SHA1 cracked .... What are the chances this will be addressed in LC?

Tom Glod tom at makeshyft.com
Fri Feb 24 12:15:17 EST 2017


Its good to hear its being looked at by the core team. I trust the most
obvious correct decision will be made eventually.

On Fri, Feb 24, 2017 at 11:28 AM, Richard Gaskin via use-livecode <
use-livecode at lists.runrev.com> wrote:

> As much as I enjoy chatting with other users, a while back I had hoped to
> make this more actionable by submitting an enhancement request for sha256:
>
> http://quality.livecode.com/show_bug.cgi?id=14223
>
> The challenge with satisfying that request is two fold:
>
> - sha2 is not a single algo, but a family of algos, and requires new
> syntax forms that have to be thought out in addition to the more complex
> engineering work to support that new set of language design patterns.
>
> - This chart shows that sha2 already has minor weaknesses, which will
> likely become more significant over time, suggesting we might already start
> looking at extending the afore-mentioned framework even further to include
> sha3 (and I suppose even be prepared for the inevitable sha4).
> http://valerieaurora.org/hash.html
>
> All that said, in light of the visibility of the issue after the recent
> Google research, I discussed this with a member of the core dev team
> yesterday, who will be evaluating the merit of this more comprehensive
> framework vs perhaps a simpler implementation of merely the most
> commonly-use sha2 flavor for now.
>
> After that analysis is done I trust we'll get an update on that soon.
>
> For now, just rest assured that they read the same security bulletins we
> do (Peter tends to read more than me, so I always pick up a trick or two
> talking with him about security), and are actively exploring options for us.
>
> --
>  Richard Gaskin
>  Fourth World Systems
>  Software Design and Development for Desktop, Mobile, and Web
>  ____________________________________________________________
>  Ambassador at FourthWorld.com        http://www.FourthWorld.com
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>



-- 
*Tom Glod*

CEO @ *MakeShyft R.D.A* - www.makeshyft.com



Developer of *U.M.P* - www.IamUMP.com



More information about the Use-livecode mailing list