Search Results

Search found 72103 results on 2885 pages for 'file storage'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 139/2885 | < Previous Page | 135 136 137 138 139 140 141 142 143 144 145 146  | Next Page >

  • Is SHA-1 secure for password storage?

    - by Tgr
    Some people throw around remarks like "SHA-1 is broken" a lot, so I'm trying to understand what exactly that means. Let's assume I have a database of SHA-1 password hashes, and an attacker whith a state of the art SHA-1 breaking algorithm and a botnet with 100,000 machines gets access to it. (Having control over 100k home computers would mean they can do about 10^15 operations per second.) How much time would they need to find out the password of any one user? find out the password of a given user? find out the password of all users? find a way to log in as one of the users? find a way to log in as a specific user? How does that change if the passwords are salted? Does the method of salting (prefix, postfix, both, or something more complicated like xor-ing) matter? Here is my current understanding, after some googling. Please correct in the answers if I misunderstood something. If there is no salt, a rainbow attack will immediately find all passwords (except extremely long ones). If there is a sufficiently long random salt, the most effective way to find out the passwords is a brute force or dictionary attack. Neither collision nor preimage attacks are any help in finding out the actual password, so cryptographic attacks against SHA-1 are no help here. It doesn't even matter much what algorithm is used - one could even use MD5 or MD4 and the passwords would be just as safe (there is a slight difference because computing a SHA-1 hash is slower). To evaluate how safe "just as safe" is, let's assume that a single sha1 run takes 1000 operations and passwords contain uppercase, lowercase and digits (that is, 60 characters). That means the attacker can test 1015*60*60*24 / 1000 ~= 1017 potential password a day. For a brute force attack, that would mean testing all passwords up to 9 characters in 3 hours, up to 10 characters in a week, up to 11 characters in a year. (It takes 60 times as much for every additional character.) A dictionary attack is much, much faster (even an attacker with a single computer could pull it off in hours), but only finds weak passwords. To log in as a user, the attacker does not need to find out the exact password; it is enough to find a string that results in the same hash. This is called a first preimage attack. As far as I could find, there are no preimage attacks against SHA-1. (A bruteforce attack would take 2160 operations, which means our theoretical attacker would need 1030 years to pull it off. Limits of theoretical possibility are around 260 operations, at which the attack would take a few years.) There are preimage attacks against reduced versions of SHA-1 with negligible effect (for the reduced SHA-1 which uses 44 steps instead of 80, attack time is down from 2160 operations to 2157). There are collision attacks against SHA-1 which are well within theoretical possibility (the best I found brings the time down from 280 to 252), but those are useless against password hashes, even without salting. In short, storing passwords with SHA-1 seems perfectly safe. Did I miss something?

    Read the article

  • SHAREPOINT: Custom Field type property storage defined for custom field

    - by Eric Rockenbach
    ok here is a great question. I have a set of generic custom fields that are highly configurable from an end user perspective and the configuration is getting overbearing as there are nearly 100 plus items each custom field allows you to perform in the areas of Server/Client Validation, Server/Client Events/Actions, Server/Client Bindings parent/child, display properties for form/control, etc, etc. Right now I'm storing most of these values as "Text" in my field xml for my propertyschema. I'm very familiar with the multi column value, but this is not a complex custom type in sense it's an array. I also considered creating serilzable objects and stuffing them into the text field and then pulling out and de-serilizing them when editing through the field editor or acting on the rules through the custom spfield. So I'm trying to take the following for example <PropertySchema> <Fields> <Field Name="EntityColumnName" Hidden="TRUE" DisplayName="EntityColumnName" MaxLength="500" DisplaySize="200" Type="Text"> <default></default> </Field> <Field Name="EntityColumnParentPK" Hidden="TRUE" DisplayName="EntityColumnParentPK" MaxLength="500" DisplaySize="200" Type="Text"> <default></default> </Field> <Field Name="EntityColumnValueName" Hidden="TRUE" DisplayName="EntityColumnValueName" MaxLength="500" DisplaySize="200" Type="Text"> <default></default> </Field> <Field Name="EntityListName" Hidden="TRUE" DisplayName="EntityListName" MaxLength="500" DisplaySize="200" Type="Text"> <default></default> </Field> <Field Name="EntitySiteUrl" Hidden="TRUE" DisplayName="EntitySiteUrl" MaxLength="500" DisplaySize="200" Type="Text"> <default></default> </Field> </Fields> <PropertySchema> And turn it into this... <PropertySchema> <Fields> <Field Name="ServerValidationRules" Hidden="TRUE" DisplayName="ServerValidationRules" Type="ServerValidationRulesType"> <default></default> </Field> </Fields> <PropertySchema> Ideas?????

    Read the article

  • Anyone using NoSQL databases for medical record storage?

    - by Brian Bay
    Electronic Medical records are composed of different types of data. Visit information ( date/location/insurance info) seems to lend itself to a RDMS. Other types of medical infomation, such as lab reports, x-rays, photos, and electronic signatures, are document based and would seem to be a good candidate for a 'document-oriented' database, such as MongoDB. Traditionally, binary data would be stored as a BLOB in a RDBMS. A hybrid approach using a traditional RDBMS along with a 'document-oriented' database would seem like good alternative to this. Other alternative would be something like DB2 purexml. The ultimate answer could be that 'it depends', but I really just wanted to get some general feedback/ideas on this. Is anyone using the NoSql approach for medical records?

    Read the article

  • How do I design the file storage issue?

    - by user102533
    I am working on an application that creates video files and stores them in a folder in the C:\ drive. I speculate that there will be a large number of these files in the future and we would run out of disk space at some point of time (on our VPS). When the time comes that we have to upgrade, we either plan to use one of the Cloud providers to store files or our existing provider can add another disk (say D:\ drive). Either way, I would want to design the app now in a way that in future, moving to different locations would not be an issue and would be transparent to the end user. The code that creates these files supports 2 ways: myObj.SetOutputToDisk(<path to store>); or myObj.SetOutputToMemoryStream(ms); If we go with the Cloud architecture, I assume we might have the following combination: Cloud Files + Existing VPS or Cloud Files + Cloud Windows Server Given the unknowns at this time, how would I go about designing this?

    Read the article

  • Problems in Linux Mint 13 MATE with NTFS partitions

    - by usr
    I'm using Linux Mint 13 MATE (32 bit). With Caja file manager (based on Nautilus 2.x) I can create, modify and remove folders and files on NTFS partitions whitout problems. But, for example, when I have a compressed file (.zip, .7z, ...) in a NTFS partition I can't extract it (with File-Roller, Peazip, ...). But I can extract the same file in a ext4 partition perfectly. What might the problem be? Are there (maybe) file permissions for each application?

    Read the article

  • How can I transfer a file via XMPP using Python?

    - by Enchantner
    I'm using xmpppy library for my jabber remote administration bot, but I can't find how to send/receive a file and save it inside the directory specified. The documentation is poor and there isn't any examples, but I really want to make it. Can anyone show some examples or some links about it? Or maybe I should use an alternative xmpp bindings?

    Read the article

  • What is the best way to format a date in JSON for Mongo DB storage

    - by Poul
    I have a date with a time. I'm using ruby, but the language shouldn't matter. d = "2010-04-01 13:00:00" What is the best way to format this date for Mongo DB? By 'best' I mean, is there a certain format I could use where Mongo would recognize it as a date and might give me more-advanced filtering optons? ie: If formatted correctly, could I ask Mongo to return all records whose month is '04'? Thanks!

    Read the article

  • Create PHP DOM xml file and create a save file link/prompt without writing the file to the server wh

    - by Reed Richards
    I've created a PHP DOM xml piece and saved it to a string like this: <?php // create a new XML document $doc = new DomDocument('1.0'); ... ... ... $xmldata = $doc->saveXML(); ?> Now I can't use the headers to send a file download prompt and I can't write the file to the server, or rather I don't want the file laying around on it. Something like a save this file link or a download prompt would be good. How do I do it?

    Read the article

  • Do any clouds support SSD storage?

    - by taw
    I'm using Amazon cloud right now, and the biggest performance issue is horrible I/O performance. As long as something fits RAM it's fine - once it's too big it gets ridiculously slow (in many different scenarios). There are only so many ways one can avoid hitting disk - so the question is - does Amazon or some other cloud provide SSD option?

    Read the article

  • Convert a Delphi example using TDatabase and local paradox table to server storage

    - by Brian Frost
    I am looking at the Developer Express Quantum Grid example 'IssueList' which is a useful bug reporting and tracking application that's almost ready to go out of the box. It uses a TDatabase component with several paradox (.db) tables. Is it simple to rejig the TDatabase settings to use a database on a shared machine so that several of us can access it together across the network? If so, what would be the steps needed please?

    Read the article

  • Storage of events in Calendar application in Android 2.1

    - by Navin
    Does the calendar application in Android maintain a cache of its database? Whenever I edit and mark some events via the calendar app, it is stored in the database but if I edit the calendar.db from some outside source the changes made are not reflected in the calendar app. So my question is: Does the calendar app maintain a cache or some other form of database? If yes then where and how?

    Read the article

  • C++: ifstream::getline problem

    - by Jay
    I am reading a file like this: char string[256]; std::ifstream file( "file.txt" ); // open the level file. if ( ! file ) // check if the file loaded fine. { // error } while ( file.getline( string, 256, ' ' ) ) { // handle input } Just for testing purposes, my file is just one line, with a space at the end: 12345 My code first reads the 12345 successfully. But then instead of the loop ending, it reads another string, which seems to be a return/newline. I have saved my file both in gedit and in nano. And I have also outputted it with the Linux cat command, and there is no return on the end. So the file should be fine. Why is my code reading a return/newline? Thanks.

    Read the article

  • Mysql Text Storage?

    - by mii
    I was wondering if you where to have an article or articles with huge amounts of text, what would be better when creating the database structure for the articles text? And why? What will be the advantages or disadvantages if any?. I was thinking of using one of the data types below to hold the articles text for the MySQL database. VARCHAR TEXT MEDIUMTEXT LONGTEXT

    Read the article

  • Confused with the Isolated Storage with Multiple Assemblies Access

    - by Peter Lee
    I googled and searched a lot, but I got no luck. I have a WindowsFormsApplication.exe and ConsoleApplication.exe. I want both of them to access to the same IsolatedStorage, is it possible? I tried using this in ConsoleApplication.exe: IsolatedStorageFile isoStore = IsolatedStorageFile.GetMachineStoreForApplication(); but I got: IsolatedStorageException: Unable to determine application identity of the caller. How can I fix this? Or can I use this way? P.S.: This is NOT a ClickOnce app.

    Read the article

  • Storing uploaded content on a website

    - by Matt
    For the past 5 years, my typical solution for storing uploaded files (images, videos, documents, etc) was to throw everything into an "upload" folder and give it a unique name. I'm looking to refine my methods for storing uploaded content and I'm just wondering what other methods are used / preferred. I've considered storing each item in their own folder (folder name is the Id in the db) so I can preserve the uploaded file name. I've also considered uploading all media to a locked folder, then using a file handler, which you pass the Id of the file you want to download in the querystring, it would then read the file and send the bytes to the user. This is handy for checking access, and restricting bandwidth for users.

    Read the article

  • PHP MINISERVER DOWNLOAD RESUME-ERROR! Resource id # 4

    - by snikolov
    $httpsock = @socket_create_listen("9090"); if (!$httpsock) { print "Socket creation failed!\n"; exit; } while (1) { $client = socket_accept($httpsock); $input = trim(socket_read ($client, 4096)); $input = explode(" ", $input); $range = $input[12]; $input = $input[1]; $fileinfo = pathinfo($input); switch ($fileinfo['extension']) { default: $mime = "text/html"; } if ($input == "/") { $input = "index.html"; } $input = ".$input"; if (file_exists($input) && is_readable($input)) { echo "Serving $input\n"; $contents = file_get_contents($input); $output = "HTTP/1.0 200 OK\r\nServer: APatchyServer\r\nConnection: close\r\nContent-Type: $mime\r\n\r\n$contents"; } else { //$contents = "The file you requested doesn't exist. Sorry!"; //$output = "HTTP/1.0 404 OBJECT NOT FOUND\r\nServer: BabyHTTP\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n$contents"; if(isset($range)) { list($a, $range) = explode("=",$range); str_replace($range, "-", $range); $size2 = $size-1; $new_length = $size-$range; $output = "HTTP/1.1 206 Partial Content\r\n"; $output .= "Content-Length: $new_length\r\n"; $output .= "Content-Range: bytes $range$size2/$size\r\n"; } else { $size2=$size-1; $output .= "Content-Length: $new_length\r\n"; } $chunksize = 1*(1024*1024); $bytes_send = 0; $file = "a.mp3"; $filesize = filesize($file); if ($file = fopen($file, 'r')) { if(isset($range)) $output = 'HTTP/1.0 200 OK\r\n'; $output .= "Content-type: application/octet-stream\r\n"; $output .= "Content-Length: $filesize\r\n"; $output .= 'Content-Disposition: attachment; filename="'.$file.'"\r\n'; $output .= "Accept-Ranges: bytes\r\n"; $output .= "Cache-Control: private\n\n"; fseek($file, $range); $download_rate = 1000; while(!feof($file) and (connection_status()==0)) { $var_stat = fread($file, round($download_rate *1024)); $output .= $var_stat;//echo($buffer); // is also possible flush(); sleep(1);//// decrease download speed } fclose($file); } /** $filename = "dada"; $file = fopen($filename, 'r'); $filesize = filesize($filename); $buffer = fread($file, $filesize); $send = array("Output"=$buffer,"filesize"=$filesize,"filename"=$filename); $file = $send['filename']; */ //@ob_end_clean(); // $output .= "Content-Transfer-Encoding: binary"; //$output .= "Connection: Keep-Alive\r\n"; } socket_write($client, $output); socket_close ($client); } socket_close ($httpsock); hey guys i have create a miniwebserver downloader it can download files from your server, however i am unable to resume my download when i download the file i get Resource id # 4 and also i cant resume the download,i would like to know how i can monitor record the client output how much bandwidth he has downloaded perl has something like this put its hardcore if possible kindly provide me with some pointers thank you :)

    Read the article

  • Password hashing, salt and storage of hashed values

    - by Jonathan Leffler
    Suppose you were at liberty to decide how hashed passwords were to be stored in a DBMS. Are there obvious weaknesses in a scheme like this one? To create the hash value stored in the DBMS, take: A value that is unique to the DBMS server instance as part of the salt, And the username as a second part of the salt, And create the concatenation of the salt with the actual password, And hash the whole string using the SHA-256 algorithm, And store the result in the DBMS. This would mean that anyone wanting to come up with a collision should have to do the work separately for each user name and each DBMS server instance separately. I'd plan to keep the actual hash mechanism somewhat flexible to allow for the use of the new NIST standard hash algorithm (SHA-3) that is still being worked on. The 'value that is unique to the DBMS server instance' need not be secret - though it wouldn't be divulged casually. The intention is to ensure that if someone uses the same password in different DBMS server instances, the recorded hashes would be different. Likewise, the user name would not be secret - just the password proper. Would there be any advantage to having the password first and the user name and 'unique value' second, or any other permutation of the three sources of data? Or what about interleaving the strings? Do I need to add (and record) a random salt value (per password) as well as the information above? (Advantage: the user can re-use a password and still, probably, get a different hash recorded in the database. Disadvantage: the salt has to be recorded. I suspect the advantage considerably outweighs the disadvantage.) There are quite a lot of related SO questions - this list is unlikely to be comprehensive: Encrypting/Hashing plain text passwords in database Secure hash and salt for PHP passwords The necessity of hiding the salt for a hash Clients-side MD5 hash with time salt Simple password encryption Salt generation and Open Source software I think that the answers to these questions support my algorithm (though if you simply use a random salt, then the 'unique value per server' and username components are less important).

    Read the article

  • MySQL: Storage of multiple text fields for a record

    - by Tom
    An inexperienced question: I need to store about 10 unknown-length text fields per record into a MySQL table. I expect no more than 50K rows in total for this table but speed is important. The database actions will be solely SELECTs for all practical purposes. I'm using InnoDB. In other words: id | text1 | text2 | text3 | .... | text10 As I understand that MySQL will store the text elsewhere and use its own indicators on the table itself, I'm wondering whether there's any fundamental performance implications that I should be worrying about given the way the data is stored? (i.e. several "sub-fetches" from the table). Thank you.

    Read the article

  • Storage location of yellow-blue shield icon

    - by gencha
    Where, in Windows, is this icon stored? I need to use it in a TaskDialog emulation for XP and am having a hard time tracking it down. It's not in shell32.dll, explorer.exe, ieframe.dll or wmploc.dll (as these contain a lot of icons commonly used in Windows).

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 135 136 137 138 139 140 141 142 143 144 145 146  | Next Page >