Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read alot
and I've followed most of the advice that made sense. One comment I've seen
alot about is "securing the hashing routine" but no-one explains how to
accomplish this. So how do I secure my hashing routine? Do I use code
access security, role based security, ACLs, etc or combination? And if
combination what combination is the best? The routines will be used by two
"applicatio ns." A ASP.NET and a Windows application. It already has a
strong name and is installed in the GAC. How do I prevent it from being run
by any code besides our two applications? Should it be installed in the
GAC? And if not, how to I guarantee the two applications are using the same
version?
Thanks for your help,
Scott
11  3434 
"Wm. Scott Miller" <Sc**********@s pam.killer.wvin surance.gov> wrote in
message news:OP******** ******@TK2MSFTN GP10.phx.gbl... Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read alot
and I've followed most of the advice that made sense. One comment I've
seen alot about is "securing the hashing routine" but no-one explains how to
accomplish this. So how do I secure my hashing routine?
Scott
Disregard that piece of advice "securing the hashing routine" - publish your
hashing routine for all to see, and then and only then can you be sure that
it is a *good* algorithm.
regards
roy
If you use microsoft's hashing algorithms, you dont have to worry about that.
It comes with the SDK.
"Wm. Scott Miller" wrote: Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read alot
and I've followed most of the advice that made sense. One comment I've seen
alot about is "securing the hashing routine" but no-one explains how to
accomplish this. So how do I secure my hashing routine? Do I use code
access security, role based security, ACLs, etc or combination? And if
combination what combination is the best? The routines will be used by two
"applicatio ns." A ASP.NET and a Windows application. It already has a
strong name and is installed in the GAC. How do I prevent it from being run
by any code besides our two applications? Should it be installed in the
GAC? And if not, how to I guarantee the two applications are using the same
version?
Thanks for your help,
Scott
When using one way hashing like this, you always have one issue - securing
the password/key passed to the keyed hash. I assume your using a "keyed"
hash like HMACSHA1 or a keyed MD5 to hash your secret. Some options are:
1) string encrypted in your program using obfuscator (better then nothing,
but probably not great.)
2) Protected via ACLs in registry, file or smartcard (or others).
3) Use DPAPI to set and get your password in the OS. See http://msdn.microsoft.com/library/de...l/secmod21.asp
Of the three, DPAPI is probably the best. It is still not perfect as a user
logged in using same user account as app used can decrypt the data. If you
use the machine store, any user could decrypt the data unless you use
additional entropy. So possible a slightly better approach may be to use
machine store so any user on local machine could use your program and keep
your "entropy" encrypted in your program (via obfuscator encryption.) So
not a hacker needs to hack your assembly to figure out general idea of what
your doing, somehow decrypt your entropy (i.e. second pw) and then figure
out how to get data from DPAPI and what store your used, etc. As you can
see, you could keep jumping through hoops hiding data until your blue and
still not get 100% protection.
Possibly a better approach is to use RSA private/public key and client only
knows public key. That way, you have nothing you need to hide. You still
need to protect your client apps public key so it can't be replaced by a
hackers public key, etc.
Naturally, none of this matters if your code is plain .net as hacker can use
ildasm and ilasm to round trip your code and do remove your protections and
public key removing the strong name checking at assembly load time. Only
thing that helps this is obfuscating using a good one (I use and like
XenoCode which also prevents ildasm on your assemblies). Getting to a point
where the only option for the hacker is to hack your code is probably the
best effort and should be the goal I would think.
--
William Stacey, MVP http://mvp.support.microsoft.com
"Wm. Scott Miller" <Sc**********@s pam.killer.wvin surance.gov> wrote in
message news:OP******** ******@TK2MSFTN GP10.phx.gbl... Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read alot
and I've followed most of the advice that made sense. One comment I've
seen alot about is "securing the hashing routine" but no-one explains how to
accomplish this. So how do I secure my hashing routine? Do I use code
access security, role based security, ACLs, etc or combination? And if
combination what combination is the best? The routines will be used by
two "applicatio ns." A ASP.NET and a Windows application. It already has a
strong name and is installed in the GAC. How do I prevent it from being
run by any code besides our two applications? Should it be installed in the
GAC? And if not, how to I guarantee the two applications are using the
same version?
Thanks for your help,
Scott
Roy:
We are using an already verified *good* algorithm but have added "spice and
salt" to the routine. This was done to make the routine "slow" enough to
make dictionary attacks a lengthy process.
Scott
"Roy Fine" <rl****@twt.obf uscate.net> wrote in message
news:Oh******** ******@TK2MSFTN GP15.phx.gbl...
"Wm. Scott Miller" <Sc**********@s pam.killer.wvin surance.gov> wrote in
message news:OP******** ******@TK2MSFTN GP10.phx.gbl... Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read
alot and I've followed most of the advice that made sense. One comment I've seen alot about is "securing the hashing routine" but no-one explains how to
accomplish this. So how do I secure my hashing routine?
Scott
Disregard that piece of advice "securing the hashing routine" - publish
your hashing routine for all to see, and then and only then can you be sure
that it is a *good* algorithm.
regards
roy
I've noticed by searching the groups that you are a strong supporter of the
"keyed" approach. So, what are the advantages and disadvantages of using
keyed vs non-keyed hashes?
Thanks,
Scott
"William Stacey [MVP]" <st***********@ mvps.org> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. .. When using one way hashing like this, you always have one issue - securing
the password/key passed to the keyed hash. I assume your using a "keyed"
hash like HMACSHA1 or a keyed MD5 to hash your secret. Some options are:
1) string encrypted in your program using obfuscator (better then nothing,
but probably not great.)
2) Protected via ACLs in registry, file or smartcard (or others).
3) Use DPAPI to set and get your password in the OS. See
http://msdn.microsoft.com/library/de...l/secmod21.asp
Of the three, DPAPI is probably the best. It is still not perfect as a
user logged in using same user account as app used can decrypt the data. If
you use the machine store, any user could decrypt the data unless you use
additional entropy. So possible a slightly better approach may be to use
machine store so any user on local machine could use your program and keep
your "entropy" encrypted in your program (via obfuscator encryption.) So
not a hacker needs to hack your assembly to figure out general idea of
what your doing, somehow decrypt your entropy (i.e. second pw) and then figure
out how to get data from DPAPI and what store your used, etc. As you can
see, you could keep jumping through hoops hiding data until your blue and
still not get 100% protection.
Possibly a better approach is to use RSA private/public key and client
only knows public key. That way, you have nothing you need to hide. You still
need to protect your client apps public key so it can't be replaced by a
hackers public key, etc.
Naturally, none of this matters if your code is plain .net as hacker can
use ildasm and ilasm to round trip your code and do remove your protections
and public key removing the strong name checking at assembly load time. Only
thing that helps this is obfuscating using a good one (I use and like
XenoCode which also prevents ildasm on your assemblies). Getting to a
point where the only option for the hacker is to hack your code is probably the
best effort and should be the goal I would think.
--
William Stacey, MVP
http://mvp.support.microsoft.com
"Wm. Scott Miller" <Sc**********@s pam.killer.wvin surance.gov> wrote in
message news:OP******** ******@TK2MSFTN GP10.phx.gbl... Hello all!
We are building applications here and have hashing algorithms to secure
secrets (e.g passwords) by producing one way hashes. Now, I've read
alot and I've followed most of the advice that made sense. One comment I've
seen alot about is "securing the hashing routine" but no-one explains how to
accomplish this. So how do I secure my hashing routine? Do I use code
access security, role based security, ACLs, etc or combination? And if
combination what combination is the best? The routines will be used by
two "applicatio ns." A ASP.NET and a Windows application. It already has a
strong name and is installed in the GAC. How do I prevent it from being
run by any code besides our two applications? Should it be installed in the
GAC? And if not, how to I guarantee the two applications are using the
same version?
Thanks for your help,
Scott
Well in my mind, when using non-keyed hash, you don't need a password to
create the same the hash using the same data. So anyone can look at your
code and figure out you are just using sha (for example) to create your hash
and do the same. Keyed hash gives you a level of security as you need to
know the "key" to gen the same hash. Its like needing to know the password.
Now you need to secure the "shared" password as both sides need to use the
same one. Unfortunately, this means you need to embed it in your code or in
a resource. So you could "hide" it in multple parts of your app and/or use
obfuscator crypto on the string or strings you will combine to create your
clear password. You could then use something like a combination of DPAPI
and the ISO store to store the encrypted key. So you need to be the user
who stored the key and the assembly (I think using ISO) to retreive the key.
The issue is still the first part - where to store the password so I can get
it, encrypt it, and store it? I keep coming back to string crypto using
obfuscator, but maybe there is a better way? Naturally, you may be able to
avoid the above by using PKI public key method. It would depend on what
your doing I guess. Anyway, hth.
From MS HMACSHA1 docs:
"...A keyed hash algorithm is a key-dependent, one-way hash function used as
a message authentication code. Only someone who knows the key can verify the
hash. Keyed hash algorithms provide authenticity without secrecy.
Hash functions are commonly used with digital signatures and for data
integrity. HMACSHA1 is an example of a keyed hash algorithm."
--
William Stacey, MVP http://mvp.support.microsoft.com
"Wm. Scott Miller" <Sc**********@s pam.killer.wvin surance.gov> wrote in
message news:Om******** ******@TK2MSFTN GP11.phx.gbl... I've noticed by searching the groups that you are a strong supporter of
the "keyed" approach. So, what are the advantages and disadvantages of using
keyed vs non-keyed hashes?
Thanks,
Scott
"William Stacey [MVP]" <st***********@ mvps.org> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. .. When using one way hashing like this, you always have one issue -
securing the password/key passed to the keyed hash. I assume your using a
"keyed" hash like HMACSHA1 or a keyed MD5 to hash your secret. Some options
are: 1) string encrypted in your program using obfuscator (better then
nothing, but probably not great.)
2) Protected via ACLs in registry, file or smartcard (or others).
3) Use DPAPI to set and get your password in the OS. See
http://msdn.microsoft.com/library/de...l/secmod21.asp
Of the three, DPAPI is probably the best. It is still not perfect as a
user logged in using same user account as app used can decrypt the data. If
you use the machine store, any user could decrypt the data unless you use
additional entropy. So possible a slightly better approach may be to
use machine store so any user on local machine could use your program and
keep your "entropy" encrypted in your program (via obfuscator encryption.)
So not a hacker needs to hack your assembly to figure out general idea of
what your doing, somehow decrypt your entropy (i.e. second pw) and then
figure out how to get data from DPAPI and what store your used, etc. As you
can see, you could keep jumping through hoops hiding data until your blue
and still not get 100% protection.
Possibly a better approach is to use RSA private/public key and client
only knows public key. That way, you have nothing you need to hide. You
still need to protect your client apps public key so it can't be replaced by a
hackers public key, etc.
Naturally, none of this matters if your code is plain .net as hacker can
use ildasm and ilasm to round trip your code and do remove your protections
and public key removing the strong name checking at assembly load time.
Only thing that helps this is obfuscating using a good one (I use and like
XenoCode which also prevents ildasm on your assemblies). Getting to a
point where the only option for the hacker is to hack your code is probably
the best effort and should be the goal I would think.
--
William Stacey, MVP
http://mvp.support.microsoft.com
"Wm. Scott Miller" <Sc**********@s pam.killer.wvin surance.gov> wrote in
message news:OP******** ******@TK2MSFTN GP10.phx.gbl... Hello all!
We are building applications here and have hashing algorithms to
secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice that made sense. One comment
I've seen alot about is "securing the hashing routine" but no-one explains how
to accomplish this. So how do I secure my hashing routine? Do I use
code access security, role based security, ACLs, etc or combination? And
if combination what combination is the best? The routines will be used
by two "applicatio ns." A ASP.NET and a Windows application. It already has
a strong name and is installed in the GAC. How do I prevent it from
being run by any code besides our two applications? Should it be installed in
the GAC? And if not, how to I guarantee the two applications are using
the same version?
Thanks for your help,
Scott
Correct me if I'm wrong, but storing the password using DPAPI is a good idea
in theory and does make for an extra step for the hacker, but encypting
anything using DPAPI is meaningless in the case of a web server being
compromised on port 80 because the hacker will be running under the context
of the user account that the web server is running which has access to any
DPAPI encrypted values. Additionally, any hacker with their salt (sorry, no
pun intended), will know the DPAPI approach due to is popularity.
The DPAPI option only assists in the case where the server can be
compromised from another server/computer/service. This is where, when using
DPAPI with a user account, the "key" will be protected. If these are not
concerns because of other counter measures taken, then DPAPI is a waste of
time to implement, except for the "defense in depth" argument.
So ***if*** port 80 is the only attack vector, DPAPI provides very limited
additional protection because key or non-keyed routines are equally
compromised with a hacker really wanting to get in.
Is this right or am I missing something?
Scott
"William Stacey [MVP]" <st***********@ mvps.org> wrote in message
news:eZ******** ******@TK2MSFTN GP12.phx.gbl... Well in my mind, when using non-keyed hash, you don't need a password to
create the same the hash using the same data. So anyone can look at your
code and figure out you are just using sha (for example) to create your
hash and do the same. Keyed hash gives you a level of security as you need to
know the "key" to gen the same hash. Its like needing to know the
password. Now you need to secure the "shared" password as both sides need to use the
same one. Unfortunately, this means you need to embed it in your code or
in a resource. So you could "hide" it in multple parts of your app and/or
use obfuscator crypto on the string or strings you will combine to create your
clear password. You could then use something like a combination of DPAPI
and the ISO store to store the encrypted key. So you need to be the user
who stored the key and the assembly (I think using ISO) to retreive the
key. The issue is still the first part - where to store the password so I can
get it, encrypt it, and store it? I keep coming back to string crypto using
obfuscator, but maybe there is a better way? Naturally, you may be able
to avoid the above by using PKI public key method. It would depend on what
your doing I guess. Anyway, hth.
From MS HMACSHA1 docs:
"...A keyed hash algorithm is a key-dependent, one-way hash function used
as a message authentication code. Only someone who knows the key can verify
the hash. Keyed hash algorithms provide authenticity without secrecy.
Hash functions are commonly used with digital signatures and for data
integrity. HMACSHA1 is an example of a keyed hash algorithm."
--
William Stacey, MVP
http://mvp.support.microsoft.com
"Wm. Scott Miller" <Sc**********@s pam.killer.wvin surance.gov> wrote in
message news:Om******** ******@TK2MSFTN GP11.phx.gbl... I've noticed by searching the groups that you are a strong supporter of the "keyed" approach. So, what are the advantages and disadvantages of
using keyed vs non-keyed hashes?
Thanks,
Scott
"William Stacey [MVP]" <st***********@ mvps.org> wrote in message
news:%2******** ********@TK2MSF TNGP14.phx.gbl. .. When using one way hashing like this, you always have one issue - securing the password/key passed to the keyed hash. I assume your using a "keyed" hash like HMACSHA1 or a keyed MD5 to hash your secret. Some options are: 1) string encrypted in your program using obfuscator (better then nothing, but probably not great.)
2) Protected via ACLs in registry, file or smartcard (or others).
3) Use DPAPI to set and get your password in the OS. See
http://msdn.microsoft.com/library/de...l/secmod21.asp
Of the three, DPAPI is probably the best. It is still not perfect as
a user logged in using same user account as app used can decrypt the data.
If you use the machine store, any user could decrypt the data unless you use
additional entropy. So possible a slightly better approach may be to use machine store so any user on local machine could use your program and keep your "entropy" encrypted in your program (via obfuscator encryption.) So not a hacker needs to hack your assembly to figure out general idea of
what your doing, somehow decrypt your entropy (i.e. second pw) and then figure out how to get data from DPAPI and what store your used, etc. As you can see, you could keep jumping through hoops hiding data until your blue and still not get 100% protection.
Possibly a better approach is to use RSA private/public key and client
only knows public key. That way, you have nothing you need to hide. You still need to protect your client apps public key so it can't be replaced by
a hackers public key, etc.
Naturally, none of this matters if your code is plain .net as hacker
can use ildasm and ilasm to round trip your code and do remove your
protections and public key removing the strong name checking at assembly load time.
Only thing that helps this is obfuscating using a good one (I use and like
XenoCode which also prevents ildasm on your assemblies). Getting to a
point where the only option for the hacker is to hack your code is probably the best effort and should be the goal I would think.
--
William Stacey, MVP
http://mvp.support.microsoft.com
"Wm. Scott Miller" <Sc**********@s pam.killer.wvin surance.gov> wrote in
message news:OP******** ******@TK2MSFTN GP10.phx.gbl...
> Hello all!
>
> We are building applications here and have hashing algorithms to secure > secrets (e.g passwords) by producing one way hashes. Now, I've read
alot > and I've followed most of the advice that made sense. One comment I've seen
> alot about is "securing the hashing routine" but no-one explains how to > accomplish this. So how do I secure my hashing routine? Do I use code > access security, role based security, ACLs, etc or combination? And if > combination what combination is the best? The routines will be used by two
> "applicatio ns." A ASP.NET and a Windows application. It already
has a > strong name and is installed in the GAC. How do I prevent it from being run
> by any code besides our two applications? Should it be installed in the > GAC? And if not, how to I guarantee the two applications are using the same
> version?
>
> Thanks for your help,
> Scott
>
>
> Correct me if I'm wrong, but storing the password using DPAPI is a good
idea in theory and does make for an extra step for the hacker, but encypting
anything using DPAPI is meaningless in the case of a web server being
compromised on port 80 because the hacker will be running under the
context of the user account that the web server is running which has access to any
DPAPI encrypted values. Additionally, any hacker with their salt (sorry,
no pun intended), will know the DPAPI approach due to is popularity.
(Thinking out load. Please correct if wrong.) If that is the concern then
nothing you do would help. A hacker would need to somehow gain command
level access to your machine via port 80 to be able to exec os commands,
call APIs, etc - no? Is there such an existing attack in IIS/web services?
If there is, millions have bigger issues for a start. So for rest of talk,
lets assume that is not possble (as if it were, we would just unplug our
boxes and wait for a fix or take our chances.) Not sure if it matters if
dpapi is popular or not. It was introduced in NT 4.0 I think but did not
work in somel cases from what I read. W2K and latter was when people really
started using it so not sure it is that popular yet. However it still needs
to standup to popular use, else it is not worth anything as you say.
I could keep spinning here, but still not exactly what your trying to do.
Could you outline (from client to server and back) what your trying to do
exactly and what techs you want to use? Example:
1) Windows client gets password and hashes via xyz using shared secret, etc.
2) Client calls IIS web service for xyz.
3) Web server does xyz and returns xyz to client.
4) ...
Using only IIS web services at server? What about WSE and security? What
about SecureXML? Using web services at Windows client? Some more detail
would help drive further talk. Thanks for interesting discussion.
--
William Stacey, MVP http://mvp.support.microsoft.com
As for the existance of such a vunerability, I would have to say yes
considering that most of the security sites I read say stuff like "complete
compromise of the server" next to IIS. That to me sounds like being able to
get access to os commands. That is of course for a vunerability that has a
patch, but as we have seen in the past several months/years more and more
vunerabilities are being discovered in almost all software on production
systems worldwide. (Most companies are starting to think of
security....Mic rosoft being the biggest company to finally jump on board)
With that in mind, there is the **possibility** that such a vunerability
still exists and has not been discovered/patched yet. As long as we patch
our systems and keep them up-to-date, the probability of such an attack
becomes more remote, but not altogether impossible.
The original question, was on the line of the "prudent man rule" and was a
query about securing the actual DLL that contains the code of the routine.
On those lines, is that something I should worry about? And, if so, what
should I look into, research, do to accomplish the most secure environment
in the least amount of time. In my reaserch into web site security, they
say that the more elements that are available to the cracker, the more
likely they are to be able to obtain the information you are securing. So,
I'd like to make it as hard as possible to obtain:
1. Actual hashes stored in my system
2. Algorithm I use to generate hashes
3. Their own hashes for dictionary attacks
Number 2 was the issue of the original question as I have a pretty good (I
think) plan for #1 and #3 because of my research. Your point on using a
"keyed hash" interested me because it holds the possibility of increasing
the security of the hashes, which is why I wanted to know more. But all new
things have to be held up against the questions "What does this buy me?" and
"Is it worth the time and money to implement?" That is maybe why I came
across a so dead set against "keyed hashes" but I was just looking into the
first question. I'm still interested in the keyed approach, I'm not sure if
it buys me any more security, though, because in all my research, you are
the first place I've heard to use them (which doesn't mean much as I haven't
real every security article on the web).
So maybe we can approach it this way:
What will keyed hashes buy me in terms of security?
AND
How long will it take to implement and is it worth that much time and money
based on the answer to question #1?
Scott
"William Stacey [MVP]" <st***********@ mvps.org> wrote in message
news:uh******** ******@TK2MSFTN GP10.phx.gbl... Correct me if I'm wrong, but storing the password using DPAPI is a good idea in theory and does make for an extra step for the hacker, but encypting
anything using DPAPI is meaningless in the case of a web server being
compromised on port 80 because the hacker will be running under the
context of the user account that the web server is running which has access to
any DPAPI encrypted values. Additionally, any hacker with their salt
(sorry, no pun intended), will know the DPAPI approach due to is popularity.
(Thinking out load. Please correct if wrong.) If that is the concern
then nothing you do would help. A hacker would need to somehow gain command
level access to your machine via port 80 to be able to exec os commands,
call APIs, etc - no? Is there such an existing attack in IIS/web
services? If there is, millions have bigger issues for a start. So for rest of
talk, lets assume that is not possble (as if it were, we would just unplug our
boxes and wait for a fix or take our chances.) Not sure if it matters if
dpapi is popular or not. It was introduced in NT 4.0 I think but did not
work in somel cases from what I read. W2K and latter was when people
really started using it so not sure it is that popular yet. However it still
needs to standup to popular use, else it is not worth anything as you say.
I could keep spinning here, but still not exactly what your trying to do.
Could you outline (from client to server and back) what your trying to do
exactly and what techs you want to use? Example:
1) Windows client gets password and hashes via xyz using shared secret,
etc. 2) Client calls IIS web service for xyz.
3) Web server does xyz and returns xyz to client.
4) ...
Using only IIS web services at server? What about WSE and security? What
about SecureXML? Using web services at Windows client? Some more detail
would help drive further talk. Thanks for interesting discussion.
--
William Stacey, MVP
http://mvp.support.microsoft.com
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Michael Pernkopf |
last post by:
Hy NG,
i´m looking for an object-oriented method (or programmed example) for
an algorithm to treat an extendible hashing table.
Does anyone know a ressource, where i can find information about
implementing such an algorithm, or maybe a finished example?
greetings, Michael
|
by: MuZZy |
last post by:
Hi,
Is there any guarantee that MD5 hashing algorithm implementation will
not change in the next .NET version unlike what's happened to
String.GetHashcode?
Thank you,
MuZZy
|
by: Harold Crump |
last post by:
Greetings,
I have a fairly vanilla PHP web application that stores and retrieves
data in a MySQL database.
Users will be adding a lot of special characters such as single and
double quotes, accented French characters, etc.
I want to eliminate any potential for XSS or SQL injection attacks.
My question - is it enough to pass all user input through the
|
by: Maya |
last post by:
Hello all,
I'm using MD5 hashing in my application to give unique values to huge
list of items my application receives, originally every item's name was
difficult to use as an id for this item although its unique but because
it had certain characters and variable lengths I ended up using MD5
hashing of the name.
|
by: wkatz |
last post by:
Hi, Gurus. What hashing algorithm outputs hash value as numbers only? For example, if you pass a “John Q. Public” it will output 23324. If there is no such hashing, how hard is it to hire somebody to write a fairly quick one? It could be some fast hashing and then another function that creates numbers. Much obliged. wkatz.
| | |
by: Andrew Robinson |
last post by:
I am working on a pretty simple e-commerce web site that will sell our
company gift cards online. Our company and merchant policy prohibits us from
storing credit card numbers in any way once we clear the transaction using
Pay Flow. To help protect against fraud, I would like to know when the same
card number is used to make more than one purchase in a given period of
time.
Would hashing card numbers and then storing and comparing hashes...
|
by: zoro |
last post by:
separate chaining and linear probing are two implementation in hashing that
we use to reduce collisions.
i know that linear probing is the fastest in general than other
implemenataions.
but what i'm confused a bout is when the collisions are frequent,which of
these implementations will allow fastest searches?
|
by: January Weiner |
last post by:
Hello,
I need to use a hashing function for relatively short strings (roughly 16
characters or less). The data that needs to be accessed via hash is just a
simple int. I just need to look up values in two dimensional matrices each
time that I encounter a pair of these strings.
I would like to keep the code as simple and standard as
possible, but at the same time to have a reasonable performance.
|
by: Les Desser |
last post by:
In article
<fcebdacd-2bd8-4d07-93a8-8b69d3452f3e@s50g2000hsb.googlegroups.com>, The
Frog <Mr.Frog.to.you@googlemail.comMon, 14 Apr 2008 00:45:10 writes
Thank you for that. It was very clear and I actually understand it!
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
