|
If you can handle FORTRAN, one source is here[^]. Translation to a modern language shouldn't be hard, as FORTRAN is a very basic language, and all of its constructs have modern equivalents.
If you're interested in such things, this guy has hundreds of different theoretical physics solutions posted on his site. What a gem! I'm bookmarking it for future use. Thanks for leading me to search for it for you.
Will Rogers never met me.
|
|
|
|
|
When we need to store passwords for user authentication, the password gets "encrypted" somehow. Typically, a block of random bytes - the "Salt" - is added to the clear text password, next comes a hash algorithm, and finally a textual representation of the bytes received from the hash function is stored.
I've seen different ways of such handling: e.g. not using a Salt at all, a string concatenation of password and a textual representation of the Salt, a binary XOR. Not using a Salt at all is considered unsafe. How would you "salt" the password, and why do you prefer your method?
How do you store the result in your database - as binary data, converted to hexadecimal, ...?
MD5 is said to have some flaws. Do you still use it?
Thanks a lot for sharing your experience.
|
|
|
|
|
IMHO multiple layers of encryption give much better protection than betting everything on a single layer. In addition to character substitution, other techniques such as transposing characters' positions make the decrypter's job exponentially harder.
Any salt characters improve security, as long as you can unambiguously identify the salt characters to remove them for decryption.
|
|
|
|
|
MD5 is not used anymore, not a strong type of hash algorithm. You should use SHA-256 instead.
Overall algorithm would depend on your application, for example if you use a captcha I would recommend only using a hash algorithm to store the passwords. But if you don't you could use salt, it is the ultimate answer to brute force attack.
|
|
|
|
|
You have probably solved this by now, but since you got a recent response, I thought I woudl add my two pence worth.
I tend to use the UserID as the salt - not the username, but the unique value I assign in the database table (personally, I tend to use GUIDs for these) and take an SHA hash of the combined id and password. I then store the hash as a comparison value in the DB.
If you don't use some salt, then it is relatively easy to spot common passwords (they would all have the same value as a hash) and if you crack one of them (by looking at the hash for common passwords) you have access to all those accounts. For example, if 50% of your accounts have the same hash, change your password to "password" and see what hash your account has. If it matches, then you know the password for 50% of the accounts.
MD5 does indeed have some problems - it is officially classed as "broken" and should not be used for new designs. What that means is that there is a way to get a valid input (not necessarily the original input, but valid) from the MD5 hash value. It isn't a real problem, but with security it is a good idea to avoid it as a result. SHA is currently unbroken, and you should use that - the .NET cryptography namespace includes SHA in several sizes.
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
Hi all,
I'm studying software design patterns. Right now I'm going through the various patterns presented on the Wikipedia article at http://en.wikipedia.org/wiki/Software_design_pattern[^] (yeah, I know.. it's wikipedia... but it's free). I feel like I'm understanding the material, but I also feel that some real-world examples would be helpful. Anyone know of a good site to find real-world examples of design patterns? Doesn't even have to contain code... can dig into code when I'm actually ready to implement these. I just want to make sure I understand the concept behind each pattern.
Thanks!
PS -- not sure if this is the right forum to put this in but it seemed the closest match of the available selections. Thanks again!
Hypermommy
|
|
|
|
|
|
Doh! Didn't see it. Any way for a user like me to move a message or shall I just wait for an admin to do it (and probably rightfully chastise me in the process. ).
I'll definitely check out the article and thanks!
Hypermommy
|
|
|
|
|
I have a formula y=x*(x-1) , given y , how do you find x ? (x is never less than 2.)
It occured to me that x*(x-1) is very close to x^2 especially as x increases, so I'm taking the square root and using CEILING (at least in SQL).
Something about this doesn't seem kosher, how would y'all do this?
|
|
|
|
|
if those variables are integers, then for x>1 you know (expand the multiplications to verify):
(x-1)^2 < x*(x-1) < x^2
which means (still assuming x>1):
x-1 < SQRT(y) < x
or
SQRT(y) < x < 1+SQRT(y)
so yes the ceiling should do it, as would the floor of SQRT(y)+1
if those variables are reals, then you either write the formula for a quadratic equation, or you use an iterative process, such as Newton-Raphson's.
|
|
|
|
|
Oh, yes, of course integers, the only real numbers.
|
|
|
|
|
OK.
Now could you please go here[^] and offer your usual wisdom. Thanks.
|
|
|
|
|
Oh, right I saw that earlier, not sure what to say.
|
|
|
|
|
Well, this is a quadratic equation, with roots at 0 and 1 and therefore a midpoint at ½.
y = (x - ½)² - ¼ (expand and compare with the initial constant which was 0)
(x - ½)² = y + ¼
x - ½ = sqrt(y + ¼)
x = sqrt(y + ¼) + ½
Since you're already using a square root this won't be much more expensive than what you're doing now (maybe less, not sure of the cost of ceil) and it's accurate.
x(x - 1) isn't that close to x², it differs by x and therefore the relative error only goes down as 1/x. That's a very poor approximation and I don't see why you'd use it if it's also an expensive one with a sqrt in it.
|
|
|
|
|
|
Hello
I'm searching for some algorithm that could compare two files by content and return the list of differences. I have successfully implemented the LCS - Longest Common Subsequence algorithm and got it up and running with backtracking, but this algorithm is only usable for short strings. Event with some optimizations (trimming) this algorithm blows up the memory with long string (marix size is quadratic to the length processed string)
Can you please help me out on what my options are?
Thanks you very much and have a wonderful day!
Tomas
|
|
|
|
|
|
Luc's may have won, but I like mine PIEBALDdiff[^].
It doesn't bother with LCS or Levenshtein (yet) and still gets good results with (probably) less memory and more flexibility.
|
|
|
|
|
Nah. Mine was meaner.
|
|
|
|
|
|
Is only going to happen when your brother is the governor of Florida.
|
|
|
|
|
I would like to create a program in C# to process audio and perform low pass and high pass filtering on it.
Can anyone tell me where I should start to implement these filters? Is there any source code you are aware of, or maybe ready made DLLs which I can use?
|
|
|
|
|
Don't know specifically about stuff in C#... but the low and high pass filter design algorithms are all digital signal processing (DSP) algorithms, so as far as study and design of the algorithm itself, you can use Matlab (or the open source alternative Octave) to lay out the design. Once understood, you can code it yourself onto C#.
Try Google to see if there's open source libraries for this, they're fairly common audio synthesis operations so there must be libraries out there (although unfortunately I couldn't direct you right to one).
|
|
|
|
|
For frequency filters the general pattern is: fourier transform input, filter transform, fourier inverse (which is magically the same transform! ) the filtered transform to get a new sound stream. I haven't done it but I did, a while back, look for fast fourier transform in C# and there was a pretty good library out there.
I realise this is minimally helpful but hopefully that gives you some search pointers at least.
|
|
|
|
|
Fast Fourier Transform filtering is certainly an option.
It's a very intuitive solution since, like BobJanova states, band-pass filtering can be easily achieved by doing these steps:
1) Forward FFT of the input data,
2) Zeroing the result bins of the frequencies that we want to remove, and finally,
3) Perform reverse FFT on the same data.
However, this is a very expensive approach, if fast execution is a must, I would recommend trying a FIR digital filter instead. I have no experience designing such a filter myself, but there used to be a really great freeware tool around named DSPlay. I Googled for a while and unfortunately can't find it any more. This GUI tool allowed you to easily create band-pass filters by specifying a few input parameters and generated very simple C code that was directly usable in C#.
Let me take a look as I'm certain I have the DSPlay tool in a pervious hard disk backup...
|
|
|
|