SHA1 cracked .... What are the chances this will be addressed in LC?
Lagi Pittas
iphonelagi at gmail.com
Fri Feb 24 12:18:56 EST 2017
Why does it need to be a part of the language and not a widget or a library
stack which we can all fiddle with for our projects , which would make it
more difficult for the bad boys to decrypt?
Lagi
On 24 February 2017 at 17:15, Tom Glod via use-livecode <
use-livecode at lists.runrev.com> wrote:
> Its good to hear its being looked at by the core team. I trust the most
> obvious correct decision will be made eventually.
>
> On Fri, Feb 24, 2017 at 11:28 AM, Richard Gaskin via use-livecode <
> use-livecode at lists.runrev.com> wrote:
>
> > As much as I enjoy chatting with other users, a while back I had hoped to
> > make this more actionable by submitting an enhancement request for
> sha256:
> >
> > http://quality.livecode.com/show_bug.cgi?id=14223
> >
> > The challenge with satisfying that request is two fold:
> >
> > - sha2 is not a single algo, but a family of algos, and requires new
> > syntax forms that have to be thought out in addition to the more complex
> > engineering work to support that new set of language design patterns.
> >
> > - This chart shows that sha2 already has minor weaknesses, which will
> > likely become more significant over time, suggesting we might already
> start
> > looking at extending the afore-mentioned framework even further to
> include
> > sha3 (and I suppose even be prepared for the inevitable sha4).
> > http://valerieaurora.org/hash.html
> >
> > All that said, in light of the visibility of the issue after the recent
> > Google research, I discussed this with a member of the core dev team
> > yesterday, who will be evaluating the merit of this more comprehensive
> > framework vs perhaps a simpler implementation of merely the most
> > commonly-use sha2 flavor for now.
> >
> > After that analysis is done I trust we'll get an update on that soon.
> >
> > For now, just rest assured that they read the same security bulletins we
> > do (Peter tends to read more than me, so I always pick up a trick or two
> > talking with him about security), and are actively exploring options for
> us.
> >
> > --
> > Richard Gaskin
> > Fourth World Systems
> > Software Design and Development for Desktop, Mobile, and Web
> > ____________________________________________________________
> > Ambassador at FourthWorld.com http://www.FourthWorld.com
> >
> >
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
>
>
>
> --
> *Tom Glod*
>
> CEO @ *MakeShyft R.D.A* - www.makeshyft.com
>
>
>
> Developer of *U.M.P* - www.IamUMP.com
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
More information about the use-livecode
mailing list