SHA1 cracked .... What are the chances this will be addressed in LC?
Dan Brown
danoldboy at gmail.com
Fri Feb 24 08:58:50 EST 2017
It may cost $110,000 today but the computational cost of executing this
exploit will decrease year on year until it is trivial to perform. I would
think it much better to address this issue immediately so that applications
being made now are future proofed.
There is also the PR element to consider - Does Livecode really want to be
advertising a demonstrably insecure hash algorithm as a feature...
On Fri, Feb 24, 2017 at 10:44 AM, Lagi Pittas via use-livecode <
use-livecode at lists.runrev.com> wrote:
> I think everybody is overplaying this.
>
> It will only matter if the amount of money or other advantages is worth at
> least $110,000.
>
>
> The algorithm executed in Amazons cloud at the cheapest rate would cost
> that much in processing to get 1 key.
>
> The only people that will waste YOUR money to do this are governments and
> they have the equipment.
> If you really have something they want so much they will come through your
> door.
>
> Depending on what you are doing why not do 2 SHA1 or even an blowfish
> encrypt first.
>
> Better yet - you could write your own in a few hours based on other code
> - it doesnt have to be particular clever since they don't know the
> algorithm how will they break it unless it's just a simple transposition?
>
> Read between the lines Google doesn't use it so obviously people will start
> using Google's which will with 100% certainty will have a backdoor in it
> looking as to how they removed 140,000 indexed pages of
> www.naturalnews.com
> after the owner didn't give in to blackmail - "Don't be evil" my arse.
>
> http://www.newstarget.com/2017-02-23-breaking-mike-
> adams-and-alex-jones-taken-down-by-google-cia-prior-to-
> big-event-trump-needs-to-beware.html
>
> A bit of history of backdoors and homegrown encryption algorithm
> http://www.whatreallyhappened.com/WRHARTICLES/NSAchallenge.
> php#axzz4Zb6ctE4v
>
> I'm certainly not going to lose sleep over this.
>
>
> Lagi
>
> On 24 February 2017 at 01:25, Tom Glod via use-livecode <
> use-livecode at lists.runrev.com> wrote:
>
> > Hi everyone,
> >
> > Read this article today. I use SHA1 in my software, so
> >
> > https://www.recode.net/2017/2/23/14715570/google-
> > researchers-crack-internet-security-tool-sha1-encryption
> >
> > What do you all think? Should I bother reporting this? or is it fair to
> say
> > they know about it? What are the chances that there will be extra effort
> > placed on adding another sha digest function? sha256?
> >
> > THanks
> >
> > Tom
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
More information about the use-livecode
mailing list