Brian:
Ahhh, ok, I get it. It’s easy to re-seed every time it’s called, using the
milliseconds. That assumes that the user of the program initiates the action at
a random time.
I’ll change the code so it re-seeds every time.
Best,
Bill
> On Jul 3, 2018, at 7:02 PM, Brian Milby via
On 7/3/18 5:48 PM, Monte Goulding via use-livecode wrote:
On 4 Jul 2018, at 12:52 am, Bob Sneidar via use-livecode
wrote:
Jacque says you can reference a behavior's script locals ie. the sLocal of THIS
ME
Well you can’t actually do that so maybe Jacque is being misquoted?
I think I
The problem is that with a known IV and the code, the next IV can be
predicted if using the random function. If the generator was reseeded every
time an IV was generated, that would remove the advance prediction issue. I
didn't mean that the first IV could be guessed. Exploitation would be
Just a side note, that for "parent" behaviors which have been "nested" as the
behavior of multiple "children" ... we are "blinded sided" to this, as the
designation is in the first comment of the script with doesn't appear in the
IDE, SE
The only other place to see it is in the PB in 9+, that
> On 4 Jul 2018, at 12:52 am, Bob Sneidar via use-livecode
> wrote:
>
> Jacque says you can reference a behavior's script locals ie. the sLocal of
> THIS ME
Well you can’t actually do that so maybe Jacque is being misquoted?
Cheers
Monte
___
Skype also crashes. With Adobe AIR apps a current app crashes, but one from
four years ago doesn’t. Hopefully Apple will fix things.
On Tue, Jul 3, 2018 at 1:53 PM panagiotis merakos via use-livecode <
use-livecode@lists.runrev.com> wrote:
> Hello Andrew,
>
> No we did not have a chance to look
Hello Andrew,
No we did not have a chance to look at it yet, but we are aware of the
issue. I think I had filed a bug report a week ago, I'll double check and
let you know.
Best
Panos
--
On Tue, Jul 3, 2018, 21:34 Andrew Bell via use-livecode <
use-livecode@lists.runrev.com> wrote:
> Had my
Had my first customer complaint about the app not working on their
device running the iOS 12 beta. Luckily I was able to point to a blog
post about how Fortnite also crashes under iOS 12 and explained how
their development budget is WAY larger to buy some time ;)
Has the mothership had a
Thanks Brian. Thanks everyone. This is great a big time saver for me.
On Tue, Jul 3, 2018 at 4:00 PM, Brian Milby via use-livecode <
use-livecode@lists.runrev.com> wrote:
> Initial code is posted here:
> https://github.com/bwmilby/lc-community/tree/master/AES_Demo
>
> I'll update it later today
Initial code is posted here:
https://github.com/bwmilby/lc-community/tree/master/AES_Demo
I'll update it later today with an updated version of the PHP that uses a
different IV for the return data.
The good thing about how I've posted it is that PRs can be submitted and
integrated with edits to
thank you for this .I'm willing to post it toowas just thinking if
the goal is to nail down a best practice . then there may be a few
suggestions from a few people and maybe a few revisits, so keeping up with
the mailing list or your personal site is not ideal for something that is
I think the IV vulnerability that I’m talking about is more theoretical than an
actual concern. From what I’ve read the attacker needs to be able to
control/influence what is being encrypted for knowledge of the next IV to help
(so they can use a known plain text to test their key hypothesis).
I haven’t spent the time to get familiar with github, but after I modify the
php to use a random iv for the return data, I’m happy with any way to
disseminate it for others.
I’ll post a new link, when I’m done. Probably later today. I will also remove
the link to my server. Then, I invite you
Brian,
Thank you for your wisdom on this issue. I’m very interested in your
recommendations and they are inspiring me to do more Internet research.
Just asking...
You said that the attacker could figure out the next iv. Since I append the iv
to the front of the encrypted data, the attacker will
I’ll volunteer to add it to my community repo if desired.
Thanks,
Brian
On Jul 3, 2018, 2:17 PM -0400, Tom Glod via use-livecode
, wrote:
> any chance this could go on github?
>
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit
any chance this could go on github?
On Tue, Jul 3, 2018 at 2:02 PM, William Prothero via use-livecode <
use-livecode@lists.runrev.com> wrote:
> Brian,
> Good suggestion.
>
> Easy-peasy. Php has a nice function to generate random iv vectors, so I’ll
> put it in. Thanks for the suggestion!
>
>
Brian,
Good suggestion.
Easy-peasy. Php has a nice function to generate random iv vectors, so I’ll put
it in. Thanks for the suggestion!
Best,
Bill
William Prothero
http://earthlearningsolutions.org
> On Jul 3, 2018, at 9:31 AM, Brian Milby wrote:
>
> I just put the PHP on my server and it
Hi Brian,
I think it would be pretty hard to do based on the time.
One would have to do the calculation in advance and
hope that the program caught the server at exactly
the correct millisecond. As you also pointed out the
hacker would also have to have access to the code.
If you generate your
I just put the PHP on my server and it was able to handle the randombytes IV
without issue.
The demo does not generate a new IV for the returned data which it really
should in production.
From a security perspective, you assume that an attacker has access to the
code. From the encrypted
Hello folks,
Spent some time on this today, so I post it here in case anyone sees the
same problem:
I wanted to deploy to my Android device from Linux. My device was shown as
"Android ???" in the "Test Target" menu. I ignored this and chose it
and clicked Test.
The S/B was stuck to the
Can’t we already do that with a custom getprop/setprop?
On Jul 3, 2018, 10:53 AM -0400, Bob Sneidar via use-livecode
, wrote:
> Not if you had to reference them the way Jacque says you can reference a
> behavior's script locals ie. the sLocal of THIS ME. I have a lot of objects
> (my SearchBar
Not if you had to reference them the way Jacque says you can reference a
behavior's script locals ie. the sLocal of THIS ME. I have a lot of objects (my
SearchBar is a good example) where I store information in scrip locals (the old
dgData and hilited record of a datagrid before performing a
I found a reference to the HMAC encryption. I’m thinking that the use of a
random iv guards against the kind of attack it was designed to avoid. I’m
thinking AES is more modern, making HMAC less useful.
I may be wrong, but it’s worth looking into, I think.
Best,
Bill
William Prothero
23 matches
Mail list logo
