Programming - WAYWO - March 2013 - Developers

[QUOTE=Tamschi;39960954]OK, you're doing digest access authentication wrong. Logging in with a hashed password is useless, you could just send plaintext and it wouldn't be less secure. (Unless a user uses their password on multiple sites, but that a different problem.) You're supposed to send a nonce to the client and modify the password with that before hashing on the client, then the server can compare the hash to the expected result and a passive MITM can't get any persistent credentials. No idea if this works that way if the server doesn't store plaintext passwords, if there's no algorithm for that you could always use temporary key pairs and send the public key instead of the nonce.[/QUOTE] The point of digest access authentication is ultimately just to mask the password rather than straight up say, "oh by the way, my password is <password>." It doesn't entail any more advance security provision than this. It is by definition, inherently more secure, but not by much. [QUOTE=Lexic;39960999]Aren't you supposed to hash the password with a nonce?[/QUOTE] Yes, but all the same, over an unencrypted connection, a MITM attack uncovers the server's nonce.

[csharp]Animal = type { species = ""; }; cat = new Animal; cat.species = "Cat"; cat.method (changeSpecies = function [String str] { species = str; }); cat.changeSpecies "Mouse"; printLine cat.species;[/csharp] Outputs "Mouse". [csharp]Animal = type { species = ""; }; cat = new Animal; cat.species = "Cat"; cat.changeSpecies = function [String str] { species = str; }; cat.changeSpecies "Mouse"; printLine cat.species;[/csharp] Outputs "Cat". Difference is that in the first example the "method" instance method is used that takes a function and sets it's parent scope to the instances scope. In the second example, the function changeSpecies is just added as a field to the cat instance and doesn't have any more access to it's internal fields than a global function would. Perhaps the "method" call should be implied in this cases.

[img]http://i.imgur.com/vuhSFJz.jpg[/img] Got water + reflections to work. It's animated ofc. Fun fact: the water is actually drawn as a post-process, I raytrace against a flat plane to calculate the surface position.

[QUOTE=acpm;39963026][...] Yes, but all the same, over an unencrypted connection, a MITM attack uncovers the server's nonce.[/QUOTE] It doesn't matter unless you're always sending the same challenge because the client-side double-SHA should not be reversible even if the nonce is known. Digest authentication will prevent replay attacks and keep the password hidden, that's the whole point. [editline]19th March 2013[/editline] [QUOTE=thomasfn;39963216]-img snip- Got water + reflections to work. It's animated ofc. Fun fact: the water is actually drawn as a post-process, I raytrace against a flat plane to calculate the surface position.[/QUOTE] Does that mean you can have multiple surface heights in the scene without additional cost? If so, nice!

MITM will always break any security system. [editline]18th March 2013[/editline] Simply for the fact that you can emulate the server

[QUOTE=Map in a box;39963434]MITM will always break any security system. [editline]18th March 2013[/editline] Simply for the fact that you can emulate the server[/QUOTE] have you ever heard of public-key cryptography

[QUOTE=Map in a box;39963434]MITM will always break any security system.[/QUOTE] It doesn't (unless you really screwed up) break a one-time pad style system.

[QUOTE=dajoh;39963472]have you ever heard of public-key cryptography[/QUOTE] Indeed, a good stream cipher + authentication over an asymmetrically encrypted channel is very hard to cryptanalyse.

[QUOTE=Tamschi;39963316]It doesn't matter unless you're always sending the same challenge because the client-side double-SHA should not be reversible even if the nonce is known. Digest authentication will prevent replay attacks and keep the password hidden, that's the whole point. [editline]19th March 2013[/editline] Does that mean you can have multiple surface heights in the scene without additional cost? If so, nice![/QUOTE] Sadly I'm still having to render the scene twice for the reflection, so it's quite expensive. But it works really well when you're using deferred lighting.

How do you guys back up your programming projects? Right now I: Have VS 2012 back it up + Save it to Dropbox + git integration. Considering doing manual backup as well after I lost a project.

[QUOTE=dajoh;39963472]have you ever heard of public-key cryptography[/QUOTE] Talking about HTTPS mainly but aren't private/public keys brute force-able in months time?

[QUOTE=Map in a box;39963666]Talking about HTTPS mainly but aren't private/public keys brute force-able in months time?[/QUOTE] The RSA numbers have only been factored up to RSA-768. If you're using a 2048-bit key, chances are it can't be bruteforced within this decade.

[QUOTE=thomasfn;39963558]Sadly I'm still having to render the scene twice for the reflection, so it's quite expensive. But it works really well when you're using deferred lighting.[/QUOTE] [URL="http://www.iquilezles.org/blog/?p=2101"]Screen space reflections can get pretty good results[/URL], at least for landscapes like this. I don't know too much about it, but the method from the blog post sounds vaguely related to what you're doing already. [QUOTE=DoctorSalt;39963623]How do you guys back up your programming projects? Right now I: Have VS 2012 back it up + Save it to Dropbox + git integration. Considering doing manual backup as well after I lost a project.[/QUOTE] I only push to Bitbucket and keep copies on my laptop and desktop.

How do you guys deal with lack of time? So many ideas, so little time.

[QUOTE=esalaka;39963828]The RSA numbers have only been factored up to RSA-768. If you're using a 2048-bit key, chances are it can't be bruteforced within this decade.[/QUOTE] Quantum Computers break a lot of crypto algorithms, including RSA iirc

[QUOTE=icantread49;39964694]How do you guys deal with lack of time? So many ideas, so little time.[/QUOTE] Write design idea documents in the tonnes, sort out the shitty ones, and start working. [editline]19th March 2013[/editline] Also it seems tinycc supports quantum states. This: [cpp] #ifdef _DEBUG_ const int SPM_SCRIPT_DEBUG = 1; #else const int SPM_SCRIPT_DEBUG = 0; #endif [/cpp] Produces this: [code] spm.o: error: 'SPM_SCRIPT_DEBUG' defined twice [/code] Then finishes building anyway and runs flawlessly.

[QUOTE=Map in a box;39964707]Quantum Computers break a lot of crypto algorithms, including RSA iirc[/QUOTE] Your argument is very weak, even if we did have quantum computers and could break RSA, there's still other public-key cryptosystems that can't be broken by them (lattice-based systems like NTRU). MITM attacks are simply not feasible even if you use RSA that might get broken in the next 20 years or so.

[QUOTE=icantread49;39964694]How do you guys deal with lack of time? So many ideas, so little time.[/QUOTE] Sleep less? Quit your day job? Invent time travel? Hire someone who barely speaks English to do your projects for your without rights to IP or copyright?

[QUOTE=Topgamer7;39965216]Sleep less? Quit your day job? [b]Invent time travel?[/b] Hire someone who barely speaks English to do your projects for your without rights to IP or copyright?[/QUOTE] I like that idea.

[QUOTE=dajoh;39965156]Your argument is very weak, even if we did have quantum computers and could break RSA, there's still other public-key cryptosystems that can't be broken by them (lattice-based systems like NTRU). MITM attacks are simply not feasible even if you use RSA that might get broken in the next 20 years or so.[/QUOTE] We do have quantum computers. And they can break RSA. There are mostly modern cryptography methods that are harder to break and aren't as widely implemented.

[QUOTE=DoctorSalt;39963623]How do you guys back up your programming projects? Right now I: Have VS 2012 back it up + Save it to Dropbox + git integration. Considering doing manual backup as well after I lost a project.[/QUOTE] I keep the Data on a svn server ran off my laptop, less for backing up more for ease of access for the guys working with me. I keep the source code hosted on xp-dev. Got a really sweet deal... jeez over 2 years ago that got me 2GB and unlimited private projects for free. Also I keep a 1 month backup in a weather proof lockbox buried outside just in case xp's servers go down and my house somehow catches fire at the same time or more realistically I get hacked and the guy whipes my laptop and the online backup.

Hello! I know I haven't posted in a while because I decided to take a break from that previous physics thingy I was working on, but I've still been lurking. I'm not sure what I'm trying to make with it, but since I had coded in a nice foundation for myself, I thought I would experiment and try get something visually appealing (and step away from the whole cheesy retro theme). I was suprised, actually - I only needed to code in a skybox to get something relatively reasonable: [thumb]http://puu.sh/2kgIc[/thumb] It's simple terrain model, with a crappy grass texture! Woo!

[QUOTE=Map in a box;39965497]We do have quantum computers. And they can break RSA. There are mostly modern cryptography methods that are harder to break and aren't as widely implemented.[/QUOTE] Now that is just incorrect. There are some quantum computers, but they're far too small and slow to break RSA. Shor's algorithm only improves the big O running time of prime factorization, it doesn't mean a quantum computer can automatically factor all primes quickly. Trust me: if there already existed a quantum computer that could factor RSA primes, it would be all over the headlines because all of the financial transactions and network security systems relying on RSA would suddenly be vulnerable. It would be fucking anarchy. Currently the academic world is racing to find quantum (and classically) resistant cryptography so that we can replace RSA before the first viable quantum computers appear.

[QUOTE=Larikang;39966104]Currently the academic world is racing to find quantum (and classically) resistant cryptography so that we can replace RSA before the first viable quantum computers appear.[/QUOTE] There's already algorithms that are resistant to quantum computers (NTRU, McEliece).

[QUOTE=acpm;39963026]Yes, but all the same, over an unencrypted connection, a MITM attack uncovers the server's nonce.[/QUOTE] So? The n[i]once[/i] is only used once. The server then sends back a session token keyed to the user's IP address. If you want to deal with the legitmate user changing IP then you can store the RSA+salted password in localstorage and do automatic javascript negotiation with the server if the session is invalid.

Shouldn't be coding before a national exam in physics I have in an hour, but I do it anyway: [img]https://dl.dropbox.com/u/41041550/Coding/C%23/OGLFV/eventhorizonwednesday.PNG[/img]

So, while bored i decided to start writing a compiler (as you do) for this fictional language [code] func int function_name (int r1, int r2, int r3) { int b; b=10; call print(" %i\n ", b); b = b + r1; call print("%i\n ", b); return b; } func int main() { int b = (2 + (3+5)); b = b + call function_name(b, 5+10, 25); call print(" %i \n", b); return 0; } [/code] So far, the symboliser can tell the difference between function declarations and calls (easy, because i cheated with the language), and breaks down brackets from the inside out, then converts the entire bracket into a symbol Eg with (2 + (3+5)), this becomes 2 +, with 3+5 as a subsymbol. This then gets converted overall into an expression symbol. Next thing to do is convert the rest of the words to symbols, which shouldn't be too difficult This is will be compiled for a fictional arm thumbv1 subset we wrote an emulator for (woo, verilog), which only has ~36 instructions or so

[video=youtube;YAlEj8iYYeM]http://www.youtube.com/watch?v=YAlEj8iYYeM&feature=youtu.be[/video] [sub]Sorry about the quality, my internet is awful.[/sub]

[img]http://puu.sh/2kkRT[/img] Why am I trying to learn brainfuck?

Video of a 'software' renderer in Lua using LOVE. It's using hardware basically JUST for the drawing of the quad/tri, other than that I'm doing all the math myself. [media]http://www.youtube.com/watch?v=zsXOptM-Ko4[/media] (Excuse shitty recording can't find decent screen recorder for mac) I'm using quaternions for all my rotational needs.