Thursday, April 23, 2009

High Performance Timing

A lot of times we need to know how long a process takes. The simple way to do this is 

dim startDate as DateTime = DateTime.Now 

' do work 

dim elapsed as TimeSpan = startDate.Subtract(DateTime.Now) 
Console.WriteLine(elapsed.TotalMilliseconds)

For a general sense of time this works fine but this is not entirely accurate. DateTime.Now pulls from a lower frequency clock and can be off by milliseconds (or more).

To use a highly accurate timing MS introduced the stopwatch  class in .NET 2.0. This class polls the high frequency clock to get accurate timings:

dim timer as Stopwatch = Stopwatch.StartNew

'do work

timer.Stop()
console.WriteLine(timer.ElapsedMilliseconds)

Another thing you can do is call Start() and Stop() on the timer multiple times and it will still keep summing up the time elapsed (just like a regular stopwatch).

posted @ Thursday, April 23, 2009 9:34 AM | Feedback (1)
 
Iterative Hashing: Less Secure Is More Secure (in theory)

*DISCLAIMER: This is only a theoretical idea. I have not confirmed that this could increase security of an iterative hash. Please take that into account when reading this.

I was explaining iterative hashing the other day and came up with an interesting theory: Using a weak algorithm may result in a stronger hash. The reason for this is collisions that can happen in algorithms like SHA0, SHA1, and MD5 (a collision is when two separate strings yield the exact same hash). By using a collisionable algorithm in an iterative hash we could potentially throw an attacker way off.

  Valid Attacker
Original Data HelloIAmData 56r335u8425
iteration 1 dfti34548247 fskwrtujrwf
iteration 2 est84354u544 rtietyrt3487
iteration 700 er54djrt5ejh 458432423uitd
iteration 701 dfsujweru5 6483247435u
iteration 702 ase6ae4rha ase6ae4rha
iteration 1000 a473uj4w5h a473uj4w5h

Iteration 701 is where things break down. The hash we had from iteration 702 (ase6ae4rha) has a collision on it. Both dfsujweru5 and 6483247435u will create that hash. In this case the attacker broke ase6ae4rha with 6483247435u not dfsujweru5. Now the attacker tries to break 6483247435u and the hash that results from that which has now put them on the totally wrong path and they will never crack this hash.

Now don't run out and start using a lesser algorithm based on this information collisions do not happen that often. The collisions in SHA1 are only considered theoretically possible as it would take 2^69 operations to find a collision that matches an existing hash (for SHA0 it would take 2^39 operations).

As I do not have the processing power required to do this I can not calculate the chances of this actually happening. Nor can I vouch for if this is a feasible defence strategy.

posted @ Thursday, April 23, 2009 9:33 AM | Feedback (0)
 
 
Powered by:

Copyright © Dave Woods