I'm new to WinRT and was exploring it's security features and I've got a couple of questions regarding to Windows.Security.Cryptography.DataProtection.DataProtectionProvider class:
What encryption algorithm does it use (e.g. AES or TwoFish)?
According to MSDN document you can use symmetric key for encryption, anyone knows what do you pass in as 'protectionDescription' constructor argument if you want to do this?
Finally, the MSDN document says you have to use the parameter-less constructor before calling the UnprotectAsync method. How come you don't need to pass in a key to decrypt the data?
Thanks.
No one here explained or gave the answer to the original question. I couldn't find much information on DataProtectionProvider.
After I downloaded and went through the Metro samples as suggested by Ritch, I found out that I should be using classes under Windows.Security.Cryptography.Core namespace for data encryption.
Related
I'm trying to learn about JWT. I've read several blog post and a github repo and I think I've understood it quite well.
There's this library in Haskell that deals with JWT and its kind. In this library, using JWK is mandatory, while most of the library I used in another language doesn't. I'm puzzled of what JWK is, seems it is hardly mentioned in the blog post I've read so far.
A quick search yields a result that what I think about JWK is, I don't know if it's right, is basically a JSON object that can be used as a secret
and specifying what algorithm is supported. Can someone clarify that this is true or no. More explanation about it will be gratefully accepted!
I have a question to ask regarding checkstyle.
It seems that the checkstyle api accepts both module name,
ConstantName and ConstantNameCheck (ConstantName with Check concatenated) for the configuration file, checkstyle.xml.
I would like to ask why is there a double standard here even though documentations on http://checkstyle.sourceforge.net/ only promotes ConstantName module and what is the difference between using either of them? Will either one of them gets deprecated in future?
Thanks!
Behind the scenes, the ConstantName check is implemented by a Java class called
com.puppycrawl.tools.checkstyle.checks.naming.ConstantNameCheck.
You could actually refer to the module in checkstyle.xml by this so-called "fully qualified" name. The other notations are shorthand offered by Checkstyle for convenience. ConstantNameCheck is the simple name of the implementing Java class, and ConstantName is still shorter. Checkstyle will try all three variants when looking for the module in your checkstyle.xml. So, there is no difference between these notations.
The recommended way is to use the most concise form, ConstantName, but as far as I know, none of the other forms is going to get deprecated any time soon.
As the title suggests, I'm looking for an equivalent of jackson-datatype-hibernate that works with jersey-media-moxy as it is the preferred implementation for xml/json marshaling for Jersey. Specifically, I need the functionality provided by that library to automatically handle uninitialized Hibernate collections (associations and collections with fetch=lazy).
If you don't know of an equivalent library, any alternative suggestions would be welcome. However, one alternative I've seen that I do not wish to pursue is adding Hibernate.isInitialzed() calls to all of my get methods.
Thanks in advance.
I'm working on a CRAM auth system using a Flash/Flex client and a Java server (Red5). I have used the as3crypto library before, but as far as I know it does not support PBKDF2. This algorithm is suggested for password encryption by NIST so its what I want to use. Does anyone know of an AS3 compatible library with this algorithm, specifically PBKDF2WithHmacSHA1?
Refs:
http://code.google.com/p/as3crypto/
http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf
This one seems OK: http://code.google.com/p/as3-pbkdf2
Did you try putting 'as3 PBKDF2' into google? Took me all of 10 seconds to find these two as they're the top two answers.
The first would suit your needs, but the second seems more versatile as you can specify a hash function.
http://code.google.com/p/as3-pbkdf2/
http://code.google.com/p/as3-pbkdf2-lib/
I am curious about the usage of the feature known as open classes or monkey-patching in languages like e.g. Ruby, Python, Groovy etc. This feature allows you to make modifications (like adding or replacing methods) to existing classes or objects at runtime.
Does anyone know if major frameworks (such as Rails/Grails/Zope) make (extensive) use of this opportunity in order to provide services to the developer? If so, please provide examples.
Rails does this to a (IMHO) ridiculous extent.
.Net allows it via extension methods.
Linq, specifically, relies heavily on extension methods monkey-patched onto the IEnumerable interface.
An example of its use on the Java platform (since you mentioned Groovy) is load-time weaving with something like AspectJ and JVM instrumentation. In this particular case, however, you have the option of using compile-time weaving instead. Interestingly, one of my recent SO questions was related to problems with using this load-time weaving, with some recommending compile-time as the only reliable option.
An example of AspectJ using load-time (run-time) weaving to provide a helpful service to the developer can be Spring's #Configuration annotation which allows you to use Dependency Injection on object not instantiated by Spring's BeanFactory.
You specifically mentioned modifying the method (or how it works), and an example of that being used is an aspect which intercepts am http request before being sent to the handler (either some Controller method or doPost, etc) and checking to see if the user is authorized to access that resource. Your aspect could then decide to return – prematurely – a response with a redirect to login. While not modifying the contents of the method per se, you are still modifying the way the method works my changing the return value it would otherwise give.