It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 12 years ago.
what is securest encryption algorithm for file encryption (ie : AES or sha1 , ... ) ,also does hackers able to find encrypted files password ?
The most secure encryption algorithm is not sending or using sensitive data (or data derived from that data) in the first place.
The most secure encryption algorithm is using a one-time pad generated using a perfect entropy source.
Edit (by Jerry -- really too long to fit in a comment): Yes, there are a few types of attacks to which (at least a typical implementation of) a one-time pad is vulnerable. One is the ability to change a message, even though you don't know what it was to start with.
Just for example, consider a system being used to transmit ballots where people have voted in a primary election. For simplicity, we'll assume a particular election has two candidates, so (before encryption) a zero bit means a vote for one candidate, and a one bit a vote for the other.
These ballots are then encrypted with a one-time pad, which means there's no way for me to figure out whether the original value was a 0 or a 1 -- but the attacker doesn't necessarily care. Flipping the bit changes the vote, regardless of its original value. Flipping the bits in all (or even many of) the ballots make the "winner" of the primary the weaker of the two candidates -- the one preferred by fewer of that party's voters.
In the final election, voters in that party are (somewhat) less likely to vote at all because they can't vote for the person they really favor. A few may even dislike the "winner" of the primary enough that they'll vote for the other party's candidate instead. In a close election, this could well be enough to let that other party's candidate win.
By Matti: Changing the message is entirely different from decryption, and there are other ways to combat that. For example, you could sign the message to prevent that. Of course we're still only talking about probabilities, but that's what cryptography is all about. You can decode a one-time pad message if you're extremely lucky, but extreme luck is usually not considered a factor.
At risk of feeding the troll, have a look at 128-bit AES encryption.
First of all: I do not know the answer to your question. However, if I were looking for this information, aswell as the obvious web searches, I would look at the algorithms offered by the popular, open-source encryption application TrueCrypt. You should be able to look up each one to find out their relatives strengths and weaknesses and apply this knowledge to the problem you are trying to solve.
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I want to create a setup project that in setup time requires serial number to perform installing action and any serial-key can use only in one computer. So, i want all to give me an idea about how to design my setup project ? What things are required to design it ?
Firstly you'll need to come up with an algorithm to generate the keys.
You'll need to decide how to issue the keys. If it's a download only title you could generate the key at the time of purchase.
Once you have a valid key generated you can do one of two things.. Create a key validation algorith, or store the issued keys. Both have their ups and downs.
Upon the user trying to activate the software you'll have to create a machine key of some type. It's up to you what information you base it on but a lot of people would use the computer name, may be store the ip address it's activated from, and some other information that to your requirements fits the bill of the same pc reactivating the software. You can here again generate a unique key based off of this information, sometimes called the activation key.
You'll want the user to be able to reactive the software on the same PC, and most likely a way for them to deactivate it (so should they buy a new computer they can carry the license forward, this is up to you again.)
This is the basics of activating software to a PC. You can integrate this into some setup projects, however there are a lot to choose from and I'd suggest picking one out and seeing what capabilities it already has. Some installers support software activation or at least have a way to add that feature so you may be better off going that route.
Pedro's answer above is also a good start.
If you have custom methods for validating keys then you could create a separate project to handle your own logic and include it in the Setup Project's Custom Actions.
If you are going to leave the capturing of the data to the Setup Project itself you can look here and here. Also, if you're going to have a license agreement you can check this other SO question.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I was just trying to post something to a website via my localhost to retrieve some data, and suddenly, this idea came to my mind: What happens if I create a post, put it into a for loop that runs over 1 million times, and send requests to a specific url for a million time? I just did not want to try to avoid any harm, but I wonder. And if this could cause some harm, how can I avoid such an attack?
this kind of things actually happen a lot. some are intentional and some are not. take for example: http://en.wikipedia.org/wiki/Slashdot_effect
other times, this is intentional, and its called a DoS (Denial Of Service). a lot of websites are taken down with these attacks, and not always involve an actual connection. it may suffice to saturate the listen backlog of the underlying os.
how to avoid it.. you cant, basically. you can make the best effort at it, but you will never be able to actually avoid it. after all, your website is there to be accessed, right?
You could add a rule in your firewall to block a specific IP address if that were to happen. If it is a sophisticated denial of service, I'm sure the IP address is spoofed and will be random. But for normal web sites, you won't need to worry about this.
Well, the server will get progressively bogged down until it figures out how to handle all 1,000,000 of those requests. Odds are, unless you have legendary hardware, it will become unresponsive and next to useless, creating a great disruption to everyone wanting to access it. This is called a Denial Of Service attack, or a DOS.
There's a few things you can do to prevent this:
Require users to verify that they are human before the server will process their request. This is usually done with Captchas.
Use an intelligent firewall to drop the packets or figure out how to have the server ignore requests from IP addresses that have been sending too many.
Make sure everybody loves your site so much that they wouldn't even think of doing anything to hurt it.
1 is probably most effective and simplest to do, and 3 is impossible. I can't offer a lot of advice about 2 due to lack of experience, and its probably fairly difficult and easy enough to exploit.
Short Story: Go with a Captcha. ;)
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
This isn't a complicated question. I was just thinking through best practice and thought the community might be able to help.
SOLUTION
Have one file that contains an enumeration. Source control can take care of collisions between multiple projects / developers. If all assemblies are compiled and deployed at the same time, the ID will be unique (if cast to int). Alternatively, we could assign a number to each enum. The enum file will be added to each project via "Add As Link".
Original question
I'd like a unique id that begins at one, is set at design time, and is easy to implement in code to identify different classes. In Visual Studio, we have a Tools / Create GUID. That's convenient, but at 16 bytes it's a little larger than I'd like.
It'd be nice to able to retrieve unique sequential integers from a web service.
Has someone already done this? Does such a service already exist?
One alternative is to have a file that acts as a central register for developers... but I'd rather not if possible. It would be nice to have two steps: 1. create class, 2. assign id. Done.
You can create this yourself if you want, make a web service and generate numbers. If you generate the number at design time, alter your code at design time so that no other program cares what your magic number is.
GUIDs can be created relatively quickly on anyone's computer. This means that you don't have to have some "central" database for numbers, which assists performance of certain applications. Otherwise, use the GUID, which is a globally unique identifier that you can generate at run time and design time.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I have a first job interview for a software engineer position but in the email they state that I will have to write out a program at the interview stage. Does everyone do this?
What kind of program might it be for a graduate?
The job is for a .NET developer, but I can use any language, so I will stick with C#. I'm actually S**Ting it; I have no clue what they are going to ask me to do.
Many companies will spend much of the interview time asking candidates to write actual code (usually on a whiteboard or piece of paper though sometimes on a real computer) as this is a great way to see if they will be successful in the job. Some things to keep in mind:
Talk out loud. Often interviewers care about your thought process and approach to the problem as much or more than they care about the actual code you write.
Ask questions. Interviewers will often intentionally make a problem ambiguous just to see if you'll notice and seek clarification. Ask things like: "Who is the audience?" "Should I include exception handling?" "Shall I optimize for performance or just make sure it works?"
Don't get flustered if you're struggling. Tell the interview what you're thinking and they'll often point you in the right direction. Partial credit counts.
Get a good night's sleep before your interview. Lots of whiteboard coding and related discussion can be surprisingly grueling.
Good interviewers will be able to extract what you've learned over the course of your lifetime, so don't worry too much about last minute study sessions. It's too late. That said, it's not a bad idea to brush up on basic language syntax and core data structures and algorithms.
Here are some sample problems you may want to practice writing out on paper:
Write a function to calculate the nth number in the Fibonacci sequence.
Write a function to sort 2 arrays of numbers (without using existing libraries).
Design a Deck class and a Card class and write a function to shuffle a deck of cards.
Design a Circle class and write a function to determine if 2 circles intersect.
Design a LinkedList class and write a function to reverse the elements in the list.
At least be able to do this FizzBuzz
By the time the interview is scheduled, there's probably not too much you can do in the order of preparation.
Just remember, they want to know about your problem solving process. Just try to think out loud as much as possible and if you truly don't know something just say so.
No matter what type of question they ask, just go with the flow and do your best on it. The last thing any interviewer wants to see is someone who gets flustered or upset due to a particular question. I'll be the first to admit that some of the questions asked in an interview may be lame and unnecessary, but you are trying to get a job from these people and you will just have to humor them.
When you have more time to study, you should probably start looking at Questions every good .NET developer should be able to answer.
We issue programming tests all the time. There are many reasons for doing this, over and above the obvious one of testing coding ability. We look for
a) Coding style
b) Ability to develop and implement algorithms
c) Ability to follow instructions
d) Ability to communicate what has been done
But by far and away the most valuable thing about a programming test is discussing with the candidate why they did what they did. In this discussion it becomes obvious rather quickly how much the candidate really understood the test and their own design and implementation. It also roots out plagiarism very quickly.
Usually software development jobs give simple tests. I've never once interviewed for a job that required any more than a simple implementation of a function.
Her'es a few simple tests I know of:
FizzBuzz: http://www.geekschool.org/programming/fizzbuzz/
For a job at MS, I was asked to write a function to reverse the words in a string.
At a different job, I was asked to write an implementation of the Join function in c++.
A friend of mine got this one for game development: Write a function to test simple rectangle collision
More than likely it's something simple like FizzBuzz, just meant to weed out the totally unqualified people.
If the company don't ask for you to write code in the interview, that's really, really bad. Go for another company.
The type of test depends. I've done test that i had to write small C code, with pointers or recursive functions.
But generally, they ask for a basic asp.net application (I'm also C# developer), like just one form, inserting and reading from the DB.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 12 years ago.
I want to create an encryption software , I want to know can hacker find a password for a encrypted file ?
The short answer is : If there's a reward that's worth it then someone with enough resources can crack it.
Do not create your own algorithm. I repeat do not create your own.
Use an existing library. Many many millions have gone into getting this has difficult to break as possible and unless you have a educational interest in learning how to create them I would strongly urge you to reconsider and use an off the shelf package.
Chances are any algo you come up will be easily broken as crackers have many advanced tools to hand.
I repeat do not create your own.
Please see this question for more info. What techniques do you use when writing your own cryptography methods?
Since you are using C#, probably yes. Anybody can look at a .NET app's source code through Reflector. Using that, one can reverse engineer your encryption algorithm.
If ever you are going to use other languages, lets say some which are not easy to decompile. Decent crackers can debug your program and look into how the encryption is done, through debugging. So, the answer is still Yes.
If you're gonna use C#, or any .NET language, obfuscate your code using an obfuscator.
Yes. He can:
guess it
see it written down somewhere
ask the user for it
discover it by analysing the behaviour of the algorithm
convince the user to change the password to one he knows
You need to design your software and the way it's used to make these as hard as possible. Not all of the above can be solved in software.
Erm... Well... What do you want to know? HOW a hacker can find a password or IF a hacker can find a password. Considering this, make yourself clear and rephrase your question.
First, check out what encryption actually means. There are a lot of possibilities to encrpyt a {file, string, data, whatever}. An important question is: when does your data become invalid? If it is of no use anymore after one week then you do not need a strong encryption, maybe you can write something from scratch. If it still must be encrypted (undecrypted, unhacked) after like two years, you should use an encryption technique like RSA which has its foundation in mathematics and thus has been proven to be unhackable in a time that could give a hacker an advantage by having access to your data.
My answer is based on these two facts: unless the cracker has access to a network of thousands of hosts or a quantum computer, RSA should do the trick.
Peace