ADHEAVEN - Natali Ardianto Official

COO tiket.com. Advisor bouncity.com. Advisor golfnesia.com. Co-founded urbanesia.com. Initiator #StartupLokal

April 8, 2012 8:08 pm
Handling user password: How do you hash your password?

After reading this article, I am starting to think that adding 34 characters (salt) in your password, and then hashing it is still ineffective.

Lets begin with hashing. This is how long does it take to brute force attack certain character length hashed text using modern days GPU:

all 6 character password MD5s: 3 seconds
all 7 character password MD5s: 4 minutes
all 8 character password MD5s: 4 hours
all 9 character password MD5s: 10 days
all 10 character password MD5s: ~625 days
all 11 character password MD5sfuggedaboudit

I have a plan. There are some techniques to add the “characters” in hashing (and make it super unique).

  • CONCAT (password , password, password) : By duplicating the password more than 1 times, we can harden the hash. We force user to use a minimum 6 character password, and then if we duplicate the password, then there are at least 12 characters password. Weakness: Usual suspect password, cracker create a crack pattern (if they know our technique).
  • CONCAT (password, salt, password): This is stronger. Unless they know our salt (if they actually hacked our server instead of only our database), this is a lot better.
  • CONCAT (password, salt, email): I once use password and email as a combination of hashed password, but user have to change password if they want to change the email. But I guess this is strongest, since usually email is long (username @ domain dot TLD). But of course, if they got our password hash, they usually got our user email address too.
  • I have seen a technique where they double hash a password. In term that they call MD5 twice. I think this is ineffective, since from the first hash to the second hash may have given collision hash structure.

How do you handle usually handle your user password? Please share with me.

6:54 pm
salsabeela: Our 2nd anniversary was a total blast. Fantastic crowd, high quality speakers, generous sponsors, solid internal team! Lovin’ every bit of it

salsabeela:

Our 2nd anniversary was a total blast. Fantastic crowd, high quality speakers, generous sponsors, solid internal team! Lovin’ every bit of it

April 7, 2012 3:56 am
satya: List of Yahoo! Koprol developers

satya:

These are software engineers, mobile developers, UI designers, program managers, quality engineers and a services engineer who worked for Yahoo! Indonesia, Yahoo! Mail, Yahoo! Messenger, Yahoo! Hub, and of course Koprol. They love Scrum, Ruby on Rails, mobile apps (J2ME, BlackBerry, Android,…

March 21, 2012 12:36 pm

The Sounds Of Nature…Literally

January 29, 2012 12:14 am

Installing Sphinx Search on Basic 64-bit Amazon Linux AMI

This is a simple step by step in installing Sphinx Search on Basic 64-bit Amazon Linux AMI. This is applicable to 32-bit too. This installation is very bare, starting from zero installation at all.

The conditions I wanted to meet:

  • Using the very latest Sphinx Search documents. And when I say latest, I mean it. I am using Sphinx Search trunk, because I need the RealTime Indexing (RT Index) and the latest trunk had the TRUNCATE RTINDEX command to remove all indexes.
  • Uses MySQL to connect to Sphinx Search.

So here goes:

# yum install mysql mysql-server mysql-devel
# yum install make gcc gcc-c++
# yum install svn
# cd /usr/src/
# svn checkout http://sphinxsearch.googlecode.com/svn/trunk/ sphinxsearch 
# cd sphinxsearch
# ./configure —with-mysql
# make
# make install
# /usr/local/bin/indexer —all
# /etc/init.d/searchd start

And that’s it! Crazy simple!

January 25, 2012 1:18 am
nuniek: Peserta #startuplokal meetup termuda malam ini ^.^ (Photo by nuniek)

nuniek:

Peserta #startuplokal meetup termuda malam ini ^.^ (Photo by nuniek)

January 19, 2012 5:38 pm

Project Eden, Grha 9 5th floor, Jl. Penataran no. 9, Menteng

5:23 pm
salsabeela: Been trying to put the painting on the wall for weeks. Finally after the girls (me & nuniek) spend more time at the office, the painting finally put in the right place :D

salsabeela:

Been trying to put the painting on the wall for weeks. Finally after the girls (me & nuniek) spend more time at the office, the painting finally put in the right place :D

(via nuniek)

11:11 am
nuniek: Welcoming foreign investor to @projecteden campus this morning, n they gave us good ideas :) (Photo by nuniek)

nuniek:

Welcoming foreign investor to @projecteden campus this morning, n they gave us good ideas :) (Photo by nuniek)

January 7, 2012 12:07 am

Using Sphinx as denormalized table: Need your point of view

Hey guys, I need your point of view on this. So I have this query, which can take up to 17 (Seventeen!) tables into one query. I have been using Sphinx a lot for searches, and luckily, since Sphinx 1.10-beta, we have this attribute called sql_attr_string. What this attribute does is store the value for retrieval at Sphinx. So this is what I get (below is a sphinx index):

mysql> select room_date, room_name FROM rooms LIMIT 5;
+-----------+--------+-----------+---------------+
| id        | weight | room_date | room_name     |
+-----------+--------+-----------+---------------+
| 120120106 |      1 |  20120106 | Superior Room |
| 120120107 |      1 |  20120107 | Superior Room |
| 120120108 |      1 |  20120108 | Superior Room |
| 120120109 |      1 |  20120109 | Superior Room |
| 120120110 |      1 |  20120110 | Superior Room |
+-----------+--------+-----------+-------------------+
5 rows in set (0.01 sec)

So as you can see, I don’t need to query my tables anymore, basically sphinx search is doing the hard work by indexing ALL tables (schedule in background), and updates anything necessarily by using real-time indexing.

Reading the manual, it says that searchd will cache all values in RAM. But I think that’s before 1.10-beta. I need your PoV on this. Is this plausible or is this consuming a lot of Sphinx Search resource?