Hi,
Dr Peter Brett wrote > On 24/02/2017 18:47, axwald via use-livecode wrote: > [...] >> Not a specialist regarding this, but wouldn't it be possible to interface >> such? >>> https://github.com/jedisct1/libsodium >> >> @Lagi: The first customer already called to ask if I'd use "this security >> risk" - thanks "LibHash-Hmac" (Richard posted the URL) I could deny >> [...] > > If you're using SHA-1 to implement an HMAC, you should already be using > the recommended formulation: > > hmac := hash(key | hash(key | message)) [...] What I meant mentioning the "LibHash-Hmac" lib is that it contains a "sha256digest" function already that is, to my understanding at least, a SHA2 implementation. And that it's not only about the real danger of having one's hash cracked, it's more about the publicity this crack received, and the nosy questions that are coming in now from customers that read about it in the news. And, for sure, will never understand any detailed explanation. The other thing, about libsodium, was the idea not to roll our own crypto code, but instead to interface a commonly used, audited, verified & accepted open source crypto library. And just provide the wrapper as a plugin. No idea if such would be possible - this is beyond my knowledge. But for real security sensitive coding there's no way but to use audited code anyways. It would be a great benefit to have such available in LiveCode, IMHO. Another benefit would be that such a wrapper plugin could be made available not only for the most bleeding edge versions of LC - so that commercial coders that are forced to use more settled versions for speed, productivity & reliability are not left out in the dark & cold, again. Have fun! ----- • Livecode programming until the cat hits the fan • -- View this message in context: http://runtime-revolution.278305.n4.nabble.com/SHA1-cracked-What-are-the-chances-this-will-be-addressed-in-LC-tp4712554p4712777.html Sent from the Revolution - User mailing list archive at Nabble.com. _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
