Generate truly random cryptographic keys using a random number generator in .NET

The well-known System.Random class lets us generate random numbers quickly. However, the values provided by System.Random are not truly random. Instead, they are pseudo-random. The return values should only be used in case true randomness is not that important, such as in the classic number-guessing game. In case you need a random value to be used in cryptography such as a cryptographic key in symmetric and asymmetric encryption then System.Random is not an acceptable option.

Read more of this post

How to calculate the message digest in Java

A message digest is an important concept in cryptography. A digest is an array of bytes created by a hashing formula. It is used to make sure that some digital information has not been tampered with. In a sense it is a footprint of an object, such as a file. If someone modifies the file then the footprint also changes. Then we know that the file has been changed. Another word for a message digest is checksum. There are various hashing algorithms to perform the calculation. SHA-256 and MD5 are the most common ones.

For an example you can check out the Apacha log4j2 download page here. You’ll see a column called “checksum” for various files. If you click on one of those you’ll see the MD5 hash of the file in a relatively human readable form, such as “31826c19fff94790957d798cb1caf29a”.

Java and other popular programming languages have built-in classes to construct a message digest. Let’s see an example from Java.

Read more of this post

Getting a result from a parallel task in Java using CompletableFuture

In this post we saw how to start several processes on different threads using the CompletableFuture class. The example concentrated on methods with no return value. We let CompletableFuture finish the tasks in parallel before continuing with another process.

In this post we’ll see a usage of CompletableFuture for functions with a return value. We’ll reuse several elements we saw in the post that concentrated on the Future class.

Read more of this post

Summary of thread-safe collections in .NET

The System.Collections.Concurrent namespace has 4 thread-safe collections that you can use in multi-threaded applications. The starting point is that you have a multi-threaded app where the same collection needs to be accessed by different threads. In that case the well-know collection types, like HashSet, List, Dictionary etc. simply won’t be enough.

If many different threads have access to the same resource then there’s no guarantee on the state of that resource in the moment a thread accesses it in some way: deletion, lookup, insertion or modification. Another thread may have accessed the same resource just milliseconds before that and the other thread will access the resource under the wrong assumptions. You’ll end up with buggy code with unpredictable results and ad-hoc fixes and patches that probably won’t solve the root of the problem.

Read more of this post

Waiting for background tasks to finish using the CompletableFuture class in Java

Introduction

In this post we saw how to wait for a number background tasks to finish using the CountDownLatch class. The starting point for the discussion was the following situation:

Imagine that you execute a number of long running methods. Also, let’s say that the very last time consuming process depends on the previous processes, let’s call them prerequisites. The dependence is “sequential” meaning that the final stage should only run if the prerequisites have all completed and returned. The first implementation may very well be sequential where the long running methods are called one after the other and each of them blocks the main thread.

However, in case the prerequisites can be executed independently then there’s a much better solution: we can execute them in parallel instead. Independence in this case means that prerequisite A doesn’t need any return value from prerequisite B in which case parallel execution of A and B is not an option.

In this post we’ll look at an alternative solution using the CompletableFuture class. It is way more versatile than CountDownLatch which is really only sort of like a simple lock object. CompletableFuture offers a wide range of possibilities to organise your threads with a fluent API. Here we’ll start off easy with a simple application of this class.

Read more of this post

Mixing asymmetric and symmetric encryption, HMAC hash verification and digital signatures in .NET

Introduction

In this post we built a test application where we mixed asymmetric and symmetric encryption with HMAC hash verification. The message sender gets the asymmetric public key of the receiver and uses it to encrypt a symmetric public key. The message is encrypted with a one-time symmetric public key. The symmetric key is also used to calculate the HMAC of the cipher text. The receiver decrypts the symmetric key with her asymmetric private key and calculates the HMAC. If the hashes match then it’s safe to assume that the message hasn’t been tampered with on its way to the sender.

The communication flow is quite secure but we can tighten security even more. In this post we learnt about digital signatures. A digital signature is used to sign the hash of a message with the sender’s private key. The public key that matches the private signature key is sent along all other information to the sender. The sender can then check the validity of the signature using the provided public key. The trust is based on the fact that the public and private keys go hand in hand, therefore signature verification doesn’t need the private key.

The goal of this post is to extend the demo application with digital signatures. The sender will sign the message and the receiver will verify the validity of the signature.

Read more of this post

How to calculate the message digest in Java

A message digest is an important concept in cryptography. A digest is an array of bytes created by a hashing formula. It is used to make sure that some digital information has not been tampered with. In a sense it is a footprint of an object, such as a file. If someone modifies the file then the footprint also changes. Then we know that the file has been changed. Another word for a message digest is checksum. There are various hashing algorithms to perform the calculation. SHA-256 and MD5 are the most common ones.

For an example you can check out the Apacha log4j2 download page here. You’ll see a column called “checksum” for various files. If you click on one of those you’ll see the MD5 hash of the file in a relatively human readable form, such as “31826c19fff94790957d798cb1caf29a”.

Java and other popular programming languages have built-in classes to construct a message digest. Let’s see an example from Java.

Read more of this post

ultimatemindsettoday

A great WordPress.com site

iReadable { }

.NET Tips & Tricks

Robin Sedlaczek's Blog

Developer on Microsoft Technologies

HarsH ReaLiTy

A Good Blog is Hard to Find

Ricos Blog zu Softwaredesign- und architektur

Ideen und Gedanken rund um Softwaredesign und -architektur, Domain-Driven Design, C# und Windows Azure

the software architecture

thoughts, ideas, diagrams,enterprise code, design pattern , solution designs

Technology Talks

on Microsoft technologies, Web, Android and others

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

Anything around ASP.NET MVC,WEB API, WCF, Entity Framework & AngularJS

Cyber Matters

Bite-size insight on Cyber Security for the not too technical.

Guru N Guns's

OneSolution To dOTnET.

Johnny Zraiby

Measuring programming progress by lines of code is like measuring aircraft building progress by weight.

%d bloggers like this: