SHA1 cracked .... What are the chances this will be addressed in LC?
Peter TB Brett
peter.brett at livecode.com
Thu Mar 2 17:55:28 EST 2017
On 02/03/2017 19:28, Alejandro Tejada via use-livecode wrote:
> How difficult would be to guess a sha1 digest, if we repeat it many,
> many times? Just as Peter Brett wrote in a previous message:
>
> put sha1Digest(sha1Digest(sha1Digest(tData))) -- 3 times!!!!!
Don't do this. It will make it _easier_ to generate collisions, because
each successive iteration loses some information from the input -- i.e.
the scheme you suggest _reduces_ security.
When performing repeated hashing, you need to feed the original data in
again at each stage. See this Stack Overflow answer for a very detailed
explanation: https://stackoverflow.com/a/17396367/266449
The summary is that you need the following formulation to ensure
security for repeated hashing:
put sha1Digest(tData & sha1Digest(tData & sha1Digest(tData)))
-- etcetera.
Peter
--
Dr Peter Brett <peter.brett at livecode.com>
LiveCode Technical Project Manager
lcb-mode for Emacs: https://github.com/peter-b/lcb-mode
More information about the use-livecode
mailing list