Password protecting a data file... how to cope with forgotten password?

[Richard Gaskin]

Some apartment buildings use locks which support a master key held by 
the landlord, so that the tenant keys will only unlock their own door 
but the master key will trip enough tumblers to unlock any door in the 
building.

In your case, having a single hard-wired master key as an "OR" in your 
script might be too dangerous; anyone you send the master key to would 
then be able to unlock any such stack, no only their own.

But perhaps the key you send them would be a hash of some fixed salt 
string, the user name, and the date - it would then only work when 
applied to the user's stack (assuming their user name is stored 
somewhere in it), and only on the date you send it.


General tip for anyone using hashes:

MD5 has been known to be theoretically crackable for some years, and 
this has become a reality as noted in recent news:

    MD5 password scrambler 'no longer safe'

    Summary: The MD5 password hash algorithm is “no longer considered
    safe” by the original software developer, a day after the leak of
    more than 6.4 million hashed LinkedIn passwords.

<http://www.zdnet.com/blog/security/md5-password-scrambler-no-longer-safe/12317>

Fortunately RunRev is on top of things, and several versions back added 
an alternative hash function, "sha1Digest", which is generally 
considered to be a more secure option.

So if any of your code is still using the older "md5Digest" function, it 
may be a good time to migrate to "sha1Digest".

--
  Richard Gaskin
  Fourth World
  LiveCode training and consulting: http://www.fourthworld.com
  Webzine for LiveCode developers: http://www.LiveCodeJournal.com
  Follow me on Twitter:  http://twitter.com/FourthWorldSys