Slow Hashing Without a Salt?

I’m trying to design a security scheme that involves a shared secret but isn’t a traditional account password situation. The server would store a set of “keys”, each of which has a blob of data associated with it. In order for anyone to access the data for a given key, all they need to know is the plaintext name of the key. So if Alice creates data using “pineapple” as the key, Bob can ask the server for the data for the key “pineapple” and the server will return the data.

It’s completely intentional that Bob could share the secret word to other people, or for people to randomly guess “pineapple” and accidentally get the data. I only want to avoid someone being able to brute force very large numbers of keys for common dictionary words easily. I would like none of the plaintext data to ever be sent to the server, so that the people running the server could not spy on the user data or even know what the plaintext keys are. And ideally if the server was compromised, it would take a long time to brute force each of the plaintext keys and/or decrypt the corresponding data.

My idea for how this could work, is that if Alice wants to create new data, their client takes the key “pineapple” and runs a very slow hash algorithm on it, eventually creating the corresponding hash code for pineapple. Then their client encrypts the data package with “pineapple” as well using some sort of encryption method that is difficult to brute force. Alice would then send both to the server, which would check to see that the hash doesn’t already exist, and then store the hash/data pair. Later, Bob could repeat the same process of creating a hash code for pineapple, then ask the server for the data for that hash, and finally decrypt the returned data using pineapple as the key. The process of creating the initial hash would be slow, but both Alice and Bob could store it locally in their client so it would only have to be done once per key.

Is there any better way of doing this? Are there slow hash algorithms that don’t involve using a salt, which would prevent Alice and Bob from figuring out the same secure hash code without communicating with each other? Is there some way of using a salt but still using this general method where the server never sees any plaintext? Are there security concerns with this sort of scheme that I’m not considering?

All topic

merging dataframes without creating cross product (python pandas)

I have two dataframes df1 df1 and df2 df2
and I want to merge them using python pandas without creating the Cartesian product.Sample output would look like this output How should I do it?
Thanks

All topic

How can I safely provide a tip or information to Robert Mueller’s invesitgation without using the FBI tip line? [on hold]

Speaking hypothetically, if I had information relevant to FBI’s Special Counsel investigation lead by Robert Mueller, how could I securely and safely give it to the special counsel, without using the FBI tip line?

All topic

Stokes operator without dirichlet boundary condition

Let $Omega$ be a domain, then the following stokes operator is quite well known :

$mathcal{H} rightarrow mathcal{V}_{sigma} $

$f rightarrow u$ such that $ – Delta u = f $

where $ mathcal{H}$ is the closure in L^2 of ${ phi , phi in D(Omega)^n div phi = 0 }$ and $ mathcal{V}_{sigma}$ is the closure in $L^2$ of ${ v in H^1_0(Omega)^n, nabla cdot v=0 }$

I am concerned with what happens when we take of the vanishing at boundary condition, namely when we are interested with the laplacian in the space $H^1_{sigma}(Omega)$, the closure in $L^2$ of ${ v in H^1(Omega)^n, nabla cdot v=0 }$

In that setting we have boundary terms that appears: simply considering smooth functions then the identity:

$int_{Omega} Delta Phi cdot phi + int_{Omega} nabla Phi : nabla phi = int_{partial Omega} phi cdot frac{partial Phi}{partial n}$

suggests that we cannot define the laplacian for any $u in H^1_{sigma}(Omega)$ we need the term $frac{partial Phi}{partial n}$ to make sense for $u$ so maybe we could ask something like $nabla u_i in H^{-frac{1}{2}}(Omega)$ and then define $-Delta u$ in the dual of $H^1_{sigma}(Omega)cap {u in H^1_{sigma}(Omega), s.t. nabla u_i in H^{-frac{1}{2}}(Omega) }$ as $phi rightarrow -sum + int_{Omega} nabla u : nabla phi$

But there remain an important problem, this operator does not seem to be self adjoint.
I am interested in having some spectral theorem that would allow me to construct solutions for the time dependent stokes problem without the boudary condition $u|_{partial Omega} =0$ using some galerkin method:

$partial_t u – Delta u = f + nabla p$

$div u = 0$

$u cdot n = 0 $ in $partial Omega$

$u_{t=0} = u_0$

Would you know some litterature reference for this problem that I could read ?
To be more specific i am interested with Navier boundary conditions in fact.

Thanks

All topic

Application Load Balancer causes infinite redirect without a trailing slash (/)

I have a rails site using an AWS ALB and all routes appear to work except one, robots.txt.

I am getting the error “ERR_TOO_MANY_REDIRECTS”, link to example: https://www.mamapedia.com/robots.txt

After some research I found many places that said the Load Balancer is sending traffic over HTTP to the EC2 instances, and the redirects can be caused when HTTPS traffic is hitting the load balancer aws docs. I have configured apache as described in the link and don’t believe this is the issue, further all other routes work on the site on HTTP or HTTPS. Only robots.txt does not.

If I take an instance out of the load balancer and access it by IP, the robots.txt page is served as expected.

Strangely, if a trailing slash is added to the url https://www.mamapedia.com/robots.txt/ then the page will render. There are no wildcard redirects in Apache that should be adding a trailing slash, and again, outside the load balancer the robots.txt is accessible with out the trailing slash.

Httpd.config:

TraceEnable Off
ServerTokens Prod
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 600
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 600

User apache
Group apache
ServerAdmin support@mamapedia.com
UseCanonicalName Off
DirectoryIndex index.html index.html.var
AccessFileName .htaccess

    Order allow,deny
    Deny from all

TypesConfig /etc/mime.types


    MIMEMagicFile conf/magic

HostnameLookups Off
LogLevel crit
LogFormat "%a %{X-Forwarded-For}i %t %D %V "%r" %>s %b "%{User-agent}i"" detailed
LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
ServerSignature Off
ServerTokens Prod
AddDefaultCharset UTF-8
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddHandler php5-script .php
AddType text/html .php

Listen 80
#Listen 443

Include conf.modules.d/*.conf
Include conf.d/*.conf

In AWS the load balancer has two listeners, one for http(port:80) and one for https(port:443). They each forward to a different target group, the http target group is configured for HTTP and port 80, while the https target group is configured for HTTPS and port 443

Then in Apache I have a Listener on port 80, seen in the linked file above. Also one of the conf.d/*.conf files for ssl config is listening on Port 443

  1. Why would this trailing slash be required when the EC2 instance is behind an application load balancer?
  2. How can I configure it so the page loads without the trailing slash?

All topic

How can I load a webPack bundle with hash without HTML?

I have polymer webComponents that are bundled by webpack and consumed from another domain. These webComponets are JavaScript and get bundled into a single file with a hash.

Example:

 output: {
        path: OUTPUT_PATH,
        filename: '[name].[chunkhash:8].js'
    }

Normally, I would use HtmlWebpackPlugin (with a template) to generate the appropriate script tag (a tag that targets the bundle with the hash). However, there is no html file in this case. The consuming HTML is in another application and I only serve js.

Any advice on how to serve this bundle with the changing hash filename?

My current attempt is a small javascript ‘loader’ file that is never cached and will load the bundled/hash file. I don’t know how to get the hash name into this ‘loader’ file. I need something similar to HtmlWebpackPlugin that will work with a js file. Or an entirely different approach.

Any ideas?

All topic

Questions with and without auxiliary

Which one is correct way of asking Questions ?
When to ask questions without auxiliary?
Is asking question without Auxiliary is more formal way of asking questions ?

a) Are you Ok?
b) You ok ?

a) Did you see that movie?
b) You saw that movie ?

a) Who did give you this?
b ) Who gave you this ?

All topic

How can I safely provide a tip or information to Robert Mueller’s invesitgation without using the FBI tip line?

Speaking hypothetically, if I had information relevant to FBI’s Special Counsel investigation lead by Robert Mueller, how could I securely and safely give it to the special counsel, without using the FBI tip line?

All topic

How to boot without ‘nomodeset’?

I installed Ubuntu 12.04 on my laptop, and am now trying to get it to run. In the grub menu, if I load it normally, all I get is a black screen. In order for it to boot successfully, I have to edit the menu item and add ‘nomodeset’. With this, Ubuntu boots up.

Is there a fix for this, so that I don’t have to constantly add the nomodeset? I tried to install the proprietary drivers but I still had the same problem.

My laptop specs are:

Intel Core i5-2410M (2.30GHz, Dual-Core)
6GB RAM
750GB HDD 7200rpm
AMD Radeon HD 6630 1GB

All topic

How can Ganymede have an Earth-like gravity without us having realized it?

Imagine a small primitive humanoid civilization that developed independently in caves under the surface of Ganymede. We can assume there’s enough light that filters through the crystalline surface to support life, and that there’s enough air trapped in these caves for them to breathe.

But let’s say these people also happen have a gravity that’s slightly greater than Earth’s. How could that be the case? And why wouldn’t Earth’s astronomers have discovered that before now?

Also, are there any other significant factors that would make it difficult for Earth-like life to thrive? Things that would be harder to hand-wave away?

(The SF here is about as hard as cotton candy, so answers don’t need to be completely realistic. I’d just like to avoid directly contradicting known observations any more than I need to.)

All topic