Secure Socket
Mark Waddingham
mark at livecode.com
Fri Aug 7 04:28:33 EDT 2020
On 2020-08-06 19:28, Tom Glod via use-livecode wrote:
> Do you think it is overkill to still encrypt it before I send it?
Yes :)
Applying industrial strength encryption twice does not increase security
- it just wastes processor cycles.
Indeed, if you are encrypting data to send over an encrypted stream then
you must have a secret for this secondary encryption somewhere.
If this secret is transmitted over the wire - then your second set of
encryption is only as secure as the original connection (if someone
could sniff the latter, then they can sniff out your secret for the
extra encryption).
If this secret is not transmitted over the wire and is just 'known' to
both sides - then it means you must have a secret buried somewhere on
both sides, probably less securely then the mechanisms used by SSL to
establish the secret it uses to encrypt the stream.
Warmest Regards,
Mark.
--
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
More information about the use-livecode
mailing list