Excellent points Axwald especially the last paragraph. Happy Happy Happy Fun Fun Fun!! ;-)
On 2 March 2017 at 10:20, axwald via use-livecode < use-livecode@lists.runrev.com> wrote: > Hi, > > > Dr Peter Brett wrote > > On 24/02/2017 18:47, axwald via use-livecode wrote: > > [...] > >> Not a specialist regarding this, but wouldn't it be possible to > interface > >> such? > >>> https://github.com/jedisct1/libsodium > >> > >> @Lagi: The first customer already called to ask if I'd use "this > security > >> risk" - thanks "LibHash-Hmac" (Richard posted the URL) I could deny > >> [...] > > > > If you're using SHA-1 to implement an HMAC, you should already be using > > the recommended formulation: > > > > hmac := hash(key | hash(key | message)) [...] > > What I meant mentioning the "LibHash-Hmac" lib is that it contains a > "sha256digest" function already that is, to my understanding at least, a > SHA2 implementation. And that it's not only about the real danger of having > one's hash cracked, it's more about the publicity this crack received, and > the nosy questions that are coming in now from customers that read about it > in the news. And, for sure, will never understand any detailed explanation. > > The other thing, about libsodium, was the idea not to roll our own crypto > code, but instead to interface a commonly used, audited, verified & > accepted > open source crypto library. And just provide the wrapper as a plugin. > No idea if such would be possible - this is beyond my knowledge. But for > real security sensitive coding there's no way but to use audited code > anyways. It would be a great benefit to have such available in LiveCode, > IMHO. > > Another benefit would be that such a wrapper plugin could be made available > not only for the most bleeding edge versions of LC - so that commercial > coders that are forced to use more settled versions for speed, productivity > & reliability are not left out in the dark & cold, again. > > Have fun! > > > > ----- > • Livecode programming until the cat hits the fan • > -- > View this message in context: http://runtime-revolution. > 278305.n4.nabble.com/SHA1-cracked-What-are-the-chances- > this-will-be-addressed-in-LC-tp4712554p4712777.html > Sent from the Revolution - User mailing list archive at Nabble.com. > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
