AES-256 Encryption Best Practices

Rick Harrison harrison at all-auctions.com
Tue Jul 3 13:23:52 EDT 2018


Hi Brian,

I think it would be pretty hard to do based on the time.
One would have to do the calculation in advance and
hope that the program caught the server at exactly
the correct millisecond.  As you also pointed out the
hacker would also have to have access to the code.

If you generate your own random seed with a counter
it should not count by 1’s.  The step count ideally should
be random as well.

Good discussion!

Thanks,

Rick


> On Jul 3, 2018, at 12:57 AM, Brian Milby via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> The problem with using an IV based on a pseudorandom number
> generator seeded from something derived from the time means that it is
> potentially predictable.




More information about the Use-livecode mailing list