Client-Side Password Hashing
A lot of the advice on password hashing says that client-side password hashing is not necessary, provided you are using HTTPS or another secure protocol, for instance in
Best wishes for 2017!
A belated Happy New Year and Best Wishes for 2017!
This site and news have been neglected for much of 2016, this year’s resolution will be to try and revive it a bit.
In particular announcements and articles have fallen way behind the code as far as DWScript is concerned. So I will start the year by attempting to rectify that.
Faster backups for large SQLite databases
Despite having “lite” in its name, SQLite can handle very large databases quite efficiently. The single largest I am currently dealing with just passed 100 GB, and occasionally when backing it up with the SQLite standard Command Line utility it would take many hours.
After some asking on the sqlite-users list (thanks Clemens Madish & Simon Slavin), and some experimenting, I have gotten the backup time down to 4-5 minutes on a live 100 GB database, which is just fine in my book. Below are the findings and an utility, sql3bak, which wraps the results of the findings.
BigInteger support in DWScript
DWScript now has support for the BigInteger type, which supports numbers with as many decimals as the memory allows.
This support comes in two flavors, either through a MPIR dll (a GMP fork) or through Rudy Velthui’s BigIntegers unit.
SHA-3 ad hoc compiler: Reloaded
It occurred to me that SHA-3 being a cryptographic hash, it is one of those peculiar bits of code that are fully self-testing. Any bug in a cryptographic hash will quickly cascade to a different result, no matter the bug or the input.
This means the ad-hoc-compiler-monkey can be unleashed “safely”, and can be allowed to try “improper changes.”
(more…)
New SHA-3 permutation kernel
A new kernel for SHA-3 (Keccak) cryptographic hashing has been committed to the DWScript repository.
It is almost 3 times faster than the Pascal version, makes use of MMX asm, and involved an “ad hoc compiler”.
(more…)
Fuzz Testing in Delphi
I am a big fan of TBCEditor by Lasse Rautiainen, in case you have not heard about it, it is fork of SynEditthat diverged very significantly and includes support for code folding, fully JSON-based syntax highlighters, minimap and many other features.
Of course a code editor is a very complex piece of software, with many opportunities for bugs to hide. I have been helping by providing some Fuzz Testing code and vectors.
The BeginEnd.net & FastMM Canary!
I have been using the feeds aggregator BeginEnd.net as more than just a news aggregator, it is also a Canary: once a new version of DWScript passes tests, it goes live there!
Latest Canary feature is for the new FastMM4 multi-threading improvements by Primož Gabrijelčič, which can be found under the Locking Improvements branch.
Decentralized World Simulation (not Delphi-related)
As I do not have a better place to drop them, here are some musings related to the Simulation Hypothesis, though not as in The Matrix. Came about them while thinking about how a decentralized simulation (not for a world) could be run, and then one thing led to another.
Nonces and Tokens
I recently committed an extension to dwsCrypto lib module that exposes direct support for cryptographic nonces and tokens.