I have a mobile application where I would like to store private keys securely. The security requirement implies that it should be very hard for attackers to be able to obtain the private key even if they had unlimited access to the mobile device. In order to achieve this level of security, the application employs symmetric cryptography w...
I'm wondering if there's an (understandable) way to brute force solve Post correspondence problem using prolog predicates? for example: ?- pcp(["1","11"),("10111","101")], S). S = [2,1,1] ...
How to obtain all the subgraphs of a fixed size from a graph, in pseudocode? (brute force) Without external libraries if possible. Thanks! ...
Hello, I am trying to make some very elementary thing that will cycle through every possible permutation of an array. Really this is being done in assembly, but I'll explain it in C. Basically, say we have an array uint8_t *data=malloc(10); I want to create an algorithm that will print every possible combination of the bytes in the ar...
Hello, I'm actually working on a PHP project that will feature a user system (Login,Register,Send lost password to email,..) and I think that this may be very vulnerable to Brute-Force attacks and/or Spam (Send a password to someone's email like 1000 times, etc. use your fantasy) . Do today's webservers (Apache, IIS) have some sort of...
How is the an encryption algorithm's security dependent on factoring large numbers? For example, I've read on some math-programming forums that by using the Quadratic Sieve or the General Number Field Sieve, one can factor a 256 bit number with relative ease on commercially available hardware. How does this translate to being able to b...
I have this grand idea to basically employ some brute force attack to test/verify that my web application doesn't crash. Don't get me started on unit testing, and IoC stuff, this is something else entirely. What I'm doing, and what I'm asking for help with is to create an intelligent exhaustive search, that explore parts of the program...
I am given N numbers and for them apply M rules about their order. The rules are represented in a pairs of indexes and every pair (A, B) is telling that the number with index A (A-th number) must be AFTER the B-th number - it doesn't have to be next to him. Ex: N = 4 1 2 3 4 M = 2 3 2 3 1 Output: 1234, 4213, 4123, 2134,...
There are several useful answers on SO regarding prevention of brute forcing a password of a web service by applying throttling. I couldn't find any good numbers though and I have little expertise in this area, so the question is: How many attempts does it usually take to brute-force an average password of 6 or more characters (with no ...
Hi, There's a website I frequent that gives codes such as GD??Q-TPY32-TPTT3-9CM9P-F2QMQ and hints that the ?? is a number and a letter. If you're the first to unlock the code you can redeem the modest prize. So the obvious way to solve this problem is to brute-force the code. But obviously I don't want to sit in front of the computer ...
Hi, There's a website I frequent that gives codes such as GD??Q-TPY32-TPTT3-9CM9P-F2QMQ and hints that the ?? is a number and a letter. If you're the first to unlock the code you can redeem the modest prize. So the obvious way to solve this problem is to brute-force the code. But obviously I don't want to sit in front of the computer f...
I would like to randomly iterate through a range. Each value will be visited only once and all values will eventually be visited. For example: class Array def shuffle ret = dup j = length i = 0 while j > 1 r = i + rand(j) ret[i], ret[r] = ret[r], ret[i] i += 1 ...
I want to make a program that "test passwords" to see how long they would take to break with a basic brute force attack. So what I did was make 2 text boxes. (textbox1 and textbox2) and wrote the program so if the text boxes had the input, a "correct password" label would appear, but i want to write the program so that textbox2 will run...
My web applications security is handled by Spring Security 3.02 but I can't find any out of the box support for Brute Force Detection. I would like to implement some application level BFD protection. For example by storing failed login attempt per user in the database (JPA). The attacked user accounts could then get a lockout period or...
Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3,...
Well, from the discussion of hashing methods weaknesses, I've got that the only ol' good brute-force is efficient to break. So, the question is: Is there a hashing algorithm which is more rigid against brute-force than others? In case of hashing passwords. ...
Not that I need it, but it was interesting to hear someone speak about their server and protecting it from DOS attack by having a puzzle that the client must solve before the server will do anything (it doesnt do allocations or make a session unless solved). The person also said puzzles can be made to take a quick amount of time or long...
Suppose I have a list of strings where each string is exactly 4 characters long and unique within the list. For each of these strings I want to identify the position of the characters within the string that make the string unique. So for a list of three strings abcd abcc bbcb For the first string I want to identify the character ...
I'm trying to secure my rails 3 app against brute force login guessing. I'm using authlogic. What's the best way to force a user (or bot) to fill out a captcha after a specific number of failed login attempts? Does authlogic have a built in mechanism for recording how many consecutive failed attempts came from the same ip? I'd appreciate...
How do brute-force attacks on encrypted data know when they've found the right key to decrypt the data? Is there a way to know that data's been decrypted, other than having a human looking at it? What if it's not human-friendly data? ...