I'm trying to develop something that extract keywords from a text. I know AlchemyAPI work best for this. Now i wanna know what algorithms AlchemyAPI used so that i can implement code of it on my own. Does anyone has any idea about it. Please share it. Thanks in advance.
I have no idea what specific algorithms AlchemyAPI uses (I'm guessing it is on the extreme end of proprietary), but the Stanford NLP has a lot of information and code that may be useful:
http://www-nlp.stanford.edu/software/lex-parser.shtml
Can anyone explain the algorithm behind Aircrack-ng (a WPA2-PSK cracker)?
I know how to use it, but a detailed explanation (which I could not find in their documentation) about how it actually works would help me a lot.
Determining the WPA/WPA2 passphrase is totally dependent on finding a dictionary entry which matches the passphrase. So a quality dictionary is very important. You can search the Internet for dictionaries to be used. There are many available.
For a more detailed overview of WPA2 PSK weaknesses, please refer to http://www.hsc.fr/ressources/articles/hakin9_wifi/hakin9_wifi_EN.pdf page 13
and after that read the source code of aircrack-ng, if you are not familiar with the C programming language then I highly recommend you learn as then with any open source program you can simply read the source code for the most in depth description of how it works. Also if possible learn assembly/machine code as you will get a real in depth appreciation for what is really happening when you run a program. Al-Salam
I want to write a small kernel module in which I have to take a static string, hex-encode it and then use arc4 algorithm to encrypt it and then reverse the process. The logic is pretty clear to me. What I am suffering is that of a guideline of using the crypto api. I cannot exactly find the way out. If some one can give me a rough introduction or a useful link, it will be of much help to me. I searched a lot about it, but could not figure it out exactly. Thanks in advance.
I'm trying to debug & extend an existing piece of Java code using BouncyCastle to decrypt and verify secured attachments.
I've looked through the BouncyCastle samples but what it's harder to extract from there is a model of what a PGP-secured attachments looks like. From the code and various errors I can infer there is something represented by a PGPMarker, then you can find a PGPCompressedData which inside has a PGPOnePassSignatureList and so on. This doesn't clarify issues such as when to expect one versus another and whether a one-pass signature is present when signing and encryption were performed separately (these were examples I faced but are not the topic of the question). BC's javadoc doesn't explain much (eg. PGPOnePassSignature is "A one pass signature object").
It's time-consume to reverse engineer the model by trial and error and, as I haven't successfully googled a good resource on this, I hope perhaps someone else knows one.
Thanks in advance.
The best resource I found was the OpenPGP RFC. I've used BouncyCastle for PGP and S/MIME, and I felt S/MIME was a lot more straight-forward, even though both standards are doing essentially the same thing. Luckily, in my case, I was signing and encrypting, so my code didn't have to be prepared to handle any crazy structure some PGP implementation could dream up.
I need to write a small program that can detect that it has been changed. Please give me a suggestion!
Thank you.
The short answer is to create a hash or key of the program and have the program encrypt and store that key within itself. From time to time the program would make a checksum of itself and compare it against that hash/key. If there is a difference then handle it accordingly.
There are lots and lots of ways to go about this. There are lots of very smart engineers out there that know how to work around it if that is what you are trying to avoid.
The simplest way would be to use a hash function to generate a short code which is a digest of the whole program and then check this.
It would be fairly easy to debug the code and replace the hash value to subvert this.
A better way would be to generate a digital signature using your private key and with the public key in the program to check it.
This would then require changing the public key and the hash as well as understanding the program, or changing the program code itself to subvert the check.
All you can do in the case described so far is make it more difficult to subvert but it will be possible with a certain amount of effort. I'd suggest looking into cryptographic techniques and copy protection for more information to suit your specific case.
Do you mean that program 'foo' should be able to tell if some part of it was modified prior to / during run time? That's not the responsibility of the program, its the responsibility of the security hooks in the target OS.
For instance, if the installed and trusted 'foo' has signature "xyz1234" , the kernel should refuse to run a modified (or completely new) 'foo'. The same goes for 'foo' while its currently running in memory. Look up 'Trusted Path Of Execution', aka TPE to start.
A better question to ask would be how to sign your released version of 'foo', which depends upon your target platform.
try searching for "code signing"
The easiest way would be for the program to detect its own md5 and store that in a separate file, but this isn't totally secure. An MD5 + CRC might work slightly better.
Or as others here have suggested, a sha1, sha2 or sha3 which are much more secure than md5 currently.
I'd ask an external tool to do the check. This problem reminds me of the challenge to write a program that prints itself. In Bash you could do something like this:
#!/bin/bash
cat $0
which really asks for an external tool to do the job. It's kind of solving the problem by getting away from solving the problem...
The best option is going to be code signing -- either using a tool supplied by your local friendly OS (For example, If you're targeting Windows, you probably want to take a look at Authenticode where the Operating System handles the tampering), or by rolling your own option storing MD5 hashes and comparing
It is important to remember that bets are off if someone injects a thread into your process (to potentially kill your ongoing checks, etc.), or if they tamper with your compiled application to bypass said checks.
An alternative way which wasn't mentioned is to use a binary packer such as UPX.
If the binary gets changed on the disk then the unpacking code is likely to fail.
This however doesn't protect you if someone changes the binary while it is in memory.