Memory usage

Richard Gaskin ambassador at fourthworld.com
Fri Jul 5 13:46:58 EDT 2013


Peter M. Brigham wrote:
 > On Jul 4, 2013, at 9:53 AM, Richard Gaskin wrote:
 >>
 >> While not nearly as secure as Blowfish (not by a long shot), this
 >> modest encryption script can at least slow down hacks, and as a
 >> script is fully embeddable:
 >> <http://livecodejournal.com/tutorials/handy-handlers-005.html>
 >>
 >> I wouldn't recommend it for data requiring really strong security,
 >> but the sort of person able to crack it is likely able to do a
 >> memory dump, so it's probably no less secure than limiting stacks
 >> to RAM.
 >
 > I notice that this routine uses md5digest. I have only glanced at it,
 > so I don't know what the weak point is, but would it make any
 > difference if it were updated to use SHA?

Indeed it would.  I have updating that on my to-do list, just after I 
finish some more critical updates needed for RevNet.

That said, I've been designing a new CMS for LiveCodeJournal.com and 
some other sites I work on, and I may wait to do that update once the 
new CMS is in place.

Either way, your suggestion of updating that handler to use SHA1 is a 
good one, which will find its way into the article at first opportunity.

--
  Richard Gaskin
  Fourth World
  LiveCode training and consulting: http://www.fourthworld.com
  Webzine for LiveCode developers: http://www.LiveCodeJournal.com
  Follow me on Twitter:  http://twitter.com/FourthWorldSys




More information about the use-livecode mailing list