tom at makeshyft.com
Fri Aug 7 16:09:04 EDT 2020
Mark, thank you for taking the time and helping me make peace on this
On Fri, Aug 7, 2020 at 4:28 AM Mark Waddingham via use-livecode <
use-livecode at lists.runrev.com> wrote:
> On 2020-08-06 19:28, Tom Glod via use-livecode wrote:
> > Do you think it is overkill to still encrypt it before I send it?
> Yes :)
> Applying industrial strength encryption twice does not increase security
> - it just wastes processor cycles.
> Indeed, if you are encrypting data to send over an encrypted stream then
> you must have a secret for this secondary encryption somewhere.
> If this secret is transmitted over the wire - then your second set of
> encryption is only as secure as the original connection (if someone
> could sniff the latter, then they can sniff out your secret for the
> extra encryption).
> If this secret is not transmitted over the wire and is just 'known' to
> both sides - then it means you must have a secret buried somewhere on
> both sides, probably less securely then the mechanisms used by SSL to
> establish the secret it uses to encrypt the stream.
> Warmest Regards,
> Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
> LiveCode: Everyone can create apps
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
Founder & Developer
MakeShyft R.D.A (www.makeshyft.com)
More information about the use-livecode