
| |
| Selecting Public Key Sizes | |
| |
| |
| |
| Manipulating Big Numbers | |
| |
| |
| |
| Generating a Prime Number (Testing for Primality) | |
| |
| |
| |
| Generating an RSA Key Pair | |
| |
| |
| |
| Disentangling the Public and Private Keys in OpenSSL | |
| |
| |
| |
| Converting Binary Strings to Integers for Use with RSA | |
| |
| |
| |
| Converting Integers into Binary Strings for Use with RSA | |
| |
| |
| |
| Performing Raw Encryption with an RSA Public Key | |
| |
| |
| |
| Performing Raw Decryption Using an RSA Private Key | |
| |
| |
| |
| Signing Data Using an RSA Private Key | |
| |
| |
| |
| Verifying Signed Data Using an RSA Public Key | |
| |
| |
| |
| Securely Signing and Encrypting with RSA | |
| |
| |
| |
| Using the Digital Signature Algorithm (DSA) | |
| |
| |
| |
| Representing Public Keys and Certificates in Binary (DER Encoding) | |
| |
| |
| |
| Representing Keys and Certificates in Plaintext (PEM Encoding) | |
| |
| |
| |
| Authentication and Key Exchange | |
| |
| |
| |
| Choosing an Authentication Method | |
| |
| |
| |
| Getting User and Group Information on Unix | |
| |
| |
| |
| Getting User and Group Information on Windows | |
| |
| |
| |
| Restricting Access Based on Hostname or IP Address | |
| |
| |
| |
| Generating Random Passwords and Passphrases | |
| |
| |
| |
| Testing the Strength of Passwords | |
| |
| |
| |
| Prompting for a Password | |
| |
| |
| |
| Throttling Failed Authentication Attempts | |
| |
| |
| |
| Performing Password-Based Authentication with crypt() | |
| |
| |
| |
| Performing Password-Based Authentication with MD5-MCF | |
| |
| |
| |
| Performing Password-Based Authentication with PBKDF2 | |
| |
| |
| |
| Authenticating with PAM | |
| |
| |
| |
| Authenticating with Kerberos | |
| |
| |
| |
| Authenticating with HTTP Cookies | |
| |
| |
| |
| Performing Password-Based Authentication and Key Exchange | |
| |
| |
| |
| Performing Authenticated Key Exchange Using RSA | |
| |
| |
| |
| Using Basic Diffie-Hellman Key Agreement | |
| |
| |
| |
| Using Diffie-Hellman and DSA Together | |
| |
| |
| |
| Minimizing the Window of Vulnerability When Authenticating Without a PKI | |
| |
| |
| |
| Providing Forward Secrecy in a Symmetric System | |
| |
| |
| |
| Ensuring Forward Secrecy in a Public Key System | |
| |
| |
| |
| Confirming Requests via Email | |
| |
| |
| |
| Networking | |
| |
| |
| |
| Creating an SSL Client | |
| |
| |
| |
| Creating an SSL Server | |
| |
| |
| |
| Using Session Caching to Make SSL Servers More Efficient | |
| |
| |
| |
| Securing Web Communication on Windows Using the WinInet API | |
| |
| |
| |
| Enabling SSL without Modifying Source Code | |
| |
| |
| |
| Using Kerberos Encryption | |
| |
| |
| |
| Performing Interprocess Communication Using Sockets | |
| |
| |
| |
| Performing Authentication with Unix Domain Sockets | |
| |
| |
| |
| Performing Session ID Management | |
| |
| |
| |
| Securing Database Connections | |
| |
| |
| |
| Using a Virtual Private Network to Secure Network Connections | |
| |
| |
| |
| Building an Authenticated Secure Channel Without SSL | |
| |
| |
| |
| Public Key Infrastructure | |
| |
| |
| |
| Understanding Public Key Infrastructure (PKI) | |
| |
| |
| |
| Obtaining a Certificate | |
| |
| |
| |
| Using Root Certificates | |
| |
| |
| |
| Understanding X.509 Certificate Verification Methodology | |
| |
| |
| |
| Performing X.509 Certificate Verification with OpenSSL | |
| |
| |
| |
| Performing X.509 Certificate Verification with CryptoAPI | |
| |
| |
| |
| Verifying an SSL Peer's Certificate | |
| |
| |
| |
| Adding Hostname Checking to Certificate Verification | |
| |
| |
| |
| Using a Whitelist to Verify Certificates | |
| |
| |
| |
| Obtaining Certificate Revocation Lists with OpenSSL | |
| |
| |
| |
| Obtaining CRLs with CryptoAPI | |
| |
| |
| |
| Checking Revocation Status via OCSP with OpenSSL | |
| |
| |
| |
| Random Numbers | |
| |
| |
| |
| Determining What Kind of Random Numbers to Use | |
| |
| |
| |
| Using a Generic API for Randomness and Entropy | |
| |
| |
| |
| Using the Standard Unix Randomness Infrastructure | |
| |
| |
| |
| Using the Standard Windows Randomness Infrastructure | |
| |
| |
| |
| Using an Application-Level Generator | |
| |
| |
| |
| Reseeding a Pseudo-Random Number Generator | |
| |
| |
| |
| Using an Entropy Gathering Daemon--Compatible Solution | |
| |
| |
| |
| Getting Entropy or Pseudo-Randomness Using EGADS | |
| |
| |
| |
| Using the OpenSSL Random Number API | |
| |
| |
| |
| Getting Random Integers | |
| |
| |
| |
| Getting a Random Integer in a Range | |
| |
| |
| |
| Getting a Random Floating-Point Value with Uniform Distribution | |
| |
| |
| |
| Getting Floating-Point Values with Nonuniform Distributions | |
| |
| |
| |
| Getting a Random Printable ASCII String | |
| |
| |
| |
| Shuffling Fairly | |
| |
| |
| |
| Compressing Data with Entropy into a Fixed-Size Seed | |
| |
| |
| |
| Getting Entropy at Startup | |
| |
| |
| |
| Statistically Testing Random Numbers | |
| |
| |
| |
| Performing Entropy Estimation and Management | |
| |
| |
| |
| Gathering Entropy from the Keyboard | |
| |
| |
| |
| Gathering Entropy from Mouse Events on Windows | |
| |
| |
| |
| Gathering Entropy from Thread Timings | |
| |
| |
| |
| Gathering Entropy from System State | |
| |
| |
| |
| Anti-Tampering | |
| |
| |
| |
| Understanding the Problem of Software Protection | |
| |
| |
| |
| Detecting Modification | |
| |
| |
| |
| Obfuscating Code | |
| |
| |
| |
| Performing Bit and Byte Obfuscation | |
| |
| |
| |
| Performing Constant Transforms on Variables | |
| |
| |
| |
| Merging Scalar Variables | |
| |
| |
| |
| Splitting Variables | |
| |
| |
| |
| Disguising Boolean Values | |
| |
| |
| |
| Using Function Pointers | |
| |
| |
| |
| Restructuring Arrays | |
| |
| |
| |
| Hiding Strings | |
| |
| |
| |
| Detecting Debuggers | |
| |
| |
| |
| Detecting Unix Debuggers | |
| |
| |
| |
| Detecting Windows Debuggers | |
| |
| |
| |
| Detecting SoftICE | |
| |
| |
| |
| Countering Disassembly | |
| |
| |
| |
| Using Self-Modifying Code | |
| |
| |
| |
| Other Topics | |
| |
| |
| |
| Performing Error Handling | |
| |
| |
| |
| Erasing Data from Memory Securely | |
| |
| |
| |
| Preventing Memory from Being Paged to Disk | |
| |
| |
| |
| Using Variable Arguments Properly | |
| |
| |
| |
| Performing Proper Signal Handling | |
| |
| |
| |
| Protecting against Shatter Attacks on Windows | |
| |
| |
| |
| Guarding Against Spawning Too Many Threads | |
| |
| |
| |
| Guarding Against Creating Too Many Network Sockets | |
| |
| |
| |
| Guarding Against Resource Starvation Attacks on Unix | |
| |
| |
| |
| Guarding Against Resource Starvation Attacks on Windows | |
| |
| |
| |
| Following Best Practices for Audit Logging | |
| |
| |
| Index | |