Blog

Git and GitHub (for a Scala Hack Session) – Setup

There is a great colleague of mine having an enumerous number of notes about everything he has been working and researching on: Linux, Scala, mathematical algorithms, NoSQL, Clustering, Security etc. Recently he and I attended two online courses about Scala’s functional and reactive programming. While attending both courses he and I have discussed, researched, and created a lot of code examples in form of Scala worksheets.

These courses are also known as Massive Open Online Courses (MOOCs):

Source: MOOC, every letter is negotiable
The idea about making education available and know-how sharing to everyone is great. I have set up a Scala Hack Session based on worksheet exercises for sharing them with my colleagues and other developers. This way I can contribute and get feedback as well.

GitHub – as a “social coding platform” – is ideal for such a purpose.

Read more

Linux Filesystems, Part 4 – Ext4 vs. Ext3 and why Delayed Allocation is Bad

It covers the main differences between ext3 and ext4 with a focus on filesystem consistency. This article was the initial motivation of this blog series, because many engineers are unaware that the standard option of ext4 (delalloc) is dangerous for their data!

Read more

The Importance of Hashing Passwords, Part 1: Cryptographic Hashes

Many applications store passwords for user authentication. Using an appropriate password hashing algorithm can efficiently protect the stored passwords even when the persisted password hashes get stolen by an attacker.

Unfortunately many developers assigned with the task to implement a persistent password storage lack the necessary cryptographical background knowledge to choose a strong password hashing algorithm, often leading to passwords stored in plain or hashed with weak algorithms such as a secure hash algorithm without any salt or iterations.

This article aims to help the cryptographically unencumbered developers to make the right choice when hashing user passwords. The first part will start with a closer look on the goal we try to achieve, and then examine the secure hash functions which build the core of every password hashing. The following parts will show how to further strengthen a raw hash function against cracking attacks, finally leading to the state-of-the-art algorithms PBKDF2 and scrypt.

Read more