[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Z] S/KEY S/KEY dictionary S/MIME email, certificates for SACL (system access control list) safe primes 2nd SafeStr library 2nd functions and C equivalents SAFESTR_ALLOC( ) SAFESTR_CREATE( ) safestr_free( ) safestr_istrusted( ) safestr_reference( ) safestr_release( ) safestr_t type SAFESTR_TEMP( ) SAFESTR_TEMP_TRUSTED( ) salt dictionary attacks, prevention with hardening hash functions against birthday attacks sanitizing the environment SASL (Simple Authentication and Security Layer) saved user and group IDs SAX (Symmetric Authenticated eXchange) 2nd client side server-side Schneier, Bruce secure programming web sites secure server certificates securely creating child processes securely signing and encrypting with RSA SecureZeroMemory( ) security authentication mechanisms, requirements bit size of algorithms function errors and initialization and weak vs. strong passwords security identifiers [See SIDs] Security Support Provider Interface (SSPI) seeds, random numbers select( ) preventing file descriptor overflows typical usage selecting a cipher mode selecting a public key algorithm selecting public key sizes self-signed certificates sequential nonces vs. random nonces Serpent 2nd home page servers authentication without third-party for network logging SSL servers, creating SSL servers, improving efficiency with caching session ID context session IDs IP addresses as elements of secure formats for session keys session timeout Set-Cookie headers SET_FN_PTR macro SET_VAR macro setegid( ) and seteuid( ) setgid( ) and setuid( ) dropping privileges after use drop order privilege separation, limiting risk with setgroups( ) SetInformationJobObject( ) 2nd setregid( ) setreuid( ) setrlimit( ) 2nd 3rd SetThreadToken( ) Setuid Demystified setup_charset_map( ) setup_signal_handler( ) SHA-256, SHA-384, and SHA-512 algorithms SHA1 (Secure Hash Algorithm 1) DSA standard and key generation using LION OpenSSL API whitening, using for Shamir, Adi shared locks shatter attacks, protecting Windows against ShellExecute( ), risks of shells, risks of environment variables shuffling fairly SID_AND_ATTRIBUTES structures SIDs (security identifiers) 2nd 3rd 4th 5th 6th disabling or restricting sigaction( ) signal handling, perfoming properly guidelines program termination writing signal handlers signal_was_caught( ) signed data types, unsuitability for key representation signing data using an RSA private key SIGTRAP Simple Authentication and Security Layer (SASL) Òsimple blobÓ format smc_encrypt utility SNOW stream cipher 2nd 3rd home page snprintf( ) sockets Entropy Gathering Daemon [See EGD] interprocess communication, using for loopback address Unix domain sockets, authentication using SoftICE software protection anti-tampering techniques bit and byte obfuscation Obcode data types Obcode library checksum algorithms, detecting modification with CRC32 algorithm constant transforms on variables costs debugging difficulty development time maintainability countering disassembly function truncation misalignment errors using NULL bytes crackers and their motivations detecting debuggers finding breakpoints Unix Windows detecting SoftICE function 0x43 of interrupt 0x68 int3 interface ÒMelticeÓ technique disguising Boolean values function pointers, using goals hiding ASCII strings merging scalar variables obfuscating code assembly-language, usage for C program Òtest-and-branchÓ idiom conditional expressions shared library functions test-for-zero operation volatile keyword vs.code maintainability restructuring arrays restructuring options self-modifying code, using build process complications ELF executable files, code for encrypting RC4 encryption splitting variables validation checks spc _ctr_decrypt( ) spc_accept( ) 2nd spc_add_padding( ) spc_array_flat( ) spc_array_fold( ) spc_array_free( ) spc_array_get( ) spc_array_merge( ) spc_array_set( ) spc_array_split( ) spc_base64_encode( ) spc_bcprng_init( ) spc_bcprng_rand( ) spc_bin2words() SPC_BLOCK_SZ macro spc_cbc_decrypt( ) spc_cbc_decrypt_final( ) 2nd spc_cbc_decrypt_init( ) spc_cbc_decrypt_update( ) 2nd spc_cbc_encrypt_final( ) spc_cbc_encrypt_init( ) spc_cbc_encrypt_update( ) 2nd 3rd spc_cert_filename( ) spc_cfb_decrypt( ) spc_cfb_decrypt_update( ) spc_cfb_encrypt( ) spc_cfb_encrypt_update( ) 2nd spc_cfb_final( ) 2nd spc_check_int3( ) SPC_CIPHERQ data type spc_cipherq_cleanup( ) spc_cipherq_decrypt( ) spc_cipherq_encrypt( ) 2nd spc_cipherq_setup( ) spc_confirmation_create( ) spc_confirmation_receive( ) spc_connect( ) spc_connect_ssl( ) spc_cookie_decode( ) spc_cookie_encode( ) spc_cookie_init( ) spc_create_nonced_digest( ) spc_create_sslctx( ) 2nd 3rd 4th flags spc_create_x509store( ) spc_crypt_encrypt( ) spc_crypt_verify( ) spc_ctr_encrypt( ) spc_ctr_final( ) spc_ctr_update( ) 2nd keystream generation using SPC_DEBUGGER_PRESENT macro spc_decode_url( ) SPC_DECRYPT_INIT macro AES, IDEA implementations SPC_DEFINE_DBG_SYM macro spc_delenv( ) SPC_DO_DECRYPT macro block cipher implementations SPC_DO_ENCRYPT macro block cipher implementations spc_double_mac( ) spc_drop_privileges( ) spc_email_isvalid( ) spc_enable_sessions( ) SPC_ENCRYPT_INIT macro block cipher implementations spc_entropy( ) 2nd FIPS testing, using in spc_escape_html( ) spc_escape_sql( ) spc_extract_digest( ) spc_extract_nonce( ) spc_fd_free( ) spc_fd_setsize( ) spc_fd_wipe( ) spc_file_wipe( ) spc_fips_monobit( ) spc_fips_poker( ) spc_fips_runs( ) spc_fork( ) spc_gather_keyboard_entropy( ) spc_get_credentials( ) spc_getenv( ) spc_getsession( ) spc_group_ismember( ) spc_hex2bin( ) SPC_HMAC_Init( ) spc_host_check( ) spc_host_init( ) spc_incremental_hmac( ) spc_is_safedir( ) SPC_KEY_SCHED macro spc_keygen( ) 2nd 3rd spc_krb5_cleanup( ) spc_krb5_client( ), client-side authentication using Kerberos spc_krb5_decrypt( ) spc_krb5_encrypt( ) spc_krb5_isdes( ) spc_krb5_server( ), server-side authentication using Kerberos spc_lion_decrypt( ) spc_lion_encrypt( ) spc_listen( ) spc_lock_file( ) spc_lookup_key( ) 2nd 3rd spc_mac127( ) spc_mac127_init( ) spc_make_derived_key( ) spc_make_fd_nonblocking( ) spc_md5_encrypt( ) spc_md5_verify( ) spc_mdc2_final( ) spc_mdc2_init( ) spc_mdc2_oneblock( ) spc_mdc2_update( ) spc_memcpy( ) spc_memmove( ) spc_memset( ) spc_memzero( ), key deletion using spc_mprng_init( ) spc_mprng_rand( ) spc_next_varg( ) spc_ocspresult_t spc_verify_via_ocsp( ) spc_ofb_decrypt( ) spc_ofb_encrypt( ) spc_ofb_final( ) spc_ofb_update( ) 2nd 3rd spc_omac_final( ) 2nd spc_omac_update( ) 2nd spc_omac1_init( ) 2nd spc_OMAC1_nonced( ) spc_omac2_init( ) spc_omc_update( ) spc_pam_login( ) spc_pam_logout( ) spc_pbkdf2( ) arguments spc_pbkdf2_encrypt( ) spc_pbkdf2_verify( ) spc_pctr_do_odd( ) spc_pctr_setup( ) 2nd SPC_PIPE object spc_popen( ) spc_print_hex() spc_putenv( ) spc_rand( ) 2nd 3rd getting random integers using HMAC-SHA1 pseudo-random number generator OpenSSL PRNG, usage in RC4 as a PRNG spc_rand_add_entropy( ) spc_rand_init( ) spc_rand_range( ) random integer in a range, generation with shuffling using spc_rand_real( ) spc_rand_uint( ) spc_read_password( ) spc_reconnect( ) spc_remember_cert( ) spc_remember_key( ) spc_remove_padding( ) spc_restore_privileges( ) spc_rsrclimit( ) spc_sanitize_environment( ) spc_sanitize_files( ) spc_send_credentials( ) spc_smc_decrypt( ) spc_socket_accept( ) spc_socket_close( ) spc_socket_recvfrom( ) spc_socket_sendto( ) spc_socketpool_close( ) spc_socketpool_init( ) spc_socketpool_setlimit( ) spc_ssock_client_send( ) spc_ssock_t object erasure initialization SPC_TEST_BOOL macro spc_threadpool_cleanup( ) spc_threadpool_init( ) spc_threadpool_schedule( ) 2nd spc_throttle( ) spc_trap_detect( ) spc_unix_connect( ) spc_unix_server( ) SPC_USE_DBG_SYM macro spc_user_getname( ) spc_utf8_isvalid( ) spc_verify_callback( ) spc_verify_cert( ) spc_verify_cert_hostname( ) spc_verify_nonced_digest( ) spc_verify_via_ocsp( ) spc_verifyandmaybesave_callback( ) spc_words2bin() spc_x509store_addusecert( ) spc_x509store_clearflags( ) spc_x509store_setcafile( ) spc_x509store_setcallback( ) spc_x509store_setcapath( ) 2nd spc_x509store_setcrlfile( ) spc_x509store_setflags( ) spc_x509store_setusecertfile( ) spc_x509store_t objects 2nd SpcDecrypt( ) SpcEncrypt( ) SpcExportKeyData( ) SpcFingerPrintCert( ) SpcGatherKeyboardEntropy( ) 2nd SpcGatherMouseEntropy( ) 2nd SpcGetCertCRLURL( ) SpcGetCryptContext( ) SpcGetExportableContext( ) 2nd SpcImportKeyData( ) 2nd SpcIncrementalHMAC( ) SpcLockResource( ) SpcLookupCACert( ) 2nd SpcLookupName( ) SpcLookupSid( ) SpcMakeTempFile( ) SpcNewStoreForCert( ) SpcPBKDF2( ) SpcResolvePath( ) SpcRetrieveCRL( ) SpcSetIV( ) SpcUnlockResource( ) SpcVerifyCert( ) SpcVerifyCertHostName( ) SpcWipeFile( ) SPLIT_VAR macro spoofing of hostnames, IP addresses sprintf( ) SQL injection attacks SRP (Secure Remote Password) SSL (Secure Sockets Layer) clients, creating database connections, securing with MySQL PostgreSQL servers, creating session caching session caching modes sessions vs. connections tunnels verifying a peerÕs certificate SSL_accept( ) SSL_CTX objects 2nd flagging and modes SSL_CTX_set_cipher_list( ) SSL_CTX_set_verify( ) SSL_SESSION objects SSL_SESSION_free( ) SSLv2 protocol, insecurity of SSPI (Security Support Provider Interface) stack-smashing attacks preventive technologies StackGuard stat( ) station-to-station protocol stdarg.h file stdin, stdout, and stderr file descriptors Stevens, W. Richard str, input to spc_words2bin( ) strcpy( ) strdup( ) stream ciphers 2nd 3rd precomputing keystream for PRNGs compared to using as PRNGs RC4 strings of random ASCII characters, getting strlcat( ) strlcpy( ) strncpy( ) 2nd strsafe.h Stunnel accept and connect keys certificate and verification limitations client mode, enabling configuration file server mode, enabling Version 4.00 changes in configuration controls surreptitious forwarding attacks symmetric cryptography algorithms choosing noncommercial, patent-free implementations speed supporting multiple cipher modes CBC (Cipher Block Chaining) 2nd CCM (CTR plus CBC-MAC) mode CFB (Cipher Feedback) mode 2nd CTR (counter) 2nd CWC (Carter-Wegman + CTR) 2nd ECB (Electronic Code Book) 2nd OCB (Offset Codebook) mode OFB (Output Feedback) mode 2nd selecting CryptoAPI key objects, creating from symmetric keys keys extraction from CryptoAPI key objects generating from one secret length length of configurable ciphers length of public keys, compared to passwords, conversion to providing forward secrecy random data, effective usage shared secrets stream ciphers symmetric encryption algorithms symmetric primitives synchronization of resource access across processes Unix Windows syslog utility syslog( ) syslog-ng system access control list (SACL) system( ), risks of |