Password protecting a data file... how to cope with forgotten password?
dsc at swcp.com
Wed Jun 13 09:58:01 CDT 2012
Perhaps a master key could work with the product serial number.
On Jun 13, 2012, at 7:47 AM, Richard Gaskin wrote:
> Some apartment buildings use locks which support a master key held by the landlord, so that the tenant keys will only unlock their own door but the master key will trip enough tumblers to unlock any door in the building.
> In your case, having a single hard-wired master key as an "OR" in your script might be too dangerous; anyone you send the master key to would then be able to unlock any such stack, no only their own.
> But perhaps the key you send them would be a hash of some fixed salt string, the user name, and the date - it would then only work when applied to the user's stack (assuming their user name is stored somewhere in it), and only on the date you send it.
> General tip for anyone using hashes:
> MD5 has been known to be theoretically crackable for some years, and this has become a reality as noted in recent news:
> MD5 password scrambler 'no longer safe'
> Summary: The MD5 password hash algorithm is “no longer considered
> safe” by the original software developer, a day after the leak of
> more than 6.4 million hashed LinkedIn passwords.
> Fortunately RunRev is on top of things, and several versions back added an alternative hash function, "sha1Digest", which is generally considered to be a more secure option.
> So if any of your code is still using the older "md5Digest" function, it may be a good time to migrate to "sha1Digest".
> Richard Gaskin
> Fourth World
> LiveCode training and consulting: http://www.fourthworld.com
> Webzine for LiveCode developers: http://www.LiveCodeJournal.com
> Follow me on Twitter: http://twitter.com/FourthWorldSys
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the use-livecode