worth it's salt in security

prothero at earthlearningsolutions.org prothero at earthlearningsolutions.org
Wed Jun 6 23:29:34 EDT 2018 

Richard,
I’m talking about using the LC encrypt command, with aes-256 encryption. I’m trying to figure out how the “salt” works, because my php code sends me a warning that I am not using a salt, or IV to encrypt the sql query. I bought Andre Garza’s database software and have modified it pretty extensively. But, I’ve use his encryption implementation. His code doesn’t use a salt in his encryption implementation. So, I’m trying to get some info on how to implement the salt, and I haven’t had much luck with google. It seems to be one of those things where the experts are speaking a different language, one I don’t understand. Perhaps it’s so trivial that I’m missing the mark utterly.

A few lines of code that shows how to encrypt, then decrypt a string, with aes-256 and a salt, would solve my problem.  Also, I think the responses so far have given me enough hints so when I get back to my computer in a week, I can trial and error figure it out.

Thanks for chiming in. I’ll post some code when I figure it out, unless somebody does it first.

Best,
Bill

William Prothero
http://earthlearningsolutions.org

> On Jun 6, 2018, at 7:32 PM, Richard Gaskin via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> Brian Milby wrote:
> > From the dictionary:
> >
> > The password and salt value are combined and scrambled to form the key
> > and IV which are used as described above. The key derivation process
> > is the same as that used in the openSSL utility. A 16-byte salt prefix
> > is prepended to the encrypted data, based on the salt value. This is
> > used in decryption.
> 
> "decryption"?
> 
> Are we talking about hashing or encrypting?
> 
> -- 
> Richard Gaskin
> Fourth World Systems
> Software Design and Development for the Desktop, Mobile, and the Web
> ____________________________________________________________________
> Ambassador at FourthWorld.com                http://www.FourthWorld.com
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

More information about the use-livecode mailing list