Password protecting a data file... how to cope with forgotten password?

Igor de Oliveira Couto igor at superstudent.net
Thu Jun 14 04:52:24 EDT 2012


Hi, Dave!

On 14/06/2012, at 5:29 PM, Dave Cragg wrote:

[...]

> My first thought was that applying MD5 twice or more times would perhaps increase its security, but nowhere do I see this suggested as a solution. If anyone can add any information or point out my probable misunderstanding, I'd be very grateful.

I'm not a security expert, but I can tell you that a very common mistake most programmers make is thinking that running the same cipher twice - or three times, or n times - would increase the security of your information. Almost always, the mathematics involved in the cipher mean that the load is no more secure than if you had just run the cipher once. 

Think, for instance, of a common 'Caesar Cipher': you simply "shift" the characters in a text message, so that, let's say, "a" becomes "b", "b" becomes "c", and so on. You could run this cipher twice, and think that your message was twice as secure. However, for a cracker, this would simply mean that they would shift "a" directly to "c", "b" directly to "d", etc., not even knowing that you had to go through 2 steps to get there - and their cracking code might be even faster and more efficient than yours.

This is a very simplistic explanation, but I hope it helps.

--
Igor Couto
Sydney, Australia





More information about the Use-livecode mailing list