|
|
You don't want to use SHA-256 by itself, because that's a high speed unsalted hash algorithm.
Ulrich Drepper created a good password crypt algorithm which incorporates SHA-256 or SHA-512, but the features that make it resistant to dictionary attack are the salt and the massive iterations over SHA to slow down the algorithm.
BCrypt uses the same techniques to slow down dictionary attacks.
The OP is right that there's no point in using a high speed naked hash algorithm, but BCrypt isn't the only good alternative.
There's also SHACrypt-256 and SHACrypt-512, which have been supported in GNU LibC since October 2007.
Wikipedia has a pretty thorough discussion of the various password hash routines that are in use on Unix/Linux systems, for that matter.
I do know the difference between a Java stack trace and a VM which crashes with a dump of the CPU registers. Platform was Ubuntu 10 LTS and the Oracle JVM.
I also checked the PDF parser. I does not use any native stuff.
Well, I took you at your word about crashing the VM. I was just curious how long ago it was, whose VM you were using, etc.
Huh, who knew. Last I checked, JavaFX was built on top of Swing. Apparently that may have changed with 2.0.
Or maybe not. I can't tell.
But one thing seems pretty clear from screenshots: your JavaFX applications will fit in with the native desktop just about as well as your Swing applications did. Which is to say, "not at all."
JavaFX is its own thing, but they've made it possible to include JavaFX panels in Swing apps.
Swing is definitely functional, and Nimbus doesn't make me want to gouge my eyes out, but it's legacy as a cancerous outgrowth of AWT hurts it too much. It's amazing what they were able to do with that kind of foundation, but it's past time for something better.
I wonder who funded this particular study.
I switched from Facebook to Google+, and I use it almost exclusively now. The population is smaller, but the discussions are better. On Facebook, I'm linked to personal friends, on Google+, I'm linked to people all over based on common interests. I like G+ better.
These days, you do have a quite reasonable alternative to BCrypt available as well, which is Ulrich Drepper's SHA2 based Crypt scheme. It's functionally the same as BCrypt but with the use of a different basic cryptographic operation. Like BCrypt, Drepper's sha-crypt is designed to be as slow as molasses, with the ability to make the operation even slower if you like by explicitly specifying the number of SHA256 or SHA512 passes to perform.
Drepper's SHA256 and SHA512 based Crypt routines are now standard in glibc on Linux, as well as on Solaris and HP-UX, and are likely to natively be supported by PHP and the like on those platforms. If you're looking for an implementation in Java, we have one at ftp://ftp.arlut.utexas.edu/java_hashes/.
The first page of AudioQuest's North America November 2011 pricelist has a beautiful painting of a bunch of wolves staring right at you. A bit on the nose metaphor for AudioQuest's intent to wear you down and consume every last dollar on your carcass.
This company has to be a put-on, right? "Air-Tube Dielectric"?
Other than by using that menu, I mean.
We want to create puppets that pull their own strings. - Ann Marion