Problem - Kevin Tafuro

Recommendations

Info

Discussion FIPS 140 tests are useful for proving that a stream of random numbers are weak, but the tests don’t demonstrate at all when the numbers are good. In particular, it is incredibly easy to have a weak generator yet still pass FIPS tests by processing data with a cryptographic primitive like SHA1 before running the tests. FIPS 140 is only useful as a safety net, for when an entropy source you think is strong turns out not to be. FIPS 140 is a standard authored by the U.S. National Institute of Standards and Technology (NIST; see http://csrc.nist.gov/cryptval/). The standard details general security requirements for cryptographic software deployed in government systems (primarily cryptographic “providers”). There are many aspects to the FIPS 140 standard, one of which is a set of tests that all entropy harvesters and pseudo-random number generators must be able to run to achieve certification. FIPS 140-1 was the original standard and had several tests for random number sources; most of these occurred on startup, but one occurred continuously. Those tests only needed to be implemented for the two highest levels of FIPS compliance (Levels 3 and 4), which few applications sought. In FIPS 140-2, only a single test from FIPS 140-1 remains. This test is mandatory any time a random number generator or entropy source is used. Although the FIPS 140-1 standard is being obsoleted by 140-2, it is important to note that a module can routinely fail the FIPS 140-1 tests and still be FIPS 140-1 compliant. For Level 3 compliance, the user must be able to run the tests on command, and if the tests fail, the module must go into an error state. For Level 4 compliance, the module must comply with the requirements of Level 3, plus the tests must be run at “power-up.” A weak random number generator, such as the one implemented by the standard C library function rand( ), should be able to get Level 3 certification easily. FIPS 140-1 testing is a reasonable tool for ensuring that entropy sources are producing quality data, if those entropy sources are not using any cryptographic operations internally. If they are, the entropy source will almost certainly pass these tests, even if it is a very poor entropy source. For the same reason, this set of tests is not good for testing cryptographic PRNGs, because all such generators will pass these tests with ease, even if they are poor. For example, simply hashing an incrementing counter that starts at zero using MD5 will produce a data stream that passes these tests, even though the data in that stream is easily predictable. FIPS 140-2 testing generally is not very effective unless a failed hardware device starts producing a repeating pattern (e.g., a string of zero bits). The FIPS 140-2 test consists of comparing consecutive generator outputs (on a large boundary size; see the next section). If your “random number generator” consists only of an ever-incrementing 128-bit counter, you will never fail this test. 616 | Chapter 11: Random Numbers This is the Title of the Book, eMatter Edition Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
For this reason, we think the full suite of FIPS 140-1 tests is the way to go any time you really want to test whether an entropy source is producing good data, and it is a good idea to run these tests on startup, and then periodically, when feasible. You should always support the continuous test that FIPS 140-2 mandates whenever you are using hardware random number generators that could possibly be prone to disastrous failure, because it might help you detect such a failure. FIPS 140-1 power-up and on-demand tests The FIPS 140-1 standard specifies four statistical tests that operate on 20,000 consecutive bits of output (2,500 bytes). In the first test, the “Monobit” test, the number of bits set to 1 are counted. The test passes if the number of bits set to 1 is within a reasonable proximity to 10,000. The function spc_fips_monobit( ), implemented as follows, performs this test, returning 1 on success, and 0 on failure. #define FIPS_NUMBYTES 2500 #define FIPS_MONO_LOBOUND 9654 #define FIPS_MONO_HIBOUND 10346 /* For each of the 256 possible bit values, how many 1 bits are set? */ static char nb_tbl[256] = { 0, 1, 1, 2, 1, 2, 2, 3, 1, 2, 2, 3, 2, 3, 3, 4, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 1, 2, 2, 3, 2, 3, 3, 4, 2, 3, 3, 4, 3, 4, 4, 5, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 2, 3, 3, 4, 3, 4, 4, 5, 3, 4, 4, 5, 4, 5, 5, 6, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 3, 4, 4, 5, 4, 5, 5, 6, 4, 5, 5, 6, 5, 6, 6, 7, 4, 5, 5, 6, 5, 6, 6, 7, 5, 6, 6, 7, 6, 7, 7, 8 }; int spc_fips_monobit(unsigned char data[FIPS_NUMBYTES]) { int i, result; for (i = result = 0; i < FIPS_NUMBYTES; i++) result += nb_tbl[data[i]]; return (result > FIPS_MONO_LOBOUND && result < FIPS_MONO_HIBOUND); } The second test is the “Poker” test, in which the data is broken down into consecutive 4-bit values to determine how many times each of the 16 possible 4-bit values appears. The square of each result is then added together and scaled to see whether the result falls in a particular range. If so, the test passes. The function spc_fips_poker( ), implemented as follows, performs this test, returning 1 on success and 0 on failure: #define FIPS_NUMBYTES 2500 #define FIPS_POKER_LOBOUND 1.03 Statistically Testing Random Numbers | 617 This is the Title of the Book, eMatter Edition Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
Page 3 and 4:
Secure Programming Cookbook ΤΜ fo
Page 5 and 6:
Secure Programming CookbookΤΜ for
Page 7 and 8:
Table of Contents Foreword . . . .
Page 9 and 10:
5.8 Using a Generic OFB Mode Implem
Page 11 and 12:
8.10 Performing Password-Based Auth
Page 13:
12.10 Restructuring Arrays 672 12.1
Page 16 and 17:
they are in the top 50% of safe dri
Page 18 and 19:
think you are in, you will probably
Page 20 and 21:
the C programming language, with so
Page 22 and 23:
igger risks than anticipated. You s
Page 24 and 25:
Recipe Compatibility Most of the re
Page 26 and 27:
The O’Reilly web site for the boo
Page 29 and 30:
Chapter 1 CHAPTER 1 Safe Initializa
Page 31 and 32:
using the code in this recipe on Wi
Page 33 and 34:
variables you preserve, be sure to
Page 35 and 36:
ptr = (char *)new_environ + (arr_si
Page 37 and 38:
an impersonation token for a thread
Page 39 and 40:
Creating a new process with a restr
Page 41 and 42:
array that is the Privileges field.
Page 43 and 44:
eturn 0; } if (!LookupAccountName(0
Page 45 and 46:
privileges. We strongly advise agai
Page 47 and 48:
#include #include #include #incl
Page 49 and 50:
sockets provide a means by which fi
Page 51 and 52:
The privman library provides a numb
Page 53 and 54:
The potential for security vulnerab
Page 55 and 56:
It’s important to remember that t
Page 57 and 58:
Discussion execve( ) is the system
Page 59 and 60:
should call pclose( ) to clean up t
Page 61 and 62:
dup2(stdout_pipe[1], 1); close(stdo
Page 63 and 64:
lpCommandLine Any command-line argu
Page 65 and 66:
#include #include #include void
Page 67 and 68:
and a saved user ID. * The effectiv
Page 69 and 70:
See Also Recipes 1.3, 1.4, 2.8 2.2
Page 71 and 72:
of the object, regardless of what t
Page 73 and 74:
There are many other situations whe
Page 75 and 76:
if (!(fd = opendir("."))) break; if
Page 77 and 78:
spc_file_wipe( ) A wrapper around t
Page 79 and 80:
if (pattern_pass(fd, buf, sizeof(bu
Page 81 and 82:
CryptReleaseContext(hProvider, 0);
Page 83 and 84:
2.7 Restricting Access Permissions
Page 85 and 86:
eset the umask between your adjustm
Page 87 and 88:
Locking files on Windows Where Unix
Page 89 and 90:
NFS older than Version 3 in particu
Page 91 and 92:
a loop until all the data is read.
Page 93 and 94:
if (!(hResourceLock = CreateMutex(0
Page 95 and 96:
generator. The code presented here
Page 97 and 98:
access to the filesystem, the poten
Page 99 and 100:
Chapter 3 CHAPTER 3 Input Validatio
Page 101 and 102:
components of the system are truste
Page 103 and 104:
try to use them. For example, what
Page 105 and 106:
To combat malicious uses of “%n
Page 107 and 108:
Discussion Buffer overflows get a l
Page 109 and 110:
Unfortunately, strlcpy( ) and strlc
Page 111 and 112:
The second problem area occurs when
Page 113 and 114:
(see Recipe 3.2). The format-string
Page 115 and 116:
safestr_release( ) or safestr_free(
Page 117 and 118:
Solution Unfortunately, integer coe
Page 119 and 120:
which the records begin. Generally,
Page 121 and 122:
pointer or a different value altoge
Page 123 and 124:
if (!(new_environ = (char **)malloc
Page 125 and 126:
if (spc_environ) free(environ); env
Page 127 and 128:
GetFullPathName( ) requires the len
Page 129 and 130:
if (*c != '%' || !isxdigit(c[1]) ||
Page 131 and 132:
3.10 Preventing Cross-Site Scriptin
Page 133 and 134:
* These are HTML tags that do not t
Page 135 and 136:
*ptr++ = *c; } while (*++c != ’>
Page 137 and 138:
Finally, if you are using the LIKE
Page 139 and 140:
Table 3-2. UTF-8 encoding byte sequ
Page 141 and 142:
the connections to the server. The
Page 143 and 144:
SPC_FD_SET read_mask; for (;;) { sp
Page 145 and 146:
To ensure that you choose the right
Page 147 and 148:
See Also Recipe 13.2 4.2 Generating
Page 149 and 150:
This function takes the following a
Page 151 and 152:
} break; default: if (isspace(p[0])
Page 153 and 154:
*p = 0; return output; } } } The pu
Page 155 and 156:
} return result; case -1: if (stric
Page 157 and 158:
#define MAX_WORDLEN 4 /* len parame
Page 159 and 160:
Discussion This function spc_words2
Page 161 and 162:
4.9 Using Salts, Nonces, and Initia
Page 163 and 164:
the lifetime of the key; the counte
Page 165 and 166:
#include #include #include #incl
Page 167 and 168:
#include #include /* This value n
Page 169 and 170:
} CryptReleaseContext(hProvider, hK
Page 171 and 172:
cryptographic one-way hash from a t
Page 173 and 174:
HMAC_CTX c; unsigned long ctr = 0,
Page 175 and 176:
database does not support binary st
Page 177 and 178:
Remember to use a MAC anytime you e
Page 179 and 180:
For many different reasons, it can
Page 181 and 182:
A more portable but less accurate w
Page 183 and 184:
Chapter 5 CHAPTER 5 Symmetric Encry
Page 185 and 186:
Discussion Be sure to read this dis
Page 187 and 188:
Pentium III, which should give a go
Page 189 and 190:
locations where 40-bit keys or 56-b
Page 191 and 192:
can arise. For general-purpose use,
Page 193 and 194:
or similar mechanism is used. As wi
Page 195 and 196:
shares many properties with CTR mod
Page 197 and 198:
case, the faster of the two algorit
Page 199 and 200:
parison to standard modes. As of th
Page 201 and 202:
work, which severely limits portabi
Page 203 and 204:
Table 5-4. Implementations for the
Page 205 and 206:
Plaintext block 1 Plaintext block 2
Page 207 and 208:
typedef struct { SPC_KEY_SCHED ks;
Page 209 and 210:
If you are using padding and you kn
Page 211 and 212:
This function has the following arg
Page 213 and 214:
if (ol) *ol = out - start; return 1
Page 215 and 216:
that the state function is always r
Page 217 and 218:
Note that this code depends on the
Page 219 and 220:
if (!il--) return 1; ctx->nonce[ctx
Page 221 and 222:
one block at a time, by encrypting
Page 223 and 224:
spc_memset(key,0, kl); memcpy(ctx->
Page 225 and 226:
5.9 Using a Generic CTR Mode Implem
Page 227 and 228:
These two functions also erase the
Page 229 and 230:
we ignore that because it will alwa
Page 231 and 232:
Once those bindings are made, the Z
Page 233 and 234:
output Buffer into which the plaint
Page 235 and 236:
eturn the number of valid bytes in
Page 237 and 238:
In CBC, CFB, and OFB modes, encrypt
Page 239 and 240:
void spc_pctr_do_odd(SPC_CTR2_CTX *
Page 241 and 242:
5.15 Performing File or Disk Encryp
Page 243 and 244:
Therefore, we’ll show you LION, b
Page 245 and 246:
} RC4_set_key(&k, HASH_SZ, (char *)
Page 247 and 248:
techniques from Chapter 8), the key
Page 249 and 250:
communicate asynchronously (that is
Page 251 and 252:
key Pointer to the encryption key t
Page 253 and 254:
Table 5-6. Cipher instantiation ref
Page 255 and 256:
While RC2, RC4, and RC5 support abs
Page 257 and 258:
The function EVP_CIPHER_CTX_ctrl( )
Page 259 and 260:
Discussion As a reminder, use a raw
Page 261 and 262:
ol = 0; if (!(ret = (char *)malloc(
Page 263 and 264:
The “official” RC4 key setup fu
Page 265 and 266:
Discussion One-time pads are provab
Page 267 and 268:
Once a provider context has been su
Page 269 and 270:
Table 5-8. Symmetric ciphers suppor
Page 271 and 272:
hKey Key to use for performing the
Page 273 and 274:
if (!CryptAcquireContext(&hProvider
Page 275 and 276:
exportable from key objects, but th
Page 277 and 278:
Chapter 6 CHAPTER 6 Hashes and Mess
Page 279 and 280:
Generally, you should prefer an enc
Page 281 and 282:
See Also Recipes 6.7, 6.8, 6.12 6.2
Page 283 and 284:
Noncorrelation It should also be co
Page 285 and 286:
Let’s look briefly at the pros an
Page 287 and 288:
Solution In most cases, instead of
Page 289 and 290:
MAC (which we recommend), we strong
Page 291 and 292:
Libraries with cryptographic hash f
Page 293 and 294:
#include int main(int argc, char *
Page 295 and 296:
See Also Implementations of SHA-256
Page 297 and 298:
CryptAcquireContext(&hProvider, 0,
Page 299 and 300:
To ensure the best security, we str
Page 301 and 302:
if (!(vfy = (unsigned char *)malloc
Page 303 and 304:
you might use a library such as Ope
Page 305 and 306:
Otherwise, you can use the HMAC imp
Page 307 and 308:
if (klen inner[i] ^= key[i]; ctx->o
Page 309 and 310:
OMAC has been explicitly specified
Page 311 and 312:
unsigned char c1[SPC_BLOCK_SZ]; /*
Page 313 and 314:
ing the all-zero data block. Each p
Page 315 and 316:
CMAC is the message-integrity compo
Page 317 and 318:
To postprocess, we encrypt the hash
Page 319 and 320:
6.15 Constructing a Hash Function f
Page 321 and 322:
unsigned char b[SPC_KEY_SZ]; size_t
Page 323 and 324:
Figure 6-2. The Mayas-Meyer-Oseas c
Page 325 and 326:
c->ix = 0; c->tl = 0; } static void
Page 327 and 328:
modes such as CWC and CCM are start
Page 329 and 330:
authentication in a straightforward
Page 331 and 332:
SPC_HMAC_Reset(&ctx); SPC_HMAC_Upda
Page 333 and 334:
divide up the data stream between t
Page 335 and 336:
Chapter 7 CHAPTER 7 Public Key Cryp
Page 337 and 338:
The code presented in this chapter
Page 339 and 340:
Because public key encryption is so
Page 341 and 342:
Solution There’s some debate on t
Page 343 and 344:
7.4 Manipulating Big Numbers Proble
Page 345 and 346:
There’s a similar function for as
Page 347 and 348:
Additionally, you can ask for a ran
Page 349 and 350:
In addition, you might wish to test
Page 351 and 352:
Table 7-2. Math operations supporte
Page 353 and 354:
313, 317, 331, 337, 347, 349, 353,
Page 355 and 356:
for (b = 0; !BN_is_odd(x); b++) BN_
Page 357 and 358:
BIGNUM *dP, *dQ, *qInv; } RSA_PRIVA
Page 359 and 360:
This would map to the hexadecimal v
Page 361 and 362:
compute d. Without those two primes
Page 363 and 364:
The constants that may be used to s
Page 365 and 366:
When using OpenSSL, decryption can
Page 367 and 368:
ecommend using it, unless you are c
Page 369 and 370:
ture is valid. A successful check w
Page 371 and 372:
et = RSA_verify(NID_sha1, hash, 20,
Page 373 and 374:
#define MIN(x,y) ((x) > (y) ? (y) :
Page 375 and 376:
memcpy(signedtext, decrypt, 16); if
Page 377 and 378:
h_ret Optional argument that, if no
Page 379 and 380:
siglen The number of bytes written
Page 381 and 382:
data ready to go into the certifica
Page 383 and 384:
ut it requires you to pass in the l
Page 385 and 386:
LjKQ2r1Yt9foxbHdLKZeClqZuzN7PoEmy+b
Page 387 and 388:
ing in data, pass in a pointer to a
Page 389 and 390:
Table 7-6 lists the FILE object-bas
Page 391 and 392:
Solution The correct method depends
Page 393 and 394:
Use across applications For some pe
Page 395 and 396:
key agreement protocol, where both
Page 397 and 398:
consider slightly more sophisticate
Page 399 and 400:
Kerberos does assume that the envir
Page 401 and 402:
The function used to look up user i
Page 403 and 404:
The group structure that is returne
Page 405 and 406:
found, NULL will be returned, and G
Page 407 and 408:
ReferencedDomainName = (LPTSTR)Loca
Page 409 and 410:
if (errno != EINTR && errno != EAGA
Page 411 and 412:
if (!(spc_host_rulecount % 256)) {
Page 413 and 414:
} else { if (inet_addr(tmp) = = INA
Page 415 and 416:
8.5 Generating Random Passwords and
Page 417 and 418:
for this list is not insignificant.
Page 419 and 420:
file, it may allocate a sizable amo
Page 421 and 422:
On Windows, you can use the standar
Page 423 and 424:
Once getpass( ) or readpassphrase(
Page 425 and 426:
ters typed by the user. Instead, th
Page 427 and 428:
compute the future time at which th
Page 429 and 430:
decrypt the encrypted data. To make
Page 431 and 432:
On systems that support MCF through
Page 433 and 434:
for (i = 0; i < 1000; i++) { MD5_In
Page 435 and 436:
CryptHashData(hHash1, lpszKey, dwKe
Page 437 and 438:
Solution Use the PBKDF2 method of c
Page 439 and 440:
Verifying a password encrypted usin
Page 441 and 442:
c Pointer to an integer that will r
Page 443 and 444:
each of these pieces of information
Page 445 and 446:
server-side part of the authenticat
Page 447 and 448:
8.14 Authenticating with HTTP Cooki
Page 449 and 450:
char *spc_cookie_encode(char *cooki
Page 451 and 452:
• Let the salt be public, in whic
Page 453 and 454:
extra Additional application-specif
Page 455 and 456:
xl Pointer into which the length of
Page 457 and 458:
With a valid socket descriptor in h
Page 459 and 460:
11. The client and the server compu
Page 461 and 462:
Some people like to use a fixed mod
Page 463 and 464:
Often, you’ll want to generate a
Page 465 and 466:
Discussion Remember, authentication
Page 467 and 468:
• Provide the user with some way
Page 469 and 470:
if (!fgets(answer, sizeof(answer),
Page 471 and 472:
uffer = (char *)realloc(buffer, buf
Page 473 and 474:
compromise. If our system has such
Page 475 and 476:
When using RSA, if you’re doing o
Page 477 and 478:
see the confirmation request and th
Page 479 and 480:
Upon receipt of a response to a con
Page 481 and 482:
BOOL SpcConfirmationCreate(LPCTSTR
Page 483 and 484:
Additionally, over time, SSPI-speci
Page 485 and 486:
if (!spc_verify_cert_hostname(SSL_g
Page 487 and 488:
The next step is to call spc_accept
Page 489 and 490:
Discussion Session caching is norma
Page 491 and 492:
if (BIO_do_connect(conn)
Page 493 and 494:
The next step is to connect to the
Page 495 and 496:
DWORD dwHeadersLength = 0; LPSTR lp
Page 497 and 498:
attempt to develop and debug SSL-en
Page 499 and 500:
API for encryption and decryption,
Page 501 and 502:
memcpy(in_data.data, inbuf, inlen);
Page 503 and 504:
*outlen = out_data.length - (blksz
Page 505 and 506:
so. Likewise, any process with the
Page 507 and 508:
struct sockaddr_un *addr_unix; *dom
Page 509 and 510:
error_exit: if (sock) spc_socket_cl
Page 511 and 512:
different ways. On FreeBSD systems,
Page 513 and 514:
msg.msg_iov->iov_base = (void *)&sy
Page 515 and 516:
it’s unique and unpredictable! Yo
Page 517 and 518:
if (mysql_real_connect(mysql, host,
Page 519 and 520:
maintenance. Adding or removing ser
Page 521 and 522:
ut they shouldn’t tolerate reorde
Page 523 and 524:
#define SPC_CLIENT_DISTINGUISHER 0x
Page 525 and 526:
} static void spc_ssock_write( int
Page 527 and 528:
while (mlen) { if ((r = read(fd, ms
Page 529 and 530:
In such cases, you need to be able
Page 531 and 532:
Discussion One of the big motivator
Page 533 and 534:
A digital certificate contains info
Page 535 and 536:
Certificate revocation What happens
Page 537 and 538:
cate as long as it still has its pr
Page 539 and 540:
Currently, OCSP is not nearly as wi
Page 541 and 542:
ple is the permissible uses for a c
Page 543 and 544:
automated email to the address you
Page 545 and 546:
The type of code-signing certificat
Page 547 and 548:
10.3 Using Root Certificates Proble
Page 549 and 550:
Table 10-1. CA certificates, their
Page 551 and 552:
ights of the entity tied to that ce
Page 553 and 554:
10.5 Performing X.509 Certificate V
Page 555 and 556:
sk_X509_free(spc_store->crls); sk_X
Page 557 and 558:
X509_LOOKUP *lookup; store = X509_S
Page 559 and 560:
CertGetIssuerCertificateFromStore(
Page 561 and 562:
HCERTSTORE hCertStore; PCCERT_CONTE
Page 563 and 564:
See Also Recipe 10.11 10.7 Verifyin
Page 565 and 566:
SPC_X509STORE_SSL_VERIFY_NONE This
Page 567 and 568:
verify_flags |= SSL_VERIFY_FAIL_IF_
Page 569 and 570:
int spc_verify_cert_hostname(X509 *
Page 571 and 572:
for (i = 0; !bResult && i < pNameIn
Page 573 and 574:
only work you really need to do is
Page 575 and 576:
digest = EVP_sha1( ); fingerprint_l
Page 577 and 578:
if (cert && (uri = get_distribution
Page 579 and 580:
"\xb3\x9c\x25\xb1\xc3\x2e\x32\x53\x
Page 581 and 582:
headerlen -= (*datalen + 2); if (*d
Page 583 and 584:
In this recipe, we have used a numb
Page 585 and 586:
{ "\x8d\x26\xff\x2f\x31\x6d\x59x\29
Page 587 and 588:
LocalFree(pvStructInfo); return 0;
Page 589 and 590:
lpFullBuffer = lpNewBuffer; lpBuffe
Page 591 and 592:
of tunable variables that affect th
Page 593 and 594: SPC_OCSPRESULT_CERTIFICATE_VALID =
Page 595 and 596: * All done. Set the return code bas
Page 597 and 598: Solution There are essentially thre
Page 599 and 600: the byte is even, he reduces the nu
Page 601 and 602: See Also Recipes 11.16, 11.18, 11.1
Page 603 and 604: 11.3 Using the Standard Unix Random
Page 605 and 606: a pointer to data. Instead, they re
Page 607 and 608: if (errno = = EINTR) continue; perr
Page 609 and 610: Here we show how to use this functi
Page 611 and 612: attacks are a realistic threat, you
Page 613 and 614: This function never fails (save for
Page 615 and 616: Using a stream cipher as a generato
Page 617 and 618: One very safe way to use a cryptogr
Page 619 and 620: out Buffer into which the random da
Page 621 and 622: 1. Figure out how big a seed you ne
Page 623 and 624: 0x00 Query the amount of entropy be
Page 625 and 626: strncpy(a.sun_path, EGD_SOCKET_PATH
Page 627 and 628: } } while (nb = = -1); } } } See Al
Page 629 and 630: nbytes Number of bytes of entropy t
Page 631 and 632: See Also • EGADS by Secure Softwa
Page 633 and 634: If the generator is not seeded with
Page 635 and 636: Discussion In all cases, you will s
Page 637 and 638: Solution Because of the way that fl
Page 639 and 640: double spc_rand_cunifvariate(double
Page 641 and 642: See Also Recipe 11.11 11.16 Compres
Page 643: It would be nice if you did not hav
Page 647 and 648: } int cur_val, i, j, runsz; unsigne
Page 649 and 650: See Also • NIST Cryptographic Mod
Page 651 and 652: ecause even if a source does fail c
Page 653 and 654: you use a seed file, you can just c
Page 655 and 656: • If you have to accept data from
Page 657 and 658: with a high-resolution clock (i.e.,
Page 659 and 660: Collecting entropy from the keyboar
Page 661 and 662: f[c + 2] = '>'; } else snprintf(bf,
Page 663 and 664: SpcGatherKeyboardEntropy( ) uses th
Page 665 and 666: } } if (hWndParent) EnableWindow(hW
Page 667 and 668: number of bits of entropy has been
Page 669 and 670: } return TRUE; pDlgData->cbRequeste
Page 671 and 672: See Also Recipes 11.19, 11.20 11.22
Page 673 and 674: Discussion We strongly recommend th
Page 675 and 676: Chapter 12 CHAPTER 12 Anti-Tamperin
Page 677 and 678: tecture-specific checks to determin
Page 679 and 680: ure or to examine a hardware valida
Page 681 and 682: • Detecting modification to a com
Page 683 and 684: for (j = 8; j > 0; j--) { if (crc &
Page 685 and 686: #include CRC_START_BLOCK(test) int
Page 687 and 688: Solution Obfuscating compiled code
Page 689 and 690: " movl 0f( , %%ebx ), %%eax \n\t" \
Page 691 and 692: Because library functions are loade
Page 693 and 694: encoded as a series of 32 Obcode bi
Page 695 and 696:
12.5 Performing Constant Transforms
Page 697 and 698:
12.7 Splitting Variables Problem La
Page 699 and 700:
12.9 Using Function Pointers Proble
Page 701 and 702:
arrays. This array type will hide t
Page 703 and 704:
eak; case SPC_ARRAY_FOLD: index = (
Page 705 and 706:
The following example demonstrates
Page 707 and 708:
Discussion The techniques for hidin
Page 709 and 710:
12.12 Detecting Debuggers Problem S
Page 711 and 712:
Discussion The spc_trap_detect( ) f
Page 713 and 714:
12.14 Detecting Windows Debuggers P
Page 715 and 716:
The int3 interface can also be used
Page 717 and 718:
To demonstrate the effect this macr
Page 719 and 720:
08048388 83 db 83h ; â 08048389 7D
Page 721 and 722:
ine the instruction making the refe
Page 723 and 724:
mprotect(buf, buf_len, PROT_READ |
Page 725 and 726:
eturn 4; } /* get entry point : her
Page 727 and 728:
need to use one of the three ring3
Page 729 and 730:
cates failure, it’s likely that n
Page 731 and 732:
tion gets caught. The only ways to
Page 733 and 734:
memory location will generally stil
Page 735 and 736:
eturn dst; } volatile void *spc_mem
Page 737 and 738:
The mlock( ) system call on Unix im
Page 739 and 740:
Discussion Both C and C++ allow the
Page 741 and 742:
Do not share signal handlers. Sever
Page 743 and 744:
#endif } static int signal_was_caug
Page 745 and 746:
paper reached the widest audience,
Page 747 and 748:
The proper way to handle a program
Page 749 and 750:
handles[0] = cond; handles[1] = mut
Page 751 and 752:
#ifndef WIN32 pool->tids = (pthread
Page 753 and 754:
#define SPC_ACQUIRE_MUTEX(mtx) pthr
Page 755 and 756:
if (socketpool_limit > 0 && socketp
Page 757 and 758:
Table 13-1. Resources that may be l
Page 759 and 760:
ability to run. The default limits
Page 761 and 762:
Note that the structures as present
Page 763 and 764:
access to the machine. This makes i
Page 765:
ing log entries. It is possible, ho
Page 768 and 769:
attacks (continued) capture replay
Page 770 and 771:
CFB (Cipher Feedback) mode, 167, 18
Page 772 and 773:
deriving symmetric keys from a pass
Page 774 and 775:
EVP_CIPHER_CTX_set_padding( ), 227
Page 776 and 777:
integrity checking cipher modes, 16
Page 778 and 779:
message digests (continued) desirab
Page 780 and 781:
parallelizing MACs, 304 parent and
Page 782 and 783:
RAND_bytes( ), 604 RAND_load_file(
Page 784 and 785:
session ID context, 461 session IDs
Page 786 and 787:
spc_gather_keyboard_entropy( ), 631
Page 788 and 789:
symmetric cryptography, 116-154 alg
Page 790 and 791:
Windows (continued) Win 2000, restr
Page 792:
oads. They will often travel up to
show all

Problem - Kevin Tafuro

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?