SHA1 cracked .... What are the chances this will be addressed in LC?
prothero at earthlearningsolutions.org
prothero at earthlearningsolutions.org
Tue Mar 7 10:37:05 EST 2017
You encrypt the trial password and compare the encrypted values.
Bill
William Prothero
http://ed.earthednet.org
> On Mar 7, 2017, at 3:28 PM, Bob Sneidar via use-livecode <use-livecode at lists.runrev.com> wrote:
>
> Thanks Peter. But then how will I know programmatically if the password is correct or not?
>
> Bob S
>
>
>> On Mar 6, 2017, at 02:53 , Peter TB Brett via use-livecode <use-livecode at lists.runrev.com> wrote:
>>
>>
>>
>>> On 03/03/2017 18:00, Bob Sneidar via use-livecode wrote:
>>> It looks like the encrypt command is already using this method if
>>> the "with salt" arguement is provided? At least the encrypted result
>>> starts with "salted" and at least part of the salt value.
>>>
>>
>> Hi Bob,
>>
>> The "encrypt" command provides symmetric cryptographic functions, i.e.
>> you can decrypt the result again to get the cleartext back. This is _not_ a desirable property for a password storage system; you should always use one-way (asymmetric) functions, such as a cryptographic hash.
>>
>> Peter
>>
>> --
>> Dr Peter Brett <peter.brett at livecode.com>
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
More information about the use-livecode
mailing list