Matt Wong

Ranch Hand
+ Follow
since Aug 18, 2017
Matt likes ...
MS IE Notepad Suse
Cows and Likes
Cows
Total received
3
In last 30 days
0
Total given
0
Likes
Total received
3
Received in last 30 days
0
Total given
2
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Matt Wong

well - pretty obvious what's missing : context!
you just posting some random line of your code about some loop prints something twice

common beginner mistake I spotted: using scanner to fetch users input
you don't have to post the rest of the code but i can tell you from experience with such code (and i bet my next beer on it): you almost 100% certian use scanner somewhere earlier but don't use readLine but some other of the nextXXX methods - what happens: the line break is still stuck in the internal buffer of the scanner cause it's correctly flushed in the last usage - so the first loop will get an empty string

easy to proof: add as the first line inside the loop a String.length wich will result 0 and so it doesn't get matched by any of your if - cause : second mistake : using if-elsif without final -else to clear all other cases where neither if matches - don't this


advice:
1) get rid of scanner and use propper input like BufferedReader.nextLine
2) ALWAYS use nextLine and perform casts and parses yourself - so tailing line break always gets cleared
3) use switch(String) with propper default handling - it cleans up old-style if-else chains and if the default is filled with useful logic like invalidargumentexception you know you made a logical code mistake by letting lines happen executed wich you not supposed to get run

4) please dont post screenshots - use code-tags and copy'paste
1 day ago
depending on the graphics framework you use you have to make sure to run code that modifies the output is only run in the correct thread

if you're using swing for example you have to make sure all gui code runs in the EDT - otherwise you may encounter unpredictable behaviour
5 days ago
Also: make sure any modifying of swing components is only done from eventdispatchthread.
3 weeks ago
you use SMTP on TCP/587 - this is PLAIN with STARTTLS
what you're doin: setting socketfactory to SSL - WRONG!

When you want to use socket level SSL - this is SMTPS (oh - and it's very wrong to use SMTP and set socketfactory to ssl - that's what's SMTPS for) - and runs on TCP/465. So remove that socketfactory crap and add mail.smtp.starttls true - that's the right way.

Also - if you have 2FA enabled - you need to use application passwords.
4 weeks ago
as i'm satisfied customer for 3 1/2 years now i can recommend ovh and its smaller tiers soyoustart and kimsufi
they also offer shared virtual services, but as real dedicated root machines so cheap on kimsufi, it's may worth a try
also: good payment model: you pay a month in advance - if you no longer want a service just stop payin and they will automaticly cancel it without any hassel or any active action required by you
also: even on shared service you have your own ip - so no worry about spam sent from another instance on the same host as they only use thoer own assigned ip
4 weeks ago
I would recommend the sun/oracle java tutorial and google about "java chat server client" - wich would get many examples of code and tutorial
i would also recommend to let gui out until you know the network basics and then set a gui on-top of it mvc-style
explain of multi-client networking and inter-thread-dataexchange would easy shoot over the limit available here
1 month ago
well, the issue is obvious: when you create your thread instance you only connect input and output together from the same client - that's an echo server
there is no communication between different thread instance and hence no message exchange between clients
also - don't think about two clients only but also none, one, many - where is what message supposed to go?
if you want to only connect exactly two clients you can re-write your server to act as tcp-stun so both clients can connect to each other
1 month ago
also - your stack points to ntdll.dll - one of the main kernel files - most likely there was an os update wich broke compatability with j5u11
1 month ago
well - running a x86 jvm 5.0 u11 on win 8(.1) (nt6.2) - why?
its from 2006 - we have 2018 - there is no good reason to use an over 12 years old jvm in a modern environment (i would also question why still using win 8(.1) instead of 7 or 10)
you should upgrade instead try to waste resources on that old setup

- wasn't last supported windows for 5.0 the nt5.x ?
iirc nt6.x required at least j6
1 month ago
Well, first, thanks to anyone, I guess this question over-shot my goals.
Let me clear it up a bit:

1) Ok, so I thought to avoid "depends on data to encrypt" by specifically mention something like a RSA private key - and got like sling-shot back with "just use KeyStore" - DANG!
So, to clear up: I just want to store arbitrary data by a secure encryption algorithm supported by java out of the box based on password-based-key-derivation - or simple: a passphrase (I really don't like to use "password" when bein into the crypto stuff - I prefer the term passphrase). As one need additional data to use common block based ciphers like AES or others, one also need to store addtional possible need-to-be-secure-data like the salt, the iteration count or the algorithm used for the key-derivation-function - or, for block-ciphers, the initialization vector.

2) AFAIK - when ensuring any give pair of a secret key and an initialization vector is used only once per session and per block size - in most modes - the initialization vector doesn't need to be secured and therefore can be safely saved along with encrypted data - just like openssl does it. As "good" crypto should only rely upon secrecy of the key, but not of the algorithm, it should be secure if the only data kept secret in my brian is the passphrase used to re-generate the secret key. But as I'm no crypto expert - I asked if someone knows better.

3) @Stephan van Hulst
Many thanks for your effort - I hope you just copied it from somewhere instead of wasting you own brain on it - but it's just overkill for my needs. As said in first post: If I want to store data securely I would use a lib appropriate for it. Like a Java KeyStore or BouncyCastle to handle openssl compatible files. In a simplyfied form I would use some like this. And as your code does - I would also store all metadata with the encrypted data.

Now, a question comes up: Would it increase the level of security by not saving the iteration count but also remember that along with the passphrase - or would this open up a even bigger security risk? Same goes for the salt: As one could substitute the salt itself by any way of re-generating it from an additional user input - how about level of security - increased by such "just another way around and something someone has to remeber" - or weakening?
1 month ago
I couldn't find a better forum than general - so sorry in advance if it fits somewhere else better - feel free to move.

Let's say, we want to store some confidential data, like a RSA private key. When using AES in like GCM - we need to also somehow save the IV (wich, AFAIK, can be public when ensuring to use a certian key-IV combination only once) and additional data for PBE like salt and iteration count. Is it save to also save all those additional data along with the encrypted data, or should some of them also kept secret.

Ok, I could not use the iteration count and remember it along with the passphrase. Also, I guess it could be possible to somehow use some other way to also re-generate the salt based on some additional information one could remember, but it feels kinda "security by obscurity".

Anyone could help me out here?


Yes, I know, don't roll your own security - and I wouldn't as there other well known techniques for storing such data - but I'd like to know for learning reasons.


Matt
1 month ago
Well, as this is a bit off-top - it sometimes could also help to download the source or examples - at least when they available - to get some code working.

Just an example: As I'm into all the crypto stuffs - I'm using bouncycastle-lib - wich doc is one of the most poor availble - if you could call the simple javadoc mostly without any doc at all - it's harder to get things done - as you even found not much stuff on the googles ... so sometimes I needed to download the source to figure things out.
Also - as BC is split into a few packages - the doc is hard to navigate around as it isnt interlinked. So if you need some data in one package it's most times in another package - so you can't just click - but have to switch docs to the other package. It get's even more complicated as crypto is mostly interface/factory/hidden away stuff to wich you have also find a way to even create instances of the classes you need.
2 months ago
Well, as explanatory your post is for others might using Scanner class, for me it's still a class I wont use it in my codes.
Also, sorry for bein on the direct way again, wich I know you don't much like on me, you may didn't read my post carefully enough. I explicit mentioned the issue an os-console (and for, this is not limited to windows' cmd.exe but also to standard bash-shell on linux) processes input reads different than most beginners thinik it would. That's it - if you hang in any sort of System.in.read() by any way, it won't return until the console passes the data input by the user is piped to it. And this only happens the very moment you hit return on the console wich triggers a stream of "<what ever the user input>" + os-console line delimiter (on windows \r\n, on unix \n, on mac it was just \r - but I think that changed). So how ever how much data is read through wich class, it can only be something between "<nothing at all>" and "<what ever user input>" plus always the line delimiter.

What most beginners falsely think Scanner would do: When they print a numbered menu and want the get the users choise the call nextInt() to get the entered number.
How Scanner class actually works: As the console not only delievered the entered number but also the line delimiter - the nextInt() only processes the integer but would leave the delimiter still lying in the buffer waiting to be processed by any suiteable method like simple next() or nextLine().

And exactly that's what's the main issue in the code of OP: mis-using of Scanner class by most likely lack of knowledge how it really works. I didn't bothered to work through the whole code - but lets look at only the first choice:

- the menu is printed
- nextInt() tries to process the next available integer - as the buffer is empty at that point when run for the first time it somehow gets down to System.in.read() wich blocks and wait for input from console
- the user inputs some number and to "submit" it to the nextInt() RETURN has to be triggered
-- now what's really happens is, that the terminal sends the entered number PLUS the line delimiter
-- nextInt() now processes the available integer, returns it, and the line delimiter is left alone in the buffer waiting to be processed
- switch triggers listUser(), breaks, and loop wraps around
- now nextInt() is hit again - but as there still some data left in the buffer - they get processed first - wich is the line delimiter - wich obvious can't be parsed into an integer - wich, according the doc, should throw an InputMismatchException - IDK, IDC, but I guess as OP didn't mentioned it, I guess line delimiter just gets discarded silently and further processing starts from top of the list

A possible better approach could had been: constantly using Scanner.nextLine() and add Integer.parseInt() (or what ever input is expected). This way, it is ensured that the full line piped by the console gets consumed, including the line delimiter, nothing is left in the buffer, and with correct exception handling it can be ensured it's inputted what is requires. In this very case - it even doesn't matter if using Scanner(System.in).nextLine() or BufferedReader(InputStreamReader(System.in)).readLine() - wich I guess is done by Scanner internally, or some similar.

Anyway - it's not gettin us futher fighting about personal opinions about Scanner class - the forum is to help the ones asking for it - so let's get back to it:

The OP asked why some inputs are "eaten" and has to be entered twice - the solution: wrong usage of Scanner nextXXX() methods wich needs to be corrected or can be done in another way.

I just added my personal comment about this kind of "mistake" happens to many beginners as they simply mis-understand how Scanner really works internally and mostly miss the point, that the nextXXX() methods may not work as the think they should but leavy something in a buffer wich gets processed the nxt time one of the nextXXX() methods gets called. Also I mentioned, for me the DataInputStream class fits way better for reading binary formats or data I've written out by DataOutputStream on a Socket connection.

Could the code improved by just replacing all of the Scanner with another input method? Maybe. Could or Would the solve OPs issue? Possible. Does it make sense in anyway of learning and letting OP the chance to discover his own way of console input? no way at all.
Allthough it all gets down to somewhat like System.in.read() - there so many possibilities built into SE API - anyone should get the chance to get used to what one likes best - we can only help on errors and mistakes to get the chosen way right.
2 months ago
I think misunderstanding just happend again.
To further explain myself: if you run a console style code reading from System.in, the main problem is you can't tell the console what input to read as an os-console won't pipe input to Java unless a crlf is triggered by hitting enter.

So, when I expect only an int - I can't tell the os-console to just get me that int but discard the crlf. And that's what most beginners don't understand correctly and therefore make mistakes.

Sure, when I enter a space separated list I can get them with just next() instead of doin a split on a string read by line - but i would still end up with one last empty call to clear the crlf from the input buffer. And for me - it's just another way - but a redundant one as console class or your mentioned buffered read works as easy - you only have to add the parse calls yourself.

btw: I thought about reading binary data with datastreams - not text
2 months ago
the main problem here seems mis-understanding and therefore mis-using of scanner class when using it to read console input

a regular os-level console (as cmd on windows or any tty-shell on linux) use line based logic in use with java

that means: if you somewhere want to read input from console it is all delievered as one line - so its best to only use nextline() and parse the input yourself

usin any other method of scanner only makes sense as tokenized reader when handling file-input with a defined format - all thought datainputstream maybe preferred in such cases - renders scanner almost useless and only raises more confusion as intented when this class was designed


that's just my opinion - but i'm almost only use datastreams in my codes as they fit my needs best
2 months ago