SHA1 cracked .... What are the chances this will be addressed in LC?

Peter TB Brett peter.brett at
Wed Mar 1 05:31:31 EST 2017

On 28/02/2017 15:46, Bob Sneidar via use-livecode wrote:
> Thanks for that Peter! I've been thinking about a way to encrypt data
> for storage in database systems for things like passwords and server
> credentials. Now to figure out how to decrypt it...

Hi Bob,

Never store user passwords in clear text, or in any encoding that can be 
reversed.  Both message digest algorithms and HMACs are intended to be 
*one-way* functions -- this is one of their important properties.

If you are handling passwords, then this is a pretty decent page with 
good guidelines on how to do it safely and securely:

Note that the HMAC definition I posted earlier is a simplified version; 
it would probably be a good idea to have a library that provides the 
full spec described in

Also, I'm wondering whether to add an Argon2 or PBKDF2 implementation to 
the engine to help with this.


Dr Peter Brett <peter.brett at>
LiveCode Technical Project Manager

lcb-mode for Emacs:

More information about the use-livecode mailing list