SecurityRatty: tag: function

A cryptographic hash function reading guide

2007-11-23 16:01:18 by George Danezis in Light Blue Touchpaper

...function NIST has announced a competition to determine the next Secure Hash Algorithm, SHA-3. SHA-0 is considered broken, SHA-1 is still secure but no one knows for how long, and the SHA-2 family are desperately slow. (Do not even think about using MD5, or MD4 for which Prof. Wang can find collisions by hand, but RIPEMD-160 still stands.)...

The Skein Hash Function

2008-10-29 04:35:29 by schneier in Schneier on Security

...functions, which have been increasingly under attack . (I wrote about an early NIST hash workshop here Skein is our submission (myself and seven others: Niels Ferguson , Stefan Lucks , Doug Whiting , Mihir Bellare , Tadayoshi Kohno , Jon Callas , and Jesse Walker). Here's the paper: Executive Summary Skein is a new family of cryptographic...

Tags: skein, hash function, function, implement skein-256, implement, skein hashes data, skein website, hashes data, key derivation function

Security Function as a Business Enabler

2008-06-27 20:50:00 by RaviC in Musings on Information Security

...function (as part of IT) as an overhead of an overhead. It is utmost important for security manager to run the security function in a way that it enables the business The various components (sub functions) of security organization should align with the business objectives of the IT and the whole organization. There needs to be a cohesive...

Tags: security, view security organization, security organization, business, information security function, organization, information security, cohesive security strategy, strategy

Banning function calls, assurance, and retrofitting

2008-03-18 19:48:00 by Security Retentive in Security Retentive

...functions defined. The list includes the standard cast such as scanf, strcpy, strcat, etc. On top of that though they add some things that didn't make Microsoft's list ; for example, rand I don't technically have a problem with including rand() in the list of things to be extremely careful about, but whereas it is nearly impossible to...

Tags: code review experience, code, security sensitive context, context, security critical context, unsafe context, static analyzer, file defects, rand

America's Next Top Hash Function Begins

2008-11-20 02:00:00 by Bruce Schneier in Wired Security

...functions are the most commonly used cryptographic primitive, and the most poorly understood. You can think of them as fingerprint functions: They take an arbitrary long data stream and return a fixed length, and effectively unique, string. The security comes from the fact that while it's easy to generate the fingerprint from a file, it's...

Tags: hash function, sha, sha-3, algorithms, cool algorithms, sha family, nist held, unlike encryption algorithms, nist

Anti-Debugging Series - Part III

2009-01-07 20:54:48 by Tyler Shields in Zero in a bit

...functions and API calls within the Windows operating system that are considered internal to the operating system and thus not documented well for the average developer. Many of these functions have undergone extensive research and reverse engineering to be able to understand how they operate and what can be achieved using them. One such...

Tags: api based, api, api calls, function, function call takes, pointer, function pointer, call, function prototype

WordPress 2.5 Cookie Forging Explained

2008-04-25 21:46:49 by Chris Eng in Zero in a bit

...function generates the cookie as follows key = wp hash($user->user login . $expiration); $hash = hash hmac('md5', $user->user login . $expiration, $key); $cookie = $user->user login . '|' . $expiration . '|' . $hash Each subsequent request that your browser makes to WordPress contains the authentication cookie, which the software then...

Tags: cookie, wordpress authentication cookie, authentication cookie, cookie integrity bug, hash, hash hmac, user, user identity, maintain cookie uniqueness

Modified Zeus Crimeware Kit Gets a Performance Boost

2008-11-03 14:12:30 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

...function instead of die echo() function instead of print mysql affected rows () changed to mysql num rows () everywhere all queries are fixed in system or mod .php files no text password in the database and clear text password in $ SESSION, cookies authentication is gone and md5 hashes are everywhere Geo IP support has been added umask () bug...

Tags: fixed, sql injection fixed, zeus, fixed sql injection, upload, file upload purposes, file, function improvement, function

Anti-Debugging Series - Part II

2008-12-30 17:14:55 by Tyler Shields in Zero in a bit

...functionality within a target service or library. In our case we will be primarily focused on the Microsoft Windows operating system API. There are a number of calls built directly into the operating system API that make detection of a debugger possible. Minor differences in thread and process meta-data is present when processes are run...

Tags: basic api, api, process, target process, api based, debugger free, debugger, current process, api function

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links

...functions all

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo