SHA1 cracked .... What are the chances this will be addressed in LC?

Richard Gaskin ambassador at
Wed Mar 1 13:22:48 EST 2017

This thread title asks: "What are the chances this will be addressed in LC?"

The answer turns out to be: "Quite good - pull request submitted, status 
changed to 'Awaiting Build'" - i.e. "done!"

Many thanks to Peter Brett for addressing this, and implementing it in 
such a nice way.

 From the pull request linked to in the bug report it seems we now have 
a new messageDigest function:

get messageDigest( <message>, <type> )

(Note: there's discussion in the pull request about the param order, and 
I'm inferring here; the actual implementation may be the other way 
around, with type first and then message - Peter, Monte, where did that 

...where (if I read the notes correctly; Peter please correct me if I'm 
wrong) <type> can be any of the following:



With those we should be set for several years.

This will mean that from v9.0 dp6 forward you'll probably want to avoid 
using the older md5Digest and sha1Digest functions in favor of this new 

If you need the older hash algos the new function apparently supports 
them, but of course if you need a cryptographic-quality hash use sha2 or 

  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  Ambassador at      

More information about the use-livecode mailing list