SHA1 cracked .... What are the chances this will be addressed in LC?
Bob Sneidar
bobsneidar at iotecdigital.com
Tue Mar 7 10:28:48 EST 2017
Thanks Peter. But then how will I know programmatically if the password is correct or not?
Bob S
> On Mar 6, 2017, at 02:53 , Peter TB Brett via use-livecode <use-livecode at lists.runrev.com> wrote:
>
>
>
> On 03/03/2017 18:00, Bob Sneidar via use-livecode wrote:
>> It looks like the encrypt command is already using this method if
>> the "with salt" arguement is provided? At least the encrypted result
>> starts with "salted" and at least part of the salt value.
>>
>
> Hi Bob,
>
> The "encrypt" command provides symmetric cryptographic functions, i.e.
> you can decrypt the result again to get the cleartext back. This is _not_ a desirable property for a password storage system; you should always use one-way (asymmetric) functions, such as a cryptographic hash.
>
> Peter
>
> --
> Dr Peter Brett <peter.brett at livecode.com>
More information about the use-livecode
mailing list