SHA-1 algorithm in xTalk?

David Bovill david at openpartnership.net
Tue Nov 22 06:06:45 EST 2005


On 21 Nov 2005, at 21:58, Alessandro Manotti wrote:

> On 11/21/05, David Bovill <david at openpartnership.net> wrote:
>
>> The SSL libraries that RunRev uses should be able to do this - and I
>> would have thought considerably faster than a native and possibly
>> less secure Transcript implementation - no?
>
> What do you mean when you talk about "less secure"?

Minor point - to do with trusting the code. Standard open libraries  
are trusted - what is to say that the Transcript code generating the  
SHA-1 hash has not been subtly altered? What is the best way to  
ensure this does not happen? An SHA-3 hash of the SHA-1 code :)

> If RunRev player implements sha-1, then in transcript one can manage
> certificates, etc... but without sha-1 algorithm....

Yes it would be cool - not really sure if in the case of SSL it is  
better for the trust reasons hinted at above to keep the standard  
open external or integrate into the engine proprietary code.



More information about the Use-livecode mailing list