| | | Copyright |
| | | Foreword |
| | | Preface |
| |
| | More Than Just a Book |
| |
| | We Can't Do It All |
| |
| | Organization of This Book |
| |
| | Recipe Compatibility |
| |
| | Conventions Used in This Book |
| |
| | Comments and Questions |
| |
| | Acknowledgments |
|
| | |
Chapter 1.
Safe Initialization |
| |
| |
Section 1.1.
Sanitizing the Environment |
| |
| |
Section 1.2.
Restricting Privileges on Windows |
| |
| |
Section 1.3.
Dropping Privileges in setuid Programs |
| |
| |
Section 1.4.
Limiting Risk with Privilege Separation |
| |
| |
Section 1.5.
Managing File Descriptors Safely |
| |
| |
Section 1.6.
Creating a Child Process Securely |
| |
| |
Section 1.7.
Executing External Programs Securely |
| |
| |
Section 1.8.
Executing External Programs Securely |
| |
| |
Section 1.9.
Disabling Memory Dumps in the Event of a Crash |
|
| | |
Chapter 2.
Access Control |
| |
| |
Section 2.1.
Understanding the Unix Access Control Model |
| |
| |
Section 2.2.
Understanding the Windows Access Control Model |
| |
| |
Section 2.3.
Determining Whether a User Has Access to a File on Unix |
| |
| |
Section 2.4.
Determining Whether a Directory Is Secure |
| |
| |
Section 2.5.
Erasing Files Securely |
| |
| |
Section 2.6.
Accessing File Information Securely |
| |
| |
Section 2.7.
Restricting Access Permissions for New Files on Unix |
| |
| |
Section 2.8.
Locking Files |
| |
| |
Section 2.9.
Synchronizing Resource Access Across Processes on Unix |
| |
| |
Section 2.10.
Synchronizing Resource Access Across Processes on Windows |
| |
| |
Section 2.11.
Creating Files for Temporary Use |
| |
| |
Section 2.12.
Restricting Filesystem Access on Unix |
| |
| |
Section 2.13.
Restricting Filesystem and Network Access on FreeBSD |
|
| | |
Chapter 3.
Input Validation |
| |
| |
Section 3.1.
Understanding Basic Data Validation Techniques |
| |
| |
Section 3.2.
Preventing Attacks on Formatting Functions |
| |
| |
Section 3.3.
Preventing Buffer Overflows |
| |
| |
Section 3.4.
Using the SafeStr Library |
| |
| |
Section 3.5.
Preventing Integer Coercion and Wrap-Around Problems |
| |
| |
Section 3.6.
Using Environment Variables Securely |
| |
| |
Section 3.7.
Validating Filenames and Paths |
| |
| |
Section 3.8.
Evaluating URL Encodings |
| |
| |
Section 3.9.
Validating Email Addresses |
| |
| |
Section 3.10.
Preventing Cross-Site Scripting |
| |
| |
Section 3.11.
Preventing SQL Injection Attacks |
| |
| |
Section 3.12.
Detecting Illegal UTF-8 Characters |
| |
| |
Section 3.13.
Preventing File Descriptor Overflows When Using select( ) |
|
| | |
Chapter 4.
Symmetric Cryptography Fundamentals |
| |
| |
Section 4.1.
Representing Keys for Use in Cryptographic Algorithms |
| |
| |
Section 4.2.
Generating Random Symmetric Keys |
| |
| |
Section 4.3.
Representing Binary Keys (or Other Raw Data) as Hexadecimal |
| |
| |
Section 4.4.
Turning ASCII Hex Keys (or Other ASCII Hex Data) into Binary |
| |
| |
Section 4.5.
Performing Base64 Encoding |
| |
| |
Section 4.6.
Performing Base64 Decoding |
| |
| |
Section 4.7.
Representing Keys (or Other Binary Data) as English Text |
| |
| |
Section 4.8.
Converting Text Keys to Binary Keys |
| |
| |
Section 4.9.
Using Salts, Nonces, and Initialization Vectors |
| |
| |
Section 4.10.
Deriving Symmetric Keys from a Password |
| |
| |
Section 4.11.
Algorithmically Generating Symmetric Keys from One Base Secret |
| |
| |
Section 4.12.
Encrypting in a Single Reduced Character Set |
| |
| |
Section 4.13.
Managing Key Material Securely |
| |
| |
Section 4.14.
Timing Cryptographic Primitives |
|
| | |
Chapter 5.
Symmetric Encryption |
| |
| |
Section 5.1.
Deciding Whether to Use Multiple Encryption Algorithms |
| |
| |
Section 5.2.
Figuring Out Which Encryption Algorithm Is Best |
| |
| |
Section 5.3.
Selecting an Appropriate Key Length |
| |
| |
Section 5.4.
Selecting a Cipher Mode |
| |
| |
Section 5.5.
Using a Raw Block Cipher |
| |
| |
Section 5.6.
Using a Generic CBC Mode Implementation |
| |
| |
Section 5.7.
Using a Generic CFB Mode Implementation |
| |
| |
Section 5.8.
Using a Generic OFB Mode Implementation |
| |
| |
Section 5.9.
Using a Generic CTR Mode Implementation |
| |
| |
Section 5.10.
Using CWC Mode |
| |
| |
Section 5.11.
Manually Adding and Checking Cipher Padding |
| |
| |
Section 5.12.
Precomputing Keystream in OFB, CTR, CCM, or CWC Modes (or with Stream Ciphers) |
| |
| |
Section 5.13.
Parallelizing Encryption and Decryption in Modes That Allow It (Without Breaking Compatibility) |
| |
| |
Section 5.14.
Parallelizing Encryption and Decryption in Arbitrary Modes (Breaking Compatibility) |
| |
| |
Section 5.15.
Performing File or Disk Encryption |
| |
| |
Section 5.16.
Using a High-Level, Error-Resistant Encryption and Decryption API |
| |
| |
Section 5.17.
Performing Block Cipher Setup (for CBC, CFB, OFB, and ECB Modes) in OpenSSL |
| |
| |
Section 5.18.
Using Variable Key-Length Ciphers in OpenSSL |
| |
| |
Section 5.19.
Disabling Cipher Padding in OpenSSL in CBC Mode |
| |
| |
Section 5.20.
Performing Additional Cipher Setup in OpenSSL |
| |
| |
Section 5.21.
Querying Cipher Configuration Properties in OpenSSL |
| |
| |
Section 5.22.
Performing Low-Level Encryption and Decryption with OpenSSL |
| |
| |
Section 5.23.
Setting Up and Using RC4 |
| |
| |
Section 5.24.
Using One-Time Pads |
| |
| |
Section 5.25.
Using Symmetric Encryption with Microsoft's CryptoAPI |
| |
| |
Section 5.26.
Creating a CryptoAPI Key Object from Raw Key Data |
| |
| |
Section 5.27.
Extracting Raw Key Data from a CryptoAPI Key Object |
|
| | |
Chapter 6.
Hashes and Message Authentication |
| |
| |
Section 6.1.
Understanding the Basics of Hashes and MACs |
| |
| |
Section 6.2.
Deciding Whether to Support Multiple Message Digests or MACs |
| |
| |
Section 6.3.
Choosing a Cryptographic Hash Algorithm |
| |
| |
Section 6.4.
Choosing a Message Authentication Code |
| |
| |
Section 6.5.
Incrementally Hashing Data |
| |
| |
Section 6.6.
Hashing a Single String |
| |
| |
Section 6.7.
Using a Cryptographic Hash |
| |
| |
Section 6.8.
Using a Nonce to Protect Against Birthday Attacks |
| |
| |
Section 6.9.
Checking Message Integrity |
| |
| |
Section 6.10.
Using HMAC |
| |
| |
Section 6.11.
Using OMAC (a Simple Block Cipher-Based MAC) |
| |
| |
Section 6.12.
Using HMAC or OMAC with a Nonce |
| |
| |
Section 6.13.
Using a MAC That's Reasonably Fast in Software and Hardware |
| |
| |
Section 6.14.
Using a MAC That's Optimized for Software Speed |
| |
| |
Section 6.15.
Constructing a Hash Function from a Block Cipher |
| |
| |
Section 6.16.
Using a Block Cipher to Build a Full-Strength Hash Function |
| |
| |
Section 6.17.
Using Smaller MAC Tags |
| |
| |
Section 6.18.
Making Encryption and Message Integrity Work Together |
| |
| |
Section 6.19.
Making Your Own MAC |
| |
| |
Section 6.20.
Encrypting with a Hash Function |
| |
| |
Section 6.21.
Securely Authenticating a MAC (Thwarting Capture Replay Attacks) |
| |
| |
Section 6.22.
Parallelizing MACs |
|
| | |
Chapter 7.
Public Key Cryptography |
| |
| |
Section 7.1.
Determining When to Use Public Key Cryptography |
| |
| |
Section 7.2.
Selecting a Public Key Algorithm |
| |
| |
Section 7.3.
Selecting Public Key Sizes |
| |
| |
Section 7.4.
Manipulating Big Numbers |
| |
| |
Section 7.5.
Generating a Prime Number (Testing for Primality) |
| |
| |
Section 7.6.
Generating an RSA Key Pair |
| |
| |
Section 7.7.
Disentangling the Public and Private Keys in OpenSSL |
| |
| |
Section 7.8.
Converting Binary Strings to Integers for Use with RSA |
| |
| |
Section 7.9.
Converting Integers into Binary Strings for Use with RSA |
| |
| |
Section 7.10.
Performing Raw Encryption with an RSA Public Key |
| |
| |
Section 7.11.
Performing Raw Decryption Using an RSA Private Key |
| |
| |
Section 7.12.
Signing Data Using an RSA Private Key |
| |
| |
Section 7.13.
Verifying Signed Data Using an RSA Public Key |
| |
| |
Section 7.14.
Securely Signing and Encrypting with RSA |
| |
| |
Section 7.15.
Using the Digital Signature Algorithm (DSA) |
| |
| |
Section 7.16.
Representing Public Keys and Certificates in Binary (DER Encoding) |
| |
| |
Section 7.17.
Representing Keys and Certificates in Plaintext (PEM Encoding) |
|
| | |
Chapter 8.
Authentication and Key Exchange |
| |
| |
Section 8.1.
Choosing an Authentication Method |
| |
| |
Section 8.2.
Getting User and Group Information on Unix |
| |
| |
Section 8.3.
Getting User and Group Information on Windows |
| |
| |
Section 8.4.
Restricting Access Based on Hostname or IP Address |
| |
| |
Section 8.5.
Generating Random Passwords and Passphrases |
| |
| |
Section 8.6.
Testing the Strength of Passwords |
| |
| |
Section 8.7.
Prompting for a Password |
| |
| |
Section 8.8.
Throttling Failed Authentication Attempts |
| |
| |
Section 8.9.
Performing Password-Based Authentication with crypt( ) |
| |
| |
Section 8.10.
Performing Password-Based Authentication with MD5-MCF |
| |
| |
Section 8.11.
Performing Password-Based Authentication with PBKDF2 |
| |
| |
Section 8.12.
Authenticating with PAM |
| |
| |
Section 8.13.
Authenticating with Kerberos |
| |
| |
Section 8.14.
Authenticating with HTTP Cookies |
| |
| |
Section 8.15.
Performing Password-Based Authentication and Key Exchange |
| |
| |
Section 8.16.
Performing Authenticated Key Exchange Using RSA |
| |
| |
Section 8.17.
Using Basic Diffie-Hellman Key Agreement |
| |
| |
Section 8.18.
Using Diffie-Hellman and DSA Together |
| |
| |
Section 8.19.
Minimizing the Window of Vulnerability When Authenticating Without a PKI |
| |
| |
Section 8.20.
Providing Forward Secrecy in a Symmetric System |
| |
| |
Section 8.21.
Ensuring Forward Secrecy in a Public Key System |
| |
| |
Section 8.22.
Confirming Requests via Email |
|
| | |
Chapter 9.
Networking |
| |
| |
Section 9.1.
Creating an SSL Client |
| |
| |
Section 9.2.
Creating an SSL Server |
| |
| |
Section 9.3.
Using Session Caching to Make SSL Servers More Efficient |
| |
| |
Section 9.4.
Securing Web Communication on Windows Using the WinInet API |
| |
| |
Section 9.5.
Enabling SSL without Modifying Source Code |
| |
| |
Section 9.6.
Using Kerberos Encryption |
| |
| |
Section 9.7.
Performing Interprocess Communication Using Sockets |
| |
| |
Section 9.8.
Performing Authentication with Unix Domain Sockets |
| |
| |
Section 9.9.
Performing Session ID Management |
| |
| |
Section 9.10.
Securing Database Connections |
| |
| |
Section 9.11.
Using a Virtual Private Network to Secure Network Connections |
| |
| |
Section 9.12.
Building an Authenticated Secure Channel Without SSL |
|
| | |
Chapter 10.
Public Key Infrastructure |
| |
| |
Section 10.1.
Understanding Public Key Infrastructure (PKI) |
| |
| |
Section 10.2.
Obtaining a Certificate |
| |
| |
Section 10.3.
Using Root Certificates |
| |
| |
Section 10.4.
Understanding X.509 Certificate Verification Methodology |
| |
| |
Section 10.5.
Performing X.509 Certificate Verification with OpenSSL |
| |
| |
Section 10.6.
Performing X.509 Certificate Verification with CryptoAPI |
| |
| |
Section 10.7.
Verifying an SSL Peer's Certificate |
| |
| |
Section 10.8.
Adding Hostname Checking to Certificate Verification |
| |
| |
Section 10.9.
Using a Whitelist to Verify Certificates |
| |
| |
Section 10.10.
Obtaining Certificate Revocation Lists with OpenSSL |
| |
| |
Section 10.11.
Obtaining CRLs with CryptoAPI |
| |
| |
Section 10.12.
Checking Revocation Status via OCSP with OpenSSL |
|
| | |
Chapter 11.
Random Numbers |
| |
| |
Section 11.1.
Determining What Kind of Random Numbers to Use |
| |
| |
Section 11.2.
Using a Generic API for Randomness and Entropy |
| |
| |
Section 11.3.
Using the Standard Unix Randomness Infrastructure |
| |
| |
Section 11.4.
Using the Standard Windows Randomness Infrastructure |
| |
| |
Section 11.5.
Using an Application-Level Generator |
| |
| |
Section 11.6.
Reseeding a Pseudo-Random Number Generator |
| |
| |
Section 11.7.
Using an Entropy Gathering Daemon-Compatible Solution |
| |
| |
Section 11.8.
Getting Entropy or Pseudo-Randomness Using EGADS |
| |
| |
Section 11.9.
Using the OpenSSL Random Number API |
| |
| |
Section 11.10.
Getting Random Integers |
| |
| |
Section 11.11.
Getting a Random Integer in a Range |
| |
| |
Section 11.12.
Getting a Random Floating-Point Value with Uniform Distribution |
| |
| |
Section 11.13.
Getting Floating-Point Values with Nonuniform Distributions |
| |
| |
Section 11.14.
Getting a Random Printable ASCII String |
| |
| |
Section 11.15.
Shuffling Fairly |
| |
| |
Section 11.16.
Compressing Data with Entropy into a Fixed-Size Seed |
| |
| |
Section 11.17.
Getting Entropy at Startup |
| |
| |
Section 11.18.
Statistically Testing Random Numbers |
| |
| |
Section 11.19.
Performing Entropy Estimation and Management |
| |
| |
Section 11.20.
Gathering Entropy from the Keyboard |
| |
| |
Section 11.21.
Gathering Entropy from Mouse Events on Windows |
| |
| |
Section 11.22.
Gathering Entropy from Thread Timings |
| |
| |
Section 11.23.
Gathering Entropy from System State |
|
| | |
Chapter 12.
Anti-Tampering |
| |
| |
Section 12.1.
Understanding the Problem of Software Protection |
| |
| |
Section 12.2.
Detecting Modification |
| |
| |
Section 12.3.
Obfuscating Code |
| |
| |
Section 12.4.
Performing Bit and Byte Obfuscation |
| |
| |
Section 12.5.
Performing Constant Transforms on Variables |
| |
| |
Section 12.6.
Merging Scalar Variables |
| |
| |
Section 12.7.
Splitting Variables |
| |
| |
Section 12.8.
Disguising Boolean Values |
| |
| |
Section 12.9.
Using Function Pointers |
| |
| |
Section 12.10.
Restructuring Arrays |
| |
| |
Section 12.11.
Hiding Strings |
| |
| |
Section 12.12.
Detecting Debuggers |
| |
| |
Section 12.13.
Detecting Unix Debuggers |
| |
| |
Section 12.14.
Detecting Windows Debuggers |
| |
| |
Section 12.15.
Detecting SoftICE |
| |
| |
Section 12.16.
Countering Disassembly |
| |
| |
Section 12.17.
Using Self-Modifying Code |
|
| | |
Chapter 13.
Other Topics |
| |
| |
Section 13.1.
Performing Error Handling |
| |
| |
Section 13.2.
Erasing Data from Memory Securely |
| |
| |
Section 13.3.
Preventing Memory from Being Paged to Disk |
| |
| |
Section 13.4.
Using Variable Arguments Properly |
| |
| |
Section 13.5.
Performing Proper Signal Handling |
| |
| |
Section 13.6.
Protecting against Shatter Attacks on Windows |
| |
| |
Section 13.7.
Guarding Against Spawning Too Many Threads |
| |
| |
Section 13.8.
Guarding Against Creating Too Many Network Sockets |
| |
| |
Section 13.9.
Guarding Against Resource Starvation Attacks on Unix |
| |
| |
Section 13.10.
Guarding Against Resource Starvation Attacks on Windows |
| |
| |
Section 13.11.
Following Best Practices for Audit Logging |
|
| | | Colophon |
| | | Index |
