Recently, I have been investigating potential security implications when allowing windows supplicants to use the user's domain credentials (login/password) to preform EAP/802.1X authentication with the wireless infrastructure. This article outlines my findings and explains a security implications to take in consideration when deploying PEAP/MSCHAP.
Under certain circumstances, you might need to work with an array of structures. The classic way to do this is to define the structure type, then instantiate and initialize an array of these structures after entering the main function. The C language offers other ways to work on arrays of structures. The following example shows how to build and initialize an array of structures in C in one instruction.
The security of RSA cryptography relies on the integer factorization problem. Since the invention of the RSA algorithm, research on integer factorization has gained interest from governments and research institutions due to the consequences at stake should the security of the RSA algorithm becomes compromised.
As with conventional or “explicit” certificates, implicit certificates are made up of three parts: identification data, a public key and a digital signature which binds the public key to the user’s ID data and verifies that this binding is accepted by an authority (or trusted-third-party).
Within a conventional certificate, the public key and digital signature are distinct data elements. In contrast, the public key and digital signature are ‘super imposed’ in implicit certificates and allow the recipient to extract and verify the public key of the other party from the signature portion. This substantially reduces the bandwidth required as there is no need to transmit both the certificate and the verification key.
This is a simple howto for manipulating PKI SSL certificates using Openssl.
This is a list of online guides for setting up Kerberos with LDAP back-end.
Denial of service (DoS) means the prevention of authorized access to resources or delaying of time-critical operations”. During the last couple of years, network denial of service attacks—which deny or degrade access to some network service—have become a problem on the Internet. The most publicized attacks have been against well-known web sites such as Yahoo and Amazon. Pasi Eronen in his paper published by in 2000, presents a survey of the literature on this topic and provides his recommendations for mitigating denial of service treats on public key authentication protocols.
The windows domain logon procedure starts by the user providing login and password information to the operating system through the login interface. The credentials are used by the operating system to build a Kerberos authentication request which is then sent to the domain controller. The domain controller authenticates the request and issues authorization materials (Ticket Granting Ticket) which the operating system of the local device stores in memory for later use. The operating system then initiates a new session and the user can access the available applications (shares, printers, mail servers, etc…).
One of the advantages offered by Kerberos authentication is that once the user has obtained a TGT she can access various services without requiring the input of the same login/password again. For this reason, the domain logon process is usually referred a single sign on.
To perform a domain logon, the device must be able to communicate with the domain controller. For this purpose, the device must be (1) registered in the domain, and (2) an network connection is available.
Buffered I/O operations use an intermediary buffer managed by the C library. The intermediary buffer stores data to be read or written to a stream (file or device). This mode provides better I/O performance when compared to the non buffered I/O mode because it tends to reduce the number of actual reads and writes.
Since buffered I/O is not synchronous in real time, data may not be actually written in the stream until the intermediary buffer is flushed.
For this reason, when using fread/fwrite in real time systems, one must make sure to flush the I/O buffers or to force the C library to write all the provided data.
Assume this situation. You are assigned to port a code to a new hardware/os platform. Generally this involves picking the necessary files for implementing the desired functionality and porting these set of files to the new platform. While doing this, several things happen. First, you usually do not keep the same hierarchy structure, you may for example put all your .c files in a directory called src and all your includes in another directory called inc. You would also modify the sources so that the code compiles in the new build environment.
In organizations that give importance to code quality. Code review operations help minimize faults and bugs in new software. On of the methods for reviewing code in software porting projects is to create a diff between the original source tree (assumed bug free) and the new/ported source tree.
This bash script is an utility that can be used to create such diffs. The resulting output is an HTML file easy to read. It can be used by team leaders to review and validate the changes in the source code made by team members.