as a small (large) hobby project I've set out to make a (very primitive) ssh-2.0 client in C#.
This is to explore and better understand DH and help flourish my encryption familiarities :)
As per RFC 4253, I've begun the initial connection like this:
(leaving out irrelevant presetting of vars etc.)
Random cookie_gen = new Random();
while ((ssh_response = unsecure_reader.ReadLine()) != null)
{
MessageBox.Show(ssh_response);
if (ssh_response.StartsWith("SSH-2.0-")
{
// you told me your name, now I'll tell you mine
ssh_writer.Write("SSH-2.0-MYSSHCLIENT\r\n");
ssh_writer.Flush();
// now I should write up my supported (which I'll keep to the required as per rfc 4253)
ssh_writer.Write(0x20); // SSH_MSG_KEXINIT
byte[] cookie = new byte[16];
for (int i = 0; i < 16; i++)
cookie[i] = Convert.ToByte(cookie_gen.Next(0, 10));
ssh_writer.Write(cookie); // cookie
// and now for the name-list
// This is where I'm troubled
// "Footer"
ssh_writer.Write(0x00); // first_kex_packet_follows
ssh_writer.Write(0x00); // 0
ssh_writer.Flush();
}
}
As you can see on page 16 of RFC 4253, I'm expected to give 10 name-lists. Are these simply suppose to be strings, or how do I mark start/end of each list (simply by newline \n)? Am I even on the right track here? (keep in mind I will handle DH and encryption past this point. My question is solely based on the initial contact so far).
Any help or comments are welcomed and appreciated,
PS: I'm aware libraries exist, but this is not relevant to my project.
Well, as RFC 4251 states on page 9:
Terminating null characters MUST NOT be used, neither
for the individual names, nor for the list as a whole.
There are also examples in the named RFC.
Related
I am attempting to apply some security to a project I'm completing for college. This security is somewhat glancing so I'm tempted to give up, save passwords as plaintext or converted to base64, and do something more user-obvious.
Before I give up, I'm asking SO. This is my first attempt at asking anything here so please be gentle.
I decided that implementing this MSDN code wouldn't be too hard.
http://msdn.microsoft.com/en-us/library/aa545602%28v=cs.70%29.aspx
Turns out, it really is. I'm getting the error
System.FormatException: Input string was not in a correct format.
For code
binarySaltValue[0] = byte.Parse( salt.Substring( 0, 2 ), System.Globalization.NumberStyles.HexNumber, CultureInfo.InvariantCulture.NumberFormat );
I'm going to be honest, I don't fully understand this code.
What is SaltValueSize supposed to be? The provided code doesn't supply it, neither do any References. Also it's capitalised, so is it an object? Or a field in some object somewhere?
The variable "hash" is not defined anywhere, so I just filled it with new MD5CryptoServiceProvider(). Is this a mistake?
If I'm reading it right, the string "salt" is supposed to hold binary, but it doesn't at runtime, it has garbled text, meanwhile the line everything crashed at is trying to parse binary from "salt"? Why?
If anyone can fix this or supply an idiot-proof asynchronous hashing class I'd appreciate it.
( apologies for my random user name, I have no idea how that happened )
Here's a basic method (no salt) to at least get you started. It just "hashes" the string coming in.
private string GetHashedString(string _PW)
{
string _HashedPW = "";
SHA512 sha = new SHA512CryptoServiceProvider();
byte[] result;
StringBuilder strBuilder = new StringBuilder();
sha.ComputeHash(ASCIIEncoding.ASCII.GetBytes(_PW));
result = sha.Hash;
for (int i = 0; i < result.Length; i++)
{
strBuilder.Append(result[i].ToString("x2"));
}
_HashedPW = strBuilder.ToString();
return _HashedPW;
}
I was working with Guid.NewGuid() in C# , .NET 4.0 . And I've found interesting fact: every Guid I've generated has '4' at 13 position.
da1471ac-11f7- 4 fb7-a7fa-927fffe8a97c
c90058aa-5d7f- 4 bb5-b3a9-c1db197cf3b1
fa68ec75-8cd2- 4 c24-92f8-41dbbdd428a0
d4efd455-e892- 4 3ef-b7bf-9462c5dc4de4
e0a001a0-8969- 4 092-b7a2-e410ed2b351a
30ae98b9-48ae- 4 25d-b6e7-e091502d6ce2
6a95de82-67ff- 4 4c9-9f7b-e37a80462cf7
66768e46-6d60- 4 2b4-b473-2f6f8bc1559a
I've tried it on several machines and have the same result.
Can anybody try it too or explain it?
Simple code for checking:
static void Main(string[] args)
{
bool ok = false;
for (int i = 0; i < 10000; i++)
{
var guid = Guid.NewGuid();
if (guid.ToString()[14] != '4')
ok = true;
Console.WriteLine(guid);
}
Console.WriteLine(ok ? "No bug!" : "4bug founded!");
}
This is indeed the case and not a bug, it's a feature. It specifies what method was used to generate the GUID. In the case of 4, those GUIDs are generated randomly.
Eric Lippert has a fantastic series on this topic:
Part One
Part Two
Part Three
It's in the algorythm specification. V4 GUIDs must have a "4" on that position. If you're interested in the details, give this a shot: http://en.wikipedia.org/wiki/Globally_unique_identifier#Algorithm
This really is of no consequence. Guids are generated from a number of different components in order to help maximize the chances that they are unique. For example, I believe one component is an ID on your network card. Part is the date. And so on.
I can't tell you off the top of my head where the 4 came from, but this isn't at all a surprise and is definitely not a bug as you seem to be suggestion.
You can learn more about the algorithm used to generate this number at http://en.wikipedia.org/wiki/Globally_unique_identifier.
This is expected behavior, not a bug. This position in the GUID identifies the basic generating algorithm that produced the GUID. There are a few different types; a V4 GUID is, with the exception of seven bits in defined locations of the GUID that identify the version and type variant, composed of random data. Other GUIDs use machine NICs and timestamp values.
I try to use long as unique id within our C# application (not global, and only for one session) for our events. Do you know if the following will generate an unique long id?
public long GenerateId()
{
byte[] buffer = Guid.NewGuid().ToByteArray();
return BitConverter.ToInt64(buffer, 0);
}
Why we not use GUID directly? We think 8 bytes long is good enough.
No, it won't. As highlighted many times on Raymond Chen's blog, the GUID is designed to be unique as a whole, if you cut out just a piece of it (e.g. taking only 64 bytes out of its 128) it will lose its (pseudo-)uniqueness guarantees.
Here it is:
A customer needed to generate an 8-byte unique value, and their initial idea was to generate a GUID and throw away the second half, keeping the first eight bytes. They wanted to know if this was a good idea.
No, it's not a good idea.
(...)
Once you see how it all works, it's clear that you can't just throw away part of the GUID since all the parts (well, except for the fixed parts) work together to establish the uniqueness. If you take any of the three parts away, the algorithm falls apart. In particular, keeping just the first eight bytes (64 bits) gives you the timestamp and four constant bits; in other words, all you have is a timestamp, not a GUID.
Since it's just a timestamp, you can have collisions. If two computers generate one of these "truncated GUIDs" at the same time, they will generate the same result. Or if the system clock goes backward in time due to a clock reset, you'll start regenerating GUIDs that you had generated the first time it was that time.
I try to use long as unique id within our C# application (not global, and only for one session.) for our events. do you know the following will generate an unique long id?
Why don't you just use a counter?
You cannot distill a 16-bit value down to an 8-bit value while still retaining the same degree of uniqueness. If uniqueness is critical, don't "roll your own" anything. Stick with GUIDs unless you really know what you're doing.
If a relatively naive implementation of uniqueness is sufficient then it's still better to generate your own IDs rather than derive them from GUIDs. The following code snippet is extracted from a "Locally Unique Identifier" class I find myself using fairly often. It makes it easy to define both the length and the range of characters output.
using System.Security.Cryptography;
using System.Text;
public class LUID
{
private static readonly RNGCryptoServiceProvider RandomGenerator = new RNGCryptoServiceProvider();
private static readonly char[] ValidCharacters = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789".ToCharArray();
public const int DefaultLength = 6;
private static int counter = 0;
public static string Generate(int length = DefaultLength)
{
var randomData = new byte[length];
RandomGenerator.GetNonZeroBytes(randomData);
var result = new StringBuilder(DefaultLength);
foreach (var value in randomData)
{
counter = (counter + value) % (ValidCharacters.Length - 1);
result.Append(ValidCharacters[counter]);
}
return result.ToString();
}
}
In this instance it excludes 1 (one), I (i), 0 (zero) and O (o) for the sake of unambiguous human-readable output.
To determine just how effectively 'unique' your particular combination of valid characters and ID length are, the math is simple enough but it's still nice to have a 'code proof' of sorts (Xunit):
[Fact]
public void Does_not_generate_collisions_within_reasonable_number_of_iterations()
{
var ids = new HashSet<string>();
var minimumAcceptibleIterations = 10000;
for (int i = 0; i < minimumAcceptibleIterations; i++)
{
var result = LUID.Generate();
Assert.True(!ids.Contains(result), $"Collision on run {i} with ID '{result}'");
ids.Add(result);
}
}
No, it won't. A GUID has 128 bit length, a long only 64 bit, you are missing 64 bit of information, allowing for two GUIDs to generate the same long representation. While the chance is pretty slim, it is there.
Per the Guid.NewGuid MSDN page,
The chance that the value of the new Guid will be all zeros or equal to any other Guid is very low.
So, your method may produce a unique ID, but it's not guaranteed.
Yes, this will be most likely unique but since the number of bits are less than GUID, the chance of duplicate is more than a GUID - although still negligible.
Anyway, GUID itself does not guarantee uniqueness.
var s = Guid.NewGuid().ToString();
var h1 = s.Substring(0, s.Length / 2).GetHashCode(); // first half of Guid
var h2 = s.Substring(s.Length / 2).GetHashCode(); // second half of Guid
var result = (uint) h1 | (ulong) h2 << 32; // unique 8-byte long
var bytes = BitConverter.GetBytes(result);
P. S. It's very good, guys, that you are chatting with topic starter here. But what about answers that need other users, like me???
Like a few others have said, only taking part of the guid is a good way to ruin its uniqueness. Try something like this:
var bytes = new byte[8];
using (var rng = new RNGCryptoServiceProvider())
{
rng.GetBytes(bytes);
}
Console.WriteLine(BitConverter.ToInt64(bytes, 0));
enerates an 8-byte Ascii85 identifier based on the current timestamp in seconds.
Guaranteed unique for each second. 85% chance of no collisions for 5 generated Ids within the same second.
private static readonly Random Random = new Random();
public static string GenerateIdentifier()
{
var seconds = (int) DateTime.Now.Subtract(new DateTime(1970, 1, 1, 0, 0, 0)).TotalSeconds;
var timeBytes = BitConverter.GetBytes(seconds);
var randomBytes = new byte[2];
Random.NextBytes(randomBytes);
var bytes = new byte[timeBytes.Length + randomBytes.Length];
System.Buffer.BlockCopy(timeBytes, 0, bytes, 0, timeBytes.Length);
System.Buffer.BlockCopy(randomBytes, 0, bytes, timeBytes.Length, randomBytes.Length);
return Ascii85.Encode(bytes);
}
As already said in most of the other answers: No, you can not just take a part of a GUID without losing the uniqueness.
If you need something that's shorter and still unique, read this blog post by Jeff Atwood:
Equipping our ASCII Armor
He shows multiple ways how to shorten a GUID without losing information. The shortest is 20 bytes (with ASCII85 encoding).
Yes, this is much longer than the 8 bytes you wanted, but it's a "real" unique GUID...while all attempts to cram something into 8 bytes most likely won't be truly unique.
In most cases bitwise XOR of both halves together is enough
Everyone in here is making this way more complicated than it needs to be. This is a terrible idea.
GUID 1: AAAA-BBBB-CCCC-DDDD
GUID 2: AAAA-BBBB-EEEE-FFFF
throw away the second half of each GUID, and now you have a duplicate identifier. GUIDs are not guaranteed to be unique, and its extremely awful. you shouldn't rely on the gurantee of whats generated, and it's not hard to get around this. If you need unique identifiers for an object, entity, or whatever, lets take a database for example - which is the most common, you should generate an id, see if it already exists, and insert it only if it doesn't. this is fast in databases since most tables are indexed based on ID. "most." if you have some kind of small object list in memory, or wherever, you'd probably store the entity in a hash table of some kind, in which you could just look it up to see if that generated GUID already exists.
all in all, depends on what your use case is really. a database, find the GUID first, and regenerate if possible until you can insert the new item. this really only matters in relational databases who dont automatically generate IDs for items in the tables. NoSQL DB's usually generate a unique identifier.
I know C# has the Random class and probably a few classes in LINQ to do this, but if I was to write my own code to randomly select an item from a collection without using any built in .NET objects, how would this be done?
I can't seem to nail the logic required for this - how would I tell the system when to stop an iteration and select the current value - at random?
EDIT: This is a hypothetical question. This is not related to a production coding matter. I am just curious.
Selecting a random element from a collection can be done as follows.
Random r = new Random();
int randomIndex = r.Next(0, myCollection.Size -1);
var randomCollectionItem = myCollection[randomIndex];
Unless you have a VERY good reason, writing your own random generator is not necessary.
My advice to you is DON'T DO IT. Whatever reason you think you may have for not wanting to use the built-in library, I am pretty sure you misunderstood something. Please go back to the drawing board.
All of the advice above is technically accurate, but is kind of like giving a chemistry textbook to someone who wants to refine his own oil to use in his car.
There are many pseudo-random number generators. They aren't truly random, but they come at different quality, distinguished by their statistical and sequential properties and what purpose they are applicable for.
It very much depends on "how random you need it". If it just needs to "look random to a human", simple generators look like that:
rnd = seed; // some starting value
rnd = (a * rnd + b) % c; // next value
...
For well chosen values of a, b, and cthese generators are ok for simple statistical tests. A detailed discussion and common values for these you find here.
One interesting approach is to collect as much "external" data as possible - like time between keypresses, mouse movements, duration of disk reads etc. -, and use an algorithm that accumulates randomness while discarding dependency. That is mathematically tricky though (IIRC not long ago a critical attack surfaced based on one of these not being as random as thought).
Only a very few special applications use a truly random external hardware source - anything between a open-imput amplifier and radioactive decay.
You need to use a seed, something semi random provided by the computer itself.
Maybe use very fine resolution time and use the last couple microseconds when the method is called. That should be random enough to generate anything from 00 to 99, you can then go from there.
It sounds like your problem isn't in calculating a random number, but in how to use that random number to select an item from a list. Assuming you can create a random number somehow, all you need to do is use it as the argument to the list's indexer.
int index = customRandomGenerator.Next();
var selection = items[index];
Assuming that your presupposition about having to iterate through the list is correct (or the collection doesn't have an indexer) then you could do:
int index = customRandomGenerator.Next();
Item selection = null;
for (int i = 0; i < items.Length; i++)
{
if (i == index)
{
selection = items[i];
break;
}
}
The only true "cryptographically strong" random number generator in the .Net Framework is in System.Cryptography.RandomNumberGenerator - run this through Reflector to see what is does? Looking at your problem you would need a to know the Count of the collection otherwise you may never retrieve an item - you would need to specify a start and end value to draw random numbers from - the Random class would work best - pop it through Reflector.
Well, I never thought about implementing that myself as it seems like reinventing the wheel but you may have a look on this wikipedia article, hope it helps you do what you want
Random Number Generator
I am making a small C# application and would like to extract a tag cloud from a simple plain text. Is there a function that could do that for me?
Building a tag cloud is, as I see it, a two part process:
First, you need to split and count your tokens. Depending on how the document is structured, as well as the language it is written in, this could be as easy as counting the space-separated words. However, this is a very naive approach, as words like the, of, a, etc... will have the biggest word-count and are not very useful as tags. I would suggest implementing some sort of word black list, in order to exclude the most common and meaningless tags.
Once you have the result in a (tag, count) way, you could use something similar to the following code:
(Searches is a list of SearchRecordEntity, SearchRecordEntity holds the tag and its count, SearchTagElement is a subclass of SearchRecordEntity that has the TagCategory attribute,and ProcessedTags is a List of SearchTagElements which holds the result)
double max = Searches.Max(x => (double)x.Count);
List<SearchTagElement> processedTags = new List<SearchTagElement>();
foreach (SearchRecordEntity sd in Searches)
{
var element = new SearchTagElement();
double count = (double)sd.Count;
double percent = (count / max) * 100;
if (percent < 20)
{
element.TagCategory = "smallestTag";
}
else if (percent < 40)
{
element.TagCategory = "smallTag";
}
else if (percent < 60)
{
element.TagCategory = "mediumTag";
}
else if (percent < 80)
{
element.TagCategory = "largeTag";
}
else
{
element.TagCategory = "largestTag";
}
processedTags.Add(element);
}
I would really recommend using http://thetagcloud.codeplex.com/. It is a very clean implementation that takes care of grouping, counting and rendering of tags. It also provides filtering capabilities.
Take a look at http://sourcecodecloud.codeplex.com/
Here is an ASP.NET Cloud COntrol, that might help you at least get started, full source included.
You may want to take a look at WordCloud, a project on CodeProject. It includes 430 stops words (like the, an, a, etc.) and uses the Porter stemming algorithm, which reduces words to their root for so that "stemmed stemming stem" are all counted as 1 occurrence of the same word.
It's all in C# - the only thing you would have to do it modify it to output HTML instead of the visualization it creates.
Have a look at this answer for an algorithm:
Algorithm to implement a word cloud like Wordle
The "DisOrganizer" mentioned in the answers could serve your purpose. With a little change, you can let this "Disorganizer" to serve an image, the way you wanted. PS: The code is written in C# https://github.com/chandru9279/zasz.me/blob/master/zasz.me/
Take a look at this. It worked for me. There is a project under Examples folder named WebExample which will help you for solving this.
https://github.com/chrisdavies/Sparc.TagCloud
I'm not sure if this is exactly what your looking for but it may help you get started:
LINQ that counts word frequency(in VB but I'm converting to C# now)
Dim Words = "Hello World ))))) This is a test Hello World"
Dim CountTheWords = From str In Words.Split(" ") _
Where Char.IsLetter(str) _
Group By str Into Count()
You could store a category and the amount of items it has in some sort of collection, or database table.
From that, you can get the count for a certain category and have certain bounds. So your parameter is the category, and your return value is a count.
So if the count is >10 & <20, then apply a .CSS style to the link which will be of a certain size.
You can store these counts as keys in a collection, and then get the value where the key matches your return value (as I mentioned above).
I haven't got source code at hand for this process, but you won't find a simple function to do all this for you either. A control, yes (as above).
This is a very conventional approach and the standard way of doing it from what I've seen in magazine tutorials, etc, and the first approach I would think of (not necessarily the best).
The Zoomable TagCloud Generator which extracts keywords from a given source (text file and other sources) and displays the TagCloud as Zooming User Interface (ZUI)