This week's book giveaway is in the Beginning Java forum.
We're giving away four copies of Get Programming with Java (MEAP only) and have Peggy Fisher on-line!
See this thread for details.
Win a copy of Get Programming with Java (MEAP only) this week in the Beginning Java forum!

Matt Wong

Ranch Hand
+ Follow
since Aug 18, 2017
Matt likes ...
MS IE Notepad Suse
Cows and Likes
Cows
Total received
5
In last 30 days
0
Total given
0
Likes
Total received
8
Received in last 30 days
0
Total given
2
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Matt Wong

Tim Holloway wrote:

Junilu Lacar wrote:

Rinu Gour wrote:The & operator is applied to the operand when both the boolean and && operator is evaluated. Once an expression involving the && operator is evaluated, the first operand is evaluated. If the first operand returns a value of true then the second operand is evaluated. The && operator in Java is then applied to the first and second operands. If the first operand evaluates to false, the analysis of the second operand is skipped.



No, that is an inaccurate description.



A more accurate description is that the sub-expression to the left of the && is evaluated and IF FALSE, the right-hand sub-expression is bypassed (short-circuited) and the operation returns false. IF AND ONLY IF the left-hand subexpression evaluates to true, THEN the right-hand subexpression will be evaluated and the operation will return true or false depending on which value the right-hand subxpression returned. This has side effects. If the right-hand subexpression includes one or more method calls, then the calls will not be made if the short-circuit is taken. Nor will prefix/postfix increments and decrements (such as i++) be performed.

The "&" operator technically has two meanings. One is the simple boolean operator, where both left and right sub-expressions are boolean expressions. In that case, the logical AND value for the results of the two sub-expressions will be returned as a logical value.

The other meaning of "&" is as a BITWISE operation, where the binary value on the left-hand side is AND'ed to the binary value on the right-hand side bit by bit. For example, 0110 & 1100 results in 0100.

Some might argue that the boolean & is simply the same thing as bitwise & for a pair of one-bit values, but that's assuming internal implementation details and Java is more abstract than that.



To be even more correct: There is no second meaning on '&' but only one: bitwise and - the reason why it leads to eval of both terms is simple as it's needed to calc the output - as booleans mostly repesented as at least byte or bigger type (most likely native datatype) wich limited to can hold only 0 and 1.

The effect here is: to calc the correct awnser both terms has to be eval down to two 1-bit numbers. There is no such thing as "'&' has the meaning of 'logical and'" as there is no 'logical and' in java - there're only & and &&.
3 days ago
The explanation lies in the documentation to java.lang.Thread: each Thread has an UncaughtExceptionHandler wich is responsible for exactly this situation: when an Exception is thrown in a Thread wich is not caught elsewhere.
The usual behaviour is to print a stack-trace to standard error and terminate the Thread.

I'm sure there is something to be found in the big index about that.
1 week ago
So, I was playing around a bit with BouncyCastle - and got an Exception wich shouldn't happen according to source.

What I tried:

When checking privateKey.getClass().getName() I get com.sun.crypto.provider.DHPrivateKey. But last line throws this Stacktrace:

So I dug through the code - here is what gets called in order:

org.bouncycastle.openssl.jcajce.JcaPEMWriter.writeObject


org.bouncycastle.openssl.jcajce.JcaPEMWriter.writeObject


org.bouncycastle.util.io.pem.PemWriter.writeObject


org.bouncycastle.openssl.MiscPEMGenerator.generate


org.bouncycastle.openssl.MiscPEMGenerator.createPemObject


As far as I understand this whole if-mess in createPemObject the Exception throw should only happen if the passed Object is instanceof org.bouncycastle.asn1.pkcs.PrivateKeyInfo - wich com.sun.crypto.provider.DHPrivateKey obviously isn't. Am I don't getting the right path and get trolled by indentation?
So, I re-indented the code with the missing parenthesis after each else - this is what I came up with:

Is this the real truth table - or am I mis-understanding "else if" and this should better be placed in beginners forum?

As far as I understand blocks with optional parenthesis:



As the last statement line is also another if - it cascades down to:


Am I right with this - or is it here why I think the line "unknown object passed - can't encode." should be thrown? Or did someone at BouncyCastle missed some parenthesis somewhere so the flow is different from what the dev might thought it would be?

Also: THAT'S the reason why one should never omit parenthesis even if it's allowed.

I just don't understand how the flow ends in "Cannot identify private key" when, as far as I understand it, to end up there Object needs to be instanceof PrivateKeyInfo.

I also had it run through de-compiler - here's the output:

So, to get to the Exception "Cannot identify private key" Object indeed has to be instanceof PrivateKeyInfo - wich com.sun.crypto.provider.DHPrivateKey neither is nor could - I'm not seeing it ...
1 week ago
To extend my answer:

A regular StackTrace would only gotten this far:

the additional

is added by the logging code (so a custom Thread.UncaughtExceptionHandler is in place) to point you to the additional lib wich contains this class.
In this case the ":?" is, as Tim Holloway pointed out, missing debug information - most likely the file-name like "/org/eclipse/presistence/jaxb/JAXBContextFactory.class" or something along those lines. Why it's missing might be because it seems an internal lib of the app server runtime and therefore these informations are just omitted as they known to those who need them (namely the developers of this lib and the runtime overall).

Example: When I put debug Exceptions in my codes - I just use RuntimeExceptions with "#" as a unique identifier - as I know where it is and how it could happen - there is no need for any additional debug information blown out to the user (so for my lines there would be "unknown source" instaead of source-file-name and line-number).

The reason why it only shows up on certain lines might be because the logging logic is smart enough to figure out that the same class or sourcefile showed up earlier so it's known and can be found in the rest of the trace. Unless something breaks, don't worry about - it might be just a "info" or "debug" log - most issues arise at log levels "warn" or higher.
3 weeks ago
Well, according to many possible solutions - this comes down to "What you want to accomplish?". Just to puzzle together a few lines just to implement a counter wich can be triggered remotely by different clients can be done in PHP. The question arises: What do you want to do with this counter? Are the clients supposed to get the number back? Is the main server instance supposed to do something with the clients or thier requests in the order they increased the counter so they build a distributed synched queue?
3 weeks ago


org.eclipse.persistence.jaxb.JAXBContextFactory.createContext - the current method
JAXBContextFactory.java:165 - line-number in source
[org.eclipse.persistence.moxy-2.6.4.jar:?] - jar-file containing .class-file loaded into vm
about the ":?" - don't know - but it looks like its run inside an IDE and the logging factory tries to give some debug-information that's currently not available to the runtime

so this line of the stacktrace is to help follow the path lead to the line that thrown the exception from either main() or most likely any Thread.run()
4 weeks ago
how about the object oriented way: create a class Card wich holds the face and color - put 52 or how many you need in a list - shuffle the list and jus pick the first one?
this moves your random() call into the implementation of the shuffle method
also you can do more stuff with lists and maps (collections in general) to further reduce the effort of creating your card objects
and a factory wich takes the faces and colors (assuming that all faces are the same for all colors) and you can get away with just few lines for your card class and a factory to create a shuffled deck
1 month ago
Addition: please look at your other thread: don't try to implement your own crypto.

CRC isn't an easy task. It requires you to understand polynomial division and the Galois field - wich isn't easy but rather advanced math. You should use what's available:

java.util.zip.CRC32

or apache commons.


Also personal note: Looks like you lack some Java basics - you should learn them first before you try to get into cryptographic stuff like checksum, hash, RSA and others - but that's just my opinion on your knowledge based on your questions.
1 month ago
so - first of all - I cleaned up your code - re-formatted it - and, most important of all - put it into code-tags:


so - now lets try to split up what you tried - what you did - and what went wrong

Line 33/34

yes - it's "legal" java code - but - conventions states, that each variable is written in its own line - so it should look like this:

next logic issue: primitives always set to thier defaults - for int default is 0 - but - it makes a difference if you just declare a reference - or if you correctly initialize it
also - convention: variables use "lowerCamelCase"
to pretty it up - that's what it should look like:


next we got at line 36 - Scanner-mess

Ok - you got it working - but I guess only by luck - you shouldn't try to read console input this way.
Here you have a more reliable one:

So here is something a bit more common - so it's also way better recognized by experienced coders:


I'm not quite sure about that "less than (p*q)-z" - but "equal to" is surely wrong as this would result in "0" - so it has to be "less than". Also - you're using Euler PHI function - so your "z" should named "phi" or "phiN":

Just look at my code - or at SUNs code.

So you say your message should be "less than or equal" than: p x q - phiN
No parentheses need as basic math rule states: "multiply/divide always comes before addition/subtraction" - so writing "p x q - phiN" implies you also do "p x q" first - wich is N - and then do "N - phiN" as second step.
Also we now see - this is wrong. In RSA message has to be one bit shorter than modulus: for RSA2048 with N.length 2048 message can up to 2047 bits - as we use 8 bit per byte in modern computers - next lowest value would be 2040bits - this is clearly bigger than "N - phiN". Remember: phiN is (p-1) x (q-1), so you would end up with limit of:

p x q - (p-1)x(q-1)

Simple not-so-real-world-example with some big primes:

p=63709
q=48487

We ignore that it should be: p < q - for this example. <br /> <br /> N=3089058283 <br /> phiN=(63709-1)x(48487-1)=63708x48486=3088946088 <br /> <br /> So with your limit you would end up with just 112195 - wich is just 17 bits - but you could go up to 31 bits - wich would be 2147483647 - when bound to 8bit-per-byte - we would end up with 24bits wich would be 16777215. <br /> <br /> Next: line 48 <br />
Ok - text says what you try to get here - a random number co-prime to phiN. At least you're doin the right thing wich I didn't - you checked for co-prime.
Why is co-prime important? If you get a non-co-prime you end up with a multiple of phiN wich ends up in "0" after modulus.

Line 54

Not sure about that - about it looks like modInverse to calculate d. This is already in Java: BigInteger.modInverse().

Last line: 9

I didn't even tried to understand what you tried to do here - but "for();" is just an empty loop after wich you do nothin with your counter so you end up with just return x%n - wich obviously isn't the RSA "magic" function: msg^e mod N.


So, after going through your code one can easy spot some issues wich clearly breaks what ever you tried to accomplish.
This is why you should not try to implement your own crypto - and as you seen - I missed check for co-prime - so even I'm really into this stuff - I also made a huge mistake wich could end up in just "0" by getting unlucky with primes. Even the bit I posted below wich at least tries to go for somewhat like anonymous RSA with AES - it's garbage and shouldn't used even for local file encryption.

If you want I could go for way more secure way using BouncyCastle wich provides secure ways to generate and handle local file encryption. For network connections you should go with TLS - wich Java always brings along and needed certificates can easy generated with openssl or with BouncyCastle.
1 month ago
uhm - just short and stupid question: Is it possible to access DNS with JavaScript in the browser without "external service" hosted back on my server?

Matt
neither I understand the topic nor read it - BUT: you're saving raw, un-hashed/-ecrypted, plain-text credentials in your database - NOPE! It's this point you're doing it wrong. NEVER, under any circumstances, save private credentials in plain-text!

passphrases should always be hashed with a salt - so that even two users choose same password it creates different hashes when random salts are used.

also, as already asked: why you want to change hashing with encryption? AES would allow you to securely store the passphrases in encrypted form - but to use them you either have to decrypt them - or encrypt user input and compare - this means: you have to store the AES-key somewhere - and if you do this - you most likely end up same key and IV on more than one dataset - wich breaks AES as you can then compute key an IV from two datasets wich uses same values - same as saving the key right next to the encrypted passphrase - wich, when leaked, is same as saving plaintext


correct way to do: challenge-response:

when a user registers, you randomly generate a salt - concat it with the passphrase the user chose and save the salt an hash in database
when a user wants to login - you generate a session nounce - send it to the client - and the client then have to perform some hashing based on its passphrase and the given nounce - and reply back - you're donin same on server side and compare results - if they match - user proven knowledge of phrase - or at least something generating same hash - wich, with sha256, takes 32 bytes of input to find a collision - larger than most passphrases - therefor pretty much secure - without the real passphrase ever is transmitted - and so it can'T cought on mitm - and session nounce denies replay-attacks
1 month ago
file a support ticket for this issue on microsoft-support as it's something wrong with thier server - doesn't seem anything with your code - so we can't help
1 month ago
I didn't tried to read your stuff as
1) it doesn't use code tags
2) uses 32-bit ints
3) input is wrong as you re-use one of the primes

Wikipedia uses these values:

p = 61
q = 53

This gives N = p x q = 61 x 53 = 3233

EN.wiki uses Carmichael's totient function - I don't know this and instead use what Java uses and what is used on DE.wiki: Euler's totient function - wich is: phi(N) = (p-1) x (q-1) = (61 - 1) x (53 - 1) = 60 x 52 = 3120

Now you have to choose e - wich has to be co-prime to phi(N) - this where you made your mistake and re-used p - NO! - you have to use something else! In real security a common used value is 65537 - wich is 2^16+1 - 4th Fermat number. Wiki choosen e = 17.

So, public key is (N,e) = (3233,17)

Now, you have to calculate d - and this is where standard API comes in - java.math.BigInteger offers the method modInverse() wich is also used in SUNs RSA implementation - wich in this case gives you d = 413.

So, private key is (N,d) = (3233,413)

Then the RSA-"magic" is : m^e mod N - where m is the message - your code shows two errors:

for(j=1;j<=y;j++); <br /> <br /> Dang - loop without body. <br /> <br /> k=(k=x)%n; <br /> <br /> I doubt this is valid java code. Also, whatever this is meant to do - it's not what you think. Again, this is where standard API offers (and is used) : BigInteger.modPow(). <br /> <br /> To sum it up: <br /> <br /> <br /> According to grepcode - this is real java code: <br /> <br /> <br /> So, it's easy to spot that something is wrong with what you tried, as 30^5 mode 35 cleary isn't 30 - but 25. <br /> <br /> Advice: don't try to write your own security - use what Java already provides and what's common: create random AES key - wrap with RSA and use AES for message encryption - this looks - warning: bad code incoming - something like this: <br /> <br /> <br />


But what you really should use is TLS. Hint: for generating certificate either use OpenSSL if you have access to linux - otherwise you can get a PKI up with bouncycastle. But that's a topic for another thread.
1 month ago
I'm using a LinkedList as a Deque in my Monopoly and "move" it to the right index - and then just using foreach.

A LinkedList allows a simple implementation of a Stack you can think of as a wheel wich you turn to change the index but otherwise keep the order - and you can turn it in both ways.
1 month ago
well - aside from the stacktrace doesn't match up with the posted code ...

1) what the hell is "extends Swing" ?
2) carefull reading line by line - posted code lacks init of button-groups - wich in posted code is 135 - try to use group1.add() but never used group1=new ButtonGroup()
3) you had 2 hour deadline at time of post - now it's 4 days gone - what's your result - what happend as deadline passed?
1 month ago