SHA1 cracked .... What are the chances this will be addressed in LC?
ambassador at fourthworld.com
Fri Feb 24 11:28:59 EST 2017
As much as I enjoy chatting with other users, a while back I had hoped
to make this more actionable by submitting an enhancement request for
The challenge with satisfying that request is two fold:
- sha2 is not a single algo, but a family of algos, and requires new
syntax forms that have to be thought out in addition to the more complex
engineering work to support that new set of language design patterns.
- This chart shows that sha2 already has minor weaknesses, which will
likely become more significant over time, suggesting we might already
start looking at extending the afore-mentioned framework even further to
include sha3 (and I suppose even be prepared for the inevitable sha4).
All that said, in light of the visibility of the issue after the recent
Google research, I discussed this with a member of the core dev team
yesterday, who will be evaluating the merit of this more comprehensive
framework vs perhaps a simpler implementation of merely the most
commonly-use sha2 flavor for now.
After that analysis is done I trust we'll get an update on that soon.
For now, just rest assured that they read the same security bulletins we
do (Peter tends to read more than me, so I always pick up a trick or two
talking with him about security), and are actively exploring options for us.
Fourth World Systems
Software Design and Development for Desktop, Mobile, and Web
Ambassador at FourthWorld.com http://www.FourthWorld.com
More information about the Use-livecode