We consider client devices (e.g. Android) connecting to a Java server for secure networking. Say we have stringent authentication requirements, and so decide to use client-authenticated SSL sockets, using self-signed client certificates.
In 2013, I was a Linux sysadmin, PostreSQL DBA, and erstwhile Java developer for a payment switching company, who was preparing for their first PCI assessment. Besides securing and virtualising their infrastructure - with KVM, virtual firewalls, and ssh forced commands - which kept me quite busy, there was this PCI requirement for "dual control" and "split knowledge" which was a show-stopper.
Redis is good for prototyping, shared memory, messaging, caching and maximum performance. It might be used orthogonally and/or complementary to your SQL relational store, and/or NoSQL document store. For example, Redis might be used to cache dimensional aggregates of relational data for analytical purposes.
We continue our Password Salt adventures with PBKDF2, in order to store multiple revisions of the crypto parameters, and migrate hashes on the fly.
This morning i enjoyed an article entitled "There Is Ubuntu, There Is Linux And Then There Are Others", and here i rehash my comment there.
This provides a long overdue update to "Password Hash" from the Enigma Prequels (2007), where that article neglected to add salt, which is embarassing for whoever wrote that article... which was unfortunately me.
We present a miniscule Millis utility class for handling intervals, in milliseconds, not least because we record timestamps as per System.currentTimeMillis, i.e the number of milliseconds since the Unix epoch. As such we can skirt around the issue of the time as seen on clocks, with their time zones and calendars and what-not.
The Google Authenticator mobile apps implement an IETF time-based one-time-password standard. This hashes the time, with a shared secret using the HMAC-SHA1 algorithm, to generate a one-time password.
But besides enabling multi-factor authentication for our personal Google account, how would we employ Google Authenticator clients for our own websites?!
Last time we introduced the trivial namesake Timestamped interface, and used the excellent ArrayDeque of Java6 to collect such things, imposing a time-based capacity and some external synchronization. Now let's test this with some threads.