Search Results

Search found 3339 results on 134 pages for 'hash collision'.

Page 71/134 | < Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78  | Next Page >

  • What does 'salt' refer to in string-to-key (s2k) specifier?

    - by WilliamKF
    What does 'salt' refer to in string-to-key (s2k) specifier? It appears to be a random number generator to shake things up, but I would like to know what 'salt' stands for? For example it is written: 3.6.1.2. Salted S2K This includes a "salt" value in the S2K specifier -- some arbitrary data -- that gets hashed along with the passphrase string, to help prevent dictionary attacks. Octet 0: 0x01 Octet 1: hash algorithm Octets 2-9: 8-octet salt value Salted S2K is exactly like Simple S2K, except that the input to the hash function(s) consists of the 8 octets of salt from the S2K specifier, followed by the passphrase. But salt is not defined, although its meaning seems clear.

    Read the article

  • Password reset by email without a database table

    - by jpatokal
    The normal flow for resetting a user's password by mail is this: Generate a random string and store it in a database table Email string to user User clicks on link containing string String is validated against database; if it matches, user's pw is reset However, maintaining a table and expiring old strings etc seems like a bit of an unnecessary hassle. Are there any obvious flaws in this alternative approach? Generate a MD5 hash of the user's existing password Email hash string to user User clicks on link containing string String is validated by hashing existing pw again; if it matches, user's pw is reset Note that the user's password is already stored in a hashed and salted form, and I'm just hashing it once more to get a unique but repeatable string. And yes, there is one obvious "flaw": the reset link thus generated will not expire until the user changes their password (clicks the link). I don't really see why this would be a problem though -- if the mailbox is compromised, the user is screwed anyway.

    Read the article

  • Best data-structure to use for two ended sorted list

    - by fmark
    I need a collection data-structure that can do the following: Be sorted Allow me to quickly pop values off the front and back of the list Remain sorted after I insert a new value Allow a user-specified comparison function, as I will be storing tuples and want to sort on a particular value Thread-safety is not required Optionally allow efficient haskey() lookups (I'm happy to maintain a separate hash-table for this though) My thoughts at this stage are that I need a priority queue and a hash table, although I don't know if I can quickly pop values off both ends of a priority queue. I'm interested in performance for a moderate number of items (I would estimate less than 200,000). Another possibility is simply maintaining an OrderedDictionary and doing an insertion sort it every-time I add more data to it. Furthermore, are there any particular implementations in Python. I would really like to avoid writing this code myself.

    Read the article

  • Send a "304 Not Modified" for images stored in the datastore

    - by Emilien
    I store user-uploaded images in the Google App Engine datastore as db.Blob, as proposed in the docs. I then serve those images on /images/<id>.jpg. The server always sends a 200 OK response, which means that the browser has to download the same image multiple time (== slower) and that the server has to send the same image multiple times (== more expensive). As most of those images will likely never change, I'd like to be able to send a 304 Not Modified response. I am thinking about calculating some kind of hash of the picture when the user uploads it, and then use this to know if the user already has this image (maybe send the hash as an Etag?) I have found this answer and this answer that explain the logic pretty well, but I have 2 questions: Is it possible to send an Etag in Google App Engine? Has anyone implemented such logic, and/or is there any code snippet available?

    Read the article

  • Implementing password hashing/salting algorithm from crackstation.net

    - by Mason240
    I am trying to implement a password hashing/salting algorithm from crackstation.net, but I am unsure how implement it. Storing the password upon user registration seems to be as simple as passing the password into create_hash(). $password = create_hash($_POST['Password']; I'm not following how to validate upon user login. validate_password($password, $good_hash) returns either true or false, and takes $password as parameter, so it seems like a no brainer except for the second parameter $good_hash. Where does this param come from? It is my understanding that password is turned into a hash value every time its used, and that the hash value is what is stored and compared. So why would I have both the $password and $good_hash values? Quick overview of the functions: function create_hash($password){ calls pbkdf2() } function validate_password($password, $good_hash){ calls pbkdf2() calls slow_equals() } function slow_equals($a, $b){ } function pbkdf2($algorithm, $password, $salt, $count, $key_length, $raw_output = false){ } Of course a different, better method for this would also be just as helpful. Thank you

    Read the article

  • frequency of objects in an array using Ruby

    - by eastafri
    If i had a list of balls each of which has a color property. how can i cleanly get the list of balls with the most frequent color. [m1,m2,m3,m4] say, m1.color = blue m2.color = blue m3.color = red m4.color = blue [m1,m2,m4] is the list of balls with the most frequent color My Approach is to do: [m1,m2,m3,m4].group_by{|ball| ball.color}.each do |samecolor| my_items = samecolor.count end where count is defined as class Array def count k =Hash.new(0) self.each{|x|k[x]+=1} k end end my_items will be a hash of frequencies foreach same color group. My implementation could be buggy and i feel there must be a better and more smarter way. any ideas please?

    Read the article

  • Why does Perl's shift complain 'Type of arg 1 to shift must be array (not grep iterator).'?

    - by wes
    I've got a data structure that is a hash that contains an array of hashes. I'd like to reach in there and pull out the first hash that matches a value I'm looking for. I tried this: my $result = shift grep {$_->{name} eq 'foo'} @{$hash_ref->{list}}; But that gives me this error: Type of arg 1 to shift must be array (not grep iterator). I've re-read the perldoc for grep and I think what I'm doing makes sense. grep returns a list, right? Is it in the wrong context? I'll use a temporary variable for now, but I'd like to figure out why this doesn't work.

    Read the article

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • How Do I Prevent Rails From Treating Edit Fields_For Differently From New Fields_For

    - by James
    I am using rails3 beta3 and couchdb via couchrest. I am not using active record. I want to add multiple "Sections" to a "Guide" and add and remove sections dynamically via a little javascript. I have looked at all the screencasts by Ryan Bates and they have helped immensely. The only difference is that I want to save all the sections as an array of sections instead of individual sections. Basically like this: "sections" => [{"title" => "Foo1", "content" => "Bar1"}, {"title" => "Foo2", "content" => "Bar2"}] So, basically I need the params hash to look like that when the form is submitted. When I create my form I am doing the following: <%= form_for @guide, :url => { :action => "create" } do |f| %> <%= render :partial => 'section', :collection => @guide.sections %> <%= f.submit "Save" %> <% end %> And my section partial looks like this: <%= fields_for "sections[]", section do |guide_section_form| %> <%= guide_section_form.text_field :section_title %> <%= guide_section_form.text_area :content, :rows => 3 %> <% end %> Ok, so when I create the guide with sections, it is working perfectly as I would like. The params hash is giving me a sections array just like I would want. The problem comes when I want edit guide/sections and save them again because rails is inserting the id of the guide in the id and name of each form field, which is screwing up the params hash on form submission. Just to be clear, here is the raw form output for a new resource: <input type="text" size="30" name="sections[][section_title]" id="sections__section_title"> <textarea rows="3" name="sections[][content]" id="sections__content" cols="40"></textarea> And here is what it looks like when editing an existing resource: <input type="text" value="Foo1" size="30" name="sections[cd2f2759895b5ae6cb7946def0b321f1][section_title]" id="sections_cd2f2759895b5ae6cb7946def0b321f1_section_title"> <textarea rows="3" name="sections[cd2f2759895b5ae6cb7946def0b321f1][content]" id="sections_cd2f2759895b5ae6cb7946def0b321f1_content" cols="40">Bar1</textarea> How do I force rails to always use the new resource behavior and not automatically add the id to the name and value. Do I have to create a custom form builder? Is there some other trick I can do to prevent rails from putting the id of the guide in there? I have tried a bunch of stuff and nothing is working. Thanks in advance!

    Read the article

  • How do you access URL text following the # sign through Java?

    - by cmcculloh
    Using Java (.jsp or whatever) is there a way where I can send a request for this page: http://www.mystore.com/store/shelf.jsp?category=mens#page=2 and have the Java code parse the URL and see the #page=2 and respond accordingly? Basically, I'm looking for the Java code that allows me to access the characters following the hash tag. The reason I'm doing this is that I want to load subsequent pages via AJAX (on my shelf) and then allow the user to copy and paste the URL and send it to a friend. Without the ability of Java being able to read the characters following the hash tag I'm uncertain as to how I would manipulate the URL with Javascript in a way that the server would be able to also read without causing the page to re-load. I'm having trouble even figuring out how to access/see the entire URL (http://www.mystore.com/store/shelf.jsp?category=mens#page=2) from within my Java code...

    Read the article

  • How can I dereference a hashref constant?

    - by makenai
    Let's say I have a hashref constant like the following: use constant DOGS => { Lassie => 'collie', Benji => 'mutt', Scooby => 'great dane', Goofy => '???' }; How can I dereference it properly to get say.. they keys out of it? warn ref DOGS; # HASH at untitled line 12. warn keys( %{DOGS} ); # Warning: something's wrong (empty list) warn keys( DOGS ); # Type of arg 1 to keys must be hash (not constant item) The following is the only way I can seem to make it work: my $dogs = DOGS; warn keys( %$dogs ); # LassieBenjiGoofyScooby at untitled line 15. What am I doing wrong?

    Read the article

  • How to dereference a hashref constant?

    - by makenai
    Let's say I have a hashref constant like the following: use constant DOGS => { Lassie => 'collie', Benji => 'mutt', Scooby => 'great dane', Goofy => '???' }; How can I dereference it properly to get say.. they keys out of it? warn ref DOGS; # HASH at untitled line 12. warn keys( %{DOGS} ); # Warning: something's wrong (empty list) warn keys( DOGS ); # Type of arg 1 to keys must be hash (not constant item) The following is the only way I can seem to make it work: my $dogs = DOGS; warn keys( %$dogs ); # LassieBenjiGoofyScooby at untitled line 15. What am I doing wrong?

    Read the article

  • node.js with SQL Server Native Client 11 scope_identity not being returned

    - by binderbound
    I'm having trouble with inserting a value into a database through node.js. Here is the offending code: sql.query(conn_str ,"INSERT INTO Login(email, hash, salt, firstName, lastName) VALUES(?, ?, ?, ?, ?); SELECT SCOPE_IDENTITY() AS 'Identity';" , [email, hash, salt, firstName, lastName], function(err, results){ console.log(results) } Unfortunately, the console is just echoing [], meaning results is an empty array, I suppose. Does anyone know why the identity is not being returned? Even if it was null, why isn't results then [{Identity: null }] ? Database is on Azure, which does have a "Scope_Identity" function, and the native client also recognises this function. Using node package "msnodesql" Please Help

    Read the article

  • problem with parsing string from excel file

    - by ohana
    hi, i have ruby code to parse data in excel file using Parseexcel gem. I need to save 2 columns in that file into a Hash, here is my code: worksheet.each { |row| if row != nil key = row.at(1).to_s.strip value = row.at(0).to_s.strip if !parts.has_key?(key) and key.length 0 parts[key] = value end end } however it still save duplicate keys into the hash: "020098-10". I checked the excel file at the specified row and found the difference are " 020098-10" and "020098-10". the first one has a leading space while the second doesn't. I dont' understand is it true that .strip function already remove all leading and trailing white space? also when i tried to print out key.length, it gave me these weird number: 020098-10 length 18 020098-10 length 17 which should be 9....

    Read the article

  • mongo_mapper custom data types for localization

    - by rick
    hi i have created a LocalizedString custom data type for storing / displaying translations using mongo_mapper. This works for one field but as soon as i introduce another field they get written over each and display only one value for both fields. The to_mongo and from_mongo seem to be not workings properly. Please can any one help with this ? her is the code : class LocalizedString attr_accessor :translations def self.from_mongo(value) puts self.inspect @translations ||= if value.is_a?(Hash) value elsif value.nil? {} else { I18n.locale.to_s => value } end @translations[I18n.locale.to_s] end def self.to_mongo(value) puts self.inspect if value.is_a?(Hash) @translations = value else @translations[I18n.locale.to_s] = value end @translations end end Thank alot Rick

    Read the article

  • Using md5_file(); doesn't return the md5 sometimes?

    - by Rob
    <?php include_once('booter/login/includes/db.php'); $query="SELECT * FROM shells"; $result=mysql_query($query); while($row=mysql_fetch_array($result, MYSQL_ASSOC)){ $hash = @md5_file($row['url']); echo $hash . "<br>"; } ?> The above is my code. Usually it works flawlessly on most urls, but every now and then it will just skip the md5 on a line, as if it doesn't retrieve it, even though the file is there. I can't figure out why. Any ideas?

    Read the article

  • How can I make the Rails 3 router localize URLs using localization files?

    - by edgerunner
    What I'd like to be able to do is: in config/routes.rb resources :posts in config/locale/en.yml en: resources: posts: "posts" new: "new" edit: "edit" in config/locale/tr.yml tr: resources: posts: "yazilar" new: "yeni" edit: "duzenle" and get I18n.locale = :en edit_post_path(3) #=> /posts/3/edit I18n.locale = :tr edit_post_path(3) #=> /yazilar/3/duzenle I'd also like Rails to match any of these routes anytime and pass the associated locale in the params hash such that when I navigate to /yazilar , the request should be routed to the posts#index action with the :tr locale in the params hash. Any simple or complex way of doing that?

    Read the article

  • authentication of webapps when passwords are hashed with bcrypt

    - by dubreakkk
    I created a GWT project which requires authentication. Initially, the users' passwords were in plain text, but now I would like to hash them with BCrypt. I searched but I cannot find a place describing how to make Jetty authenticate against a BCrypt hashed password. I'm sending the password to the server using a FORM in plain text and over SSL. What do I need to do to make Jetty hash this password and compare it to the one in the database? Thank you;

    Read the article

  • Apache basic auth, mod_authn_dbd and password salt

    - by Cristian Vrabie
    Using Apache mod_auth_basic and mod_authn_dbd you can authenticate a user by looking up that user's password in the database. I see that working if the password is held in clear, but what if we use a random string as a salt (also stored in the database) then store the hash of the concatenation? mod_authn_dbd requires you to specify a query to select that password not to decide if the user is authenticated of not. So you cannot use that query to concatenate the user provided password with the salt then compare with the stored hash. AuthDBDUserRealmQuery "SELECT password FROM authn WHERE user = %s AND realm = %s" Is there a way to make this work?

    Read the article

  • How does Sentry aggregate errors?

    - by Hugo Rodger-Brown
    I am using Sentry (in a django project), and I'd like to know how I can get the errors to aggregate properly. I am logging certain user actions as errors, so there is no underlying system exception, and am using the culprit attribute to set a friendly error name. The message is templated, and contains a common message ("User 'x' was unable to perform action because 'y'"), but is never exactly the same (different users, different conditions). Sentry clearly uses some set of attributes under the hood to determine whether to aggregate errors as the same exception, but despite having looked through the code, I can't work out how. Can anyone short-cut my having to dig further into the code and tell me what properties I need to set in order to manage aggregation as I would like? [UPDATE 1: event grouping] This line appears in sentry.models.Group: class Group(MessageBase): """ Aggregated message which summarizes a set of Events. """ ... class Meta: unique_together = (('project', 'logger', 'culprit', 'checksum'),) ... Which makes sense - project, logger and culprit I am setting at the moment - the problem is checksum. I will investigate further, however 'checksum' suggests that binary equivalence, which is never going to work - it must be possible to group instances of the same exception, with differenct attributes? [UPDATE 2: event checksums] The event checksum comes from the sentry.manager.get_checksum_from_event method: def get_checksum_from_event(event): for interface in event.interfaces.itervalues(): result = interface.get_hash() if result: hash = hashlib.md5() for r in result: hash.update(to_string(r)) return hash.hexdigest() return hashlib.md5(to_string(event.message)).hexdigest() Next stop - where do the event interfaces come from? [UPDATE 3: event interfaces] I have worked out that interfaces refer to the standard mechanism for describing data passed into sentry events, and that I am using the standard sentry.interfaces.Message and sentry.interfaces.User interfaces. Both of these will contain different data depending on the exception instance - and so a checksum will never match. Is there any way that I can exclude these from the checksum calculation? (Or at least the User interface value, as that has to be different - the Message interface value I could standardise.) [UPDATE 4: solution] Here are the two get_hash functions for the Message and User interfaces respectively: # sentry.interfaces.Message def get_hash(self): return [self.message] # sentry.interfaces.User def get_hash(self): return [] Looking at these two, only the Message.get_hash interface will return a value that is picked up by the get_checksum_for_event method, and so this is the one that will be returned (hashed etc.) The net effect of this is that the the checksum is evaluated on the message alone - which in theory means that I can standardise the message and keep the user definition unique. I've answered my own question here, but hopefully my investigation is of use to others having the same problem. (As an aside, I've also submitted a pull request against the Sentry documentation as part of this ;-)) (Note to anyone using / extending Sentry with custom interfaces - if you want to avoid your interface being use to group exceptions, return an empty list.)

    Read the article

  • Django. default=datetime.now() problem

    - by Shamanu4
    Hello. I've such db model: from datetime import datetime class TermPayment(models.Model): dev_session = models.ForeignKey(DeviceSession, related_name='payments') user_session = models.ForeignKey(UserSession, related_name='payment') date = models.DateTimeField(default=datetime.now(),blank=True) sum = models.FloatField(default=0) cnt = models.IntegerField(default=0) class Meta: db_table = 'term_payments' ordering = ['-date'] and here new instance is added: # ... tp = TermPayment() tp.dev_session = self.conn.session # device session hash tp.user_session = self.session # user session hash tp.sum = sum tp.cnt = cnt tp.save() But i've a problem: all records in database have the same value in date field - the date of the first payment. After server restart - one record have new date and others have the same as first after restart. It's look like some data cache is using but I can't found where. database: mysql 5.1.25 django v1.1.1

    Read the article

  • Is MD5 really that bad?

    - by Col. Shrapnel
    Everyone says that MD5 is "broken". Though I have never seen a code that can show it's weakness. So, I hope someone of local experts can prove it with simple test. I have an MD5 hash c1e877411f5cb44d10ece283a37e1668 And a simple code to produce it $salt="#bh35^&Res%"; $pass="***"; echo $hash=md5($salt.$pass); So, the question is: 1. Is MD% really that bad? 2. If so, what's the pass behind the asterisks?

    Read the article

  • rails data aggregation

    - by ash34
    Hi, I have to create a hash of the form h[:bill] = ["Billy", "NA", 20, "PROJ_A"] by login where 20 is the cumulative number of hours reported by the login for all task transactions returned by the query where each login has multiple reported transactions. Did I do this in a bad way or this seems alright. h = Hash.new Task.find_each(:include => [:user], :joins => :user, :conditions => ["from_date >= ? AND from_date <= ? AND category = ?", Date.today - 30, Date.today + 30, 'PROJ1']) do |t| h[t.login.intern] = [t.user.name, 'NA', h[t.login.intern].nil? ? (t.hrs_per_day * t.num_days) : h[t.login.intern][2] + (t.hrs_day * t.workdays), t.category] end Also if I have to aggregate this data not just by login but login and category how do I accomplish this? thanks, ash

    Read the article

  • How to use SQL - INSERT...ON DUPLICATE KEY UPDATE?

    - by Probocop
    Hi, I have a script which captures tweets and puts them into a database. I will be running the script on a cronjob and then displaying the tweets on my site from the database to prevent hitting the limit on the twitter API. So I don't want to have duplicate tweets in my database, I understand I can use 'INSERT...ON DUPLICATE KEY UPDATE' to achieve this, but I don't quite understand how to use it. My database structure is as follows. Table - Hash id (auto_increment) tweet user user_url And currently my SQL to insert is as follows: $tweet = $clean_content[0]; $user_url = $clean_uri[0]; $user = $clean_name[0]; $query='INSERT INTO hash (tweet, user, user_url) VALUES ("'.$tweet.'", "'.$user.'", "'.$user_url.'")'; mysql_query($query); How would I correctly use 'INSERT...ON DUPLICATE KEY UPDATE' to insert only if it doesn't exist, and update if it does? Thanks

    Read the article

  • create a dataset by using modulo division method

    - by ayoom
    create a dataset with 101 integers. Use the modulo division method of hashing to store the random data values into hash tables with table sizes of 7, 51, and 151. Use the linear probing and quadratic method of collision resolution. Print out the tables after the data values have been stored. Search for 10 different values in each of the three hash tables, counting the number of comparisons necessary. Print out the number of comparisons necessary in each case, in tabular form.

    Read the article

< Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78  | Next Page >