Revision as of 08:36, 4 May 2006 by Deleted user (talk | contribs)

Jump to: navigation, search


See: #Triple DES

Access Control List

A list of credentials attached to a resource indicating whether or not the credentials have access to the resource.


Access Control List

Active attack

Any network-based attack other than simple eavesdropping — i.e., a passive attack).

Advanced Encryption Standard

A fast general-purpose block cipher standardized by NIST (the National Institute of Standards and Technology). The AES selection process was a multi-year competition, where Rijndael was the winning cipher.


See: #Advanced Encryption Standard


Referring to technology that detects or thwarts the use of a debugger on a piece of software.


Referring to technology that attempts to thwart the reverse engineering and patching of a piece of software in binary format.

Architectural security assessment

See: #Threat Model


Abstract Syntax Notation is a language for representing data objects. It is popular to use this in specifying cryptographic protocols, usually using DER (Distinguished Encoding Rules), which allows the data layout to be unambiguously specified. See also: #Distinguished Encoding Rules.

Asymmetric cryptography

Cryptography involving public keys, as opposed to cryptography making use of shared secrets. See also: #Symmetric cryptography.


In the context of security, a review of a system in order to validate the security of the system. Generally, this either refers to code auditing or reviewing audit logs. See also: #Audit log, #code auditing.

Audit log

Records that are kept for the purpose of later verifying that the security properties of a system have remained intact.


When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, possibly in parallel. This is not secure in the general case. See also: #Authenticate-then-encrypt, #encrypt-then-authenticate.


When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and then encrypts the plaintext concatenated with the MAC tag. This is not secure in the general case, but usually works well in practice. See also: #Authenticate-and-encrypt, #Encrypt-then-authenticate.


The process of verifying identity, ownership, and/or authorization.


Malicious code inserted into a program for the purposes of providing the author covert access to machines running the program.

Base 64

encoding A method for encoding binary data into printable ASCII strings. Every byte of output maps to six bits of input (minus possible padding bytes).

Big endian

Refers to machines representing words most significant byte first. While x86 machines do not use big endian byte ordering (instead using little endian), the PowerPC and SPARC architectures do. This is also network byte order. See also: #Little endian.

Birthday attack

Take a function f() that seems to map an input to a random output of some fixed size (a pseudo-random function or PRF). A birthday attack is simply selecting random inputs for f() and checking to see if any previous values gave the same output. Statistically, if the output size is S bits, then one can find a collision in 2S/2 operations, on average.

Bit-flipping attack

In a stream cipher, flipping a bit in the ciphertext flips the corresponding bit in the plaintext. If using a message authentication code (MAC), such attacks are not practical. Blacklist When performing input validation, the set of items that — if matched — result in the input being considered invalid. If no invalid items are found, the result is valid. See also: #Whitelist.


A technique used to thwart timing attacks.

Block cipher

An encryption algorithm that maps inputs of size n to outputs of size n (n is called the block size). Data that is not a valid block size must somehow be padded (generally by using an encryption mode). The same input always produces the same output. See also: #Stream cipher.


A block cipher with 64-bit blocks and variable length keys, created by Bruce Schneier. This cipher is infamous for having slow key-setup times.

Brute-force attack

An attack on an encryption algorithm where the encryption key for a ciphertext is determined by trying to decrypt with every key until valid plaintext is obtained.

Buffer overflow

A buffer overflow is when you can put more data into a memory location than is allocated to hold that data. Languages like C and C++ that do no built-in bounds checking are susceptible to such problems. These problems are often security-critical.


See Certification Authority.


A piece of data, the absence of which indicates a violation of a security policy. Several tools use a canary for preventing certain stack-smashing buffer overflow attacks. See also: #Buffer overflow, #Stack smashing.

Capture-replay attacks

When an attacker can capture data off the wire and replay it later without the bogus data being detected as bogus.

Carter Wegmen + Counter mode

A parallelizable and patent-free high-level encryption mode that provides both encryption and built-in message integrity.


A block cipher with 64-bit blocks and key sizes up to 128 bits. It is patent- free, and generally considered sound, but modern algorithms with larger block sizes are generally preferred (e.g., AES). See also: #AES.

CBC Mode

See: Cipher Block Chaining mode.


A simple construction for turning a block cipher into a message authentication code. It only is secure when all messages MAC’d with a single key are the same size. However, there are several variants that thwart this problem, the most important being OMAC. See also: #OMAC.

CCM mode

See: #Counter mode + CBC-MAC.


A data object that binds information about a person or some other entity to a public key. The binding is generally done using a digital signature from a trusted third party (a certification authority).

Certificate Revocation List

A list published by a certification authority indicating which issued certificates should be considered invalid.

Certificate Signing Request

Data about an entity given to a certification authority. The authority will package the data into a certificate and sign the certificate if the data in the signing request is validated.

Certification Authority

An entity that manages digital certificates — i.e., issues and revokes. Verisign and InstantSSL are two well known CAs.

CFB mode

See: #Cipher Feedback mode.

Chain responder

An OCSP responder that relays the results of querying another OCSP responder. See also: #OCSP.

Choke point

In computer security, a place in a system where input is routed for the purposes of performing data validation. The implication is that there are few such places in a system and that all data must pass through one or more of the choke points. The idea is that funneling input through a small number of choke points makes it easier to ensure that input is properly validated. One potential concern is that poorly chosen choke points may not have enough information to perform input validation that is as accurate as possible.


A UNIX system call that sets the root directory for a process to any arbitrary directory. The idea is compartmentalization: Even if a process is compromised, it should not be able to see interesting parts of the file system beyond its own little world. There are some instances where chroot "jails" can be circumvented; it can be difficult to build proper operating environments to make chroot work well.

Cipher-Block Chaining mode

A block cipher mode that provides secrecy but not message integrity. Messages encrypted with this mode should have random initialization vectors.

Cipher Feedback mode

A mode that turns a block cipher into a stream cipher. This mode is safe only when used in particular configurations. Generally, CTR mode and OFB mode are used instead since both have better security bounds.


The result of encrypting a message. See: #Plaintext.

Ciphertext stealing mode

A block cipher mode of operation that is similar to CBC mode except that the final block is processed in such a way that the output is always the same length as the input. That is, this mode is similar to CBC mode but does not require padding. See also: #Cipher Block Chaining mode, #Padding.

Code auditing

Reviewing computer software for security problems. See also: #Audit.

Code signing

Signing executable code to establish that it comes from a trustworthy vendor. The signature must be validated using a trusted third party in order to establish identity.


Separating a system into parts with distinct boundaries, using simple, well- defined interfaces. The basic idea is that of containment — i.e., if one part is compromised, perhaps the extent of the damage can be limited. See also: #Jail, #Chroot.

Context object

In a cryptographic library, a data object that holds the intermediate state associated with the cryptographic processing of a piece of data. For example, if incrementally hashing a string, a context object stores the internal state of the hash function necessary to process further data.

Counter mode

A parallelizable encryption mode that effectively turns a block cipher into a stream cipher. It is a popular component in authenticated encryption schemes due to its optimal security bounds and good performance characteristics.

Counter mode + CBC-MAC

An encryption mode that provides both message secrecy and integrity. It was the first such mode that was not covered by patent.


A password-based authentication mechanism using a cryptographic hash function (usually MD5). It does not provide adequate protection against several common threats to password-based authentication systems. HTTP Digest Authentication is a somewhat better alternative; it is replacing CRAM in most places.


Cyclic Redundancy Check. A means of determining whether accidental transmission errors have occurred. Such algorithms are not cryptographically secure because attackers can often forge CRC values or even modify data maliciously in such a way that the CRC value does not change. Instead, one should use a strong, keyed message authentication code such as HMAC or OMAC. See also: #HMAC, #Message Authentication Code, #OMAC.

Critical extensions

In an X.509 certificate, those extensions that must be recognized by any software processing the certificate. If a piece of software does not recognize an extension marked as critical, the software must regard the certificate as invalid.


See: #Certificate Revocation List.

Cross-site scripting

A class of problems resulting from insufficient input validation where one user can add content to a web site that can be malicious when viewed by other users to the web site. For example, one might post to a message board that accepts arbitrary HTML and include a malicious code item.


The science of breaking cryptographic algorithms.

Cryptographic hash function

A function that takes an input string of arbitrary length and produces a fixed- size output — where it is unfeasible to find two inputs that map to the same output, and it is unfeasible to learn anything about the input from the output.

Cryptographic randomness

Data produced by a cryptographic pseudo-random number generator. The probability of figuring out the internal state of the generator is related to the strength of the underlying cryptography — i.e., assuming the generator is seeded with enough entropy.


The science of providing secrecy, integrity, and non-repudiation for data.


See: #Certificate Signing Request.


Cross-site scripting. Generally, however, this is abbreviated to XSS in order to avoid confusion with cascading style sheets. See: #Cross-site scripting.

CTR mode

See: #Counter mode.

CWC mode

See: #Carter Wegmen + Counter mode.


Discretionary Access Control List. In a Windows ACL, a list that determines access rights to an object. See also: Access Control List.


An algorithm for turning a block cipher into a cryptographic one-way hash function.

Default deny

A paradigm for access control and input validation where an action must explicitly be allowed. The idea behind this paradigm is that one should limit the possibilities for unexpected behavior by being strict, instead of lenient, with rules.


A principle for building systems stating that multiple defensive mechanisms at different layers of a system are usually more secure than a single layer of defense. For example, when performing input validation, one might validate user data as it comes in and then also validate it before each use — just in case something was not caught, or the underlying components are linked against a different front end, etc.


Data encrypting key.

Delta CRLs

A variation of Certificate Revocation Lists that allows for incremental updating, as an effort to avoid frequently re-downloading a large amount of unchanged data. See also: #Certificate Revocation List.

Denial of service attack

Any attack that affects the availability of a service. Reliability bugs that cause a service to crash or go into some sort of vegetative state are usually potential denial-of-service problems.


The Data Encryption Standard. An encryption algorithm standardized by the US Government. The key length is too short, so this algorithm should be considered insecure. The effective key strength is 56 bits; the actual key size is 64 bits — 8 bits are wasted. However, there are variations such as Triple DES and DESX that increase security while also increasing the key size. See also: #Advanced Encryption Standard, #Triple DES.


An extended version of DES that increases the resistance to brute-force attack in a highly efficient way by increasing the key length. The extra key material is mixed into the encryption process, using XORs. This technique does not improve resistance to differential attacks, but such attacks are still generally considered unfeasible against DES. See also: #DES.

Dictionary attack

An attack against a cryptographic system, using precomputating values to build a dictionary. For example, in a password system, one might keep a dictionary mapping ciphertext pairs in plaintext form to keys for a single plaintext that frequently occurs. A large enough key space can render this attack useless. In a password system, there are similar dictionary attacks, which are somewhat alleviated by salt. The end result is that the attacker — once he knows the salt — can do a “Crack”-style dictionary attack. Crack-style attacks can be avoided to some degree by making the password verifier computationally expensive to compute. Or select strong random passwords, or do not use a password-based system.

Differential cryptanalysis

A type of cryptographic attack where an attacker who can select related inputs learns information about the key from comparing the outputs. Modern ciphers of merit are designed in such a way as to thwart such attacks. Also note that such attacks generally require enough chosen plaintexts as to be considered unfeasible, even when there is a cipher that theoretically falls prey to such a problem.

Diffie-Hellman key exchange

A method for exchanging a secret key over an untrusted medium in such a way as to preserve the secrecy of the key. The two parties both contribute random data that factors into the final shared secret. The fundamental problem with this method is authenticating the party with whom you exchanged keys. The simple Diffie-Hellman protocol does not do that. One must also use some public-key authentication system such as DSA. See also: #DSA, #Station-to-station protocol.

Digest size

The output size for a hash function.

Digital signature

Data that proves that a document (or other piece of data) was not modified since being processed by a particular entity. Generally, what this really means is that — if someone ‘signs’ a piece of data — anyone who has the right public key can demonstrated which private key was used to sign the data.

Digital Signature Algorithm

See: #DSA.

Distinguished Encoding Rules

A set of rules used that describes how to encode ASN.1 data objects unambiguously. See also: #ASN.1.

Distinguished Name

In an X.509 certificate, a field that uniquely specifies the user or group to which the certificate is bound. Usually, the Distinguished Name will contain a user’s name or User ID, an organizational name, and a country designation. For a server certificate, it will often contain the DNS name of the machine.


See: #Distinguished Name.


Denial of Service. See also: #Denial of service attack.


The Digital Signature Algorithm, a public key algorithm dedicated to digital signatures which was standardized by NIST. It is based on the same mathematical principles as Diffie-Hellman.

Eavesdropping attack

Any attack on a data connection where one simply records or views data instead of tampering with the connection.

ECB Mode

See: #Electronic Code Book mode.


See: #Eliptic Curve Cryptography.


See: #Entropy Gathering Daemon.

Electronic Code Book mode

An encryption mode for block ciphers that is more or less a direct use of the underlying block cipher. The only difference is that a message is padded out to a multiple of the block length. This mode should not be used under any circumstances.

Eliptic Curve Cryptography

A type of public key cryptography that — due to smaller key sizes — tends to be more efficient that standard cryptography. The basic algorithms are essentially the same, except that the operations are performed over different mathematical groups (called eliptic curves).

EME-OAEP padding

A padding scheme for public key cryptography that uses a “random” value generated, using a cryptographic hash function in order to prevent particular types of attacks against RSA. See also: #PKCS #1 padding.


When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one encrypts the plaintext, then MACs the ciphertext. This paradigm has theoretically appealing properties and is recommended to use in practice. See also: #Authenticate-and-encrypt, #Authenticate-then-encrypt.


The byte ordering scheme that a machine uses (usually either little endian or big endian). See also:# Big endian, #Little endian.


Refers to the inherent unknowability of data to external observers. If a bit is just as likely to be a 1 as a 0 and a user does not know which it is, then the bit contains one bit of entropy.

Entropy Gathering Daemon

A substitute for /dev/random; a tool used for entropy harvesting.

Entropy harvester

A piece of software responsible for gathering entropy from a machine and distilling it into small pieces of high entropy data. Often an entropy harvester will produce a seed for a cryptographic pseudo-random number generator. See also: #Entropy, #Pseudo-random number generator.

Ephemeral keying

Using one-time public key pairs for session key exchange in order to prevent recovering previous session keys if a private key is compromised. Long-term public key pairs are still used to establish identity.

Euclidian algorithm

An algorithm that computes the greatest common divisor of any two numbers.

Extended Euclidian algorithm

An algorithm used to compute the inverse of a number modulo “some other number.”


The output of a cryptographic hash function. See also: #Message digest.


Federal Information Processing Standard; a set of standards from NIST.


A standard authored by the U.S. National Institute of Standards and Technology, that details general security requirements for cryptographic software deployed in a government systems (primarily cryptographic providers). See also: #NIST, #FIPS.

Format string attack

The C standard library uses specifiers to format output. If an attacker can control the input to such a format string, he can often write to arbitrary memory locations.

Forward secrecy

Ensuring that the compromise of a secret does not divulge information that could lead to data protected prior to the compromise. In many systems with forward secrecy, it is only provided on a per-session basis, meaning that a key compromise will not affect previous sessions, but would allow an attacker to decrypt previous messages sent as a part of the current session. See also: #Perfect forward secrecy.

Hash function

A function that maps a string of arbitrary length to a fixed size value in a deterministic manner. Such a function may or may not have cryptographic applications. See also: #Cryptographic hash function, #Universal hash function, #One-way hash function.

Hash function (cryptographic)

See: #Cryptographic hash function.

Hash function (one-way)

See: #One-way hash function.

Hash function (universal)

See: #Universal hash function.

Hash output

See: #Hash value.

Hash value

The output of a hash function. See also: #Fingerprint, #Message digest.


A fast universal hash function from Dan Bernstein.


A well-known algorithm for converting a cryptographic one-way hash function into a message authentication code.


A block cipher with 128-bit keys and 64-bit blocks popularly used with PGP. It is currently protected by patents.

Identity establishment


Pages in category "Glossary"

This category contains only the following page.