Too Cool for Internet Explorer

GIST v0.7 ― H
“hacker” to “Hypertext Transfer Protocol (HTTP)”

H

- hacker n. 
RFC 2828 (2000)
(I) Someone with a strong interest in computers, who enjoys learning about them and experimenting with them. (See: cracker.)
(C) The recommended definition is the original meaning of the term (circa 1960), which then had a neutral or positive connotation of “someone who figures things out and makes something cool happen”. Today, the term is frequently misused, especially by journalists, to have the pejorative meaning of cracker.
- hacking n. 
SCA ISCTAG (2007)
The act of gaining illegal or unauthorized access to a computer system or network.
This definition embodies the perjorative meaning of hacker.
- half-block n.
SC 27 SD 6 (2002)
ISO/IEC 10118-4: 1998
A string of bits of length Lɸ/2.
(See: block.)
- Hamming distance n. 
iAfB-ICSA 1999
The number of disagreeing bits between two binary vectors. Used as measure of dissimilarity.
- hand geometry n. 
iAfB-ICSA 1999
A physical biometric that involves analysing and measuring the shape of the hand.
- handle vb. & n. 
RFC 2828 (2000)
(I) 1. vb.: Perform processing operations on data, such as receive and transmit, collect and disseminate, create and delete, store and retrieve, read and write, and compare. 2. n.: An on-line pseudonym, particularly one used by a cracker; derived from citizens band radio culture.
- handler n. 
NIST IR 7298 (2006)
SP 800-61
A type of program used in DDoS attacks to control agents distributed throughout a network. Also refers to an incident handler, which refers to a person who performs incident response work.
- hand recognition n. 
See: hand geometry.
- hardware n. 
RFC 2828 (2000)
(I) The material physical components of a computer system. (See: firmware, software.)
- hardware token n. 
See: token.
- hash algorithm n. 
See: hash function.
- hash-based message authentication code (HMAC) n. 
RFC 2828 (2000)
HMAC
(I) A keyed hash [R2104] that can be based on any iterated cryptographic hash (e.g., MD5 or SHA-1), so that the cryptographic strength of HMAC depends on the properties of the selected cryptographic hash. (See: [R2202, R2403, R2404].)
(C) Assume that H is a generic cryptographic hash in which a function is iterated on data blocks of length B bytes. L is the length of the of hash result of H. K is a secret key of length L K B. The values IPAD and OPAD are fixed strings used as inner and outer padding and defined as follows: IPAD = the byte 0x36 repeated B times, OPAD = the byte 0x5C repeated B times. HMAC is computed by H(K XOR OPAD, H(K XOR IPAD, inputdata)).
(C) The goals of HMAC are as follows:
  • To use available cryptographic hash functions without modification, particularly functions that perform well in software and for which software is freely and widely available.
  • To preserve the original performance of the selected hash without significant degradation.
  • To use and handle keys in a simple way.
  • To have a well-understood cryptographic analysis of the strength of the mechanism based on reasonable assumptions about the underlying hash function.
  • To enable easy replacement of the hash function in case a faster or stronger hash is found or required.
NIST IR 7298 (2006)
SP 800-63
A symmetric key authentication method using hash functions.
FIPS 201
A message authentication code that uses a cryptographic key in conjunction with a hash function.
FIPS 140-2
A message authentication code that utilizes a keyed hash.
FIPS 198
keyed-hash based message authentication code
A message authentication code that uses a cryptographic key in conjunction with a hash function.
- hash code n. 
RFC 2828 (2000)
(D) ISDs SHOULD NOT use this term (especially not as a synonym for hash result) because it mixes concepts in a potentially misleading way. A hash result is not a code in any sense defined by this glossary. (See: code, hash result, hash value, message digest.)
SC 27 SD 6 (2002)
ISO/IEC 10118-1: 2000
The string of bits which is the output of a hash-function. Note: The literature on this subject contains a variety of terms that have the same or similar meaning as hash-code. Modification Detection Code, Manipulation Detection Code, message digest, hash-result, hash-value and imprint are some examples.
ISO/IEC 9796-3: 2000, ISO/IEC 14888-1: 1998, ISO/IEC FDIS 15946-2 (04/2001), ISO/IEC WD 15946-4 (10/2001)
The string of bits which is the output of a hash-function.
ISO/IEC FDIS 9796-2 (12/2001), ISO/IEC FDIS 9797-2 (09/2000)
String of bits which is the output of a hash-function.
- hash function n. 
RFC 2828 (2000)
(I) An algorithm that computes a value based on a data object (such as a message or file; usually variable-length; possibly very large), thereby mapping the data object to a smaller data object (the hash result) which is usually a fixed-size value. (See: checksum, keyed hash.)
(O) “A (mathematical) function which maps values from a large (possibly very large) domain into a smaller range. A ‘good’ hash function is such that the results of applying the function to a (large) set of values in the domain will be evenly distributed (and apparently at random) over the range.” [X509]
(C) The kind of hash function needed for security applications is called a cryptographic hash function, an algorithm for which it is computationally infeasible (because no attack is significantly more efficient than brute force) to find either (a) a data object that maps to a pre-specified hash result (the one-way; property) or (b) two data objects that map to the same hash result (the collision-free property [see: collision-resistant hash-function] ). (See: MD2, MD4, MD5, SHA-1.)
(C) A cryptographic hash is “good” in the sense stated in the “O” definition for hash function. Any change to an input data object will, with high probability, result in a different hash result, so that the result of a cryptographic hash makes a good checksum for a data object.
SC 27 SD 6 (2002)
ISO/IEC 10118-1: 2000
A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties.
  • It is computationally infeasible to find for a given output, an input which maps to this output.
  • It is computationally infeasible to find for a given input, a second input which maps to the same output.
Note: Computational feasibility depends on the specific security requirements and environment.
ISO/IEC 14888-1: 1998
A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties.
  • For a given output, it is computationally infeasible to find an input which maps to this output;
  • For a given input, it is computationally infeasible to find a second input which maps to the same output.
Note: Computational feasibility depends on the user’s specific security requirements and environment.
ISO/IEC 9798-5: 1999
Function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties.
  • It is computationally infeasible to find for a given output an input which maps to this output.
  • It is computationally infeasible to find for a given input a second input which maps to the same output.
ISO/IEC 9796-3: 2000, ISO/IEC FDIS 15946-2 (04/2001), ISO/IEC WD 15946-4 (10/2001)
A function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties:
  • For a given output, it is computationally infeasible to find an input which maps to this output; and
  • For a given input, it is computationally infeasible to find a second input which maps to the same output.
Note: Computational feasibility depends on the specific security requirements and environment.
ISO/IEC FDIS 9796-2 (12/2001); ISO/IEC FDIS 9797-2 (09/2000)
Function which maps strings of bits to fixed-length strings of bits, satisfying the following two properties.
  • For a given output, it is computationally infeasible to find an input which maps to this output.
  • For a given input, it is computationally infeasible to find a second input which maps to the same output.
ISO/IEC FDIS 15946-3 (02/2001)
A function which maps strings of bits to fixed-length strings of bits, satisfying two properties.
  • It is computationally infeasible to find for a given output, an input which maps to this output.
  • It is computationally infeasible to find for a given input, a second input which maps to the same output.
The literature on this subject contains a variety of terms which have the same or similar meaning as hash-function. Compressed encoding and condensing function are some examples.
Computational feasibility depends on the user’s specific security requirements and environment.
NIST IR 7298 (2006)
SP 800-21 [2ndEd]
cryptographic hash function
A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties:
  1. One-way: It is computationally infeasible to find any input which maps to any pre-specified output, and
  2. Collision resistant: It is computationally infeasible to find any two distinct inputs that map to the same output.
FIPS 201
A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties:
  1. One-Way. It is computationally infeasible to find any input that maps to any pre-specified output.
  2. Collision Resistant. It is computationally infeasible to find any two distinct inputs that map to the same output.
This is practically identical to the SP 800-21 definition of a cryptgraphic hash function (above).
FIPS 198
An approved mathematical function that maps a string of arbitrary length (up to a pre-determined maximum size) to a fixed length string. It may be used to produce a checksum, called a hash value or message digest, for a potentially long string or message.
SP 800-49
one-way hash algorithm
Hash algorithms which map arbitrarily long inputs into a fixed-size output such that it is very difficult (computationally infeasible) to find two different hash inputs that produce the same output. Such algorithms are an essential part of the process of producing fixed-size digital signatures that can both authenticate the signer and provide for data integrity checking (detection of input modification after signature).
SCA ISCTAG (2007)
hash algorithm
A software algorithm that computes a value (hash) from a particular data unit in a manner that enables detection of intentional/unauthorized or unintentional/accidental data modification by the recipient of the data.
NIST SP 800-63-1 DRAFT (2008)
A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties:
  1. One-Way. It is computationally infeasible to find any input that maps to any pre-specified output, and
  2. Collision Resistant. It is computationally infeasible to find any two distinct inputs that map to the same output.
- hash-function identifier n.
SC 27 SD 6 (2002)
ISO/IEC 10118-1: 2000, ISO/IEC ISO/IEC 10118-4: 1998
A byte identifying a specific hash-function.
- hashing n. 
NIST IR 7298 (2006)
SP 800-72
The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.
- hash result n. 
RFC 2828 (2000)
(I) The output of a hash function. (See: hash code, hash value.)
(O) “The output produced by a hash function upon processing a message” (where message; is broadly defined as “a digital representation of data”). [ABA] (The recommended definition is compatible with this ABA definition, but we avoid the unusual definition of message.)
NIST IR 7298 (2006)
SP 800-61
message digest
A cryptographic checksum, typically generated for a file that can be used to detect changes to the file; Secure Hash Algorithm-1 (SHA-1) is an example of a message digest algorithm
- hash-token n.
SC 27 SD 6 (2002)
ISO/IEC 9796-3: 2000, ISO/IEC WD 15946-4 (10/2001)
A concatenation of a hash-code and an optional control field, which can be used to identify the hash-function and the padding method. Note: The control field with hash-function identifier is mandatory unless the hash-function is uniquely determined by the signature mechanism or by the domain parameters.
ISO/IEC 14888-1: 1998
A concatenation of a hash-code and an optional control field, called hash-function identifier, which can be used to identify the hash-function and the padding method.
- hash value n. 
RFC 2828 (2000)
(D) ISDs SHOULD NOT use this term (especially not as a synonym for hash result, the output of a hash function) because it might be confused with hashed value (the input to a hash function). (See: hash code, hash result, message digest.)
- head-end system n.
SCA ISCTAG (2007)
The physical access control server, software and database(s) used in a physical access control system.
- Health Insurance Portability and Accountability Act (HIPAA) n.
SCA ISCTAG (2007)
HIPAA was passed in 1996 to protect health insurance coverage for workers and their families and to encourage the development of a health information system by establishing standards and requirements for the secure electronic transmission of certain health information. HIPAA mandates that the design and implementation of the electronic systems guarantee the privacy and security of patient information gathered as part of providing health care.
- HIDS n. 
See: (secondary definition under) intrusion detection system.
- hierarchical PKI n. 
RFC 2828 (2000)
(I) A PKI architecture based on a certification hierarchy. (See: mesh PKI, trust-file PKI.)
- hierarchy management n. 
RFC 2828 (2000)
(I) The process of generating configuration data and issuing public-key certificates to build and operate a certification hierarchy.
- hierarchy of trust n. 
RFC 2828 (2000)
(D) ISDs SHOULD NOT use this term with regard to PKI, especially not as a synonym for certification hierarchy, because this term mixes concepts in a potentially misleading way. (See: certification hierarchy, trust, web of trust.)
- high-assurance guard (HAG) n. 
NIST IR 7298 (2006)
SP 800-32
An enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance.
- high frequency (HF) n.
SCA ISCTAG (2007)
Radio frequencies (RF) in the range of 3 MHz to 30 MHz. When used in an RF-based identification system, the high frequency used is typically 13.56 MHz.
- high-impact system n. 
NIST IR 7298 (2006)
SP 800-53; FIPS 200
An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high.
- hijack attack n. 
RFC 2828 (2000)
(I) A form of active wiretapping in which the attacker seizes control of a previously established communication association. (See: man-in-the-middle attack, pagejacking, piggyback attack.)
- HIPAA n.
See: Health Insurance Portability and Accountability Act.
- HMAC n. 
See: hash-based message authentication code.
- Homeland Security Presidential Directive 12 (HSPD-12) n.
SCA ISCTAG (2007)
The primary objective of HSPD-12 is the development and deployment of a Federal government-wide common and reliable identification and [?] verification system that will be interoperable among all government agencies and serve as the basis for reciprocity among those agencies.
- honey pot n. 
RFC 2828 (2000)
(I) A system (e.g., a web server) or a system resource (e.g., a file on a server), that is designed to be attractive to potential crackers and intruders, like honey is attractive to bears. (See: entrapment.)
(D) It is likely that other cultures have different metaphors for this concept. To ensure international understanding, ISDs should not use this term unless they also provide an explanation like this one. (See: (usage note under) Green Book.)
NIST IR 7298 (2006)
SP 800-61
honeypot
A host that is designed to collect data on suspicious activity and has no authorized users other than its administrators.
- host n. 
RFC 2828 (2000)
(I) general computer network usage: A computer that is attached to a communication subnetwork or internetwork and can use services provided by the network to exchange data with other attached systems. (See: end system.)
(I) specific Internet Protocol Suite usage: A networked computer that does not forward Internet Protocol packets that are not addressed to the computer itself. (See: router.)
(C) Derivation: As viewed by its users, a host “entertains” guests, providing application layer services or access to other computers attached to the network. However, even though some traditional peripheral service devices, such as printers, can now be independently connected to networks, they are not usually called hosts.
- host-based IDS, - host-based intrusion detection system (HIDS) n. 
See: (secondary definition under) intrusion detection system.
- hot site n. 
ISO/IEC 2382-8:1998
A fully equipped computer center that provides an immediate alternative data processing capability.
NIST IR 7298 (2006)
SP 800-34
A fully operational off-site data processing facility equipped with hardware and system software to be used in the event of a disaster.
- HSPD-12 n.
See: Homeland Security Presidential Directive 12.
- HTML n. 
See: Hypertext Markup Language.
- HTTP n. 
See: Hypertext Transfer Protocol.
- https n. 
RFC 2828 (2000)
(I) When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL. (See: S-HTTP.)
- human user n.
SC 27 SD 6 (2002)
ISO/IEC 15408-1: 1999
Any person who interacts with the TOE.
- hybrid card n.
SCA ISCTAG (2007)
A smart card that contains two smart card chips – both contact and contactless chips – that are not interconnected.
- hybrid encryption n. 
RFC 2828 (2000)
(I) An application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption. (e.g., see: digital envelope.)
(C) Asymmetric algorithms require more computation than equivalently strong symmetric ones. Thus, asymmetric encryption is not normally used for data confidentiality except in distributing symmetric keys in applications where the key data is usually short (in terms of bits) compared to the data it protects. (e.g., see: MSP, PEM, PGP.)
RFC 2828 (2000)
(I) In hypertext or hypermedia, an information object (such as a word, a phrase, or an image; usually highlighted by color or underscoring) that points (indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link (e.g., by selecting the object with a mouse pointer and then clicking).
- hypermedia n. 
RFC 2828 (2000)
(I) A generalization of hypertext; any media that contain hyperlinks that point to material in the same or another data object.
- hypertext n. 
RFC 2828 (2000)
(I) A computer document, or part of a document, that contains hyperlinks to other documents; i.e., text that contains active pointers to other text. Usually written in Hypertext Markup Language and accessed using a web browser. (See: hypermedia.)
- Hypertext Markup Language (HTML) n. 
RFC 2828 (2000)
(I) A platform-independent system of syntax and semantics for adding characters to data files (particularly text files) to represent the data’s structure and to point to related data, thus creating hypertext for use in the World Wide Web and other applications. [R1866]
- Hypertext Transfer Protocol (HTTP) n. 
RFC 2828 (2000)
(I) A TCP-based, application-layer, client-server, Internet protocol [R2616] used to carry data requests and responses in the World Wide Web. (See: hypertext.)
The originals sources of these definitions may be protected by copyright. The definitions are republished here for review and commentary.
Copyleft & Creative Commons (cc) 2000–2008 Ant: This XHTML encoding and antnotations are dual-licensed under both ―
GFDL The GNU Free Documentation License   Creative Commons License A Creative Commons Attribution-Noncommercial-Share Alike 3.0 License
URL http://homepage.mac.com/antallan/gisth.html History Last updated Wednesday 10 December 2008

Made on a MacBuilt with BBEdit In Association with Amazon.co.uk Valid XHTML 1.0! Valid CSS!