Security
From Just Solve the File Format Problem
				
								
				(Difference between revisions)
				
																
				
				
								
				|  (→Digital Certificates) |  (→Uncategorized) | ||
| (40 intermediate revisions by 3 users not shown) | |||
| Line 11: | Line 11: | ||
| * [[E-Mail, newsgroups, and forums#Secure messaging|E-Mail, newsgroups, and forums: Secure messaging]] | * [[E-Mail, newsgroups, and forums#Secure messaging|E-Mail, newsgroups, and forums: Secure messaging]] | ||
| − | == Digital  | + | == App provisioning and DRM == | 
| + | Main article: [[Digital Rights Management]] | ||
| + | |||
| + | * [[Mobile Provision file]] (.mobileprovision; used for installing iOS apps) | ||
| + | |||
| + | == Authentication == | ||
| + | * [[SAML]] (Security Assertion Markup Language) | ||
| + | |||
| + | == Claim representation == | ||
| + | * [[JSON Web Tokens]] (JWT) | ||
| + | |||
| + | == Digital certificates, keys, etc. == | ||
| * [[ASCII Armor]] (.arm; old for base64) | * [[ASCII Armor]] (.arm; old for base64) | ||
| + | * [[Card Verifiable Certificate]] (CVC) | ||
| * [[Canonical Encoding Rules]] (.cer) | * [[Canonical Encoding Rules]] (.cer) | ||
| * [[Certificate Revocation List]] (.crl) | * [[Certificate Revocation List]] (.crl) | ||
| Line 18: | Line 30: | ||
| * [[Certificate Trust List]] (.stl) | * [[Certificate Trust List]] (.stl) | ||
| * [[DER]] (Distinguished Encoding Rules) | * [[DER]] (Distinguished Encoding Rules) | ||
| − | * [[DER encoded certificate]] (.der, .crt) | + | ** [[DER encoded certificate]] (.der, .crt) | 
| − | * [[DER encoded RSA private key]] | + | ** [[DER encoded RSA private key]] | 
| * [[Microsoft Serialized Certificate Store]] (.sst) | * [[Microsoft Serialized Certificate Store]] (.sst) | ||
| * [[PEM]] | * [[PEM]] | ||
| − | * [[PEM encoded certificate]] (.pem, .crt) | + | ** [[PEM encoded certificate]] (.pem, .crt) | 
| − | * [[PEM encoded RSA private key]] (.key) | + | ** [[PEM encoded RSA private key]] (.key) | 
| * [[PFX (original format)]] | * [[PFX (original format)]] | ||
| − | * [[PKCS7]] (PKCS #7, Cryptographic Message Syntax Standard) | + | * [[PGP public key]] | 
| − | * [[PKCS7 certificate]] (.p7b, .p7c, .spc) | + | * [[PKCS]] | 
| − | * [[PKCS10]] (PKCS #10 Certificate Signing Request, .p10, .csr) | + | ** [[PKCS7]] (PKCS #7, Cryptographic Message Syntax Standard) | 
| − | * [[PKCS12]] (PKCS #12, PFX, Personal Information Exchange, .p12, .pfx) | + | ** [[PKCS7 certificate]] (.p7b, .p7c, .spc) | 
| + | ** [[PKCS10]] (PKCS #10 Certificate Signing Request, .p10, .csr) | ||
| + | ** [[PKCS11]] (PKCS #11 Cryptographic Token Interface Standard; Cryptoki API) | ||
| + | ** [[PKCS12]] (PKCS #12, PFX, Personal Information Exchange, .p12, .pfx) | ||
| * [[PVK]] | * [[PVK]] | ||
| * [[RSA private key]] | * [[RSA private key]] | ||
| Line 34: | Line 49: | ||
| * [[X.509 certificate]] | * [[X.509 certificate]] | ||
| − | ==  | + | === Digital certificate collections === | 
| − | + | ||
| − | ==  | + | * [[Security Catalog]] | 
| − | * [[ | + | |
| + | == Electronic signatures == | ||
| + | * [[Authenticode signature]] | ||
| + | * [[Digital watermark]] | ||
| + | * [[FSecure (PaceSoft)]] | ||
| + | * [[HMAC]] (Hash-based message authentication code) | ||
| + | * [[JSON Web Signatures]] (JWS) | ||
| + | |||
| + | == Malware/spyware == | ||
| + | * [[Pegasus]] | ||
| + | * [[Regin]] | ||
| + | * [[Superfish]] | ||
| + | |||
| + | See also [[Ransomware]]. | ||
| + | |||
| + | == Passwords == | ||
| + | * [[eWallet]] | ||
| + | * [[KBDX]] | ||
| + | * [[passwd]] (/etc/passwd) | ||
| + | |||
| + | See also [[Encryption#Password hashes]]. | ||
| + | |||
| + | == Protocols == | ||
| + | * [[TLS]] (including SSL) | ||
| + | |||
| + | == Security policies == | ||
| + | * [[Adobe Cross Domain Policy File]] | ||
| + | * [[Content Security Policy]] | ||
| + | * [[Label Encodings]] (files determining information classification labels for multi-level security environments) | ||
| + | * [[PAM configuration file]] | ||
| + | * [[Security.txt]] | ||
| + | * [[Sudoers]] (module and file determining user privileges) | ||
| + | |||
| + | == Software == | ||
| + | * [[OpenSSL]] | ||
| + | |||
| + | == Verification == | ||
| + | * [[Verifpal]] (.vp) (language for modeling aspects of security protocols to test for soundness) | ||
| + | |||
| + | == Uncategorized == | ||
| + | * [[C2PA]] | ||
| + | * [[SEAL]] [https://github.com/hackerfactor/SEAL] | ||
| − | ==  | + | == Links and references == | 
| * [http://blogs.msdn.com/b/kaushal/archive/2010/11/05/ssl-certificates.aspx Various SSL/TLS Certificate File Types/Extensions (MSDN article)] | * [http://blogs.msdn.com/b/kaushal/archive/2010/11/05/ssl-certificates.aspx Various SSL/TLS Certificate File Types/Extensions (MSDN article)] | ||
| * [https://hashcat.net/oclhashcat-plus/ Hashcat: password cracking program] | * [https://hashcat.net/oclhashcat-plus/ Hashcat: password cracking program] | ||
| Line 46: | Line 101: | ||
| * [http://xkcd.com/1286/ xkcd comic about Adobe password breach situation] | * [http://xkcd.com/1286/ xkcd comic about Adobe password breach situation] | ||
| * [http://pardydba.wordpress.com/2013/11/08/improving-security-in-your-web-browsers-firefox/ Improving security in Firefox] | * [http://pardydba.wordpress.com/2013/11/08/improving-security-in-your-web-browsers-firefox/ Improving security in Firefox] | ||
| + | * [http://www.dustbury.com/archives/17867 2014 Super Bowl security (picture)] | ||
| + | * [http://www.washingtonpost.com/business/technology/senate-cybersecurity-report-finds-agencies-often-fail-to-take-basic-preventive-measures/2014/02/03/493390c2-8ab6-11e3-833c-33098f9e5267_story.html Senate cybersecurity report finds agencies often fail to take basic preventive measures] | ||
| + | * [http://www.bbc.com/news/technology-26879185 Xbox password flaw exposed by five-year-old boy] (And Microsoft thanked the kid instead of getting him arrested, imagine that.) | ||
| + | * [http://dankaminsky.com/2014/04/10/heartbleed/ Be Still My Breaking Heart] | ||
| + | * [http://blog.fastmail.fm/2014/04/10/when-two-factor-authentication-is-not-enough/ When two-factor authentication is not enough] | ||
| + | * [http://www.tedunangst.com/flak/post/origins-of-libressl origins of libressl] | ||
| + | * [http://dheera.net/projects/blur Why blurring sensitive information is a bad idea] | ||
| + | * [http://arstechnica.com/security/2015/04/28/how-to-crack-any-master-lock-combination-in-8-tries-or-less/ How to crack many Master Lock combinations in eight tries or less] | ||
Latest revision as of 12:35, 16 November 2024
Formats specific to the storage and transmission of security information.
See also:
| Contents | 
[edit] App provisioning and DRM
Main article: Digital Rights Management
- Mobile Provision file (.mobileprovision; used for installing iOS apps)
[edit] Authentication
- SAML (Security Assertion Markup Language)
[edit] Claim representation
- JSON Web Tokens (JWT)
[edit] Digital certificates, keys, etc.
- ASCII Armor (.arm; old for base64)
- Card Verifiable Certificate (CVC)
- Canonical Encoding Rules (.cer)
- Certificate Revocation List (.crl)
- Certificate Signing Request
- Certificate Trust List (.stl)
-  DER (Distinguished Encoding Rules)
- DER encoded certificate (.der, .crt)
- DER encoded RSA private key
 
- Microsoft Serialized Certificate Store (.sst)
-  PEM
- PEM encoded certificate (.pem, .crt)
- PEM encoded RSA private key (.key)
 
- PFX (original format)
- PGP public key
-  PKCS
- PKCS7 (PKCS #7, Cryptographic Message Syntax Standard)
- PKCS7 certificate (.p7b, .p7c, .spc)
- PKCS10 (PKCS #10 Certificate Signing Request, .p10, .csr)
- PKCS11 (PKCS #11 Cryptographic Token Interface Standard; Cryptoki API)
- PKCS12 (PKCS #12, PFX, Personal Information Exchange, .p12, .pfx)
 
- PVK
- RSA private key
- SPKAC
- X.509 certificate
[edit] Digital certificate collections
[edit] Electronic signatures
- Authenticode signature
- Digital watermark
- FSecure (PaceSoft)
- HMAC (Hash-based message authentication code)
- JSON Web Signatures (JWS)
[edit] Malware/spyware
See also Ransomware.
[edit] Passwords
See also Encryption#Password hashes.
[edit] Protocols
- TLS (including SSL)
[edit] Security policies
- Adobe Cross Domain Policy File
- Content Security Policy
- Label Encodings (files determining information classification labels for multi-level security environments)
- PAM configuration file
- Security.txt
- Sudoers (module and file determining user privileges)
[edit] Software
[edit] Verification
- Verifpal (.vp) (language for modeling aspects of security protocols to test for soundness)
[edit] Uncategorized
[edit] Links and references
- Various SSL/TLS Certificate File Types/Extensions (MSDN article)
- Hashcat: password cracking program
- Can someone be targeted using the Adobe breach?
- xkcd comic about Adobe password breach situation
- Improving security in Firefox
- 2014 Super Bowl security (picture)
- Senate cybersecurity report finds agencies often fail to take basic preventive measures
- Xbox password flaw exposed by five-year-old boy (And Microsoft thanked the kid instead of getting him arrested, imagine that.)
- Be Still My Breaking Heart
- When two-factor authentication is not enough
- origins of libressl
- Why blurring sensitive information is a bad idea
- How to crack many Master Lock combinations in eight tries or less


