| |
| |
Foreword | |
| |
| |
Preface | |
| |
| |
| |
Safe Initialization | |
| |
| |
| |
Sanitizing the Environment | |
| |
| |
| |
Restricting Privileges on Windows | |
| |
| |
| |
Dropping Privileges in setuid Programs | |
| |
| |
| |
Limiting Risk with Privilege Separation | |
| |
| |
| |
Managing File Descriptors Safely | |
| |
| |
| |
Creating a Child Process Securely | |
| |
| |
| |
Executing External Programs Securely | |
| |
| |
| |
Executing External Programs Securely | |
| |
| |
| |
Disabling Memory Dumps in the Event of a Crash | |
| |
| |
| |
Access Control | |
| |
| |
| |
Understanding the Unix Access Control Model | |
| |
| |
| |
Understanding the Windows Access Control Model | |
| |
| |
| |
Determining Whether a User Has Access to a File on Unix | |
| |
| |
| |
Determining Whether a Directory Is Secure | |
| |
| |
| |
Erasing Files Securely | |
| |
| |
| |
Accessing File Information Securely | |
| |
| |
| |
Restricting Access Permissions for New Files on Unix | |
| |
| |
| |
Locking Files | |
| |
| |
| |
Synchronizing Resource Access Across Processes on Unix | |
| |
| |
| |
Synchronizing Resource Access Across Processes on Windows | |
| |
| |
| |
Creating Files for Temporary Use | |
| |
| |
| |
Restricting Filesystem Access on Unix | |
| |
| |
| |
Restricting Filesystem and Network Access on FreeBSD | |
| |
| |
| |
Input Validation | |
| |
| |
| |
Understanding Basic Data Validation Techniques | |
| |
| |
| |
Preventing Attacks on Formatting Functions | |
| |
| |
| |
Preventing Buffer Overflows | |
| |
| |
| |
Using the SafeStr Library | |
| |
| |
| |
Preventing Integer Coercion and Wrap-Around Problems | |
| |
| |
| |
Using Environment Variables Securely | |
| |
| |
| |
Validating Filenames and Paths | |
| |
| |
| |
Evaluating URL Encodings | |
| |
| |
| |
Validating Email Addresses | |
| |
| |
| |
Preventing Cross-Site Scripting | |
| |
| |
| |
Preventing SQL Injection Attacks | |
| |
| |
| |
Detecting Illegal UTF-8 Characters | |
| |
| |
| |
Preventing File Descriptor Overflows When Using select() | |
| |
| |
| |
Symmetric Cryptography Fundamentals | |
| |
| |
| |
Representing Keys for Use in Cryptographic Algorithms | |
| |
| |
| |
Generating Random Symmetric Keys | |
| |
| |
| |
Representing Binary Keys (or Other Raw Data) as Hexadecimal | |
| |
| |
| |
Turning ASCII Hex Keys (or Other ASCII Hex Data) into Binary | |
| |
| |
| |
Performing Base64 Encoding | |
| |
| |
| |
Performing Base64 Decoding | |
| |
| |
| |
Representing Keys (or Other Binary Data) as English Text | |
| |
| |
| |
Converting Text Keys to Binary Keys | |
| |
| |
| |
Using Salts, Nonces, and Initialization Vectors | |
| |
| |
| |
Deriving Symmetric Keys from a Password | |
| |
| |
| |
Algorithmically Generating Symmetric Keys from One Base Secret | |
| |
| |
| |
Encrypting in a Single Reduced Character Set | |
| |
| |
| |
Managing Key Material Securely | |
| |
| |
| |
Timing Cryptographic Primitives | |
| |
| |
| |
Symmetric Encryption | |
| |
| |
| |
Deciding Whether to Use Multiple Encryption Algorithms | |
| |
| |
| |
Figuring Out Which Encryption Algorithm Is Best | |
| |
| |
| |
Selecting an Appropriate Key Length | |
| |
| |
| |
Selecting a Cipher Mode | |
| |
| |
| |
Using a Raw Block Cipher | |
| |
| |
| |
Using a Generic CBC Mode Implementation | |
| |
| |
| |
Using a Generic CFB Mode Implementation | |
| |
| |
| |
Using a Generic OFB Mode Implementation | |
| |
| |
| |
Using a Generic CTR Mode Implementation | |
| |
| |
| |
Using CWC Mode | |
| |
| |
| |
Manually Adding and Checking Cipher Padding | |
| |
| |
| |
Precomputing Keystream in OFB, CTR, CCM, or CWC Modes (or with Stream Ciphers) | |
| |
| |
| |
Parallelizing Encryption and Decryption in Modes That Allow It (Without Breaking Compatibility) | |
| |
| |
| |
Parallelizing Encryption and Decryption in Arbitrary Modes (Breaking Compatibility) | |
| |
| |
| |
Performing File or Disk Encryption | |
| |
| |
| |
Using a High-Level, Error-Resistant Encryption and Decryption API | |
| |
| |
| |
Performing Block Cipher Setup (for CBC, CFB, OFB, and ECB Modes) in OpenSSL | |
| |
| |
| |
Using Variable Key-Length Ciphers in OpenSSL | |
| |
| |
| |
Disabling Cipher Padding in OpenSSL in CBC Mode | |
| |
| |
| |
Performing Additional Cipher Setup in OpenSSL | |
| |
| |
| |
Querying Cipher Configuration Properties in OpenSSL | |
| |
| |
| |
Performing Low-Level Encryption and Decryption with OpenSSL | |
| |
| |
| |
Setting Up and Using RC4 | |
| |
| |
| |
Using One-Time Pads | |
| |
| |
| |
Using Symmetric Encryption with Microsoft's CryptoAPI | |
| |
| |
| |
Creating a CryptoAPI Key Object from Raw Key Data | |
| |
| |
| |
Extracting Raw Key Data from a CryptoAPI Key Object | |
| |
| |
| |
Hashes and Message Authentication | |
| |
| |
| |
Understanding the Basics of Hashes and MACs | |
| |
| |
| |
Deciding Whether to Support Multiple Message Digests or MACs | |
| |
| |
| |
Choosing a Cryptographic Hash Algorithm | |
| |
| |
| |
Choosing a Message Authentication Code | |
| |
| |
| |
Incrementally Hasing Data | |
| |
| |
| |
Hashing a Single String | |
| |
| |
| |
Using a Cryptographic Hash | |
| |
| |
| |
Using a Nonce to Protect Against Birthday Attacks | |
| |
| |
| |
Checking Message Integrity | |
| |
| |
| |
Using HMAC | |
| |
| |
| |
Using OMAC (a Simple Block Cipher-Based MAC) | |
| |
| |
| |
Using HMAC or OMAC with a Nonce | |
| |
| |
| |
Using a MAC That's Reasonably Fast in Software and Hardware | |
| |
| |
| |
Using a MAC That's Optimized for Software Speed | |
| |
| |
| |
Constructing a Hash Function from a Block Cipher | |
| |
| |
| |
Using a Block Cipher to Build a Full-Strength Hash Function | |
| |
| |
| |
Using Smaller MAC Tags | |
| |
| |
| |
Making Encryption and Message Integrity Work Together | |
| |
| |
| |
Making Your Own MAC | |
| |
| |
| |
Encrypting with a Hash Function | |
| |
| |
| |
Securely Authenticating a MAC (Thwarting Capture Replay Attacks) | |
| |
| |
| |
Parallelizing MACs | |
| |
| |
| |
Public Key Cryptography | |
| |
| |
| |
Determining When to Use Public Key Cryptography | |
| |
| |
| |
Selecting a Public Key Algorithm | |
| |
| |
| |
Selecting Public Key Sizes | |
| |
| |
| |
Manipulating Big Numbers | |
| |
| |
| |
Generating a Prime Number (Testing for Primality) | |
| |
| |
| |
Generating an RSA Key Pair | |
| |
| |
| |
Disentangling the Public and Private Keys in OpenSSL | |
| |
| |
| |
Converting Binary Strings to Integers for Use with RSA | |
| |
| |
| |
Converting Integers into Binary Strings for Use with RSA | |
| |
| |
| |
Performing Raw Encryption with an RSA Public Key | |
| |
| |
| |
Performing Raw Decryption Using an RSA Private Key | |
| |
| |
| |
Signing Data Using an RSA Private Key | |
| |
| |
| |
Verifying Signed Data Using an RSA Public Key | |
| |
| |
| |
Securely Signing and Encrypting with RSA | |
| |
| |
| |
Using the Digital Signature Algorithm (DSA) | |
| |
| |
| |
Representing Public Keys and Certificates in Binary (DER Encoding) | |
| |
| |
| |
Representing Keys and Certificates in Plaintext (PEM Encoding) | |
| |
| |
| |
Authentication and Key Exchange | |
| |
| |
| |
Choosing an Authentication Method | |
| |
| |
| |
Getting User and Group Information on Unix | |
| |
| |
| |
Getting User and Group Information on Windows | |
| |
| |
| |
Restricting Access Based on Hostname or IP Address | |
| |
| |
| |
Generating Random Passwords and Passphrases | |
| |
| |
| |
Testing the Strength of Passwords | |
| |
| |
| |
Prompting for a Password | |
| |
| |
| |
Throttling Failed Authentication Attempts | |
| |
| |
| |
Performing Password-Based Authentication with crypt() | |
| |
| |
| |
Performing Password-Based Authentication with MD5-MCF | |
| |
| |
| |
Performing Password-Based Authentication with PBKDF2 | |
| |
| |
| |
Authenticating with PAM | |
| |
| |
| |
Authenticating with Kerberos | |
| |
| |
| |
Authenticating with HTTP Cookies | |
| |
| |
| |
Performing Password-Based Authentication and Key Exchange | |
| |
| |
| |
Performing Authenticated Key Exchange Using RSA | |
| |
| |
| |
Using Basic Diffie-Hellman Key Agreement | |
| |
| |
| |
Using Diffie-Hellman and DSA Together | |
| |
| |
| |
Minimizing the Window of Vulnerability When Authenticating Without a PKI | |
| |
| |
| |
Providing Forward Secrecy in a Symmetric System | |
| |
| |
| |
Ensuring Forward Secrecy in a Public Key System | |
| |
| |
| |
Confirming Requests via Email | |
| |
| |
| |
Networking | |
| |
| |
| |
Creating an SSL Client | |
| |
| |
| |
Creating an SSL Server | |
| |
| |
| |
Using Session Caching to Make SSL Servers More Efficient | |
| |
| |
| |
Securing Web Communication on Windows Using the WinInet API | |
| |
| |
| |
Enabling SSL without Modifying Source Code | |
| |
| |
| |
Using Kerberos Encryption | |
| |
| |
| |
Performing Interprocess Communication Using Sockets | |
| |
| |
| |
Performing Authentication with Unix Domain Sockets | |
| |
| |
| |
Performing Session ID Management | |
| |
| |
| |
Securing Database Connections | |
| |
| |
| |
Using a Virtual Private Network to Secure Network Connections | |
| |
| |
| |
Building an Authenticated Secure Channel Without SSL | |
| |
| |
| |
Public Key Infrastructure | |
| |
| |
| |
Understanding Public Key Infrastructure (PKI) | |
| |
| |
| |
Obtaining a Certificate | |
| |
| |
| |
Using Root Certificates | |
| |
| |
| |
Understanding X.509 Certificate Verification Methodology | |
| |
| |
| |
Performing X.509 Certificate Verification with OpenSSL | |
| |
| |
| |
Performing X.509 Certificate Verification with CryptoAPI | |
| |
| |
| |
Verifying an SSL Peer's Certificate | |
| |
| |
| |
Adding Hostname Checking to Certificate Verification | |
| |
| |
| |
Using a Whitelist to Verify Certificates | |
| |
| |
| |
Obtaining Certificate Revocation Lists with OpenSSL | |
| |
| |
| |
Obtaining CRLs with CryptoAPI | |
| |
| |
| |
Checking Revocation Status via OCSP with OpenSSL | |
| |
| |
| |
Random Numbers | |
| |
| |
| |
Determining What Kind of Random Numbers to Use | |
| |
| |
| |
Using a Generic API for Randomness and Entropy | |
| |
| |
| |
Using the Standard Unix Randomness Infrastructure | |
| |
| |
| |
Using the Standard Windows Randomness Infrastructure | |
| |
| |
| |
Using an Application-Level Generator | |
| |
| |
| |
Reseeding a Pseudo-Random Number Generator | |
| |
| |
| |
Using an Entropy Gathering Daemon--Compatible Solution | |
| |
| |
| |
Getting Entropy or Pseudo-Randomness Using EGADS | |
| |
| |
| |
Using the OpenSSL Random Number API | |
| |
| |
| |
Getting Random Integers | |
| |
| |
| |
Getting a Random Integer in a Range | |
| |
| |
| |
Getting a Random Floating-Point Value with Uniform Distribution | |
| |
| |
| |
Getting Floating-Point Values with Nonuniform Distributions | |
| |
| |
| |
Getting a Random Printable ASCII String | |
| |
| |
| |
Shuffling Fairly | |
| |
| |
| |
Compressing Data with Entropy into a Fixed-Size Seed | |
| |
| |
| |
Getting Entropy at Startup | |
| |
| |
| |
Statistically Testing Random Numbers | |
| |
| |
| |
Performing Entropy Estimation and Management | |
| |
| |
| |
Gathering Entropy from the Keyboard | |
| |
| |
| |
Gathering Entropy from Mouse Events on Windows | |
| |
| |
| |
Gathering Entropy from Thread Timings | |
| |
| |
| |
Gathering Entropy from System State | |
| |
| |
| |
Anti-Tampering | |
| |
| |
| |
Understanding the Problem of Software Protection | |
| |
| |
| |
Detecting Modification | |
| |
| |
| |
Obfuscating Code | |
| |
| |
| |
Performing Bit and Byte Obfuscation | |
| |
| |
| |
Performing Constant Transforms on Variables | |
| |
| |
| |
Merging Scalar Variables | |
| |
| |
| |
Splitting Variables | |
| |
| |
| |
Disguising Boolean Values | |
| |
| |
| |
Using Function Pointers | |
| |
| |
| |
Restructuring Arrays | |
| |
| |
| |
Hiding Strings | |
| |
| |
| |
Detecting Debuggers | |
| |
| |
| |
Detecting Unix Debuggers | |
| |
| |
| |
Detecting Windows Debuggers | |
| |
| |
| |
Detecting SoftICE | |
| |
| |
| |
Countering Disassembly | |
| |
| |
| |
Using Self-Modifying Code | |
| |
| |
| |
Other Topics | |
| |
| |
| |
Performing Error Handling | |
| |
| |
| |
Erasing Data from Memory Securely | |
| |
| |
| |
Preventing Memory from Being Paged to Disk | |
| |
| |
| |
Using Variable Arguments Properly | |
| |
| |
| |
Performing Proper Signal Handling | |
| |
| |
| |
Protecting against Shatter Attacks on Windows | |
| |
| |
| |
Guarding Against Spawning Too Many Threads | |
| |
| |
| |
Guarding Against Creating Too Many Network Sockets | |
| |
| |
| |
Guarding Against Resource Starvation Attacks on Unix | |
| |
| |
| |
Guarding Against Resource Starvation Attacks on Windows | |
| |
| |
| |
Following Best Practices for Audit Logging | |
| |
| |
Index | |