|
Hi
When using RSA encryption for a website registration page (from browser to server) is it ok to use the same public/private key for all users or should each request for registration use a different set of public/private keys?
Thanks
Dan
|
|
|
|
|
They must use a different set of public/private keys.
In oder case it can break RSA. See Euclidian algorithms.
|
|
|
|
|
As long as the private key is kept secure you can keep the same one. I don't think there's any advantage in using different sets of keys because of the nature of public key cryptography it doesn't matter if the public key is well, public.
If you're sending a private key to the client for communication purposes then use different ones. Or even better, if you can, get the client to generate one locally so that it's never sent between client and server.
Formula 1 - Short for "F1 Racing" - named after the standard "help" key in Windows, it's a sport where participants desperately search through software help files trying to find actual documentation. It's tedious and somewhat cruel, most matches ending in a draw as no participant is able to find anything helpful. - Shog9
Ed
|
|
|
|
|
Hi all.
I am David and I have bitmap photo of the wall, and I wont to set it like wall in 3D how can I do it, in other words I have flat and wont to rotate it in 3D.
[flat is (x';y') and 3D is (x;y;z), I wont to rotate (x';y') in (x;y;z)]
I wont affect like I am wake and near is wall.
What I must do for it, if you know some algorithm tell me ware I can find it.
(I have not problem with math and time is not problem too)
thanks for any help [it all will useful].
|
|
|
|
|
Bagaturia david wrote: I am David and I have bitmap photo of the wall, and I wont to set it like wall in 3D how can I do it, in other words I have flat and wont to rotate it in 3D.
http://nehe.gamedev.net/lesson.asp?index=02[^]
_________________________
Asu no koto o ieba, tenjo de nezumi ga warau.
Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb)
|
|
|
|
|
"Ini idi vichi!".
"came saw win!"
you must know this words.(they are to old and to big for one mane)
|
|
|
|
|
It's actually "Veni, vidi, vici"
- Xint0
|
|
|
|
|
eheheh right Xint0
|
|
|
|
|
Xint0 wrote: "Veni, vidi, vici"
|
|
|
|
|
Hi there
I am encrypting passwords to a database and wish to use the .NET framework to encrypt them.
I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm?
Thanks
Dan
|
|
|
|
|
|
You can use CRC(Cyclic redundacncy code) but that is for check .
i have no idea whether it can use for encryption
Subhash jain (Sundyne Technologies pvt. ltd.- 604,B wing,Trade world Lower parel Mumbai)
|
|
|
|
|
Depends on how secure you need the password to be, if the server is resonably secure then I don't think (might be wrong) that you'll need to bother with more expensive hashes, if MD5 is slightly compromised but offers considerable performance advantages over SHA512 say then if the server's fairly secure why waste time performing all those extra calculations which are not needed?
|
|
|
|
|
Hi,
It is more than correct... it is pointless to use SHA-2, 512 for Intranet database, knowing that no "elite hackers" are working in your company.
I use MD5 for intranet CRM/ASM database and its speed and size is preferred.
Regards
|
|
|
|
|
DanB1983 wrote: I am encrypting passwords to a database and wish to use the .NET framework to encrypt them.
Your actually 'hashing' them.
DanB1983 wrote: I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm?
I am not sure what you think the weakness here is. For databases, you hash the password and store that. I am assuming your getting a hashed password from somewhere else and comparing that to the hash in the database. If this is the case and the hash is being transported securely than I am not sure what the concern is...
|
|
|
|
|
A.A. wrote: DanB1983 wrote:
I know that MD5 and SHA-1 have been compromised. However for the purpose of passwords in a database how weak are they? If they are too weak what is another decent algorithm?
I am not sure what you think the weakness here is. For databases, you hash the password and store that. I am assuming your getting a hashed password from somewhere else and comparing that to the hash in the database. If this is the case and the hash is being transported securely than I am not sure what the concern is...
Improved crytopgraphic attack methods and faster CPUs are increasing the likelyhood that they'll become vulnerable to bruteforce attacks in the semi-near future. Better algorythms include the SHA variants with longer bit lengths.
--
Rules of thumb should not be taken for the whole hand.
|
|
|
|
|
dan neely wrote:
Improved crytopgraphic attack methods and faster CPUs are increasing the likelyhood that they'll become vulnerable to bruteforce attacks in the semi-near future. Better algorythms include the SHA variants with longer bit lengths.
I am aware of this (fyi: its not so much as bruteforce as finding collisions in hashes produced by different documents) , I don't see the relevance to his problem though, because the hashes are compared on the DB side anyway.
|
|
|
|
|
If you are designing the authentication protocol try this:
Rmt: I want authorization
Host: Use this 64-bit random number
Rmt: append 64 bits to users password and run MD5/SHA-1/whatever and send hash to host
Host: run same hash algorithm and compare hashes
For more host side security only store hash of password. Rmt response must compute password hash (the one the host has stored) and append the 64 bits to that then run the final hash and send it off to the host.
In either case someone monitoring the entire data flow learns nothing about the actual key. Replay attacks are also foiled.
A similar approach would work with reasonably smart RFID chips.
|
|
|
|
|
Hi,
i want to know, how to measure the usage of CPU in %?
I've got a code, that returns me kernel time, user time and idle time of CPU in ticks (FILETIME), but i want it to be in percentage - like in UNIX 'top'.
How to convert and count it?
Best regards,
Krystian
P.s.
I understand that it might be wrong forum to post it, but i guess that converting ticks into percent is an algorithm.
Krystian
|
|
|
|
|
ok, nobody answered and i did the job ;]
Here's how:
First thing: kernel time is a sum of real kernel time and idle time, because of the fact, that cpu is always 'busy' - you can find Idle process in Windows Task Manager. So to get actual kernel cpu usage You will have to do: kf - idf.
Second thing: You can't count it just like that. GetSystemTimes gives You time spent on kernel/idle/user processes from the start of You system. So You have to get one time, wait like 100ms and get second time. Then substract the first from the second to get a delta.
You don't have to substract the miliseconds from the delta, because each of them's got it added, and You only count percentage.
Let's say that:
uf : user cpu time delta
kf : kernel cpu time delta
idf : idle cpu time delta
and now:
to get percent of cpu user time, You have to:
(uf / (idf + (kf - idf) + uf))*100
to get percent of cpu kernel time, You have to:
((kf - idf) / (idf + uf + (kf - idf)))*100
and the last thing, idle time:
(idf / (uf + (kf - idf) + idf))*100
Please note, that this is made on INT64, not on FILETIME that You will get from GetSystemTimes WinAPI function - You have to cast it properly.
Best regards,
Krystian
|
|
|
|
|
Nice thing you posted your solution even if you found it yourself Dziękują
|
|
|
|
|
krystian_pl wrote: ...how to measure the usage of CPU...
For a particular process, or the computer as a whole (i.e., all processes)?
"Approved Workmen Are Not Ashamed" - 2 Timothy 2:15
"Judge not by the eye but by the heart." - Native American Proverb
|
|
|
|
|
Hi all.
I am David and I am writing "big integer" class. In my class I use "long long Number[_NUMBER]" ( in C++) and I need algorithm of division,
it is not problem if this algorithm will use bit set and not "long long" type, I need that it was fast. In other words I need algorithm that divides one vector onto another
this vector can be vector of bits ( Ex: [1, 1, 1, 0, 0, 1, 0, 1, 0, 1] ) or vector of number ( Ex: [1258, 16546, 54646846, 54685, 088946, 555468, 8864, 11213, 1] )
Thanks for any help.
|
|
|
|
|
You could check out libGMP (GNU Multiple Precision Library), which is Open Source (zlib-licensed, IIRC) and does the same thing.
Alternatively, you could model the thing by re-implementing what you would do when you divide one number by another. Just do some divisions and model those steps. That, however, probably is not the best way to do divisions. You should check the "Math"-Forum for better algorithms.
|
|
|
|
|
I apologize. I missed the fact that you already posted this in the Math-Forum.
Thats what you get when you usually only read the VC-forums.
|
|
|
|