IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [library]

A library is a collection of software routines made available to other programs through a well-documented interface.

A library is a collection of software behavior and resources that are available for use by other software programs that are being run on the computer. They may be provided as pre-compiled binary code or as source code. Each version of a library comes with a documented interface.

The difference between a library and a service is that services execute independently of the clients, listening for new communications to come in over a network connection. Libraries don't normally execute on their own; their routines are loaded and executed by the client in the context of the main program.

39 questions
3
votes
0 answers

Good Library for RSA-2048 in C with some restrictions

I'm looking for a C/C++ implementation of RSA with a 2048 bit key (preferably read from a file). My target is an embedded platform, so it comes with some odd restrictions. The hardware restricts us from using the new operator, and we have to use a…
HD_Mouse
  • 131
  • 4
3
votes
1 answer

Software library for 1-2 oblivious transfer?

I'm looking for software libraries that support 1-2 oblivious transfer of a single bit between two parties. Googling seems to bring up lecture notes, explanations, and research papers but not implementations. I'd just implement it myself, but crypto…
Craig Gidney
  • 133
  • 1
  • 5
3
votes
0 answers

Are there any C++ STL alternatives which is bulletproof against timing attack?

Just out of curiosity, I wonder if there are any packages of popular algorithm/data structures which are secure against timing attack. I think GNU libstdc++ std::string::compare(), std::unordered_map (which employs open addressing) and so on are all…
nodakai
  • 131
  • 3
3
votes
3 answers

Is there a more precise approach to generate signatures for ClamAV, than regex signatures?

Actually I generate signatures from libraries, to scan executables for beeing statically linked to that library. My actual approach is to read out the .text section and generate a byte sequence for every function with placeholders. For little…
Maximilian
  • 207
  • 2
  • 7
2
votes
2 answers

Does removing features from a library increase or reduce security risks?

Software libraries targetting resource constrained environments like embedded systems use conditional compilation to allow consumers to shave space and thus increase performance by removing unused features from the final binaries distributed in…
TZubiri
  • 113
  • 6
2
votes
1 answer

How can the validity and safety of a software library be checked?

So beyond looking at the source code for particular software library, is there a way to vet that it does not contain malicious code? As far as I know from my own research, services like pip, npm, and composer do not provide any assurances(Not that I…
Rehket
  • 23
  • 3
2
votes
2 answers

Is it safe to store VeraCrypt or TrueCrypt container inside RAR - could this method corrupt the file?

I need to split my container into smaller files. So plan is this: I create RAR archive and let it split into about 10 smaller archives, no compression and I also add password for extra security. Is this risk-free?
shown4650120
  • 21
  • 2
2
votes
1 answer

Trusting HTMLUnit with Banking Details

I figured this was a good place to learn a little about trusting libraries such as HTMLUnit with sensitive information. I want to build a service that categorises my spending, kind of like my own personal mint.com. Can I trust an open source library…
DominoSug
  • 31
  • 3
2
votes
2 answers

Static vs Dynamic Linking

I came across DJB's Curve25519 implementation site (https://cr.yp.to/ecdh.html) and noticed he states in reference to using it: You can and should include it in your own programs, rather than going to the effort of linking to a shared library; the…
Anthony Kraft
  • 1,139
  • 1
  • 8
  • 18
1
vote
1 answer

Is native app vulnerable to FREAK attack? If yes, how to detect it as a user?

When I research about FREAK attack, most of them explain about the server and browser vulnerability, but how about native apps (e.g. Windows executable program, mobile apps)? From Mark's answer on Can someone explain, in simple terms, how the FREAK…
Andrew T.
  • 563
  • 5
  • 14
1
vote
1 answer

Is hashing a DLL useful to protect from DLL hijacking?

I want to make sure that the dynamic link libraries used by my application can't be replaced with other libraries of the same name, in order to inject malicious code. Therefore, I thought about creating a fingerprint of the DLLs before releasing new…
WMEZ
  • 341
  • 2
  • 11
1
vote
1 answer

SUID Priv Escalation - LD_LIBRARY_PATH versus ldconfig and /etc/ld.so.conf

Background Currently doing some vulnservers on Offensive Security's Proving Grounds Practice Labs. A vulnserver is a machine configured with vulnerabilities for testing/audit and research purposes. I came across a machine that had a cronjob running…
0x5929
  • 335
  • 4
  • 13
1
vote
0 answers

Cryptographic libraries raising an exception vs. returning a boolean

In several Python libraries, I have seen validation functions that raise exceptions upon failure, instead of returning a boolean result. Examples include: various verify functions in the Cryptography library the validate_authentication method of…
Nathan.Eilisha Shiraini
  • 111
  • 3
1
vote
3 answers

Test for OWASP Using Components with Known Vulnerabilities?

I'm trying to think how I would test an application for OWASP "Using Components with Known Vulnerabilities". If my understanding is correct, this deals a lot with out of date libraries/modules, but if one is pentesting an application (externally)…
Bill C
  • 11
  • 1
1
vote
0 answers

Is Crypto-JS AES library still considered secure?

My company has to send out passwords to employees. We want to do so by using the Crypto-JS AES library to locally create the encrypted message and then send the encrypted message to the employee so that they can locally decrypt the message. However,…
ComputerWhiz
  • 21
  • 1
  • 3
1
2
3