Memory usage

Dar Scott dsc at swcp.com
Fri Jul 5 16:28:58 EDT 2013


There is no harm in using SHA1 in a scrambling/encrypting function of this type.  The longer key might make it harder to crack.  (Redoing the key based on the previous key every so-many characters might also help.)

However, there is a tiny way in which MD5 is better.  It is faster.  That might be a smidgen of convenience and even a smidgen of security.  

Dar


On Jul 5, 2013, at 11:46 AM, Richard Gaskin wrote:

> Peter M. Brigham wrote:
> > On Jul 4, 2013, at 9:53 AM, Richard Gaskin wrote:
> >>
> >> While not nearly as secure as Blowfish (not by a long shot), this
> >> modest encryption script can at least slow down hacks, and as a
> >> script is fully embeddable:
> >> <http://livecodejournal.com/tutorials/handy-handlers-005.html>
> >>
> >> I wouldn't recommend it for data requiring really strong security,
> >> but the sort of person able to crack it is likely able to do a
> >> memory dump, so it's probably no less secure than limiting stacks
> >> to RAM.
> >
> > I notice that this routine uses md5digest. I have only glanced at it,
> > so I don't know what the weak point is, but would it make any
> > difference if it were updated to use SHA?
> 
> Indeed it would.  I have updating that on my to-do list, just after I finish some more critical updates needed for RevNet.
> 
> That said, I've been designing a new CMS for LiveCodeJournal.com and some other sites I work on, and I may wait to do that update once the new CMS is in place.
> 
> Either way, your suggestion of updating that handler to use SHA1 is a good one, which will find its way into the article at first opportunity.
> 
> --
> Richard Gaskin
> Fourth World
> LiveCode training and consulting: http://www.fourthworld.com
> Webzine for LiveCode developers: http://www.LiveCodeJournal.com
> Follow me on Twitter:  http://twitter.com/FourthWorldSys
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode





More information about the use-livecode mailing list