The process of agreeing on a shared secret, where both parties contribute material to the key.

A list of credentials attached to a resource indicating whether or not the credentials have access to the resource. Also referred to as an ACL. ACL's are typically used for authorizing actions in [..]

Any attack that involves actions that are detectable as an attack by the target. A port scan is active because it can be detected by the remote host. Of course it isn't really an attack. An activ [..]

A fast general-purpose block cipher standardized by NIST (the National Institute of Standards and Technology). The AES selection process was a multi-year competition, where Rijndael was the winning ci [..]

Referring to technology that detects or thwarts the use of a debugger on a piece of software.

Referring to technology that attempts to thwart the reverse engineering and patching of a piece of software in binary format.

See also: Threat Model

Abstract Syntax Notation is a language for representing data objects. It is popular to use this in specifying cryptographic protocols, usually using DER (Distinguished Encoding Rules), which allows th [..]

Cryptography involving public keys, as opposed to cryptography making use of shared secrets.

In the context of security, a review of a system in order to validate the security of the system. Generally, this either refers to code auditing or reviewing audit logs.