M2G

At Khan Academy, we recently took the time to go through our 200+ Jinja2 templates and turn on autoescape to reduce the likelihood of falling prey to an XSS attack. This gave us an excuse to audit all of our pages for injection holes: Here’s one hole Jamie Wong pointed out that you might run into when using Ruby’s .to_json or Python’s json.dumps. Suppose you’re writing a web app and you want to pass down an untrusted string username from the server to your client-side JavaScript code. If you create a Rails template that looks like the following, are you safe from XSS attacks? <script> Profile.init({ username: <%=raw username.to_json %> }); </script> (Here we use raw because we don’t want HTML entities in the JavaScript code.) Though we’re not exactly including unescaped HTML, there’s a subtle injection bug here that has to do with how browsers parse <script> tags. The HTML spec says: Markup and entities must be treated as raw text and passed to the application as is. The first occurrence of the character sequence “</” (end-tag open delimiter) is treated as terminating the end of the element’s content. Where’s the security hole? Consider if username was set to: </script><script>evil()</script> This will give us the following HTML: <script> Profile.init({ username: "</script><script>evil()</script>" }); </script> Though the first <script> tag doesn’t contain valid JavaScript, it doesn’t matter – the second script tag will be read and so evil() will be executed. So what’s the fix? In addition to the common character escapes \", \\, \b, \f, \n, \r, \t, and \uXXXX, the JSON spec states that \/ will be interpreted as a literal slash. That is, in a JSON string literal, you can add a backslash before a slash character without otherwise changing the string. To prevent against this hole, you should replace every occurrence of </ in your JSON with <\/ so that the <script> tag remains open. (The characters < and / are valid only within a string literal so the replacement can’t affect anything else.) Regardless of which language you use, you’ll probably want to make a helper function to encapsulate this logic: # Ruby def jsonify(obj) obj.to_json.gsub('</', '<\/') end # Python def jsonify(obj): return json.dumps(obj).replace('</', '<\\/') As long as you always remember to use the jsonify wrapper instead of the built-in JSON serialization, you should be safe from this particular attack. Sursa

Thomson Reuters has confirmed the blogging platform of the Reuters News website was compromised on Friday and a false posting purporting to carry an interview with a Syrian rebel leader was illegally posted on a Reuters' journalist's blog. "Reuters.com was a target of a hack on Friday," the company said in a statement. "Our blogging platform was compromised and fabricated blog posts were falsely attributed to several Reuters journalists." One of the false posts purported to be an interview with Riad al-Asaad, the head of the Free Syrian Army. "Reuters did not carry out such an interview and the posting has been deleted," the Reuters statement said. In the purported interview, the FSA leader was alleged to have said his forces were pulling back from the northern province of Aleppo after clashes with the Syrian army. The Free Syrian Army issued a statement denying that any such interview had taken place, and blamed President Bashar al-Assad's government for the false posting. The report "was fabricated by the regime, as it seems the news agency was hacked", it said in a statement. Thomson Reuters had no immediate information on who was behind the hacking. Reuters journalists in Aleppo have reported Free Syrian Army fighters are still present in the city and outlying province. The Reuters.com blogging platform was taken offline on Friday while the company works to address the problem. Sursa

Foloseste multithreading daca tot vrei sa faci ceva calumea. Si un generator de text ar trebui sa iti dea rezultatul instant. Bineinteles, depinde de procesul de generare dar in principiu nu ai nevoie de un progress bar pentru asa ceva.

Doar tu si Harap-Alb mai invatati intr-un an limbaje de programare cat altii in 10 welcome

Nu mi se conecteaza la nici un seed. Urcati careva pe ge.tt.

E o chestie simpla dar daca vreti sursa, nu o sa ma opun. Problema e ca eu sunt cam lenes sa comentez si documentez codul sursa dar va prindeti voi ce si cum face daca vreti. Scriu direct aici ca nu e mare. Main.java import javax.swing.UIManager; public class Main { public static void main(String[] args) { try { UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName()); } catch (Exception e) { throw new RuntimeException(e); } View interfata = new View(); new Controller(interfata); } } View.java import javax.swing.JFrame; import javax.swing.JPanel; import javax.swing.border.EmptyBorder; import javax.swing.JLabel; import java.awt.Font; import javax.swing.JTextField; import javax.swing.JSeparator; import javax.swing.JButton; import java.awt.Color; import javax.swing.SwingConstants; @SuppressWarnings("serial") public class View extends JFrame { private JPanel contentPane; private JTextField from2; private JTextField from1; private JTextField from3; private JTextField from4; private JTextField to1; private JTextField to2; private JTextField to3; private JTextField to4; private JButton btnDoIt; private JLabel lblstatus; /** * Create the frame. */ public View() { setResizable(false); setTitle("IP Range Generator by M2G"); setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); setBounds(100, 100, 433, 300); contentPane = new JPanel(); contentPane.setBackground(Color.DARK_GRAY); contentPane.setBorder(new EmptyBorder(5, 5, 5, 5)); setContentPane(contentPane); contentPane.setLayout(null); JLabel lblFrom = new JLabel("From:"); lblFrom.setForeground(Color.GREEN); lblFrom.setFont(new Font("Tahoma", Font.PLAIN, 12)); lblFrom.setBounds(27, 24, 46, 14); contentPane.add(lblFrom); JSeparator separator = new JSeparator(); separator.setBounds(89, 66, 15, 2); contentPane.add(separator); JSeparator separator_1 = new JSeparator(); separator_1.setBounds(198, 66, 15, 2); contentPane.add(separator_1); JSeparator separator_2 = new JSeparator(); separator_2.setBounds(311, 66, 15, 2); contentPane.add(separator_2); JSeparator separator_3 = new JSeparator(); separator_3.setBounds(89, 136, 15, 2); contentPane.add(separator_3); JSeparator separator_4 = new JSeparator(); separator_4.setBounds(198, 136, 15, 2); contentPane.add(separator_4); JSeparator separator_5 = new JSeparator(); separator_5.setBounds(311, 136, 15, 2); contentPane.add(separator_5); from2 = new JTextField(); from2.setBounds(127, 54, 52, 20); contentPane.add(from2); from2.setColumns(10); from1 = new JTextField(); from1.setColumns(10); from1.setBounds(27, 54, 52, 20); contentPane.add(from1); from3 = new JTextField(); from3.setColumns(10); from3.setBounds(232, 54, 52, 20); contentPane.add(from3); from4 = new JTextField(); from4.setColumns(10); from4.setBounds(336, 54, 52, 20); contentPane.add(from4); to1 = new JTextField(); to1.setColumns(10); to1.setBounds(27, 128, 52, 20); contentPane.add(to1); to2 = new JTextField(); to2.setColumns(10); to2.setBounds(127, 128, 52, 20); contentPane.add(to2); to3 = new JTextField(); to3.setColumns(10); to3.setBounds(232, 128, 52, 20); contentPane.add(to3); to4 = new JTextField(); to4.setColumns(10); to4.setBounds(336, 128, 52, 20); contentPane.add(to4); JLabel lblTo = new JLabel("To:"); lblTo.setForeground(Color.GREEN); lblTo.setFont(new Font("Tahoma", Font.PLAIN, 12)); lblTo.setBounds(27, 103, 46, 14); contentPane.add(lblTo); btnDoIt = new JButton("Do It!"); btnDoIt.setBounds(127, 181, 157, 31); contentPane.add(btnDoIt); lblstatus = new JLabel("Ready!"); lblstatus.setForeground(Color.GREEN); lblstatus.setHorizontalAlignment(SwingConstants.CENTER); lblstatus.setFont(new Font("Tahoma", Font.PLAIN, 13)); lblstatus.setBounds(127, 234, 157, 14); contentPane.add(lblstatus); setVisible(true); validate(); setLocationRelativeTo(null); } public JTextField getFrom2() { return from2; } public void setFrom2(JTextField from2) { this.from2 = from2; } public JTextField getFrom1() { return from1; } public void setFrom1(JTextField from1) { this.from1 = from1; } public JTextField getFrom3() { return from3; } public void setFrom3(JTextField from3) { this.from3 = from3; } public JTextField getFrom4() { return from4; } public void setFrom4(JTextField from4) { this.from4 = from4; } public JTextField getTo1() { return to1; } public void setTo1(JTextField to1) { this.to1 = to1; } public JTextField getTo2() { return to2; } public void setTo2(JTextField to2) { this.to2 = to2; } public JTextField getTo3() { return to3; } public void setTo3(JTextField to3) { this.to3 = to3; } public JTextField getTo4() { return to4; } public void setTo4(JTextField to4) { this.to4 = to4; } public JButton getBtnDoIt() { return btnDoIt; } public void setBtnDoIt(JButton btnDoIt) { this.btnDoIt = btnDoIt; } public JLabel getLblstatus() { return lblstatus; } public void setLblstatus(String alblstatus) { lblstatus.setText(alblstatus); } } Controller.java import java.awt.event.ActionEvent; import java.awt.event.ActionListener; import java.io.BufferedWriter; import java.io.FileWriter; import java.io.IOException; import javax.swing.JOptionPane; public class Controller{ private View interfata; public Controller(View interfata){ this.interfata = interfata; interfata.getBtnDoIt().addActionListener(new DoAction()); } class DoAction implements ActionListener{ public void actionPerformed(ActionEvent arg0) { if(arg0.getSource() == interfata.getBtnDoIt()){ interfata.setLblstatus("Working..."); String from1 = interfata.getFrom1().getText(); String from2 = interfata.getFrom2().getText(); String from3 = interfata.getFrom3().getText(); String from4 = interfata.getFrom4().getText(); String to1 = interfata.getTo1().getText(); String to2 = interfata.getTo2().getText(); String to3 = interfata.getTo3().getText(); String to4 = interfata.getTo4().getText(); if(isValid(from1) && isValid(from2) && isValid(from3) && isValid(from4) && isValid(to1) && isValid(to2) && isValid(to3) && isValid(to4)){ boolean cont=true; String temp; int ifrom1 = Integer.parseInt(from1); int ifrom2 = Integer.parseInt(from2); int ifrom3 = Integer.parseInt(from3); int ifrom4 = Integer.parseInt(from4); int ito1 = Integer.parseInt(to1); int ito2 = Integer.parseInt(to2); int ito3 = Integer.parseInt(to3); int ito4 = Integer.parseInt(to4); if (correctInput(ifrom1,ifrom2,ifrom3,ifrom4,ito1,ito2,ito3,ito4)){ try { BufferedWriter out = new BufferedWriter(new FileWriter("result.txt")); while(cont) { temp = ifrom1+"."+ifrom2+"."+ifrom3+"."+ifrom4+"\n"; out.write(temp); ifrom4++; if(ifrom4==256){ ifrom4=0; ifrom3++; } if (ifrom3==256){ ifrom3=0; ifrom2++; } if (ifrom2==256){ ifrom2=0; ifrom1++; } if( (ifrom1 == ito1) && (ifrom2 == ito2) && (ifrom3 == ito3) && (ifrom4 == ito4) ) { temp = ifrom1+"."+ifrom2+"."+ifrom3+"."+ifrom4+"\n"; out.write(temp); cont = false; } } out.close(); } catch (IOException e) { } } }else JOptionPane.showMessageDialog(null, "Invalid input", "Error", JOptionPane.ERROR_MESSAGE); interfata.setLblstatus("Done!"); } } } public boolean correctInput(int ifrom1, int ifrom2, int ifrom3, int ifrom4, int ito1, int ito2, int ito3, int ito4){ boolean check=true; if(ifrom1 <= ito1){ if(ifrom1 == ito1){ if (ifrom2 <= ito2){ if(ifrom2 == ito2){ if(ifrom3 <= ito3){ if(ifrom3 == ito3){ if(ifrom4 <= ito4){ }else { JOptionPane.showMessageDialog(null, "Please verify the IP range!", "Invalid range", JOptionPane.ERROR_MESSAGE); check = false; } } }else { JOptionPane.showMessageDialog(null, "Please verify the IP range!", "Invalid range", JOptionPane.ERROR_MESSAGE); check = false; } } }else { JOptionPane.showMessageDialog(null, "Please verify the IP range!", "Invalid range", JOptionPane.ERROR_MESSAGE); check = false; } } }else { JOptionPane.showMessageDialog(null, "Please verify the IP range!", "Invalid range", JOptionPane.ERROR_MESSAGE); check = false; } return check; } public boolean isValid(String arg){ int test; try{ test = Integer.parseInt(arg); } catch (NumberFormatException ex){ return false; } if (test < 0 || test > 255) return false; else return true; } } plm, imi fute forumul indentarea. Main.java -> http://pastebin.com/b31TBZba View.java -> http://pastebin.com/kKC2uTpW Controller.java -> http://pastebin.com/nsnHrpy0

O sa il descarc si eu diseara si o sa il urc si pe docs.rtfm.us ca sa ramana acolo. Acum nu pot ca sunt la munca.

@ps-axl Cand lipsesc de la facultate, am niste slide-uri pentru acele cursuri pe care le pot citii ca sa vad ce sa predat. In multe din acele slide-uri mai sunt si referinte catre cartile oferite ca si suport pe materia respectiva. @pyth0n3 Nu am scris asta ca sa va atac munca. Stiu ca ceea ce faceti, faceti pentru comunitate si stiu ca sa investit timp si chiar bani pentru a putea tine aceste cursuri. Parerea mea e ca daca tot se face o treaba, sa se faca cat mai profesionist posibil. Ok, ratezi un curs, prinzi din urma ce sa predat. Nu e o problema asa de mare. Dar cand pierzi 2,3 poate ca iti zici: "Imi bag picioru in el curs, am pierdut prea multa informatie". Probabil ca multi din cei inscrisi nu au trecut de 18-21 de ani si acum sunt in vacanta si au timp dar pentru ceilalti ar fi cinstit sa se retina undeva cursul predat. Ar fi bun si un fisier text in care sa se salveze ce sa discutat. Nu zic asta pentru mine. O zic ca si principiu pentru a rezolva o problema. Personal, pot sa ma lipsesc de cursurile astea pentru ca stiu deja majoritatea chestiilor care se predau sau as putea invata singur orice se preda. Motivul pentru care as participa la aceste curusuri este pentru a afla informatii pe care poate nu le stiu, care mi-au scapat. Stiu ca sa mai discutat chestia asta, utilitatea inregistrarii cursurilor. Stiu ca am adus in vizor problema asta prea tarziu, cand sistemul este deja implementat si azi incepe primul curs si ca nu te simti mai bine cand stii ca ai muncit la ceva si vine "unu" si are ceva de comentat dar puteti sa o luati ca o sugestie pentru viitor si sa incercati sa vedeti utilitatea acestui feature.

Ar fi foarte bine daca se pot inregistra cumva cursurile. Eu, de exemplu, nu pot sa particip azi de la 20.

Crisis malware lets attackers install without an administrator password and intercept email, IM, and other communications. Mac users, beware new malware targeting Apple OS X systems that's disguised as an Adobe Flash Player installer. That warning comes via antivirus software vendor Kaspersky Lab, which said it first spotted the Crisis malware--also known as Morcut--last week. While not widespread, the malware's ability to intercept email and IM, among other features, demonstrates that malicious applications written to target Macs can be just as powerful as malware that comes gunning for PCs. Concerns over Mac malware have been growing since the Flashback malware infected an estimated 600,000 Apple OS X systems earlier this year. Apple ultimately patched multiple versions of its operating system against the malware, and also took the unusual step of altering OS X to disable outdated versions of Java and the Adobe Flash Player, to help prevent malware from exploiting known vulnerabilities in the software. [ Is Apple upping the ante on security? Read more at Apple's Authentec Buy Hints At Secure iPad. ] Such steps should pay off in the case of Crisis, since the malware arrives in the form of a Java archive (a.k.a. JAR) file that's allegedly been signed by VeriSign. The malware includes an installer for various modules, including one that communicates with the botnet's command-and-control servers. The installer first checks to see if it's already been installed--via the presence of a file the malware creates to hide its stolen data--and then activates a rootkit, which hides its malicious files and processes in the OS X system library, enabling the malware to survive reboots. The rootkit also ensures that the malware can run automatically, without requiring administrator-level authentication. Based on the malware's capabilities, "these modules were written professionally, obviously with the intention of being used widely in the future," said Sergey Golovanov, a security researcher at Kaspersky Lab, in a blog post. "From the code, we can see that the cybercriminals developed this Trojan in order to sell it on hacker forums." But it's unclear if the malware, which offers functionality similar to the Zeus financial malware, has been designed solely with black-market distribution in mind, or whether it might also be marketed to law enforcement agencies, said Golovanov. Regardless of the malware's origins, it offers attack capabilities on par with modern PC-targeting malware. "If this malware managed to infect your Mac computer, it could learn an awful lot about you and potentially steal information which could read your private messages and conversations, and open your email and other online accounts," said Graham Cluley, senior technology consultant at Sophos, in a blog post. "Clearly, [Morcut] was created with spying in mind." Notably, the code contains hooks into the Apple OS X operating system that allow it to either monitor or control any built-in Webcam, track mouse coordinates, record keystrokes, copy clipboard contents, and spy on instant messaging tools such as Adium, MSN Messenger, and Skype, as well as call data related to Skype. The malware can also activate the internal microphone, read calendar data and alerts, retrieve address book information, take screenshots, and recall visited URLs. "Fortunately, we haven't seen Morcut in the wild," Cluley said, which means that either the malware may simply have not found many buyers, or that it's being used only in very targeted attacks. "At the moment the threat is low," Cluley said. "However, the complexity of the malware is yet another indication that malware on the Mac is becoming more serious--and designed to make money at your expense." Sursa

Au impact pentru ca aproape fiecare casa are un calculator cu acces la internet si tot mai multa lume le foloseste fie ca vor, fie ca nu. Retelele sociale pot aduna sute de mii si chiar milioane de oameni pentru un scop x. Am fost la o conferinta acum cateva luni in care directorul ursus povestea despre impactul social media in marketing. Artistii nu isi mai lanseaza piesele pe TV. Se lanseaza pe internet mai rapid si mai ieftin. Sunt exemple gramada.

Daca va uitati la comentarii, multe arata ca si cele de care zicea neme mai demult.

Ma! Ori zici FUD, ori zici 100% UD care defapt e tot FUD. FUD = fully undetectable Folositi cuvinte care nu stiti ce inseamna. Si cine crezi ca il downloadeaza daca ai 1 post?

Nu iti merge pentru ca tu verifici la onCreate(adica momentul in care acel view se creaza) daca butonul este apasat if(b1.isPressed()==true){ tv1.append(et1.getText()); } Cum butonul nu are starea de apasat in acel moment e normal sa nu se intample nimic. Ce trebuie sa faci este sa adaugi un listener pentru acel buton si sa creezi o metoda care se apeleaza in momenul in care acel buton este apasat. Ceva de genul b1.addActionListener(this); In plus trebuie sa implementezi clasei si interfata ActionListener. public class MainActivity extends Activity implements ActionListener. mai jos de onLoad o sa ai acum o metoda care trebuie implementata din interfata ActionListener. Adica ceva de genul: public void actionPerformed(ActionEvent e){ } In corpul acele metode trebuie sa verifici daca butonul a fost apasat: public void actionPerformed(ActionEvent e){ if (e.getsource == b1){ //aici vine codul prin care setezi acel text, adica: tv1.append(et1.getText()); } } Cum ti-am scris eu se face in Java. Poate in Android e putin diferit modul in care tratezi evenimentele. Nu prea am experianta pe Android dar vrea si eu sa ma apuc de el da saptamana aceasta. Daca vrei resurse de unde sa inveti Android te poti uita aici: Index of /Users/M2G/Android/ Pentru Java gasesti resurse aici: Index of /Users/M2G/Java/ Bafta si sper ca ai inteles ce am vrut sa zic. Ti-am explicat mai mult la nivel conceptual decat sa iti dau chiar codul care trebuie sa il scrii desii e posibil sa mearga si cum ti-am scris eu codul. Daca zici ca programezi de 5 ani ar trebui sa intelegi usor ce ti-am zis. Bafta!

Next level in warfare. Arme fara gloante.

http://www.youtube.com/watch?v=Lsf5BFlwvEU

Eu zic ca vreo 5 zile pe tusa l-ar invata sa nu mai posteze prostii. Si in legatura cu clipul, e mai mult enervant decat amuzant. RST = Romanian Security Team Ce cauta asta aici?

It's a good day when you see the following on 10 hashes: Yes, that's 154B - as in Billion. It was done entirely with AMD hardware, and involved 9x6990, 4x6970, 4x5870, 2x5970, and 1x7990 - for a total of 31 GPU cores in 6 physical systems. We had another 11 cards with 15 GPU cores left over - we didn't have systems to put them in (mostly nVidia). For more details, read on... This morning, @jmgosney and I met up to work on the networking code for the new Multiforcer framework, and do some serious stress testing. I've been working on the networking code recently, and it needed some serious testing. I can do some testing in my development environment, but it usually takes going big to expose some types of bugs (which I most certainly did find). This is a good way to start a day: After putting all the GPUs we had into the systems we had (one board & one power supply were acting up and were unable to be used), this was the stack left over: The original plan was to use all the AMD cards, and fill in space with nVidia, but we unfortunately did not have enough room for all the AMD cards. Amusingly, one of my boards wouldn't find the hard drive controllers with 4 dual GPU cards installed. We also had a few remote systems that were helping out. There were supposed to be a few more, but they didn't pan out, so we were roughly 8 GPUs/12 cores short of where we were hoping to be. The server was an EC2 m1.small node, since I wanted to test the server at internet-scale latencies, and on a relatively low resource platform. We did not use any EC2 GPU nodes for this test, but may in the future... After a good bit of troubleshooting, code updates, and pushing binaries around, we finally hit success, as observed above. Also, as noted below. Please remember, these are NOT single hash speeds - these are on a list of 1000 hashes, over the internet... There are still a few improvements left to make, including some (surprise) threading issues & mutex issues. But other than a few edge cases, thing worked amazingly well! Also, there's no reason at all that nVidia cards couldn't have been helping. Even though they're slower, an nVidia GPU is still better than a CPU! If you want to play with this, it's currently in SVN. I'll be polishing off a few more bugs with the network code and then doing a release before Defcon. If you have more questions, you can also find me in my talk at Defcon - I will be presenting! Impresionant sau ce? Sursa

Ms birkoff pentru linkuri. In legatura cu intrebarea mea: Daca nu sa inteles, o sa fac o aplicatie pentru RST despre care nu o sa zic nimic acum dar o sa includa si un sistem prin care se pot gasii articole bune drespre securitate/programare precum si numele celui care a propus linkul. Intrebam care tehnologie e mai buna pentru voi. Sunt care folosesc doar linux sau doar mac si ma gandeam ca daca aplicatia e scrisa in java or sa poata si ei sa foloseasca. De asta intrebam .net sau java? Stiu unde e folosit java si stiu sa scriu cod in ambele. Era doar o intrebare despre care din cele doua tehnologii o preferati. Mai astept linkuri ca la offtopic sunteti buni dar cand e vorba de ceva serios nu prea sare aproape nimeni. Puteti posta si ce aveti pe la bookmarks.

Postati aici linkuri din domeniul securitatii sau programarii. Articole pe care le-ati citit si care le considerati bune, site-uri in care sunt prezentate informatii relevante din acest domeniu, paper-uri. Orice credeti ca e resursa buna in acest domeniu si care merita mentionata si vazuta de altii. Vreau sa arate ceva de genul: O sa vedeti in viitorul apropiat de ce am nevoie de ele. Pe langa asta as vrea sa imi mai raspundeti la o intrebare. Ati folosii un soft care e OS dependent cum e .net sau cross platform (Java - in cazul acesta nu o sa fie .jar ci o sa fie facut un build atat pt win-fisier.exe cat si pt linux-fisier.sh)? Vreau sa scriu un program si as vrea sa aud si parerea voastra in legatura cu tehnologia care va satisface mai mult. O sa dureze ceva timp procesul acesta asa ca puteti posta aici oricand gasiti ceva util. La cat mai multe resurse utile postate.

^Nu e absolut nici o diferenta intre C# si vb.net. Codul scris in aceste limbaje este interpretat intr-un cod intermediar dupa care din acel cod just in time compiler-ul face treaba mai departe. Acel cod intermediar este generat EXACT la fel fie ca scrii cod VB, fie ca scrii C#. Performanta e exact la fel . Singura diferenta e sintaxa. Unora poate le place mai mult sintaxa VB si altora C#. Eu, cel putin, urasc sintaxa VB. Ca sa fiu si ontopic as sugera sa incepi cu C. Din C au derivat majoritatea limbajelor. Daca stii C iti va fi foarte usor sa inveti si alte sintaxe. Cauta carti pe docs.rtfm.us ca ai de unde alege.

Sistemele criptografice existente sunt folosite pentru ca se pot demonstra matematic. Exita un model matematic demonstrabil al lor. Ca faceti voi ceva schimbari de caractere sau alte chestii de genul acesta e total insecure. Dupa un numar n de mesaje criptate prin metoda voastra se pot deduce diverse patternuri. Exemplu: criptezi de 2 ori stringul "salut" cu aceasi metoda si fara sa ai un generator de numere pseudoaleatoare. Daca sunt diferente mici intre cele 2 outputuri poti sa te gandesti deja ca sistemul e insecure. Ganditi-va bine la asta daca vreti sa folositi un sistem criptografic construit de voi. Daca nu e demonstrabil matematic la un momentdat or sa exite coliziuni si acolo e inceputul sfarsitului. Good luck!

Codul acela nu prea arata a cod scris de profesionisti si e doar o parte mica din cod. Folosesc prea mult clasa string cand pot sa foloseasca StringBuilder. Atunci cand se modifica continutul unui string se sterg defapt datele de pe heap si se creaza alta zona de memorie pentru noile date => destul de ineficient pentru operatii mai complicate. Dupa care ii auzi cu chestii de genul "Java is slow". De asta se foloseste StringBuilder pentru ca acesta nu sterge zona de memorie din MV ci actioneaza ca un pointer dinspre zona stack catre heap si se inlocuieste doar valoarea din memorie referita de builder. Poate se descurca mai bine in C sau ASM.