/dpt/ - Daily Programming Thread

But is it efficient though?

Why do you have to post anime in every /dpt/?

As long as you're not hashing passwords with it, I think it's okay.

>As long as you're not hashing passwords with it
Nothing wrong with doing that.

Anime imageboard

MD5 is cryptographically insecure though. It's only slightly better than storing the passwords unhashed in your database.

Can't say desu, haven't really mucked about with any of the rest of those other than GLEW.
Though I can say with absolute certainty that I would take CSFML over GLEW any day of the week.

there's a special place in hell for people like you, it's called Sup Forums

But is it efficient though?

this: If you are using passwords, use sha256.

I don't get the depiction of list here.

Shit's been broken, never use it for sensitive data

>MD5 is cryptographically insecure though
This is absolutely wrong.

Don't talk about shit you have no idea about please.

Why?

There's an entire special dedicated hell for all of us
it's called Sup Forums
and there's anime there
deal with it, good people who deserve the kind of content they want to read don't get sent here

branching computations
the end result is concatenated

Hi guys, Newbie/Retard here. I have a simple question regarding this merge sort algorithm.
/* C program for Merge Sort */
#include
#include

// Merges two subarrays of arr[].
// First subarray is arr[l..m]
// Second subarray is arr[m+1..r]
void merge(int arr[], int l, int m, int r)
{
int i, j, k;
int n1 = m - l + 1;
int n2 = r - m;

/* create temp arrays */
int L[n1], R[n2];

/* Copy data to temp arrays L[] and R[] */
for (i = 0; i < n1; i++)
L[i] = arr[l + i];
for (j = 0; j < n2; j++)
R[j] = arr[m + 1+ j];

/* Merge the temp arrays back into arr[l..r]*/
i = 0; // Initial index of first subarray
j = 0; // Initial index of second subarray
k = l; // Initial index of merged subarray
while (i < n1 && j < n2)
{
if (L[i]

>Don't talk about shit you have no idea about please.
Right back at you fag, you would know this if you had even the slightest idea about security

But is it efficient though?
("It" being Haskell)

Show me a (second) preimage attack on md5.
Protip: you can't
Thus, MD5 hasn't been broken.

A higher level LLVM assembly metalanguage with Common Lisp macros and JIT compilation.

duckduckgo.com/?q=md5 scheme&t=ffsb&ia=answer
Take this result

And plug it into this website:
crackstation.net/

It's like magic.

>rainbow table
Thanks for nothing, rainbow tables exist for every hash function.

But is it efficient though?

I don't think it's that much more efficient, it's probably the same as imperative languages, but it does lead to better and easier testing and less bugs, especially in concurrent workflows

Wow, you sure showed me, guess I'll go use md5 for all my security needs.

Not an argument.

Honest dumb question. Can i buy a shit used laptop to learn programming? I'm doing cs50 on eDX right now and I'm using a IDE to make the programs. I guess 4gb ram is the minimum required in 2017 r-right?

nothing less than an i9 32GB of ram if you want to program

4gb is overkill for most programming you'd do user, depending on what tools you use.

You don't need a very good computer to program, and to be honest programming on a shit one will force you to write code that isn't absolute dogshit.

It's not exactly a controversial idea that it's insecure.
kb.cert.org/vuls/id/836068

you can learn programming with a computer from the 80s

After a merge operation, one of the sorted sub-arrays will run out of data to put back into the initial array.
Those bits of code are there to make sure that all of the data is copied over from both sub-arrays when this happens.

yes but only if you know linux
windows is the only good os, linux is shit, but the good thing about linux being shit is that it works with computers that are also shit, whereas windows is a spoiled brat and runs slower than molasses if you don't feed it right

>collision attacks
Literally nobody cares about collision attacks, as long as they are not second preimage attacks it's fine.

let's say the loop before terminated after having put all the elements of L into arr, R would still have elements in it that needed to be put into arr. The additional two loops just put the remaining pieces of the sub array into arr

when I started college I went for Sup Forums's advice and bought a 10" shittop with 2gb that was $200 and had an atom. It ran really hot and made me wait while compiling a lot. Then I got to my higher level classes and they required visual studio for ASP, which wouldn't run and SQL developer to connect to a database, so yeah, there might be a minimum when you go buy one.
HOWEVER, one of my classmates' laptop recently got trashed, and he bought a Dell Latitude with a second gen i5 (non-ULV) on craigslist and that ran all the software perfectly and it was nice to develop on.
I'm not telling you to buy a thinkpad but try to go for a core-i5+ machine, (>64gb) SSDs, and 8gb of RAM in that order of priority, you should be able to get something like that for $400-600

Yes, trust the random user on the Internet, ignore the fact that literally everyone else says it's insecure

Literally everyone, sure lol
crypto.stackexchange.com/questions/41860/
crypto.stackexchange.com/questions/13303/
en.wikipedia.org/wiki/MD5#Preimage_vulnerability
news.ycombinator.com/item?id=13180513

Touhou is not an anime

MD5 is a shitty way to hash passwords in 2017 github.com/juuso/BozoCrack
bcrypt (or possibly scrypt) is what you want, because bcrypt will slow down some farm of GPUs working to crack your password dump.

Weird way to write mergesort
Some pseudocode:

void sort (int[] A,int lo, int hi);
{
if (hi-lo

Thank you so much for your answers. I can finally see their purpose, for some reason I thought that the while (i < n1 && j < n2) was enough to copy every element from both arrays, into the original array. Obviously not, but I did say I was a newbie/retard lol.

Everyone starts somewhere, user.
Don't worry about it!

>bcrypt (or possibly scrypt) is what you want, because bcrypt will slow down some farm of GPUs working to crack your password dump.
bcrypt nor scrypt will save you. scrypt is what litecoin for example uses. See how many asics for it exist.

The real solution would be to simply use many iterations of the hash function or have passwords with good enough entropy.

Thanks for the support user. I will keep at it.

Is there a term for a datum's ratio of size of the datum to size of the smallest expression that evaluates to that datum, for some objective and language agnostic definition of expression size?

Thanks for the answer user. I will screenshot all the answers I have gotten today, so i can revisit them another day. I liked the time analysis you made of the algorith. I should probably spend some time getting the "math" down on every algorithm, to "truly" understand them.

It is also possible with Scrypt to set the memory space needed to compute the result thus making a brute-force attacker pay penalties.

Litecoin has set both the memory difficulty and parallel difficulty to 1, the basic value litecoin.info/Scrypt

Somebody who is encrypting their password database, is not going to set it to 1.

>language agnostic definition of expression size

Merge sort is slower than that, just the actual merging is only (O(n)). If you're interested then read these pdf lecture notes cs.cmu.edu/~15122/schedule.shtml

Learning front-end so I'm employable when really all I want is to code back-end and not have to worry about the latest trendy frameworks.

Jesus Christ, we're dancing around the original point. Find me one person (other than you) who thinks using md5 in a security context is okay. There are none, because everyone knows it's easy to get around.
Also respond to
kb.cert.org/vuls/id/836068
properly and tell me why they're wrong in telling people not to use it in any capacity.

I think the final while might be redundant since everything in R comes from the latter half of arr

>because everyone knows it's easy to get around
Still waiting for you to show me any practical preimage attack on md5.

>kb.cert.org/vuls/id/836068
This is a collision attack, not a second preimage attack thus it is irrelevant in the real world.

Thank you man. I will definitely check it out.

>thus it is irrelevant in the real world
Oh, I guess they were just kidding when they said never to use it then.

>absolutely wrong
You really should be using md6 now. Finding collisions for md5 is trivial.

So, I'm trying to write a bot for this site but I can't figure out images yet.
When I POST and look at it in the network monitor window, I get this for the image:
Content-Disposition: form-data; name="upfile"; filename="1180680378089.jpg"
Content-Type: image/jpeg

(actual image dataa)

How would I format this for requests?
I've tried all sorts of combinations of:
file = {'filename': 'png.png',
'upfile': open('Untitled.png','rb')}
the_post = requests.post('the_website/'.format(board),
data=Form,
files=file)

I'm not sure what I'm doing wrong. Posting text only works fine.

So if I understand you, 1's measure would at least 1.0, because in lisp 1 is an expression that evaluates to 1, so 1 byte for 1, and 1 byte for 1.

And the list (1 2) would be at least 5.3 because (1 2) is represented with 2 128 bit words in Chicken and you can construct (1 2) with '(1 2). So 32 bytes over 5 bytes.

What's the point of this?

Would mind showing me how you would write it? I would always like to see improvements. Also, is it bad to be redundant on programming? Or should I see it as a "sanity check"? Serious questions, I am not being a snarky/sarcastic asshole. Thanks in advance.

Are you planing to use an actual argument or are you planing to continue mindlessly repeating what others said without any actual understanding of the topic?

MD6 is actually really cool, it is the only hash function that I know of that uses merkle trees instead of a MD-like construction.

>Finding collisions for md5 is trivial.
Finding second preimages for md5 is not however. Nobody cares about random collisions.

>This fucking retard advocating MD5
It's fucking shit because it's so easy to compute them.
Any kind of brute-force/dictionary attack is going to fly though that shit no problem. People of your retardation shouldn't be allowed to program, let alone touch a computer.

Yes, I understand it's preimage resistant.
Do you plan on continuously telling me it's perfectly fine to use in the real world anyways even though nobody else would say this? Tell me why they're wrong in saying "Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in any capacity". Clearly collisions have relevance in practical situations if that's what they've concluded. Or are you going to tell me you know more than them?

>literally the same holds true for every single cryptographic hash function

Still waiting for a proper argument instead of an appeal to authority.

Actually Litecoin has even turned off the mixing step, so no shuffling of the blocks occurs.

The couple of libraries I just checked that would be responsible in most languages for hashing passwords with scrypt set this to The default parameters for scrypt are N=16384, r=8, p=1 (16 MB memory), you could boost r=16 to a more paranoid level and none of those ASICs are doing shit anytime today in terms of efficiently cracking those hashes without running out of memory.

except bcrypt/scrypt which incur a memory penalty with each iteration trying to brute force/guess attack a hash.

of course there is custom hardware for this now, like Moxie Marlinspike's cloud cracking service or owning a miner that is running Hashcat which can effectively run gagillions of guesses per second against MD5 or any other hashes except bcrypt/scrypt.

>>literally the same holds true for every single cryptographic hash function
No, it really fucking doesn't.

>ode45

Sure thing m8

Nowadays one would go for argon2i.

>matlab
>2GB/s

Still waiting for someone who'd be okay with using md5 in a security context (besides you).
>meanwhile tons of resources saying not to use it

Is it possible to read from certain processes in computer memory? I don't know much about how computer memory works on the low level, but I figure that all strings and information that every process is using should be avaliable in the memory. So, if I wanted to write a script in a language to read off of a particular thing in that process (for example, say if I wanted to read the number on an open Calculator application) would it be possible to do? What would I need to read to go about doing this? And why hasn't anyone sat down to make libraries for this kind of stuff?

Thanks in advance, my ignorance is probably showing. pic unrelated

Still waiting for a proper argument, shitposter.

time step too big lul

Yes, it is possible, but dodgy as fuck.
That's how programs like cheatengine and various debuggers work.

Yes it is possible and yes, it already exists. (see cheatengine for example)

>matlab
>8GB/s

>many resources saying not to use it vs. one faggot on Sup Forums
Wow, who should I trust.

Open up gdb, set program breakpoint you want to analyze, read what's in the registers.

Otherwise you can just grab memory though the operating system (depending on what it is) often makes this difficult but not impossible.

This book will show you how to do it
nostarch.com/gamehacking

You'd just remove the while (j < n2) loop.

Basically if anything remains in R and L has been exhausted of all elements then every element of R corresponds with arr.

Basically for every i R[i] == arr[i+m]

nvm I figured it out

Got it, so if you were in my position, would it be a good idea to mess around with Cheat Engine and maybe view the source? Also, looking to roll something out on Ubuntu as well, so I may need an alternative, but I'll do my research from then on out - quick searching shows scanmem?

Wow, thank you so much for your post! I will look into gdb, and also the book you provided, since it seems very useful. Do you happen to have any other book recommendations, by any chance? I can code a few applications together, but I lack a lot of background on the low-level portions like this, I feel like there's some reading I should do, and I'd love to connect this to my programming. I could always do my research, again, but a slight nudge in the right direction/advice would help tremendously

How do you teach someone good design?

I'm friends with a guy who's been doing C++ for upwards of five years and he's never heard of or even tried to apply basic design principles like SOLID. All his code is in one file, most of the methods that do anything are in one or two classes, and he thinks that this is the way people are supposed to write C++.

Is all hope lost for him?

>SOLID
I have literally never heard of this acronym

>OOP
It simply isn't good design.

Sure take this course
cs.cmu.edu/~213/schedule.html

Click on 'old video' it's public lecture vids from 2015. Get the book that comes with the course, you want the 3rd (64bit) edition: amazon.com/gp/offer-listing/9332573905/ref=dp_olp_used?ie=UTF8&condition=used

Try some of the labs, you'll use gdb to analyze program memory, and an attack lab to inject code into stack frames by using return oriented programming. You don't need to know C or anything it will teach you basically as you go.

Also here's that gamehacking book
libgen.io/book/index.php?md5=53AAE2AE81BB7E2E0BE8E0A63C4948E7

And here's an entire curriculum of CS to keep you busy for the next 3-4 years if you do it p/t
functionalcs.github.io/curriculum/

I mean not like the home posts anime

I don't like OOP myself, but I can write it in provided I stick to SOLID (which is basically the universal principles of good design, no matter what paradigm you use).

These aren't really principles at all
>SRP
I disagree with this but in OOP it's probably necessary
>OCP
Things don't really need to be extended or modified if they're sufficiently parametrised
>liskov substitution
This is just subtyping. It doesn't need a special name and a principle.
>many interfaces
Until you have to import all of those interfaces.
It depends, convenience isn't worthless.
>dependency inversion
parametrisation solves this, FP in general and intricate type systems

Bro, I am not the user you replied to, but holy molly is this gold. Thanks for posting it.

Thanks for the reply, user. I see what you are saying, but don't you still need to copy the contents of R[i] back into the array? Because, if I remember correctly, the contents of arr[i + m] are inside R[i], so we need to put it back into arr[ ]. I am aware this question may make me sound retarded, but I prefer to sound retarded, than to have doubts in my mind. Anyway, thanks for helping me out.

You can hook to the window process of the calculator (on Windows this is easy), and listen for the value, set a value, inject key presses, etc.
msdn.microsoft.com/en-us/library/dd460756.aspx

stackoverflow.com/questions/352236/reading-from-a-text-field-in-another-applications-window