SHA1 cracked .... What are the chances this will be addressed in LC?

Bob Sneidar bobsneidar at iotecdigital.com
Tue Mar 7 10:28:48 EST 2017


Thanks Peter. But then how will I know programmatically if the password is correct or not? 

Bob S


> On Mar 6, 2017, at 02:53 , Peter TB Brett via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> 
> 
> On 03/03/2017 18:00, Bob Sneidar via use-livecode wrote:
>> It looks like the encrypt command is already using this method if
>> the "with salt" arguement is provided? At least the encrypted result
>> starts with "salted" and at least part of the salt value.
>> 
> 
> Hi Bob,
> 
> The "encrypt" command provides symmetric cryptographic functions, i.e.
> you can decrypt the result again to get the cleartext back.  This is _not_ a desirable property for a password storage system; you should always use one-way (asymmetric) functions, such as a cryptographic hash.
> 
>                                      Peter
> 
> -- 
> Dr Peter Brett <peter.brett at livecode.com>





More information about the use-livecode mailing list