BouncyCastle has many more [cipher suites and algorithms][1] than the [default JCE][2] provided by Sun.

In addition to that, BouncyCastle has lots of utilities for reading arcane formats like PEM and ASN.1 that no sane person would want to rewrite themselves.


  [1]: http://bouncycastle.org/specifications.html
  [2]: http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html

Bouncy Castle is Australian in origin, and therefore is not subject to the [Export of cryptography from the United States][1].

It is useful if you are outside the United States and you need to manage key sizes grater than permitted by such that restriction. In that case you are not permitted to use software from United States for that.


  [1]: https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States &quot;Export of cryptography from the United States&quot;

On server or desktop, I don&#39;t see any reason to use BC unless you have to deal with some legacy ciphers or formats not supported by Sun JCE.

However, many JREs don&#39;t come with a JCE provider, like on mobile or embedded environments. BC comes handy in such cases.

I&#39;m not too sure how to go about getting the external IP address of the machine as a computer outside of a network would see it.

My following IPAddress class only gets the local IP address of the machine.

    public class IPAddress {
    
        private InetAddress thisIp;
    
        private String thisIpAddress;
    
        private void setIpAdd() {
            try {
                InetAddress thisIp = InetAddress.getLocalHost();
                thisIpAddress = thisIp.getHostAddress().toString();
            } catch (Exception e) {
            }
        }
    
        protected String getIpAddress() {
            setIpAdd();
            return thisIpAddress;
        }
    }



Getting the &#39;external&#39; IP address in Java

In my django application, I&#39;m trying to write a unit test that performs an action and then checks the messages in the response. 

As far as I can tell, there is no nice way of doing this. 

I&#39;m using the CookieStorage storage method, and I&#39;d like to do something similar to the following:

        response = self.client.post(&#39;/do-something/&#39;, follow=True)
        self.assertEquals(response.context[&#39;messages&#39;][0], &quot;fail.&quot;)

The problem is, all I get back is a 

    print response.context[&#39;messages&#39;]
    &lt;django.contrib.messages.storage.cookie.CookieStorage object at 0x3c55250&gt;

How can I turn this into something useful, or am I doing it all wrong?

Thanks,
Daniel

How can I unit test django messages?

Why do people use bouncycastle instead of Java Cryptography Extension? What is the difference?

Why do people use bouncycastle instead of Java&#39;s built in JCE provider? What is the difference?

<p>Why do people use bouncycastle instead of Java Cryptography Extension? What is the difference?</p>


I am currently using Eclipse for both Java and Python (with PyDev). I often find that I have one Java project open with lots of files, and then for some reason I have to switch to a Python project for a bit.

I want to leave my Java project the way it is, and I don&#39;t just want to open tons of Python files in the same place because then I have too much open at once.

Is there any way I can leave my Java project exactly the way it is, and open a completely new session of Eclipse? (sort of the way you can do with a browser)

Can you have 2 completely independent instances of Eclipse running at the same time?

Help me settle a dispute with a coworker:
Does setting a variable or collection to null in Java aid in garbage collection and reducing memory usage? If I have a long running program and each function may be iteratively called (potentially thousands of times): Does setting all the variables in it to null before returning a value to the parent function help reduce heap size/memory usage?

Does variable = null set it for garbage collection

Looking for quick, simple way in Java to change this string 

    &quot; hello     there   &quot;

to something that looks like this

    &quot;hello there&quot;

where I replace all those multiple spaces with a single space, except I also want the one or more spaces at the beginning of string to be gone.

Something like this gets me partly there

    String mytext = &quot; hello     there   &quot;;
    mytext = mytext.replaceAll(&quot;( )+&quot;, &quot; &quot;);

but not quite.


Java how to replace 2 or more spaces with single space in string and delete leading and trailing spaces

Is it possible to launch a debugger such as jdb from Maven? I have a **pom.xml** file that compiles the project successfully. However, the program hangs somewhere and I would really like to launch jdb or an equivalent debugger to see what&#39;s happening. 

I compile using `mvn compile` and launch using:

    mvn exec:java -Dexec.mainClass=&quot;com.mycompany.app.App&quot;

I was expecting something like:

    mvn exec:jdb -Dexec.mainClass=&quot;com.mycompany.app.App&quot;

to launch the debugger but, as usual, my expectations are incongruent with maven&#39;s philosophy.

Also, I couldn&#39;t find any documentation (on Maven&#39;s website or google) to describe how debugging works. I suspect that I have to use some plugin.

Debugging in Maven?

&gt; The no-argument constructor is a
&gt; requirement (tools like Hibernate use
&gt; reflection on this constructor to
&gt; instantiate objects).

I got this hand-wavy answer but could somebody explain further? Thanks

Why does Hibernate require no argument constructor?

License keys are the defacto-standard as an anti-piracy measure. To be honest, this strikes me as [(in)Security Through Obscurity][1], although I really have no idea how license keys are generated. What is a good (secure) example of license key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so, what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators? How are key generators made?

  [1]: http://en.wikipedia.org/wiki/Security_through_obscurity

How are software license keys generated?

How does this giant regex work?

I found an example for en/decoding strings in PHP. At first it looks very good but it wont work :-(

Does anyone know what the problem is?

    $Pass = &quot;Passwort&quot;;
    $Clear = &quot;Klartext&quot;;
    
    $crypted = fnEncrypt($Clear, $Pass);
    echo &quot;Encrypted: &quot;.$crypted.&quot;&lt;/br&gt;&quot;;
    
    $newClear = fnDecrypt($crypted, $Pass);
    echo &quot;Decrypted: &quot;.$newClear.&quot;&lt;/br&gt;&quot;;
    
    function fnEncrypt($sValue, $sSecretKey) {
    	return trim(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $sSecretKey, $sDecrypted, MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND))));
    }
    
    function fnDecrypt($sValue, $sSecretKey) {
    	return trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $sSecretKey, base64_decode($sEncrypted), MCRYPT_MODE_ECB, mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND)));
    }
    
The result is:

Encrypted: `boKRNTYYNp7AiOvY1CidqsAn9wX4ufz/D9XrpjAOPk8=`

Decrypted: `—‚(&#209;&#193;	^ y&#203;~F&#39;&#184;&#174;&#211;–&#237;	œ&#240;2&#193;_B‰&#194;—`


PHP AES encrypt / decrypt

What are the most secure sources of entropy to seed a random number generator?  This question is language and platform independent and applies to any machine on a network.  Ideally I&#39;m looking for sources available to a machine in a cloud environment or server provided by a hosting company.

There are two important weaknesses to keep in mind. The use of time for sending a random number generator is a violation of [CWE-337][1].  The use of a small seed space would be a violation of [CWE-339][2].


  [1]: http://cwe.mitre.org/data/definitions/337.html
  [2]: http://cwe.mitre.org/data/definitions/339.html

What is the most secure seed for random number generation?

A while ago I worked on a web application where users could buy tickets. Due to the way our client&#39;s processes worked, what you effectively got as a result of your purchase was a URL with the ticket number in it.

These were tickets to buy property in the Middle East, and each ticket was potentially worth around $3,000,000. Clearly dishing out sequential integers would have been a bad idea. We used GUIDs as they&#39;re basically unguessable, but my question is: are they secure enough?

As I understand it, the GUIDs .NET produces are totally pseudo-random (except for a few non-varying bits). However, I don&#39;t know what algorithm is used to generate them.

The MSDN documentation tells us that [`Random`][1] is fast and insecure, and [`RNGCryptoServiceProvider`][2] is slow and secure. That is, it&#39;s reasonable to assume someone could put in enough effort to predict the outcome of `Random`, but not of `RNGCryptoServiceProvider`.

If you saw a long enough sequence of GUIDs, would it be possible to predict futures ones? If so, how many would you need to see?


[In our particular case there were physical security checks later on - you had to present the passport you used to buy your ticket - so it wouldn&#39;t have been *too* bad if someone had guessed someone else&#39;s GUID, so we didn&#39;t sweat it at the time. The convenience of using the GUID as a database key made it a useful datatype to use.]


---

**Edit:**

So the answer is &quot;not enough&quot;.

Using [0xA3][3]&#39;s answer below, and following links from the [question][4] he linked to, the following code will generate a cryptographically random GUID that&#39;s valid by [Section 4.4 of RFC 4122][5]:

    static Guid MakeCryptoGuid()
    {
        // Get 16 cryptographically random bytes
        RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
        byte[] data = new byte[16];
        rng.GetBytes(data);
    
        // Mark it as a version 4 GUID
        data[7] = (byte)((data[7] | (byte)0x40) &amp; (byte)0x4f);
        data[8] = (byte)((data[8] | (byte)0x80) &amp; (byte)0xbf);
    
        return new Guid(data);
    }

This produces GUIDs much more slowly than `Guid.NewGuid()`, but with 122 bits of &quot;very random&quot; data, they are safely unpredictable.

Of course, any cryptographically random text would have done for a ticket number, but GUIDs are pretty handy. :-)

As with other version 4 GUIDs there&#39;s no absolute guarantee of uniqueness, but the odds are impressive. So long as you have fewer than 326,915,130,069,135,865 (i.e. [sqrt(-2*2^122*ln(0.99))][6]) GUIDs in play simultaneously, you can be more than 99% sure there are no collisions. Put another way: if like mine your application will have overflow errors all over the place if you have more than `int.MaxValue` of pretty much anything, you can be more than 99.9999999999999999% sure of no collisions (i.e. [e^-(((2^31-1)^2)/(2*2^122))][7]). This is about a thousand times more sure than you can be that a meteorite won&#39;t wipe out most of life on Earth within one second of the application going live (i.e. [one per 100 million years][8]).


  [1]: http://msdn.microsoft.com/en-us/library/system.random.aspx
  [2]: http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider.aspx
  [3]: https://stackoverflow.com/users/40347/0xa3
  [4]: https://stackoverflow.com/questions/2621563/how-random-is-system-guid-newguid-take-two
  [5]: https://www.rfc-editor.org/rfc/rfc4122#section-4.4
  [6]: http://www.wolframalpha.com/input/?i=sqrt(-2*2^122*ln(0.99))
  [7]: http://www.wolframalpha.com/input/?i=e^-(((2^31-1)^2)/(2*2^122))
  [8]: http://en.wikipedia.org/wiki/Impact_event#Mass_extinctions_and_impacts

Content Type	Original Author	Original Content on Stackoverflow
Question	clyfe	View Question on Stackoverflow
Solution 1 - Java	Kevin	View Answer on Stackoverflow
Solution 2 - Java	Laurence R. Ugalde	View Answer on Stackoverflow
Solution 3 - Java	ZZ Coder	View Answer on Stackoverflow

Why do people use bouncycastle instead of Java's built in JCE provider? What is the difference?

Java Problem Overview

Java Solutions

Solution 1 - Java

Solution 2 - Java

Solution 3 - Java

How can I unit test django messages?

Getting the 'external' IP address in Java

Attributions