fcn time generated hash crc32: 0.03163 798740135 md5: 0.0731 0dbab6d0c841278d33be207f14eeab8b sha1: 0.07331 417a9e5c9ac7c52e32727cfd25da99eca9339a80 xor: 0.65218 119 xor2: 0.29301 134217728 add: 0.57841 1105 And the code used to generate this is: $loops = 100000; $str = “ana are mere”; echo “<pre>”; $tss = microtime(true); for($i=0; $i<$loops; $i++){ $x = crc32($str); } $tse = microtime(true); echo “\ncrc32: … Read more
The standard Oracle JDK 7 implementation uses what’s called a Linear Congruential Generator to produce random values in java.util.Random. Taken from java.util.Random source code (JDK 7u2), from a comment on the method protected int next(int bits), which is the one that generates the random values: This is a linear congruential pseudorandom number generator, as defined … Read more
Security warning: rand() is not a cryptographically secure pseudorandom number generator. Look elsewhere for generating a cryptographically secure pseudorandom string in PHP. Try this (use strlen instead of count, because count on a string is always 1): function randomPassword() { $alphabet=”abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890″; $pass = array(); //remember to declare $pass as an array $alphaLength = strlen($alphabet) – … Read more
It is used for making hashes. Look: >grep -Inr SECRET_KEY * conf/global_settings.py:255:SECRET_KEY = ” conf/project_template/settings.py:61:SECRET_KEY = ” contrib/auth/tokens.py:54: hash = sha_constructor(settings.SECRET_KEY + unicode(user.id) + contrib/comments/forms.py:86: info = (content_type, object_pk, timestamp, settings.SECRET_KEY) contrib/formtools/utils.py:15: order, pickles the result with the SECRET_KEY setting, then takes an md5 contrib/formtools/utils.py:32: data.append(settings.SECRET_KEY) contrib/messages/storage/cookie.py:112: SECRET_KEY, modified to make it unique for the … Read more
Even without the for(;;); how would the attacker get the data? Attacks are based on altering the behaviour of the built-in types, in particular Object and Array, by altering their constructor function or its prototype. Then when the targeted JSON uses a {…} or […] construct, they’ll be the attacker’s own versions of those objects, … Read more
It should suffice to say whether bcrypt or SHA-512 (in the context of an appropriate algorithm like PBKDF2) is good enough. And the answer is yes, either algorithm is secure enough that a breach will occur through an implementation flaw, not cryptanalysis. If you insist on knowing which is “better”, SHA-512 has had in-depth reviews … Read more
Windows uses .cer extension for an X.509 certificate. These can be in “binary” (ASN.1 DER), or it can be encoded with Base-64 and have a header and footer applied (PEM); Windows will recognize either. To verify the integrity of a certificate, you have to check its signature using the issuer’s public key… which is, in … Read more
The simplest solution is to completely disable security – change true to false in /var/lib/jenkins/config.xml file. <useSecurity>true</useSecurity> A one-liner to achieve the same: sed -i ‘s/<useSecurity>true<\/useSecurity>/<useSecurity>false<\/useSecurity>/g’ /var/lib/jenkins/config.xml Then just restart Jenkins: sudo service jenkins restart And then go to admin panel and set everything once again. If you in case are running your Jenkins inside … Read more
Another option is to consider looking at the JSch library. JSch seems to be the preferred library for a few large open source projects, including Eclipse, Ant and Apache Commons HttpClient, amongst others. It supports both user/pass and certificate-based logins nicely, as well as all a whole host of other yummy SSH2 features. Here’s a … Read more
There are actually very practical uses of SecureString. Do you know how many times I’ve seen such scenarios? (the answer is: many!): A password appears in a log file accidentally. A password is being shown at somewhere – once a GUI did show a command line of application that was being run, and the command … Read more