diff options
author | rodent <rodent@pkgsrc.org> | 2013-04-07 20:49:31 +0000 |
---|---|---|
committer | rodent <rodent@pkgsrc.org> | 2013-04-07 20:49:31 +0000 |
commit | 56d0e89eec7a65cd783aaecd29fefde7b20f7a96 (patch) | |
tree | 79de035a23bbb285c8713b492fa4fa499634f7f8 /security | |
parent | 836f824b7f7339847cc2cb57f6c10401a6122132 (diff) | |
download | pkgsrc-56d0e89eec7a65cd783aaecd29fefde7b20f7a96.tar.gz |
Edited DESCR in the case of:
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
Diffstat (limited to 'security')
-rw-r--r-- | security/gtk-systrace/DESCR | 46 | ||||
-rw-r--r-- | security/libtomcrypt/DESCR | 64 | ||||
-rw-r--r-- | security/ruby-bcrypt/DESCR | 21 |
3 files changed, 40 insertions, 91 deletions
diff --git a/security/gtk-systrace/DESCR b/security/gtk-systrace/DESCR index 5dda8e1a34e..e7c24b74fa0 100644 --- a/security/gtk-systrace/DESCR +++ b/security/gtk-systrace/DESCR @@ -1,28 +1,24 @@ -GTK frontend for systrace. +Systrace enforces system call policies for applications by constraining the +application's access to the system. The policy is generated interactively. +Operations not covered by the policy raise an alarm and allow an user to refine +the currently configured policy. -Systrace enforces system call policies for applications by constraining -the application's access to the system. The policy is generated -interactively. Operations not covered by the policy raise an alarm -and allow an user to refine the currently configured policy. +For complicated applications, it is difficult to know the correct policy before +running them. Initially, Systrace notifies the user about all system calls that +an applications tries to execute. The user configures a policy for the specific +system call that caused the warning. After a few minutes, a policy is generated +that allows the application to run without any warnings. However, events that +are not covered still generate a warning. Normally, that is an indication of a +security problem. Systrace improves cyber security by providing intrusion +prevention. -For complicated applications, it is difficult to know the correct -policy before running them. Initially, Systrace notifies the user -about all system calls that an applications tries to execute. The -user configures a policy for the specific system call that caused -the warning. After a few minutes, a policy is generated that allows -the application to run without any warnings. However, events that -are not covered still generate a warning. Normally, that is an -indication of a security problem. Systrace improves cyber security -by providing intrusion prevention. +With systrace untrusted binary applications can be sandboxed. Their access to +the system can be restricted almost arbitrarily. Sandboxing applications +available only as binaries is only sensible as it is not possible to directly +analyze what they are designed to do. However, constraining the system calls +large open-source applications are allowed to execute is useful too as it is +very difficult to determine their correctness. -With systrace untrusted binary applications can be sandboxed. -Their access to the system can be restricted almost arbitrarily. -Sandboxing applications available only as binaries is only sensible -as it is not possible to directly analyze what they are designed -to do. However, constraining the system calls large open-source -applications are allowed to execute is useful too as it is very -difficult to determine their correctness. - -System call arguments can be rewritten dynamically. This effects -a virtual chroot for the sandboxed application. It also prevents -race conditions in the argument evaluation. +System call arguments can be rewritten dynamically. This effects a virtual +chroot for the sandboxed application. It also prevents race conditions in the +argument evaluation. diff --git a/security/libtomcrypt/DESCR b/security/libtomcrypt/DESCR index 1ca5401493f..139c7a02ff3 100644 --- a/security/libtomcrypt/DESCR +++ b/security/libtomcrypt/DESCR @@ -1,12 +1,11 @@ -LibTomCrypt is a fairly comprehensive, modular and portable -cryptographic toolkit that provides developers with a vast array of -well known published block ciphers, one-way hash functions, chaining -modes, pseudo-random number generators, public key cryptography and a -plethora of other routines. LibTomCrypt has been designed from the -ground up to be very simple to use. It has a modular and standard API -that allows new ciphers, hashes and PRNGs to be added or removed -without change to the overall end application. It features easy to -use functions and a complete user manual which has many source snippet +LibTomCrypt is a fairly comprehensive, modular and portable cryptographic +toolkit that provides developers with a vast array of well known published block +ciphers, one-way hash functions, chaining modes, pseudo-random number +generators, public key cryptography and a plethora of other routines. +LibTomCrypt has been designed from the ground up to be very simple to use. It +has a modular and standard API that allows new ciphers, hashes and PRNGs to be +added or removed without change to the overall end application. It features easy +to use functions and a complete user manual which has many source snippet examples. * Block Ciphers @@ -27,49 +26,4 @@ examples. * Khazad * KASUMI * SEED -* Chaining Modes - * ECB - * CBC - * OFB - * CFB - * CTR - * IEEE LRW mode - * F8 Chaining Mode -* One-Way Hash Functions - * MD2 - * MD4 - * MD5 - * SHA-1 - * SHA-224/256/384/512 - * TIGER-192 - * RIPE-MD 128/160/256/320 - * WHIRLPOOL -* Message Authentication - * FIPS-198 HMAC (supports all hashes) - * CMAC, also known as OMAC1 (supports all ciphers) - * PMAC Authentication - * F9-MAC - * Pelican MAC -* Message Encrypt+Authenticate Modes - * EAX Mode - * OCB Mode - * CCM Mode (NIST spec) - * GCM Mode (IEEE spec) -* Pseudo-Random Number Generators - * Yarrow (based algorithm) - * RC4 - * Support for /dev/random, /dev/urandom and the Win32 CSP RNG - * Fortuna - * SOBER-128 -* Public Key Algorithms - * RSA (using PKCS #1 v1.5 and v2.1) - * ECC (EC-DSA X9.62 signatures, X9.63 EC-DH) - o With fast Fixed Point ECC support as well - o X9.63 import/export of public keys - * DSA (Users make their own groups) - * The math routines are pluggable which means you can use your own - math provider if you want. -* Other standards - * PKCS #1 (v1.5 and v2.1 padding) - * PKCS #5 - * ASN.1 DER +...and more! diff --git a/security/ruby-bcrypt/DESCR b/security/ruby-bcrypt/DESCR index 8845fe6c228..649f7083aba 100644 --- a/security/ruby-bcrypt/DESCR +++ b/security/ruby-bcrypt/DESCR @@ -1,6 +1,6 @@ -bcrypt() is a sophisticated and secure hash algorithm designed by The -OpenBSD project for hashing passwords. bcrypt-ruby provides a simple, -humane wrapper for safely handling passwords. +bcrypt() is a sophisticated and secure hash algorithm designed by The OpenBSD +project for hashing passwords. bcrypt-ruby provides a simple, humane wrapper for +safely handling passwords. = bcrypt-ruby @@ -11,15 +11,14 @@ An easy way to keep your users' passwords secure. == Why you should use bcrypt -If you store user passwords in the clear, then an attacker who steals -a copy of your database has a giant list of emails and passwords. Some -of your users will only have one password -- for their email account, -for their banking account, for your application. A simple hack could -escalate into massive identity theft. +If you store user passwords in the clear, then an attacker who steals a copy of +your database has a giant list of emails and passwords. Some of your users will +only have one password - for their email account, for their banking account, for +your application. A simple hack could escalate into massive identity theft. -It's your responsibility as a web developer to make your web -application secure -- blaming your users for not being security -experts is not a professional response to risk. +It's your responsibility as a web developer to make your web application secure +- blaming your users for not being security experts is not a professional +response to risk. bcrypt allows you to easily harden your application against these kinds of attacks. |