SHA1 cracked .... What are the chances this will be addressed in LC?

Lagi Pittas iphonelagi at gmail.com
Fri Feb 24 09:13:38 EST 2017


Hi

I didn't say they shouldn't do it I said I won't lose any sleep over it.
I don't think it needs to be built in either - just a library will do and
everybody can tweak it a little bit so that NOBODY knows which one it is -
that'll piss TPTB off.

Lagi

On 24 February 2017 at 13:58, Dan Brown via use-livecode <
use-livecode at lists.runrev.com> wrote:

> It may cost $110,000 today but the computational cost of executing this
> exploit will decrease year on year until it is trivial to perform. I would
> think it much better to address this issue immediately so that applications
> being made now are future proofed.
>
> There is also the PR element to consider - Does Livecode really want to be
> advertising a demonstrably insecure hash algorithm as a feature...
>
> On Fri, Feb 24, 2017 at 10:44 AM, Lagi Pittas via use-livecode <
> use-livecode at lists.runrev.com> wrote:
>
> > I think everybody is overplaying this.
> >
> > It will only matter if the amount of money or other  advantages is worth
> at
> > least $110,000.
> >
> >
> > The algorithm executed in Amazons cloud at the cheapest rate would cost
> > that much in processing to get 1 key.
> >
> > The only people that will waste YOUR money to do this are governments and
> > they have the equipment.
> > If you really have something they want so much they will come through
> your
> > door.
> >
> > Depending on what you are doing why not do 2 SHA1 or even an blowfish
> > encrypt first.
> >
> > Better yet - you could write your own in a few  hours based on other code
> >  -  it doesnt have to be particular clever since they don't know the
> > algorithm how will they break it unless it's just a simple transposition?
> >
> > Read between the lines Google doesn't use it so obviously people will
> start
> > using Google's which will with 100% certainty will  have a backdoor in it
> > looking as to how they removed 140,000 indexed pages of
> > www.naturalnews.com
> > after the owner didn't give in to blackmail - "Don't be evil" my arse.
> >
> > http://www.newstarget.com/2017-02-23-breaking-mike-
> > adams-and-alex-jones-taken-down-by-google-cia-prior-to-
> > big-event-trump-needs-to-beware.html
> >
> >  A bit of history of backdoors and homegrown encryption algorithm
> > http://www.whatreallyhappened.com/WRHARTICLES/NSAchallenge.
> > php#axzz4Zb6ctE4v
> >
> > I'm certainly not going to lose sleep over this.
> >
> >
> > Lagi
> >
> > On 24 February 2017 at 01:25, Tom Glod via use-livecode <
> > use-livecode at lists.runrev.com> wrote:
> >
> > > Hi everyone,
> > >
> > > Read this article today. I use SHA1 in my software, so
> > >
> > > https://www.recode.net/2017/2/23/14715570/google-
> > > researchers-crack-internet-security-tool-sha1-encryption
> > >
> > > What do you all think? Should I bother reporting this? or is it fair to
> > say
> > > they know about it?  What are the chances that there will be extra
> effort
> > > placed on adding another sha digest function? sha256?
> > >
> > > THanks
> > >
> > > Tom
> > > _______________________________________________
> > > use-livecode mailing list
> > > use-livecode at lists.runrev.com
> > > Please visit this url to subscribe, unsubscribe and manage your
> > > subscription preferences:
> > > http://lists.runrev.com/mailman/listinfo/use-livecode
> > >
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



More information about the use-livecode mailing list