Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm getting the Md5 of a file using Apache DigestUtils as follows:
public static String getMd5(File file) throws Exception
{
FileInputStream fis = null;
String md5 = "";
fis = new FileInputStream(file);
md5 = DigestUtils.md5Hex(fis)
IOUtils.closeQuietly(fis);
return md5;
}
This Md5 is being used as a key. I am doing a check for uniqueness (because of possible collisions), however, if it is not unique, how do I make it unique?
Thanks in advance!
Actually there is nothing you can do to make a hash function unique (obvious, because it maps large data to small one). For MD5, these collisions don't happen by chance for a reasonable number of files, but someone who wants to break your program can construct files with same MD5 hash (see for example http://www.mathstat.dal.ca/~selinger/md5collision/). If you want to avoid this, I would suggest that you use a hash functions that is considered more secure, like SHA-256. If you really have to deal with a hash function with collisions, your data structure that uses this hash as a key needs mechanisms to handle this situation (e.g. secondary hashing or using lists to store items with same hash).
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
We store the password as char array in java and find the good reason for this. I came across an interview question stating "What if password is encrypted and we save that in String, is that okay? or why not?"
What I could think is process of encryption and decryption involve Plain text String object somewhere and we are back to same issue plain text password in String. Not very convinced with my own answer, What may be reason/justification for this.
This sounds like a security question. They are probably looking at the ability to overwrite the memory of a character array once it is used.
A string, being immutable, will stick around in memory until garbage collected and then the memory being reused. A memory dump could, in theory, find the encrypted password, which could be decrypted and exposed.
Using a character array, once finished with it, you can overwrite the memory so that it no longer can be exposed. Of course, it is still in memory for a short time.
Interesting question. The major reasons I could think of not selecting string over char[] is obviously based upon "security".
Strings are immutable
Plain texts would be available in the memory until the garbage collector does the function of removing it. Leaving the text there until intervention from the collector is one major vulnerability I could think of.
Technically,
Log file safety.
Example:
String sPsswrd = "test";
Char[] cPsswrd = new char[]{'t','e','s','t'};
If this gets printed say somewhere in the log files,
System.out.println("password as string: "+sPsswrd);
System.out.println("password as Char array "+cPsswrd);
Output:
password as string: test
password as Char array: [#14
Password will remain safer if it is stored as a array. Hope this gave some idea about the possible problem.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am currently working with a PostgreSQL database, Spring and Hibernate. I have one table where attribute correlation_id is unique. Each time before I add a new element first I have to check does any item with a new correlation_id already exist in db or not.
For this case I have implemented recursive function that will generate a new correlation_id and check does it exist or not in db. It means this function will make a call on db each time so sometimes it can be just one call but sometimes i could be five, ten or even more. This example is shown in example one.
Example1:
private String generateId() {
String myId = StaticFunction.generateMyId();
MyMessages doesExist = MyServiceDaoImpl.checkDoesItExistInDB(myId);
if(doesExist != null) {
generateId();
}
return myId;
}
In the second example I suppose that I could create just one call to db and retrieve all items and put them into collection. Then I am able to via stream to search for specific item using also recursive function.
Example2:
private String generateId(List<MyMessages> messages) {
String myId = StaticFunction.generateMyId();
MyMessages myMessage = messages.stream().filter(m ->
m.getCorrelationId.equals(myId)).findFirst().orElse(null);
if (MyMessages != null) {
generateId(messages);
}
return myId;
}
My question is whats is the best approach to make this thing right? Do you have some other solutions? What are the advantages and disadvantages of above examples?
If you cannot use db generated ids, as suggested in the comments, you could use a UUID generator to create the PKs. The probabilities of collision are so low it's not worth checking in the db.
For generating UUIDs in Java take a look at http://docs.oracle.com/javase/7/docs/api/java/util/UUID.html
There's nothing wrong with case 1, DB can do lookups very effeciently when the column is indexed. But - you need to do the DB access.
The second case looks much faster (iterate in memory would be much faster than any DB access), however it has drawbacks: You have to keep all your messages (or at least their correlation ids) in memory and when having A LOT of data, you're scr.. you will have bad time to fix it
As well consider scalability where multiple instances of your application could access a DB.
Therefore I'd suggest to let the database generate the key (you can use e.g. SERIAL data type) and Hibernate returns the generated keys when saving the object. If you need custom ids (generated by your app), you can use uuid where there's low probability of the value conflict
As well you can use UPSERT syntax (INSERT .... ON CONFLICT (correlation_id) ...)
Have fun
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Java is currently UTF-16 natively. I know there are ways to convert to UTF-8.
With Unix already being UTF-8 based (only reference it as Java is mostly run on 'nix), how difficult would it be for Java to get into the UTF-8 arena natively, like the rest of the world is leaning towards, for more efficiency?
Will it involve a total rewrite of the language ?
The problem with UTF-8 is that you cannot implement charAt method with O(1) performance. There are many code in the world which rely on this. Something like:
for(int i=0; i<string.length(); i++) {
char c = string.charAt(i);
...
}
If you switch to UTF-8, looking for i-th character will be O(n), thus such code will become O(n^2) which can become performance disaster.
As for efficiency there's a proposal to revive compressed strings in Java: strings consisting solely of ASCII-7 characters can be stored in byte[] array. As far as I know, this feature is being actively developed and the are chances that it will be included in JDK9.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Is it possible to Hash using bcrypt in java and again unhash it? Is it even possible? I was trying something new but I do not know anything about Unhashing (if it's possible). Can someone give me an example of somekind if it's possible?
Is there a hashing algorithm which is reversible if the key is known?
Hashing is a one-way operation by definition. You cannot retrieve source value from its cache. Actually there can be many values that produce the same hash but algorithm that translates hash to value should not exist theoretically (by definition).
If you're talking about overriding hashCode(), if your object can have more than 2^32 states then it's impossible to make any reversible hash. There are only 2^32 possible hash values (because hashCode() returns int), so only 2^32 different states can be represented.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I am comparatively new in JAVA. I am implementing an idea involving multimap. Now I want to put "buy" and "-buy" as the key. My question is, how can I distinguish that the original string(characters) is same but they have opposing leading sign???
I think you might be misusing the concept of multimaps. I am gathering from your question that you want to look up a single key and have it return values for two keys (with and without '-' before them). Multimaps don't support multiple keys (as far as I'm aware in any case). They support multiple values for each key.
You have a number of options:
Don't encode the 'opposite' semantic in the key. Rather create a new class with the String and a boolean field for flagging opposite and use that class as your key.
public class Operation {
String getName();
Boolean isOpposite();
}
Map> map;
Don't include the logic on opposites in the data structure at all. Rather parse the key on usage. In other words you would need to get both "buy" and "-buy" as keys and then sort out what to do with each in your code.
Make your Map two levels with the second level representing whether the values are opposite or not:
Map<String,Map<Boolean,List<Value>>> map;
map.get("buy").get(true)...
The first option is definitely the best in my view. The text associated with the values should just be one attribute of your key - if you end up having to add others then you will end up with a bunch of logic encoded in the key.
To have a map with multiple values for a single key, where key="buy" and key="-buy", I’d recommend using the MultiValueMap from the Apache Commons Collection library. The Javadoc for the MultiValueMap is here.