This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:Glossary"
Deleted user (talk | contribs) |
Deleted user (talk | contribs) |
||
| Line 2: | Line 2: | ||
See: [[#Triple DES]] | See: [[#Triple DES]] | ||
==Access Control List== | ==Access Control List== | ||
| − | A list of credentials attached to a resource indicating whether or not the | + | A list of credentials attached to a resource indicating whether or not the credentials have access to the resource. |
==ACL== | ==ACL== | ||
Access Control List | Access Control List | ||
| Line 25: | Line 25: | ||
==Audit== | ==Audit== | ||
In the context of security, a review of a system in order to validate the security of the system. Generally, this either refers to code auditing or reviewing audit logs. | In the context of security, a review of a system in order to validate the security of the system. Generally, this either refers to code auditing or reviewing audit logs. | ||
| − | See also: [[#Audit log]] | + | See also: [[#Audit log]], [[#code auditing]]. |
==Audit log== | ==Audit log== | ||
Records that are kept for the purpose of later verifying that the security properties of a system have remained intact. | Records that are kept for the purpose of later verifying that the security properties of a system have remained intact. | ||
| − | ==Authenticate- and-encrypt== | + | ==Authenticate-and-encrypt== |
When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, possibly in parallel. This is not secure in the general case. | When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, possibly in parallel. This is not secure in the general case. | ||
| − | See also: [[#Authenticate-then-encrypt]] | + | See also: [[#Authenticate-then-encrypt]], [[#encrypt-then-authenticate]]. |
| + | ==Authenticate-then-encrypt== | ||
| + | When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and then encrypts the plaintext concatenated with the MAC tag. This is not secure in the general case, but usually works well in practice. | ||
| + | See also: [[#Authenticate-and-encrypt]], [[#Encrypt-then-authenticate]]. | ||
| + | ==Authentication== | ||
| + | The process of verifying identity, ownership, and/or authorization. | ||
| + | ==Backdoor== | ||
| + | Malicious code inserted into a program for the purposes of providing the author covert access to machines running the program. | ||
| + | ==Base 64== | ||
| + | encoding A method for encoding binary data into printable ASCII strings. Every byte of output maps to six bits of input (minus possible padding bytes). | ||
| + | ==Big endian== | ||
| + | Refers to machines representing words most significant byte first. While x86 machines do not use big endian byte ordering (instead using little endian), the PowerPC and SPARC architectures do. This is also network byte order. | ||
| + | See also: [[#Little endian]]. | ||
| + | ==Birthday attack== | ||
| + | Take a function f() that seems to map an input to a random output of some fixed size (a pseudo-random function or PRF). A birthday attack is simply selecting random inputs for f() and checking to see if any previous values gave the same output. Statistically, if the output size is S bits, then one can find a collision in 2S/2 operations, on average. | ||
| + | ==Bit-flipping attack== | ||
| + | In a stream cipher, flipping a bit in the ciphertext flips the corresponding bit in the plaintext. If using a message authentication code (MAC), such attacks are not practical. | ||
| + | Blacklist When performing input validation, the set of items that — if matched — result in the input being considered invalid. If no invalid items are found, the result is valid. | ||
| + | See also: [[#Whitelist]]. | ||
| + | ==Blinding== | ||
| + | A technique used to thwart timing attacks. | ||
| + | ==Block cipher== | ||
| + | An encryption algorithm that maps inputs of size n to outputs of size n (n is called the block size). Data that is not a valid block size must somehow be padded (generally by using an encryption mode). The same input always produces the same output. | ||
| + | See also: [[#Stream cipher]]. | ||
| + | ==Blowfish== | ||
| + | A block cipher with 64-bit blocks and variable length keys, created by Bruce Schneier. This cipher is infamous for having slow key-setup times. | ||
| + | ==Brute-force attack== | ||
| + | An attack on an encryption algorithm where the encryption key for a ciphertext is determined by trying to decrypt with every key until valid plaintext is obtained. | ||
| + | ==Buffer overflow== | ||
| + | A buffer overflow is when you can put more data into a memory location than is allocated to hold that data. Languages like C and C++ that do no built-in bounds checking are susceptible to such problems. These problems are often security-critical. | ||
| + | ==CA== | ||
| + | See Certification Authority. | ||
| + | ==Canary== | ||
| + | A piece of data, the absence of which indicates a violation of a security policy. Several tools use a canary for preventing certain stack-smashing buffer overflow attacks. | ||
| + | See also: [[#Buffer overflow]], [[#Stack smashing]]. | ||
| + | ==Capture-replay attacks== | ||
| + | When an attacker can capture data off the wire and replay it later without the bogus data being detected as bogus. | ||
| + | ==Carter Wegmen + Counter mode== | ||
| + | A parallelizable and patent-free high-level encryption mode that provides both encryption and built-in message integrity. | ||
| + | ==CAST5== | ||
| + | A block cipher with 64-bit blocks and key sizes up to 128 bits. It is patent- free, and generally considered sound, but modern algorithms with larger block sizes are generally preferred (e.g., AES). | ||
| + | See also: [[#AES]]. | ||
| + | ==CBC Mode== | ||
| + | See: Cipher Block Chaining mode. | ||
| + | ==CBC-MAC== | ||
| + | A simple construction for turning a block cipher into a message authentication code. It only is secure when all messages MAC’d with a single key are the same size. However, there are several variants that thwart this problem, the most important being OMAC. | ||
| + | See also: [[#OMAC]]. | ||
[[Category:Article Type]] | [[Category:Article Type]] | ||
Revision as of 14:18, 4 May 2006
- 1 3DES
- 2 Access Control List
- 3 ACL
- 4 Active attack
- 5 Advanced Encryption Standard
- 6 AES
- 7 Anti-debugger
- 8 Anti-tampering
- 9 Architectural security assessment
- 10 ASN.1
- 11 Asymmetric cryptography
- 12 Audit
- 13 Audit log
- 14 Authenticate-and-encrypt
- 15 Authenticate-then-encrypt
- 16 Authentication
- 17 Backdoor
- 18 Base 64
- 19 Big endian
- 20 Birthday attack
- 21 Bit-flipping attack
- 22 Blinding
- 23 Block cipher
- 24 Blowfish
- 25 Brute-force attack
- 26 Buffer overflow
- 27 CA
- 28 Canary
- 29 Capture-replay attacks
- 30 Carter Wegmen + Counter mode
- 31 CAST5
- 32 CBC Mode
- 33 CBC-MAC
3DES
See: #Triple DES
Access Control List
A list of credentials attached to a resource indicating whether or not the credentials have access to the resource.
ACL
Access Control List
Active attack
Any network-based attack other than simple eavesdropping — i.e., a passive attack).
Advanced Encryption Standard
A fast general-purpose block cipher standardized by NIST (the National Institute of Standards and Technology). The AES selection process was a multi-year competition, where Rijndael was the winning cipher.
AES
See: #Advanced Encryption Standard
Anti-debugger
Referring to technology that detects or thwarts the use of a debugger on a piece of software.
Anti-tampering
Referring to technology that attempts to thwart the reverse engineering and patching of a piece of software in binary format.
Architectural security assessment
See: #Threat Model
ASN.1
Abstract Syntax Notation is a language for representing data objects. It is popular to use this in specifying cryptographic protocols, usually using DER (Distinguished Encoding Rules), which allows the data layout to be unambiguously specified. See also: #Distinguished Encoding Rules.
Asymmetric cryptography
Cryptography involving public keys, as opposed to cryptography making use of shared secrets. See also: #Symmetric cryptography.
Audit
In the context of security, a review of a system in order to validate the security of the system. Generally, this either refers to code auditing or reviewing audit logs. See also: #Audit log, #code auditing.
Audit log
Records that are kept for the purpose of later verifying that the security properties of a system have remained intact.
Authenticate-and-encrypt
When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, possibly in parallel. This is not secure in the general case. See also: #Authenticate-then-encrypt, #encrypt-then-authenticate.
Authenticate-then-encrypt
When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and then encrypts the plaintext concatenated with the MAC tag. This is not secure in the general case, but usually works well in practice. See also: #Authenticate-and-encrypt, #Encrypt-then-authenticate.
Authentication
The process of verifying identity, ownership, and/or authorization.
Backdoor
Malicious code inserted into a program for the purposes of providing the author covert access to machines running the program.
Base 64
encoding A method for encoding binary data into printable ASCII strings. Every byte of output maps to six bits of input (minus possible padding bytes).
Big endian
Refers to machines representing words most significant byte first. While x86 machines do not use big endian byte ordering (instead using little endian), the PowerPC and SPARC architectures do. This is also network byte order. See also: #Little endian.
Birthday attack
Take a function f() that seems to map an input to a random output of some fixed size (a pseudo-random function or PRF). A birthday attack is simply selecting random inputs for f() and checking to see if any previous values gave the same output. Statistically, if the output size is S bits, then one can find a collision in 2S/2 operations, on average.
Bit-flipping attack
In a stream cipher, flipping a bit in the ciphertext flips the corresponding bit in the plaintext. If using a message authentication code (MAC), such attacks are not practical. Blacklist When performing input validation, the set of items that — if matched — result in the input being considered invalid. If no invalid items are found, the result is valid. See also: #Whitelist.
Blinding
A technique used to thwart timing attacks.
Block cipher
An encryption algorithm that maps inputs of size n to outputs of size n (n is called the block size). Data that is not a valid block size must somehow be padded (generally by using an encryption mode). The same input always produces the same output. See also: #Stream cipher.
Blowfish
A block cipher with 64-bit blocks and variable length keys, created by Bruce Schneier. This cipher is infamous for having slow key-setup times.
Brute-force attack
An attack on an encryption algorithm where the encryption key for a ciphertext is determined by trying to decrypt with every key until valid plaintext is obtained.
Buffer overflow
A buffer overflow is when you can put more data into a memory location than is allocated to hold that data. Languages like C and C++ that do no built-in bounds checking are susceptible to such problems. These problems are often security-critical.
CA
See Certification Authority.
Canary
A piece of data, the absence of which indicates a violation of a security policy. Several tools use a canary for preventing certain stack-smashing buffer overflow attacks. See also: #Buffer overflow, #Stack smashing.
Capture-replay attacks
When an attacker can capture data off the wire and replay it later without the bogus data being detected as bogus.
Carter Wegmen + Counter mode
A parallelizable and patent-free high-level encryption mode that provides both encryption and built-in message integrity.
CAST5
A block cipher with 64-bit blocks and key sizes up to 128 bits. It is patent- free, and generally considered sound, but modern algorithms with larger block sizes are generally preferred (e.g., AES). See also: #AES.
CBC Mode
See: Cipher Block Chaining mode.
CBC-MAC
A simple construction for turning a block cipher into a message authentication code. It only is secure when all messages MAC’d with a single key are the same size. However, there are several variants that thwart this problem, the most important being OMAC. See also: #OMAC.
