spass is a secure password generation tool. spass was designed under the assumption that a password generator is as good as its random number generator, so spass uses the Random class, a /dev/random based cryptographically strong random number generator class. As always, I tried to make the command-line interface as user-friendly as possible (as much as a command-line interface can be friendly).
Continue reading spass – A Secure Password Generator Utility
Conditional Expressions in Python 2.4
Python 2.5 introduced new syntax structure: the conditional expressions. For programmers in languages such as C these structures seem very basic and fundamental but Python lacked them for many years. As I said Python 2.5 introduced such syntax structure, one may use it in the following form:
x = a if condition else b
As you probably guessed a is assigned to x if condition evaluates to true and b is assigned otherwise. This is pretty much equivalent to the C conditional expressions. But as I said, this structure was only introduced in 2.5. Previous versions of Python are still widely deployed and in use, so how do you achieve the same thing in older version of Python?
Continue reading Conditional Expressions in Python 2.4
ssh-keygen Tutorial – Generating RSA and DSA keys
In this post I will walk you through generating RSA and DSA keys using ssh-keygen. Public key authentication for SSH sessions are far superior to any password authentication and provide much higher security. ssh-keygen is the basic way for generating keys for such kind of authentication. I will also explain how to maintain those keys by changing their associated comments and more importantly by changing the passphrases using this handy utility.
Continue reading ssh-keygen Tutorial – Generating RSA and DSA keys
radio.py-0.4 – Listening to Radio the Easy Way
Update: radio.py 0.5 is available.
radio.py is a little script that makes it very easy to listen to radio under Linux (and maybe other OSs too) with mplayer. All you need to do is to call radio.py with the name of the station you want to listen to. For example:
radio.py Radio Paradise
or
radio.py BBC3
To read more about radio.py go to the first post discussing radio.py.
What’s New
Here are some of the things that have changed in radio.py-0.4 compared to the previous release (0.3). Continue reading radio.py-0.4 – Listening to Radio the Easy Way
The Revised String Iteration Benchmark
In this post I’m going to discuss again the string benchmark I did before to find out what is the fastest way to iterate over an std::string. If you haven’t read the previous post on this subject go a head and read it as it covers the basic idea behind this benchmark. As I did the last time I did the benchmark, I check 5 ways of iteration:
Continue reading The Revised String Iteration Benchmark
Profiling Code Using clock_gettime
After raising the issue of the low resolution problem of the timer provided by clock() in Resolution Problems in clock(), I’ve ended the post by mentioning to two more functions that should provide high-resolution timers suitable for profiling code. In this post I will discuss one of them, clock_gettime().
Continue reading Profiling Code Using clock_gettime
Random – A Random Number Generator Class
After dealing with the seeding of srand(), I’ve realized that rand() just doesn’t give strong enough random numbers for some of my needs (e.g. strong password generator), so I decided to find a better solution. The solution came in the form of Random, a cryptography strong pseudo-random number generator class.
Continue reading Random – A Random Number Generator Class
Resolution Problems in clock()
While playing recently with clock() in order to time the performance of different kinds of code and algorithms, I found an annoying bug. clock() just can’t register work that has taken less than 0.01 seconds. This is pretty unexpected as clock() should return the processor time used by the program. The man page for clock() states:
The clock() function returns an approximation of processor time used by the program.
Introduction to C++ CGI – Processing Forms
In this post I will show you how to process HTML forms easily using CGIs in C++. I assume you have already basic knowledge of writing CGIs in C++, if you don’t go a head and read Introduction to C++ CGI.
Processing forms is the basic function of any CGI script and the main purpose of CGIs. As you probably know there are two common ways to send form data back to the web server: “post” and “get”. When form data is sent with the “get” method it is appended to the URL string of the form submission URL. The “post” method is much like the “get” except the data is transmitted via http headers and not via the URL itself. When a form uses “get” it allows the user to easily bookmark the query created by the form as the data is transmitted in URL itself, on the other hand the “post” method allows to send much more data and spares to user from seeing the data in the URL.
Getting the “post” and “get” data is relatively easy. To get the data sent by “get” you can just call getenv("QUERY_STRING") and you will receive a pointer to null-terminated string containing the “get” data. Reading the “post” data is a bit more complicated. The data needs to be read from the standard input, but the program won’t receive an EOF when it reaches the end of the data but instead it should stop reading after reading a specified amount of bytes, which is defined in the environment variable “CONTENT_LENGTH“. So you should read getenv("CONTENT_LENGTH") bytes from the standard input to receive the “post” data.
Seeding srand()
As any C/C++ programmer know, just using rand() won’t return random-numbers, and not even pseudo random numbers, as each time the program will run the same random numbers sequence will be generated. To overcome this you seed the random number generator of rand() with a number that creates a different random number sequence. For every seed there is a corresponding random number sequence, and for the same seed the same sequence will be generated every time. This can be used to recreate a random numbers sequence if needed for some reason if the seed used to create it is known.
To randomize the random numbers generator, most programmers pass to strand() the time in seconds since epoch, e.g. they do something like this:
srand( (unsigned)time(NULL) );
It’s a very common way to seed the random number generator, and it’s also shown in many books that teach programming. This may look sufficient for most uses (and it does) but nonetheless it’s also used many times where it’s just isn’t random enough. Let’s consider a program with a very fast runtime which depends on the above mentioned method for seeding the random number generator. If someone wrote a script that runs this program in a loop, causing the program to run several times in a second, the same random number sequence will be generated multiple times as the same seed was used. One can see that this behavior may not be what was intended.
Another problem might come up if we will use this method for let’s say password generation. Let’s say Joe wrote a small program that seeds the password generator in the above mentioned way and now generated for himself a strong 8 character long alphanumeric password. Joe thought that his password was secured and that even is somebody knew its length they will need to try 62^8=218,340,105,584,896 combinations in order to crack it. Now Sally want to crack Joe’s “secure” password. Instead of attacking directly on the password Sally will attack the password generator. Sally can easily know the day Joe created the password, and we shall assume Sally got access to the password generator’s source code Joe used. During the day Joe generated his password, the time(NULL) function returned 86400 different values. Let’s also assume that Sally knows the length of Joe’s password. Sally just modifies the password generator and seeds the random number generator with each one of the possible values of time(). Sally will get now 86,400 different combinations of password, and one of them is guaranteed to be Joe’s. If you think 86400 is many, remember that Sally went down from 218,340,105,584,896 possible combinations and under very weak assumptions, if sally knew the exact 10 minutes in which Joe generated the password (this isn’t a very hard thing to find out) the number will drop to only 600 combinations.
Continue reading Seeding srand()