[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] abort( ) 2nd access control address-based vs. authentication restricting based on hostname, IP address Unix Windows access control entries (ACEs) 2nd access control files IP address or hostname lists rules access( ) accessing file information securely ACEs (access control entries) 2nd ACLs (access control lists) 2nd 3rd AdjustTokenPrivileges( ) 2nd Advanced Encryption Standard [See AES] advisory locks AES (Advanced Encryption Standard) 2nd Brian GladmanÕs version CBC mode in OpenSSL key length OMAC and security at 128-bits supported key sizes anonymous pipes anti-debugger code anti-tampering assembly language code examples software protection [See software protection] arbitrary-precision libraries ASCII base64 mapping to hexadecimal data, conversion into binary random strings, getting ASN.1 language asprintf( ) assembly language code examples Intel and AT&T syntax AssignProcessToJobObject( ) Athlon XP, counting clock cycles on attacks active vs. eavesdropping against one-way constructs birthday attacks preventing blinding attacks, preventing capture replay attacks, preventing collision attacks cross-site scripting attacks dictionary attacks RSA and double-encoding attacks format-string attacks, preventing length extension attacks 2nd preventing man-in-the-middle attacks 2nd 3rd 4th preventing methods targeting authentication on entropy sources replay attacks, prevention rollback attacks 2nd shatter attacks, protecting Windows from SQL injection attacks stack-smashing attacks surreptitious forwarding attacks timing attacks audit logging log entries, signing and encrypting logging to CD-R MACs for detection of log file manipulation network logging VPNs (virtual private networks) authenticate-and-encrypt paradigm authenticated secure channels, building without SSL authentication attacks against, preparing for authentication factors common technologies cookies, using delays after failed attempts DSA and Diffie-Hellman Kerberos, using and key exchange using RSA mechanisms, requirements for methods, choosing minimizing risk when done with no PKI number of failed attempts password-based using PBKDF2 password-based with MD5-MCF securing against rollback attacks throttling failed attempts Unix domain sockets, using via PAM API without third-party Avaya Labs LibSafe AX_compute_credentials( ) AX_connect( ) AX_CRED_deserialize( ) AX_CRED_serialize( ) AX_exchange( ) AX_get_credentials_callback( ) AX_get_salt( ) AX_set_salt( ) AX_srv_accept( ) AX_srv_exchange( ) AX_srv_listen( ) |