Author Topic: Cryptography Implementation Discussion (Read 15853 times)

Kalphiter^4 · November 11, 2013, 10:01:56 AM

Quote from: Port on November 11, 2013, 10:00:46 AM

Asking for precision to 1000th of a second is not too much to ask.

I'm pretty sure getRealTime() will fix that.

Ad Bot · Advertisement

Port · November 11, 2013, 10:47:15 AM

Wrote a new benchmarking function because I had nothing better to do.
Wow, getRealTime() is so precise! -4ms min!

I was redefining the function because making the benchmarker use eval and support fixed-argument functions would add too much overhead.

Ipquarx · November 11, 2013, 11:00:05 AM

Here are my own personal benchmarks for my updated library:

Addition:
16,384 additions of 500 and 150: 52ms Average time: 0.003ms
16,384 additions of 1500 and 2500: 364ms Average time: 0.022ms
16,384 additions of two 100 digit numbers: 11,570ms Average time: 0.706ms

Subtraction:
16,384 subtractions of 500 and 150: 40ms Average time: 0.002ms
16,384 subtractions of 2500 and 1500: 717ms Average time: 0.043ms
16,384 subtractions of two 100 digit numbers: 24,837ms Average time: 1.515ms

Multiplication:
16,384 multiplications of 500 and 150: 46ms Average time: 0.003
16,384 multiplications of 2500 and 1500: 2,004ms Average time: 0.122ms
2,048 multiplications of two 100 digit numbers: 94,554ms Average time: 46.169ms

Lugnut · November 11, 2013, 11:04:27 AM

ipquarx, can you make a version that runs off of recursive schedules? be careful with exponentiation with large numbers...

Ipquarx · November 11, 2013, 11:14:23 AM

Quote from: Lugnut on November 11, 2013, 11:04:27 AM

ipquarx, can you make a version that runs off of recursive schedules? be careful with exponentiation with large numbers...

I'll try to, but it's really useless unless you're multiplying 400+ digit numbers... I'll also be trying to convert the modulus and division functions from Here into torquescript as I have no idea how to do them myself. Would anyone else care to try as well?

Xalos · November 11, 2013, 12:49:20 PM

Quote from: Port on November 11, 2013, 12:35:01 AM

Here's a better first question: What do you need high-level cryptography in Blockland for?!

Anything involving usernames and passwords. If you let it be sent in plaintext and then hash it server-sided, you're being irresponsible because most people only use one password for everything. For example, my one password for everything related to the SCP Foundation is [REDACTED].

Zeblote · November 11, 2013, 12:52:11 PM

Quote from: Xalos on November 11, 2013, 12:49:20 PM

Anything involving usernames and passwords. If you let it be sent in plaintext and then hash it server-sided, you're being irresponsible because most people only use one password for everything. For example, my one password for everything related to the SCP Foundation is [REDACTED].

hash on client side, hash again on server side??

Greek2me · November 11, 2013, 01:03:59 PM

Quote from: Port on November 11, 2013, 10:47:15 AM

Wrote a new benchmarking function because I had nothing better to do.
Wow, getRealTime() is so precise! -4ms min!

I was redefining the function because making the benchmarker use eval and support fixed-argument functions would add too much overhead.

I love how you and Kalphiter are criticizing my benchmarking, when it's practically identical to yours. The only difference is that you did 100,000 iterations, while I only did 5,000. Yes, that would make your results more accurate.

Port · November 11, 2013, 01:25:16 PM

Quote from: Greek2me on November 11, 2013, 01:03:59 PM

I love how you and Kalphiter are criticizing my benchmarking, when it's practically identical to yours. The only difference is that you did 100,000 iterations, while I only did 5,000. Yes, that would make your results more accurate.

Where did I criticize your benchmarking?

Lugnut · November 11, 2013, 02:01:14 PM

Quote from: Zeblote on November 11, 2013, 12:52:11 PM

hash on client side, hash again on server side??

hashes can be broken.. so can crypto, but that won't stop us from trying.

Xalos · November 11, 2013, 02:02:17 PM

Quote from: Zeblote on November 11, 2013, 12:52:11 PM

hash on client side, hash again on server side??

That would protect the password itself if you salted properly, but it just turns the hash itself into the password as far as cracking goes. I just have to capture the hash in transit and then I have your "password" and can still log into that server and any other servers that do the same thing.

Ipquarx · November 11, 2013, 03:08:33 PM

Quote from: Xalos on November 11, 2013, 02:02:17 PM

That would protect the password itself if you salted properly, but it just turns the hash itself into the password as far as cracking goes. I just have to capture the hash in transit and then I have your "password" and can still log into that server and any other servers that do the same thing.

This is why public-key cryptography is needed.

Xalos · November 11, 2013, 03:13:25 PM

Quote from: Ipquarx on November 11, 2013, 03:08:33 PM

This is why public-key cryptography is needed.

That was my point, yes. Thank you for reiterating the point that I stated without adding anything to it.

Ipquarx · November 11, 2013, 03:16:22 PM

Quote from: Xalos on November 11, 2013, 03:13:25 PM

That was my point, yes. Thank you for reiterating the point that I stated without adding anything to it.

Lol, just clarifying things. You seem to be relatively interested in this project, are you wanting to help out?

Greek2me · November 11, 2013, 04:21:06 PM

Lug, do I need a github account to contribute to the repo?

Also, should I even bother benchmarking Red Guy's library? It's missing a lot of stuff.