The Importance of Hashing Passwords, Part 4: The Hardware Threat

The third part of this series presented PBKDF2 as a modern key derivation and password hashing algorithm. But PBKDF2 has its limitations; for best protection against password cracking the iteration count (defining the computing power needed to hash a password) should be chosen as high as possible. On the other hand, a higher iteration count also means that a login of a regular user will be slower. The maximal time users are prepared to wait for a successfull login will limit the maximal iteration count which you can choose for the available computing power.

For some time we could at least assume that all but the most resourcefull attackers will have roughly the same computing power at hand as the defenders have on their login servers. An attacker might be able to set up (and finance) hardware to hash passwords 100 or even 1000 times faster than a server, but this could be compensated for by a sufficiently high iteration count. However, by using hardware specialized towards massively parallel execution of hashing operations the relation of the average servers and the potential attackers “hashing power” shifted more and more to the advantage of the attacker. Hashing algorithms like the scrypt algorithm presented in this Blog article attempt to shift this relation back in favor of the defender.

Lesen Sie mehr

Getting a native App feeling with HTML5, CSS3 and Javascript, Part 3

In this third part of how to get a native app feeling with HTML, Javascript and CSS we will build a basic but solid navigation system. This is where we start building our application and influence our know-how from part 1 and part 2.

While my colleague at Point Software, François Scheurer, is working on his next article of how to make a chess game in the Scala programming language, we will use our know-how gained in the last two parts of this series to build the frontend of the game.

Lesen Sie mehr

Secret sharing step by step

In this blog article I will show the different types of secret sharing methods especially the common used Shamires secret sharing method. Thereafter I will explain the mathematical background of this procedure.

What is Secret Sharing about?

Let’s start with the following situation. A big heritage should be distributed over 6 heirs. The heritage is stored in

Lesen Sie mehr

HTML5 video in Scala or Java with Xuggle


If you are looking for information to use free libraries to convert and resize video files within a Scala or Java project, you may probably have cross the road of an open source project called Xuggle .
This library is written in Java but is using native code from ffmpeg (another open source project) for the many video and audio codecs.

    This tutorial will guide you to:

  • build the Xuggle project on Debian Linux
  • write a sample class in Java and Scala to use Xuggle
  • resize a video and resample its audio
  • convert common video/audio formats to HTML5 video

Lesen Sie mehr

Git and GitHub (for a Scala Hack Session) – Workflow Basics

In the first part of this blog series we have forked Point Software’s Scala Hack Session and cloned a remote repository on a local machine using EGit. In this second part you will learn how to make changes, use branches, commit on your local repository and then pushing it all to your remote project.

As you will see below you will get a better understanding of Git and GitHub, learn to use best practices and avoid some obstacles.

Lesen Sie mehr