Java Student's Profile User Rating: -----

Reputation: 21 Tradesman
Group:
Contributor w/DIC++
Active Posts:
493 (0.25 per day)
Joined:
05-February 10
Profile Views:
18,128
Last Active:
User is offline Yesterday, 12:34 AM
Currently:
Offline

Previous Fields

Country:
CA
OS Preference:
Windows
Favorite Browser:
Chrome
Favorite Processor:
Intel
Favorite Gaming Platform:
Playstation
Your Car:
Who Cares
Dream Kudos:
75

Latest Visitors

Icon   Java Student University right now(3rd year)

Posts I've Made

  1. In Topic: Portfolio website check

    Posted 28 Jun 2015

    View PostErickShawn, on 27 June 2015 - 12:04 AM, said:

    Hi there,
    It is not responsive.
    Decrease the size of your buttons.
    Color of font and background are almost same, it makes your website dull and boring.


    Thanks for the advice!
  2. In Topic: Portfolio website check

    Posted 15 Jun 2015

    View PostMartyr2, on 10 June 2015 - 10:14 AM, said:

    Ok well rule number 1, NEVER use Comic Sans as your default web font. It just cheapens your site in a big way. Secondly, add some color man. The gray on gray is really dull and doesn't get me excited about your work. It is good you have videos of your work, but I think instead of just putting one after the other you might want to invest in some sort of gallery widget to help put the work front and center. Maybe something like a lightbox would be good. Make it like a movie theater experience. You might also want to lose a bit of the animations for opening up boxes like the login screen. Really not needed.

    Lastly you might want to open up the site width a bit. Most of your desktop visitors will be on much bigger screens so you can easily open up the width to 1000 or more. Even up to 1200 may work. But really, you should be looking into a responsive design. Potential employers are going to expect the responsive design and may be even viewing this on mobile devices.

    Good luck with the continued work on the site. :)/>/>


    Hey there Martyr2, happy to see your post!

    I have updated my site according to your advice with the exception of the lightbox which im still working on and would like you to re-review it if you would be so kind <3
  3. In Topic: How secure is my stored password

    Posted 5 Mar 2015

    View Postbaavgai, on 05 March 2015 - 04:52 AM, said:

    View PostJava Student, on 04 March 2015 - 09:10 PM, said:

    When you say "internal" its vague to me about what you're referring to.


    Some systems store some static value that no one knows about for their encryption. This is what is meant by internal; internal to that system. This works pretty well as long as no one discovers that secret value. This is what is meant by "security through obscurity," that the system is only secure when the secret is secret.


    View PostJava Student, on 04 March 2015 - 09:10 PM, said:

    To answer "how does it validate against future checks?"


    The salt is stored in the database? Ok, that's fair. I missed that bit, sorry.

    I wouldn't get too fixated on the salt256 thing. Using salt64 is just fine. You want 256^36? Just use 64^48. Which, I believe, will be the base64 size of your 36 bytes, anyway.


    Oh ok, thanks!
  4. In Topic: How secure is my stored password

    Posted 4 Mar 2015

    Thanks for the tips guys!

    View Postbaavgai, on 04 March 2015 - 08:59 AM, said:

    Also, SHA512(PASSWORD + SALT) alone is fundamentally useless. If the salt isn't stored in the result, how do you validate it against future checks? "Salt," as is meant in crypto, is just some extra noise to slow an attack down. What salt is not is part of some encryption key pair or a security through obscurity internal value, which it seems to be taken as here.

    Reasonably, if you wanted to use some kind of internal hidden collection of bits to muck up your message, then you needn't drag that into your encryptions level at all. Just apply it internally and move on.


    I'm a little confused at what you mean. When you say "internal" its vague to me about what you're referring to.

    To answer "how does it validate against future checks?" i think you're referring to how do i compare(check) the hash in the database against the hash that i created from a user attempting to login with a password? If so, it would be simply SHA512(PASSWORD THAT THE USER ENTERED + SALT STORED IN PLAIN TEXT IN DATABASE) compared against the SHA512(PASSWORD + SALT) hash of the user's password in the database when the user initially created their account.

    Also, if you believe the resulting SHA512(PASSWORD + SALT) hash is useless then how would you reccommend i make a better hash key than PASSWORD+SALT which i admit is a weak key.

    I'm aware that using hash functions on top of each other like SHA512(SHA512(PASSWORD + SALT)) is essentially piling collisions on top of one another, so i'm not sure how else to change my key. Perhaps something like SHA512(SALT(Lower 16 characters) + PASSWORD + SALT(Higher 16 characters))?

    I just found out that hash functions are able to accept non-alphanumeric characters, so i'll definitely use the entire 256 ASCII set instead of the 1-9, a-Z, 64-character set which brings the permutations up to 256^32 which is nice.

    But, as Skydiver said, leaving the NULL terminator ASCII in there is a conflict if using it with a C string, so i'll only take characters from the following collection of characters(1-255):
    int temp=0;
    do {
    temp = (rand() % 256) + 1;
    }while(temp==256);
    s[i] = temp;
    
    


    Thanks for the tips on which database type to store the hash and salt because i haven't looked into it, yet :)/>
  5. In Topic: How secure is my stored password

    Posted 4 Mar 2015

    Thanks for your help!

    I will take care of the buffer overrun problem.

    However, i'm not quite sure what you mean by the "lower 7 bits" and it causing not all bit combinations.

    I made an error in the comments when i said 7290^32 combinations.

    There is actually 62^32 for the salt from the following:
    Permutations=N^R
    N=62=(# of uppercase+lowercase+numerals)
    R=32=(# of characters, ie: length)

    I think you're trying to say there is something with this line not including all alphanumeric values:
    s[i] = alphanum[rand() % (sizeof(alphanum) - 1)];
    
    

My Information

Member Title:
D.I.C Regular
Age:
Age Unknown
Birthday:
Birthday Unknown
Gender:
Location:
The middle of Canada
Interests:
Porgramming(C++/C#. Web Development). asp.net
Math(Linear Algebra, Calculus I and II)
Years Programming:
4
Programming Languages:
Advanced: C++, C#
Intermediate: Html, css, php, sql server, javascript
Basic: Java, ajax

Contact Information

E-mail:
Private
MSN:
MSN  Private
Website URL:
Website URL  http://www.saportfolio.ca

Comments

Page 1 of 1
  1. Photo

    polishedgames Icon

    26 Mar 2015 - 09:26
    Hello,
    we are Polished Games, small indie game company from Poland.
    Are you still owner of polishedgames.com domain? If yes we would be interested in buying it. Please contact us at polishedgames@gmail.com
  2. Photo

    harshwal92 Icon

    01 Sep 2011 - 06:06
    wht are u do
  3. Photo

    javabie Icon

    08 Mar 2010 - 21:17
    Toronto->Ontario.
    I didn't realize you are Canadian too until now.
  4. Photo

    Java Student Icon

    27 Feb 2010 - 21:21
    Check out this tutorial http://www.dreamincode.net/forums/showtopic14072.htm and more in the Java -> Turorial section
  5. Photo

    nagcarlangurlz Icon

    27 Feb 2010 - 10:13
    how to make a simple java games??
  6. Photo

    nagcarlangurlz Icon

    27 Feb 2010 - 10:11
    cn u help me??
Page 1 of 1