I use dovecot as my mail transfer agent and I aim to use the strongest password scheme which is supported by my system: SHA512-CRYPT or SHA256-CRYPT (BLF-CRYPT doesn't work).
For my own written webinterface I look for a function or library in node.js for hashing a password (with SHA***-CRYPT).
You may consider checking: https://github.com/mvo5/sha512crypt-node which contains a implementation for sha512crypt in JS. Its very new but passes the testvectors from the glibc reference implementation.
Check out my fork of shacrypt - a Node.js addon that supports SHA-256 crypt and SHA-512 crypt password hashing.
I extended it to:
Support asynchronous operation where computation is performed in Node.js's libuv thread pool, so it won't block the event loop.
Allow the module to be built under Windows
You will need to have C++ build tools installed on your system to successfully install the package. If you are running under Windows, you can download Microsoft's Build Tools for Visual Studio 2017.
Link:
https://github.com/vlasky/shacrypt
Have you seen this page:
cryto.createHash sha512 with hexDigest input type
You can use crypto.createHash function, but why SHA512? Are you sure you need it for your website?
Related
I'm using Qt Installer Framework to install my Linux app in several OS like Redhat/Centos and Ubuntu. It works nice but for compliance reasons I have to add a step where the user is mandated to enter a key that will be stored with the application binaries. This encrypted text key will unlock features in the given application.
I'm not looking for a hacker-proof solution, just something that I can legally claim the user had to do in order to install the binaries. This is to protect us in court, so the client does not claim they just downloaded the software from the internet and run. We have to say that the only way they were using the application is by either tampering with the installer, copying from another client (which is illegal) or actually agreeing with the EULA conditions.
The way that currently is, the binaries are stored with vanilla compression (7zip) in the web server (I only allow online installer) and anyone can download and unpack the 7zip container thus creating a legal breach.
There's an option in the package to display a License Agreement prior to installing the binaries. It is mandatory to accept the term before you can proceed.
Wouldn't that be enough for your use-case ?
You can have a look at the official Qt IFW Documentation to have a look at the "Licenses" xml element or directly into the translation example.
Regards
We are using crypto package in our node js app. The thing is we do not want the developer to know about the encryption algorithm we implemented. However, the developer would be knowing the encryption algorithm and the encryption key as they can view the source code of the encryption algorithm.
So my question is: is it possible to compile the encryption algorithm into a file like dll(.NET) or jar file (java) and include it in the project (open source solution). If not, how to prevent developer from viewing the source code?
The final expectation is the developer will know we use crypto package, but do not know we use what algorithm and key we implemented.
Note: I do not expect solution of restricting file access to the user nor hosting it in another environment.
node-ffi is a Node.js addon for loading and calling dynamic libraries using pure JavaScript. It can be used to create bindings to native libraries without writing any C++ code.
https://github.com/node-ffi/node-ffi
This question already has answers here:
Is it possible to create desktop applications with node.js? [duplicate]
(5 answers)
Closed 7 years ago.
Is there a way to compile a node.js application?
I maybe very late but you can use "nexe" module that compile nodejs + your script in one executable: https://github.com/crcn/nexe
EDIT 2021: Nexe's latest release is from 2017 and it appears that development has otherwise slowed, so the more-widely-used alternative from Vercel should also be considered these days: pkg
Node.js runs on top of the V8 Javascript engine, which itself optimizes performance by compiling javascript code into native code... so no reason really for compiling then, is there?
https://developers.google.com/v8/design#mach_code
EncloseJS.
You get a fully functional binary without sources.
Native modules also supported. (must be placed in the same folder)
JavaScript code is transformed into native code at compile-time using V8 internal compiler. Hence, your sources are not required to execute the binary, and they are not packaged.
Perfectly optimized native code can be generated only at run-time based on the client's machine. Without that info EncloseJS can generate only "unoptimized" code. It runs about 2x slower than NodeJS.
Also, node.js runtime code is put inside the executable (along with your code) to support node API for your application at run-time.
Use cases:
Make a commercial version of your application without sources.
Make a demo/evaluation/trial version of your app without sources.
Make some kind of self-extracting archive or installer.
Make a closed source GUI application using node-thrust.
No need to install node and npm to deploy the compiled application.
No need to download hundreds of files via npm install to deploy your application. Deploy it as a single independent file.
Put your assets inside the executable to make it even more portable.
Test your app against new node version without installing it.
There was an answer here: Secure distribution of NodeJS applications. Raynos said: V8 allows you to pre-compile JavaScript.
You can use the Closure compiler to compile your javascript.
You can also use CoffeeScript to compile your coffeescript to javascript.
What do you want to achieve with compiling?
The task of compiling arbitrary non-blocking JavaScript down to say, C sounds very daunting.
There really isn't that much speed to be gained by compiling to C or ASM. If you want speed gain offload computation to a C program through a sub process.
Now this may include more than you need (and may not even work for command line applications in a non-graphical environment, I don't know), but there is nw.js.
It's Blink (i.e. Chromium/Webkit) + io.js (i.e. Node.js).
You can use node-webkit-builder to build native executable binaries for Linux, OS X and Windows.
If you want a GUI, that's a huge plus. You can build one with web technologies.
If you don't, specify "node-main" in the package.json (and probably "window": {"show": false} although maybe it works to just have a node-main and not a main)
I haven't tried to use it in exactly this way, just throwing it out there as a possibility. I can say it's certainly not an ideal solution for non-graphical Node.js applications.
javascript does not not have a compiler like for example Java/C(You can compare it more to languages like PHP for example). If you want to write compiled code you should read the section about addons and learn C. Although this is rather complex and I don't think you need to do this but instead just write javascript.
Are there any libraries for connecting as a client via Remote Desktop Protocol (RDP) in Linux? The language used is secondary to the issue of existence. Any mainstream language would do (e.g. C++, Perl, Java, Ruby, PHP, Python), and even less popular ones like OCaml or Scheme.
Is there any option available other than taking the rdesktop source and hacking a library out of that?
There is a set of cross-platform open source RDP libraries available in FreeRDP project. They are written in C and under Apache Licence 2.0. See http://www.freerdp.com
Typing rdp into my Mandriva Software Managment tool revealed libxrdp which is a library that xrdp depends on but I don't know the details so it may not be what you want.
The project website is xrdp.sourceforge.net.
You can look at these implementations:
FreeRDP (Apache License) - mostly C.
FreeRDP C# bindings
FreeRDP-WebConnect for HTML5 stuff
rdesktop (GPLv2) - mostly C.
rdpy (GPLv3) - python but bitmap stuff is written in C (borrowing code from rdesktop)
properJavaRDP (GPL) - java
Non portable implementations:
Terminals (MS-CL) - visual studio project.
And the reference documents:
http://msdn.microsoft.com/en-us/library/cc240445.aspx
http://msdn.microsoft.com/en-us/library/cc240452.aspx (message flows / connection sequence)
rdesktop is going to be your best option. The code is quite clean and I don't think making a library would be a huge deal.
Another option if you prefer Java is the ProperJavaRDP Client http://properjavardp.sourceforge.net/ . It's nearly a strait port of rdesktop.
Sorry, but a quick strace and nm of rdesktop reveal nothing beyond X, crypto, and compression libs.
rdesktop does allow embedding into other windows, how does it not serve your purpose?
See the -X option in help
You could embed rdesktop in a window of your own per J-16 SDIZ's suggestion and then send X.org events to that window programmatically. A similar route would be to install a VNC server on the Windows machine and run a VNC client on the Linux machine. That way you can also programmatically send X.org events to the VNC client.
This is what browsershots.org uses to programmatically control various web browsers in a cross-platform way through Python. Have a look at the gui directory if the browsershots.org client source code
I've gotten xrdp to work with RHEL on EC2: xrdp.org
I am trying to compile Bigloo Scheme from source and I cannot figure out how to enable native thread support via ./configure in OS X 10.5 (Leopard) (and I haven't read anywhere that threading is not supposed to work on this platform).
I run ./configure --enable-sqlite --enable-web --enable-ssl --enable-pthreads --enable-fthreads, but then in the configuration summary, I am always getting:
Release features:
release number........................ 3.2a
supported backends.................... native:yes JVM:no .NET:no
default backend....................... native
additional APIs....................... fthreads pthreads ssl web sqlite ssl sqlite web multimedia mail calendar pkgcomp pkglib
native threads support................ no
openssl support....................... yes (dtls no)
sqlite support........................ sqltiny + sqlite
dynamic libraries support............. yes
bee support........................... partial
I want Bigloo in order to use Hop, and when I try to run it using so created binary I always get the warning:
*** WARNING:bigloo:hop
Threads disabled, forcing "nothread" scheduler.
The configure script has a switched named "--os-macosx", try with that. Last instance for me would be to go to https://github.com/manuel-serrano/bigloo and file an issue. Bigloo is actively developed as the last release is from May, 2020.