Petros Papatheodoru

Ranch Hand
+ Follow
since Aug 24, 2018
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Petros Papatheodoru

May i start with saying that the import-module-package system of python is the most abominable feature that I have ever encountered in any language ever.
With that out of the way, i have a project in pycharm with the following structure:



Also in my src folder i have a .bat file named py_run.bat that allows me to run the program from anywhere like this:

in order for my imports to work I am doing them like this (for example inside
from Extension import Extension (file has a class named Extension)
and this way the project runs from pycharm and from cmd too

But i made pycharm create a test for me (

When i run that i get an error on all my imports that are like that: "from Extension import Extension"
this error: ModuleNotFoundError: No module named 'Extension'

if I change the import to "src.Extension import Extension"
the test runs fine, the program from pycharm runs fine but from the cmd it says
ModuleNotFoundError: No module named 'src'

What is wrong with this language? How can it be so stupid and unintuitive for something so simple to work?
How am I supposed to structure my imports?
Thanks in advance.
2 days ago

Paul Clapham wrote:

Petros Papatheodoru wrote:No leap of logic here, if you provide a key and the program suddenly crashes because of the exception then obviously the key you provided is not the correct key.

It's possible to catch exceptions in Java, you know. And in this case clearly you should, although the reason you gave there isn't the reason to catch the exception. The reason to catch the exception is that programs which suddenly crash when given reasonable inputs are just bad.

Of course I am catching the exception but still I have to provide an output and instead of writing "wrong key" what I am trying to do is display a wrong but believable "password" , which will always be the same for the same value of the key.
1 year ago

Paul Clapham wrote:Most security systems store hashed passwords and not encrypted passwords, they never return a decrypted password to anybody. So I don't understand your system where the user is allowed to retrieve a password.

I completely understand but what I am building is a password manager for myself so I need a way to retrieve the passwords. I know that there is not point really for all this hustle since I will be the only one that uses it, I just like the process and I want to build something robust. And yes, it seems that you understand what I am asking.
1 year ago
No leap of logic here, if you provide a key and the program suddenly crashes because of the exception then obviously the key you provided is not the correct key. Then the process of rejecting possible keys is very easy. On the contrary if you actually have to test the outputed password while trying to log in the account, the process of declining a possible key is much harder. Yes I am trying to build a password manager using Java's existing secure libraries. No reason why I am not using an existing one, I just find it fun as a project and a way to learn a thing or two. My question was very specific nevertheless and all the details are unnecessary. Thanks for your time though.
1 year ago
Ok let me go over this again. Firstly, I am not trying to invent anything by myself. I am using the built in "AES/CBC/PKCS5Padding" algorithm of Java to encrypt/decrypt and store the passwords. The way this works is that you provide a key(user input in my case) to the algorithm and the plain-text password gets encrypted and stored. Later, if the user wants to retrieve a password, he needs to provide a key again, but if that particular key is different than the key that was used to encrypt the password, then the program ends with a BadPaddingException. This is obviously a not wanted behavior as it makes bruteforcing the key very easy. What I want to do instead is actually return a password that is wrong on purpose but seems like something that could be correct. If I just return random characters, then a supposed malicious user could try to decrypt the same password with the same key again and he would get a different result, which is obviously an unwanted behavior. That's way I am looking for a way to encrypt/hash a string using a key with a deterministic result.
1 year ago
Yes Peter I know a thing or two about the details of encryption and hashing and I am indeed using bcrypt and pbkdf2 as the article suggests but for different reasons. What I wanted to do there was a bit more specific.
1 year ago
Yeah don't worry about it, thanks for the opinion. Of course I wasn't trying to invent a cryptographic algorithm or something like that, but I might as well not bother at all.
1 year ago

Stephan van Hulst wrote:If decryption fails, you could convert the key to an index (in the same way a hash table works) and use it to get a word or phrase from a large predetermined dictionary.

This is going to hurt your legitimate users badly though, because they won't be able to tell when they've forgotten their password.

Well I would have to store the dictionary in the source files so I guess it would be easy for someone to just search it.
I am pretty sure I will be the only user of the program, I don't think anybody will bother to try it from my github lol. All of this is unnecessary tbh, no hacker will have access to my computer and bother to try and crack my passwords, but I just want to build something robust for myself. I also don't have a database so he could just delete the file with the data haha. So all of this is in theory, but I am trying to find a way to do this without resorting to something stupid, like using the key for a Ceasar cipher.
1 year ago

Stephan van Hulst wrote:Let me first ask you: why?

Encryption should return a different ciphertext every time. If you circumvent this you will make your ciphertexts easier to decrypt and you may even compromise your secret key.

Indeed. What I am actually doing is using to encrypt the string where "hashedUserKey" is a SecretKeySpec created by a user input and to decrypt the strings.
So the program first asks the user for the key and then it uses that key to encrypt and decrypt the strings. The problem is that if another key is given that the one that was used to encrypt the string, then if i try to decrypt it, I am getting a BadPaddingException so what I am trying to do in that case is actually return something that looks like a legitimate decrypted string that it's value changes with different values of the key but always stays the same if the same key is provided. If you have a better idea, I would like to hear it of course. Thanks
1 year ago
I am looking for a way to encrypt a string given a key, deterministically. Something like: Where "key" is a user input so it isn't stored anywhere, and given the same key the result will always be the same for the same string. How could I achieve something like that?
1 year ago

Stephan van Hulst wrote:Java will automatically search for all classes that are required by your application, but you have to tell the compiler where your source folder is.

The easiest way to build and run your application from the command line is something like this:

The -sourcepath switch tells the compiler where the source folders are, the -d switch tells the compiler where it needs to output class files, and the -cp switch tells the JVM where it must look for compiled classes. Use the project root as the working directory.

Thanks a lot for the explanation!
1 year ago
Hello guys, I have a project in Intellij with the following structure inside the src folder: an "org" folder which contains "" (the file that has my main()) and 2 more folders :"logic", "userInteraction" that contain some classes. The project runs fine inside Intellij but I am not sure how I am supposed to compile and run it with cmd. When I do "cd (path to"  and then "javac" I get the this error:

Is there a more straightforward way to compile all the files without having to provide the full path for each one?
1 year ago
Oh ok, so there is no way to add a string literal in the string pool at runtime because the string pool is already full with all the string literals that your program is going to use, even before it has started executing. So in an expressing like this String s = "Cat" , it doesn't make sense to say that the JVM searches the string pool to find IF the literal "Cat" exists, because it is 100% certain that it is already in there and the JVM just has to return a reference to this object. And in the expression String s = new String("Cat"), "Cat" is already in the string pool but the JVM creates a new object outside the string pool and returns a reference to that object. Did I get it now?
1 year ago