It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 12 years ago.
I want to create an encryption software , I want to know can hacker find a password for a encrypted file ?
The short answer is : If there's a reward that's worth it then someone with enough resources can crack it.
Do not create your own algorithm. I repeat do not create your own.
Use an existing library. Many many millions have gone into getting this has difficult to break as possible and unless you have a educational interest in learning how to create them I would strongly urge you to reconsider and use an off the shelf package.
Chances are any algo you come up will be easily broken as crackers have many advanced tools to hand.
I repeat do not create your own.
Please see this question for more info. What techniques do you use when writing your own cryptography methods?
Since you are using C#, probably yes. Anybody can look at a .NET app's source code through Reflector. Using that, one can reverse engineer your encryption algorithm.
If ever you are going to use other languages, lets say some which are not easy to decompile. Decent crackers can debug your program and look into how the encryption is done, through debugging. So, the answer is still Yes.
If you're gonna use C#, or any .NET language, obfuscate your code using an obfuscator.
Yes. He can:
guess it
see it written down somewhere
ask the user for it
discover it by analysing the behaviour of the algorithm
convince the user to change the password to one he knows
You need to design your software and the way it's used to make these as hard as possible. Not all of the above can be solved in software.
Erm... Well... What do you want to know? HOW a hacker can find a password or IF a hacker can find a password. Considering this, make yourself clear and rephrase your question.
First, check out what encryption actually means. There are a lot of possibilities to encrpyt a {file, string, data, whatever}. An important question is: when does your data become invalid? If it is of no use anymore after one week then you do not need a strong encryption, maybe you can write something from scratch. If it still must be encrypted (undecrypted, unhacked) after like two years, you should use an encryption technique like RSA which has its foundation in mathematics and thus has been proven to be unhackable in a time that could give a hacker an advantage by having access to your data.
My answer is based on these two facts: unless the cracker has access to a network of thousands of hosts or a quantum computer, RSA should do the trick.
Peace
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I have intellectual-property coded into .net 2.0 fully-trusted assemblies (.exe + DLLs) on an end-user machine, which I would like to protect from being hacked / reverse-engineered (WebService / Cloud-Computing solutions are not an option). Below is a list of techniques I gathered in order to reach this goal.
My questions are:
Are my assumptions correct, or am I doing something wrong in one or more of the techniques?
Will this list be sufficient in order to prevent a malicious attack, or are there other protections I should add?
Thanks in advance.
--
Suggested Techniques
Sign all assemblies with the same strong-name key.This has two benefits:
A. Make sure any modification to an assembly will render it useless,
B. All assemblies will have the same public key, by which they can identify each other.
Digitally sign the assemblies: Both let the users know that the executed code came from the correct source, and – add another identification component by which assemblies could identify each other.
Enforce the above by crawling up the call-stack and verifying that all callers are inside the “community”.Possible leads:
Hallgrim’s idea in this S.O. thread.
Daniel Brückner‘s addition in this S.O. thread.
This .Net Security Blog Post, which combines both solutions.
Use AOP (e.g. Spring.NET) to inject the call-stack crawling code into some/all methods.
This is mainly done because there’s no single entry point (like DllMain() for Win32 DLLs) in a .net assembly.
Obfuscate all assemblies in order to hamper reverse-engineering and reflection-execution attempts (strong name signing will be performed after obfuscation, of course).
Integrate a System.ComponentModel.LicenseProvider mechanism.
Make use of the “InternalsVisibleTo” assembly-level attribute in order to expose internals among a pre-defined set of assemblies.
Possibly use NGEN in order to convert the solution to native code.
Points to Consider
Implementing part or all of the above will most-likely introduce a performance penalty, so time-critical processing, for example, should be handled with care.
CAS seems to be irrelevant for this type of fully-trusted assemblies.
I'm afraid you won't get all the security you want. You see, this is a problem with these languages/platforms that use an itermediate language. It must be in a format that all of the runtimes implementations can consume and then produce the native code.
I've seen some blog posts about tampering signed assemblies. I haven't tried yet, but I think it works. Besides that, the obfuscation tools will just make it harder, but not impossible to extract code (altough there are some pretty good tools that make it very hard). And NGEN is not for that. You still have do distribute the original assemblies.
I think that the most efective and secure way of protect your code, is to move it to a technology that you can't decompile, for example, move your sensitive code to unmanaged C++ and use DLLImport on your C# code.
It doesn't mean that you shouldn't try to protect your code, but you should have in mind that you won't be 100% protected. If you can't afford to rewrite your sensitive code in another language, go with obfuscation and signing. You can't get much more secure than that.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I want to implement another debugger (language) for .NET (it's just for academic reason, so that it can implement just a part of a language). I myself like to implement NS2 (network Simlator 2) script for .NET in which anybody can write ns2 script and debug it with .NET
I read this article in stackoverflow and it is far from what I'm looking for.
Here is the requirement
have some predefined keywords (e.g: for, while, if ...)
check the correct form of the statements (e.g: for(start;end;counter){commands} ...)
diffferent colour for different types of statements
ability to add to any IDE (e.g: implementatin like add-in or as a dll or ...(I have no idea))
many other thing that is not necessary for now
How can I do this?
Update : I'm not sure that you got my point, take a look at this, it is very close to what I am looking for.
It will not be an easy task. However: The Dragon Book is probably a good place to start (assuming you've got sufficient computer science background for a compiler theory book to make much sense to you). Compiler Construction: Principles and Practice is also a good text.
You'll want to compile to CIL (common intermediary language). This handy wiki article outlines the CIL instruction set. Debugging your intermediate code against the CLR... well, that's where the StackOverflow article you've linked will come in handy =)
That'll cover your first two bullets (and consume a big chunk of your life).
The next two are different issues, but the easiest way to 'make it go' would probably be to define a syntax for an existing text editor, and set up a macro in the program to call your compiler. I'd recommend TextPad, though I'm sure opinions on a configurable general-purpose text editor will vary among the community ;)
Designing a full IDE with all of the features you've come to know and love in your environment could be quite a task ... or you could try to build an eclipse plugin. Personally (assuming you can design your language and learn something from it), I'd just stick with syntax highlighting in TextPad.
There is more and more interest in this area and in fact there is an active project by Microsoft Research that is looking at this on building a common infrastructure to build compiler (and debugger) for custom languages targetting .NET
http://cciast.codeplex.com/
I have used the infrastructure myself but not an expert in compiler technology. Hope this gives you a good starting point and you may find the discussion forum useful to share idea with like minded people.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I have a first job interview for a software engineer position but in the email they state that I will have to write out a program at the interview stage. Does everyone do this?
What kind of program might it be for a graduate?
The job is for a .NET developer, but I can use any language, so I will stick with C#. I'm actually S**Ting it; I have no clue what they are going to ask me to do.
Many companies will spend much of the interview time asking candidates to write actual code (usually on a whiteboard or piece of paper though sometimes on a real computer) as this is a great way to see if they will be successful in the job. Some things to keep in mind:
Talk out loud. Often interviewers care about your thought process and approach to the problem as much or more than they care about the actual code you write.
Ask questions. Interviewers will often intentionally make a problem ambiguous just to see if you'll notice and seek clarification. Ask things like: "Who is the audience?" "Should I include exception handling?" "Shall I optimize for performance or just make sure it works?"
Don't get flustered if you're struggling. Tell the interview what you're thinking and they'll often point you in the right direction. Partial credit counts.
Get a good night's sleep before your interview. Lots of whiteboard coding and related discussion can be surprisingly grueling.
Good interviewers will be able to extract what you've learned over the course of your lifetime, so don't worry too much about last minute study sessions. It's too late. That said, it's not a bad idea to brush up on basic language syntax and core data structures and algorithms.
Here are some sample problems you may want to practice writing out on paper:
Write a function to calculate the nth number in the Fibonacci sequence.
Write a function to sort 2 arrays of numbers (without using existing libraries).
Design a Deck class and a Card class and write a function to shuffle a deck of cards.
Design a Circle class and write a function to determine if 2 circles intersect.
Design a LinkedList class and write a function to reverse the elements in the list.
At least be able to do this FizzBuzz
By the time the interview is scheduled, there's probably not too much you can do in the order of preparation.
Just remember, they want to know about your problem solving process. Just try to think out loud as much as possible and if you truly don't know something just say so.
No matter what type of question they ask, just go with the flow and do your best on it. The last thing any interviewer wants to see is someone who gets flustered or upset due to a particular question. I'll be the first to admit that some of the questions asked in an interview may be lame and unnecessary, but you are trying to get a job from these people and you will just have to humor them.
When you have more time to study, you should probably start looking at Questions every good .NET developer should be able to answer.
We issue programming tests all the time. There are many reasons for doing this, over and above the obvious one of testing coding ability. We look for
a) Coding style
b) Ability to develop and implement algorithms
c) Ability to follow instructions
d) Ability to communicate what has been done
But by far and away the most valuable thing about a programming test is discussing with the candidate why they did what they did. In this discussion it becomes obvious rather quickly how much the candidate really understood the test and their own design and implementation. It also roots out plagiarism very quickly.
Usually software development jobs give simple tests. I've never once interviewed for a job that required any more than a simple implementation of a function.
Her'es a few simple tests I know of:
FizzBuzz: http://www.geekschool.org/programming/fizzbuzz/
For a job at MS, I was asked to write a function to reverse the words in a string.
At a different job, I was asked to write an implementation of the Join function in c++.
A friend of mine got this one for game development: Write a function to test simple rectangle collision
More than likely it's something simple like FizzBuzz, just meant to weed out the totally unqualified people.
If the company don't ask for you to write code in the interview, that's really, really bad. Go for another company.
The type of test depends. I've done test that i had to write small C code, with pointers or recursive functions.
But generally, they ask for a basic asp.net application (I'm also C# developer), like just one form, inserting and reading from the DB.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 12 years ago.
what is securest encryption algorithm for file encryption (ie : AES or sha1 , ... ) ,also does hackers able to find encrypted files password ?
The most secure encryption algorithm is not sending or using sensitive data (or data derived from that data) in the first place.
The most secure encryption algorithm is using a one-time pad generated using a perfect entropy source.
Edit (by Jerry -- really too long to fit in a comment): Yes, there are a few types of attacks to which (at least a typical implementation of) a one-time pad is vulnerable. One is the ability to change a message, even though you don't know what it was to start with.
Just for example, consider a system being used to transmit ballots where people have voted in a primary election. For simplicity, we'll assume a particular election has two candidates, so (before encryption) a zero bit means a vote for one candidate, and a one bit a vote for the other.
These ballots are then encrypted with a one-time pad, which means there's no way for me to figure out whether the original value was a 0 or a 1 -- but the attacker doesn't necessarily care. Flipping the bit changes the vote, regardless of its original value. Flipping the bits in all (or even many of) the ballots make the "winner" of the primary the weaker of the two candidates -- the one preferred by fewer of that party's voters.
In the final election, voters in that party are (somewhat) less likely to vote at all because they can't vote for the person they really favor. A few may even dislike the "winner" of the primary enough that they'll vote for the other party's candidate instead. In a close election, this could well be enough to let that other party's candidate win.
By Matti: Changing the message is entirely different from decryption, and there are other ways to combat that. For example, you could sign the message to prevent that. Of course we're still only talking about probabilities, but that's what cryptography is all about. You can decode a one-time pad message if you're extremely lucky, but extreme luck is usually not considered a factor.
At risk of feeding the troll, have a look at 128-bit AES encryption.
First of all: I do not know the answer to your question. However, if I were looking for this information, aswell as the obvious web searches, I would look at the algorithms offered by the popular, open-source encryption application TrueCrypt. You should be able to look up each one to find out their relatives strengths and weaknesses and apply this knowledge to the problem you are trying to solve.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 13 years ago.
Please can anyone one point me to a good tutorial that helps me to make my code fast and light.
I'm interested to know which Method is faster and when to use a method instead of other...
And how to evaluate if a code is good or bad?
My programming language is C#.
Hi all,
Thanks for your replies, they are very helpful.
I'm editing my question to be more specific specially that optimization is unlimited.
I want to know what is the best method in each condition.
For example using StringBuilder is better than string if i am appending lines to a string...
I only need this simple things.
Be aware of sub optimization.
Even though one specific function is faster than another replacing this isn't necessarily gonna make any difference in the runtime of your application. You need to understand which parts of your code that actually is a potential problem, and focus on optimizing these parts. Be aware of the O notation of your functions, and how often they are called. To identify parts that needs optimization a profiler can be of good help.
This question has some interesting points on why you shouldn't optimize until there is actually a need to do so.
Sure. Here's what we do:
Begin the journey by deciding when the journey is over. Set meaningful, customer-focussed, realistic performance goals. (For both speed and resource consumption.)
Carefully test your code frequently to see if you are meeting your performance targets.
If you are meeting your performance targets, don't worry about performance. Things are fine. Worry about bugs, or robustness, or features.
If you are not meeting your performance targets, run a profiler. Use it to identify what is the worst offending code. It only makes sense to fix the worst code; making something that is already incredibly fast and light slightly faster and lighter does not solve your performance problem.
Rewrite the slow code so that it's more performant. (This is the hard bit.) Make sure you test it to make sure it really is better.
If despite your best efforts you cannot make it good enough, either re-evaluate what your goals are, or cancel the project and spend your time on something that you can be successful at.
Keep iterating on that until you ship something.
Basically implement first, then test where to optimize.
If you are using Visual Studio Profissional you can use Analyze -> Launch Performance Wizard to analyze method performance. I am not sure about whether the other versions support this feature, however, there are also some commercial/free applications around ... look for profiler (see here for a list).
Type REALLY fast.
You should look at hidden features of c#, this post covers the most best practises in c# development
You can get a ton on advice of on this. But be aware of :
Premature optimization is root of all evil.
Aim first for correctness, next for clarity and only then performance.
As the old saying goes,
"No one cares how quickly you can calculate the wrong answer"
(on a practical level though, use a profiler)
If one method was always faster than another, they wouldn't bother including the slower one.
The only invariant when it comes to performance is that you need to profile. Everything follows from that.
If you get yourself a profiler, it will help you along, some will even give you great tips.
Example: ANTS Profiler
Usually you will find that reducing the number of times you create Strings to be the main performance boost you can get.
That and not messing with the Garbage Collector manually (unless you really really know what you're doing)
This link for Java design patterns is way too involved, don't get too put off by the word Java there, you can use what they teach for development in any language.
The thing is, if you want to know when to do what and what methods to use and so on, design patterns is what you are talking about.
I wish someone had pointed this to me earlier in my career.
In terms of general advice:
Try to use the fewest loops necessary
Move code out of loops where possible
Avoid copying things (like strings) in loops
Avoid creating objects in loops
Cache where warranted (generally small objects that take a lot of time to make), but make sure your cache has a good disposal policy or it turns into a memory leak
You can compile your program in native mode to improve the runtime performance.
One of the ways of figuring this out yourself is having a console app where you try running discrete pieces of code against each other and timing them. Like here.