There is no harm in using SHA1 in a scrambling/encrypting function of this type. The longer key might make it harder to crack. (Redoing the key based on the previous key every so-many characters might also help.)
However, there is a tiny way in which MD5 is better. It is faster. That might be a smidgen of convenience and even a smidgen of security. Dar On Jul 5, 2013, at 11:46 AM, Richard Gaskin wrote: > Peter M. Brigham wrote: > > On Jul 4, 2013, at 9:53 AM, Richard Gaskin wrote: > >> > >> While not nearly as secure as Blowfish (not by a long shot), this > >> modest encryption script can at least slow down hacks, and as a > >> script is fully embeddable: > >> <http://livecodejournal.com/tutorials/handy-handlers-005.html> > >> > >> I wouldn't recommend it for data requiring really strong security, > >> but the sort of person able to crack it is likely able to do a > >> memory dump, so it's probably no less secure than limiting stacks > >> to RAM. > > > > I notice that this routine uses md5digest. I have only glanced at it, > > so I don't know what the weak point is, but would it make any > > difference if it were updated to use SHA? > > Indeed it would. I have updating that on my to-do list, just after I finish > some more critical updates needed for RevNet. > > That said, I've been designing a new CMS for LiveCodeJournal.com and some > other sites I work on, and I may wait to do that update once the new CMS is > in place. > > Either way, your suggestion of updating that handler to use SHA1 is a good > one, which will find its way into the article at first opportunity. > > -- > Richard Gaskin > Fourth World > LiveCode training and consulting: http://www.fourthworld.com > Webzine for LiveCode developers: http://www.LiveCodeJournal.com > Follow me on Twitter: http://twitter.com/FourthWorldSys > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
