SHA1 cracked .... What are the chances this will be addressed in LC?

Peter TB Brett peter.brett at
Thu Mar 2 17:55:28 EST 2017

On 02/03/2017 19:28, Alejandro Tejada via use-livecode wrote:
> How difficult would be to guess a sha1 digest, if we repeat it many,
> many times? Just as Peter Brett wrote in a previous message:
> put sha1Digest(sha1Digest(sha1Digest(tData))) -- 3 times!!!!!

Don't do this.  It will make it _easier_ to generate collisions, because 
each successive iteration loses some information from the input -- i.e. 
the scheme you suggest _reduces_ security.

When performing repeated hashing, you need to feed the original data in 
again at each stage.  See this Stack Overflow answer for a very detailed 

The summary is that you need the following formulation to ensure 
security for repeated hashing:

     put sha1Digest(tData & sha1Digest(tData & sha1Digest(tData)))
     -- etcetera.


Dr Peter Brett <peter.brett at>
LiveCode Technical Project Manager

lcb-mode for Emacs:

More information about the use-livecode mailing list