I'm a novice OCaml programmer and thought I would throw myself into the deep end by attempting to implement a very tricky algorithm. I'm open to all criticisms great and small be they stylistic or security or performance related. One criticism that I'm already aware of is that the algorithm requires the entire message to fit in memor...
I run a feed aggregator (http://planetdb2.com/) and I need to aggregate both prolific (many posts a day) and less prolific (one post a day at most) feeds. Creating a daily digest -- one post summary of the day's posts -- seems like the best solution. There's a way to create a daily digest just for Twitter feeds via Yahoo Pipes, but it...
My problem: I'm looking for a way to represent a person's name and address as an encoded id. The id should contain only alpha-numeric characters, be collision-proof, and be represented in a smallest number of characters possible. My first thought was to simply use a cryptographic hash function like MD5 or SHA1, but this seems like ove...
Hi there. I have a domain that will be accessed by a small, private group of people. So I want to control access via authentication. The domain has a collection of applications installed that each have their own sub-domain. Eg: domain.com, app1.domain.com, app2.domain.com, app3.domain.com I'd love to have a single sign-on solution so ...
I am trying to build a working encrypted signature for the Amazon S3 web service, writing a connection library using Objective C. I have run into HMAC SHA-1 digest problems with the ObjC code, so I'm putting that to the side and looking at existing, working Perl code, to try to troubleshoot digest creation. I am testing HMAC SHA-1 dig...
Hi all. Does anyone know how to screen scrape web-sites that use digest http authentication? I use code like this: var request = (HttpWebRequest)WebRequest.Create(SiteUrl); request.Credentials=new NetworkCredential(Login, Password) I'm able to access the site's mainpage, but when I try to surf to any other pages (using another request...
What is the difference between HTTP Digest Authentication and SSL from a performance, security and flexibility point of view? ...
When writing an average new app in 2009, what's the most reasonable digest function to use, in terms of security and performance? (And how can I determine this in the future, as conditions change?) When similar questions were asked previously, answers have included SHA1, SHA2, SHA-256, SHA-512, MD5, bCrypt, and Blowfish. I realize that...
Assume I have two strings (or byte arrays) A and B which both have the same hash (with hash I mean things like MD5 or SHA1). If I concatenate another string behind it, will A+C and B+C have the same hash H' as well? What happens to C+A and C+B? I tested it with MD5 and in all my tests, appending something to the end made the hash the sa...
Hi guys, I'm creating a small servlet. It's hosted at root, "/", and whatever comes after "/" is a resource, like "/myanim.swf". Most of the files are public, but some are private. For public files, they are just served, but for private files, I wish the browser to present an authentication box and have a Digest authentication sent back ...
I am getting different message digests from the linux 'sha512sum' tool and the python hashlib library. Here is what I get on my Ubuntu 8.10: $ echo test | sha512sum 0e3e75234abc68f4378a86b3f4b32a198ba301845b0cd6e50106e874345700cc6663a86c1ea125dc5e92be17c98f9a0f85ca9d5f595db2012f7cc3571945c123 - $ python Python 2.5.2 (r252:60911, Oct ...
For an internal Tomcat/Java/Struts application, we're converting custom-written authentication code to use JDBCRealm. The database is MySQL 5.0, and the passwords are stored as PASSWORD()-encrypted strings. In our version of MySQL, the PASSWORD() function is a non-standard (proprietary?) 41-byte hash. (I know now that we shouldn't be ...
Given two different messages, A and B (maybe 20-80 characters of text, if size matters at all), what is the probability that the MD5 digest of A is the same as the MD5 digest of B and the SHA1 digest of A is the same as the SHA1 digest of B? That is: (MD5(A) == MD5(B)) && (SHA1(A) == SHA1(B)) Assume no malicious intent, i.e., that th...
I downloaded the source code from "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/". Configure went well but when i build I end up with following errors: digestmd5.c:852: error: 'des_context_t' has no member named 'keysched' digestmd5.c:853: error: 'des_context_t' has no member named 'keysched2' digestmd5.c:854: error: 'des_context_t' has n...
I'm trying to write some Perl to inter operate with hash functions in other languages, namely Java at this point. We have found what is presumably a correct source, RFC 4868 which includes some test keys & strings along with their hashed values. I'm using the following snippet, and can't get Perl to come up with the same result. I can ...
I am trying to use Python to write a client that connects to a custom http server that uses digest authentication. I can connect and pull the first request without problem. Using TCPDUMP (I am on MAC OS X--I am both a MAC and a Python noob) I can see the first request is actually two http requests, as you would expect if you are famili...
How to implement HTTPS with Digest Authentication in C#.Net? as per msdn, credential class has no support for SSL.. so how can we implement authentication? my code works with basic authentication but gives error with digest.. ...
Hello, I'm writing a program where I use MD5 to hash login details before I send them to a server, but there I have to compare it to a blowfish (jBCrypt) hashed password retrieved from a database. jBCrypt uses: if (BCrypt.checkpw("candidatePassword", hashedPwd)) { // they are the same } The problem is that, I don't have a candidate ...
I want to use HTTP Digest Authentication with a central database that stores usernames and encrypted passwords. These data should be used by different servers like Apache httpd or Tomcat for example. The clients will be humans with browsers and other applications communicating in a RESTful way. As far as I understand I could not use a t...
Hi all, I'm trying to connect to a web service using C# and digest authentication, but every time I got the 401 - Not Authorized error. But when I try to reach the service over Firefox, everything's OK. When I use IE8, my password is not accepted and I got a 401. Do you have any ideas? Thanks for the help. Here's the test code I'm us...