Hmmm.... If the salt is included in the encrypted text, doesn’t that enable anyone who intercepts it to decrypt it more easily, invalidating the purpose of using the salt in the first place.
Or, if the server decrypting the text uses a standard, but secret, salt that is known by both parties, it seems more reasonable to me. Sorry if I’m being dense. Bill William Prothero http://earthlearningsolutions.org > On Jun 6, 2018, at 7:56 PM, Brian Milby via use-livecode > <use-livecode@lists.runrev.com> wrote: > > I’m not sure what the original thread was using the salt for but the initial > post in this one was more about hashing. The question about encryption was > introduced so I answered that. > > For encryption, it looks like there is only an effective 8 byte salt (the > first 8 are static - “Salted__”). Specifying more than 8 bytes does not > change the resulting encrypted text. > > Since LC does include the salt, it does not need to be separately provided to > decrypt. If you strip the salt (first 16 bytes), then you must supply the > salt to decrypt. Providing the salt without stripping it from the encrypted > text did not pose a problem in my test. >> On Jun 6, 2018, 9:32 PM -0500, Richard Gaskin via use-livecode >> <use-livecode@lists.runrev.com>, wrote: >> Brian Milby wrote: >>> From the dictionary: >>> >>> The password and salt value are combined and scrambled to form the key >>> and IV which are used as described above. The key derivation process >>> is the same as that used in the openSSL utility. A 16-byte salt prefix >>> is prepended to the encrypted data, based on the salt value. This is >>> used in decryption. >> >> "decryption"? >> >> Are we talking about hashing or encrypting? >> >> -- >> Richard Gaskin >> Fourth World Systems >> Software Design and Development for the Desktop, Mobile, and the Web >> ____________________________________________________________________ >> ambassa...@fourthworld.com http://www.FourthWorld.com >> >> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your subscription >> preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode