[ANN] This Week in LiveCode 69

2017-02-06 Thread Peter TB Brett via use-livecode

Hi all,

Read about new developments in LiveCode open source and the open source
community in today's edition of the "This Week in LiveCode" newsletter!

Read issue #69 here: https://goo.gl/iaxtl0


This is a weekly newsletter about LiveCode, focussing on what's been
going on in and around the open source project.  New issues will be
released weekly on Mondays.  We have a dedicated mailing list that will
deliver each issue directly to you e-mail, so you don't miss any!

If you have anything you'd like mentioned (a project, a discussion
somewhere, an upcoming event) then please get in touch.

 Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


[ANN] This Week in LiveCode 68

2017-01-30 Thread Peter TB Brett via use-livecode

Hi all,

Read about new developments in LiveCode open source and the open source
community in today's edition of the "This Week in LiveCode" newsletter!

Read issue #68 here: https://goo.gl/0co0Zb


This is a weekly newsletter about LiveCode, focussing on what's been
going on in and around the open source project.  New issues will be
released weekly on Mondays.  We have a dedicated mailing list that will
deliver each issue directly to you e-mail, so you don't miss any!

If you have anything you'd like mentioned (a project, a discussion
somewhere, an upcoming event) then please get in touch.

 Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: TextDecode JSON array

2017-01-21 Thread Peter TB Brett via use-livecode

On 22/01/2017 03:22, J. Landman Gay via use-livecode wrote:

Here's a test sample of some UTF8 I get back from a server:

  {"UserID":48,"UserName":"Eduardo Ba\u00f1uls","UserLoginName":"ebanu"}


Hi Jacque,

This is valid JSON (and also valid ASCII).  In JSON, any character in a 
string may be encoded in the form \u where  is the 4-digit 
hexadecimal representation of a Unicode codepoint.  No textDecode() 
operation is required.


JSONImport() handles this correctly.

1) Create a stack with a field and a button
2) Put the text above into the field
3) Set the script of the button to:

> local tJson
> put JSONImport(field 1) into tJson
> answer tJson["UserName"]

4) Enter browse mode and click the button

You will get an answer dialog displaying "Eduardo Bañuls".

Peter

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

[ANN] This Week in LiveCode 71

2017-02-20 Thread Peter TB Brett via use-livecode

Hi all,

Read about new developments in LiveCode open source and the open source
community in today's edition of the "This Week in LiveCode" newsletter!

Read issue #71 here: https://goo.gl/QJ73VB


This is a weekly newsletter about LiveCode, focussing on what's been
going on in and around the open source project.  New issues will be
released weekly on Mondays.  We have a dedicated mailing list that will
deliver each issue directly to you e-mail, so you don't miss any!

If you have anything you'd like mentioned (a project, a discussion
somewhere, an upcoming event) then please get in touch.

 Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: SHA1 cracked .... What are the chances this will be addressed in LC?

2017-02-24 Thread Peter TB Brett via use-livecode



On 24/02/2017 17:18, Lagi Pittas via use-livecode wrote:

Why does it need to be a part of the language and not a widget or a library
stack which we can all fiddle with for our projects , which would make it
more difficult for the bad boys to decrypt?


Cryptographic hash implementations have a lot of fairly strict 
requirements that make them extremely difficult to implement in a 
language like LiveCode.  For example, they have to run in _exactly_ the 
same amount of time for the same number of bytes of input, no matter 
what those bytes are.


It would be good to have an external that provides a nice variety of 
cryptographic hashes, though.


Peter

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


[ANN] This Week in LiveCode 70

2017-02-13 Thread Peter TB Brett via use-livecode

Hi all,

Read about new developments in LiveCode open source and the open source
community in today's edition of the "This Week in LiveCode" newsletter!

Read issue #70 here: https://goo.gl/NIzw7V


This is a weekly newsletter about LiveCode, focussing on what's been
going on in and around the open source project.  New issues will be
released weekly on Mondays.  We have a dedicated mailing list that will
deliver each issue directly to you e-mail, so you don't miss any!

If you have anything you'd like mentioned (a project, a discussion
somewhere, an upcoming event) then please get in touch.

 Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


[ANN] This Week in LiveCode 72

2017-02-27 Thread Peter TB Brett via use-livecode

Hi all,

Read about new developments in LiveCode open source and the open source
community in today's edition of the "This Week in LiveCode" newsletter!

Read issue #72 here: https://goo.gl/HBdY5z


This is a weekly newsletter about LiveCode, focussing on what's been
going on in and around the open source project.  New issues will be
released weekly on Mondays.  We have a dedicated mailing list that will
deliver each issue directly to you e-mail, so you don't miss any!

If you have anything you'd like mentioned (a project, a discussion
somewhere, an upcoming event) then please get in touch.

 Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: SHA1 cracked .... What are the chances this will be addressed in LC?

2017-03-01 Thread Peter TB Brett via use-livecode

On 28/02/2017 15:46, Bob Sneidar via use-livecode wrote:

Thanks for that Peter! I've been thinking about a way to encrypt data
for storage in database systems for things like passwords and server
credentials. Now to figure out how to decrypt it...


Hi Bob,

Never store user passwords in clear text, or in any encoding that can be 
reversed.  Both message digest algorithms and HMACs are intended to be 
*one-way* functions -- this is one of their important properties.


If you are handling passwords, then this is a pretty decent page with 
good guidelines on how to do it safely and securely:


https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

Note that the HMAC definition I posted earlier is a simplified version; 
it would probably be a good idea to have a library that provides the 
full spec described in https://tools.ietf.org/html/rfc2104


Also, I'm wondering whether to add an Argon2 or PBKDF2 implementation to 
the engine to help with this.


  Peter

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: RSYNC still uses MD5 and...

2017-03-01 Thread Peter TB Brett via use-livecode



On 01/03/2017 02:39, Alejandro Tejada via use-livecode wrote:

RSYNC would be a nice and useful addition
to LiveCode engine.

https://en.wikipedia.org/wiki/Rsync

Could RSYNC be implemented fast enough
using only LiveCode scripts?


The way that rsync uses hashes isn't at all problematic.  If an attacker 
has the level of access to be able to introduce hash collisions into 
files that you're copying using rsync, then you have bigger problems 
than the hash collisions!


In my opinion, rsync isn't a wheel that needs to be reinvented using 
LiveCode. :-)  However, yes, since rsync is almost entirely constrained 
by IO bandwidth, there's no reason that you couldn't rewrite it to be 
fast enough using LiveCode.


 Peter

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: SHA1 cracked .... What are the chances this will be addressed in LC?

2017-03-01 Thread Peter TB Brett via use-livecode



On 01/03/2017 15:37, Bob Sneidar via use-livecode wrote:

Hi Peter. Very informative thank you. In the example,

[protected form] = [salt] + protect([protection func], [salt] +
[credential]);

It looks like they are saying to prepent the salt prior to the
protect function (in the case of LC that would be encrypt) but if
someone got access to the SQL database, wouldn't that give part of
the secret away? Isn't the salt value a way to further obscure the
credential, making something like a hash table more difficult?

I use a salt value that only I know, and I password protect the stack
that uses it. Seems to me that prepending the salt to the protected
form is like giving someone my user name but not my password. The
other team is starting on the 50 yard line (in American sports
vernacular).


The idea of a password storage scheme is to make it extremely costly for
an attacker to recover the original passwords, even given _total_ 
information about the scheme.  When evaluating a scheme, you should 
always assume that if someone has got access to your password database, 
they have also got access to anything else on that server or any server 
connected to it -- potentially including your secret salt.


By appending the salt to the front of the protected form, you can use a
different salt for every single password in your database.  Even if 
someone knows a password already (e.g. because they have an account on 
your server), they gain no information about any of the other passwords 
in the database.


Password storage schemes like Argon2 go one step further and put all of 
the parameters for the protected form into the protected string.  This 
allows the parameters to be modified for newly-stored passwords while 
still being able to verify old passwords.  They are also tuned to ensure 
that it takes a long time to compute the protected form (usually around 
0.1 to 0.5 ms).  That's long enough that knowing _all_ the parameters 
still makes it infeasible to figure out what the original password was.


In summary: salt values shouldn't need to be secret.

   Peter

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: SHA1 cracked .... What are the chances this will be addressed in LC?

2017-02-27 Thread Peter TB Brett via use-livecode

On 24/02/2017 18:47, axwald via use-livecode wrote:

few days ago I read about PHP incorporating a modern crypto lib now:

https://dev.to/paragonie/php-72-the-first-programming-language-to-add-modern-cryptography-to-its-standard-library


Not a specialist regarding this, but wouldn't it be possible to interface
such?

https://github.com/jedisct1/libsodium


@Lagi: The first customer already called to ask if I'd use "this security
risk" - thanks "LibHash-Hmac" (Richard posted the URL) I could deny
plausibly :)
Even if I agree with you about the real risk, it would be very bad idea not
to update any commercial software now. It might even have juristic
consequences, knowingly using broken crypto?


If you're using SHA-1 to implement an HMAC, you should already be using 
the recommended formulation:


hmac := hash(key | hash(key | message))

Or, in LiveCode:

function HmacSha1(pKey, pData)
return sha1digest(pKey & sha1digest(pKey & pData))
end HmacSha1

If you are doing this, then the current attack on SHA-1 does not affect 
the security of your system at all [1].


Peter

[1] I am not a cryptographer but this is my understanding of the situation.

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: Changes to use-livecode list.

2017-01-06 Thread Peter TB Brett via use-livecode

On 06/01/2017 12:29, Alex Tweedly via use-livecode wrote:

Now that's impossible - all emails in the thread appear from the same
address, and need to be individually opened to see who they were from,
and so searching for a reply that I remember ws from (say) Richard is
much harder.


Hi Alex,

Do you use Thunderbird?  If so, you probably want to:

1. Open the 'Preferences' window
2. Go to the 'Display' page
3. Go to the 'Advanced' tab
4. Disable the checkbox marked 'Show only display name for people in my 
address book'


This resolved the problem for me.

  Peter

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: Text formatting in LC HTML5 apps?

2017-03-28 Thread Peter TB Brett via use-livecode



On 28/03/2017 10:32, Terry Judd via use-livecode wrote:

Is there any way to display styled text in HTML5 apps? There only
seems to be one font supported and I can change the colour and size
but nothing else sticks (LC Community 9.0.0 dp5).


You can add any additional fonts you like by putting them in the 
`/boot/fonts/` directory in the standalone archive.


Peter


--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: Blowfish digest , how to create in Livecode

2017-03-28 Thread Peter TB Brett via use-livecode



On 28/03/2017 00:29, Matthias Rebbe via use-livecode wrote:

Hi,

i have a MySQL DB which uses passwords  created with php crypt
function using blowfish

the php code looks like this for example

$salt='$2a$08$NWy7XidPPL2XEsouCG3dy’;
$digest= crypt(‘myPassword01’,$salt);

how can i do this in Livecode server? I find SHA1digest and MD5digest
functions in the dictionary, but no blowfishDigest function.


Hi Matthias,

Quick note that you may be affected by this PHP security vulnerability:

http://www.php.net/security/crypt_blowfish.php

I'm not sure about Blowfish-based `crypt()` with LiveCode, I'm afraid.

Peter


--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: Translating escape sequences

2017-03-15 Thread Peter TB Brett via use-livecode



On 14/03/2017 21:26, J. Landman Gay via use-livecode wrote:

I'm dealing with non-English languages, and JSON data retrieved from a
database comes in with unicode escape sequences like this: Eduardo
Ba\u00f1uls.

I need to translate those. I can do it by replacing the "\u" with "0x"
and then using numToCodepoint() to get the UTF16 character. But there
could be many of these in the same string, so I'm looking for a one-shot
command that might just do them all. I don't think we have one.

The alternative is to loop through all the text, getting an offset for
each "\u" and then calculating the number of characters after that to
use with numToCodepoint(). But will it always be 4 characters in any
language?

Or is there an easier way?


JsonImport() should handle those automatically.  Please let me know if 
it doesn't!


Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: HTML5 export broken in 9.0.0-dp-6?

2017-03-17 Thread Peter TB Brett via use-livecode



On 17/03/2017 07:04, Terry Judd via use-livecode wrote:

Is it just me or is HTML5 export not working in 9.0.0-dp-6? A stack
that worked in 8.1.2 just a few minutes ago now throws an
exception...

To use dlopen, you need to use Emscripten's linking support, see
https://github.com/kripken/emscripten/wiki/Linking

...and I seem to get the same thing event with a brand new stack
just containing a single button. In the past I only saw this error
when I accidently included something in the stack that it didn’t like
(like a widget or a substack). Any ideas?


It's not just you!  It's a known issue in 9.0 DP 6.  From the release
announcement:


HTML5 standalones built using this release are not functional. See
bug http://quality.livecode.com/show_bug.cgi?id=19399 for more
details.


  Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Re: [ANN] This Week in LiveCode 78

2017-04-10 Thread Peter TB Brett via use-livecode



On 10/04/2017 16:10, Richard Gaskin via use-livecode wrote:

Thank you, Panos.

This item was particularly interesting:

   Add a new script library implementing unified diff generation and
   patch application: Expected in LiveCode 9.0 DP-7
   

It wasn't immediately clear to me from the notes in that PR what that
does, but the description sounds enticing.

Can you offer a little background on that?


It's exactly what it says on the tin: a library that implements an 
algorithm for finding a minimal line-based edit script between two input 
texts, along with the ability to turn that into a unified diff.


Go have a look at the source code, which contains inline documentation:
https://github.com/livecode/livecode/blob/develop/extensions/script-libraries/diff/diff.livecodescript

You could also have a look at the tests:
https://github.com/livecode/livecode/blob/develop/extensions/script-libraries/diff/test

Its development was sponsored by David Simpson.  Check out FMProMigrator. :)

  Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


[ANN] This Week in LiveCode 73

2017-03-06 Thread Peter TB Brett via use-livecode

Hi all,

Read about new developments in LiveCode open source and the open source
community in today's edition of the "This Week in LiveCode" newsletter!

Read issue #73 here: https://goo.gl/SBNgjA


This is a weekly newsletter about LiveCode, focussing on what's been
going on in and around the open source project.  New issues will be
released weekly on Mondays.  We have a dedicated mailing list that will
deliver each issue directly to you e-mail, so you don't miss any!

If you have anything you'd like mentioned (a project, a discussion
somewhere, an upcoming event) then please get in touch.

 Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: SHA1 cracked .... What are the chances this will be addressed in LC?

2017-03-06 Thread Peter TB Brett via use-livecode



On 03/03/2017 18:00, Bob Sneidar via use-livecode wrote:

It looks like the encrypt command is already using this method if
the "with salt" arguement is provided? At least the encrypted result
starts with "salted" and at least part of the salt value.



Hi Bob,

The "encrypt" command provides symmetric cryptographic functions, i.e.
you can decrypt the result again to get the cleartext back.  This is 
_not_ a desirable property for a password storage system; you should 
always use one-way (asymmetric) functions, such as a cryptographic hash.


  Peter

--
Dr Peter Brett 

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: SHA1 cracked .... What are the chances this will be addressed in LC?

2017-03-07 Thread Peter TB Brett via use-livecode



On 07/03/2017 15:28, Bob Sneidar via use-livecode wrote:

Thanks Peter. But then how will I know programmatically if the password is 
correct or not?


Hi Bob,

Here's a worked example of what I'm talking about.

  Peter

-

/* Compute a hash-based message authentication code
using the SHA-1 hash.  This is broken; it should correctly
follow RFC 2104. */
private function hmacSha1 pKey, pMessage
   return sha1digest(pKey & sha1digest(pKey & pMessage))
end hmacSha1

/* Generate a 160-bit salt value suitable for use when
storing a password */
private function generateSalt
   return randomBytes(20)
end generateSalt

/* Convert the specified cleartext password string to an
secure string suitable for storage using the specified
salt, which should be a base 64-encoded string. */
private function securePassword pPasswordString, pSaltData
   local tPasswordData
   put textEncode(pPasswordString, "UTF-8") into tPasswordData
   return base64Encode(pSaltData) & comma & \
 base64Encode(hmacSha1(pSaltData, tPasswordData))
end securePassword

/* Get the salt part of a secured password string */
private function getSecurePasswordSalt pSecurePassword
   return base64Decode(item 1 of pSecurePassword)
end getSecurePasswordSalt

/* Store a new password.  Use this when a user creates
a new account or changes their password for any reason */
function storePassword pPasswordString
   return securePassword(pPasswordString, generateSalt())
end storePassword

/* Verify a password.  Use this when a user tries to log
in.  Returns true if the password is correct and false
otherwise. */
function verifyPassword pPasswordString, pSecurePassword
   local tSaltData, tTrialString
   put getSecurePasswordSalt(pSecurePassword) into tSaltData
   put securePassword(pPasswordString, tSaltData) into tTrialString
   return tTrialString is pSecurePassword
end verifyPassword

-

private command _testAssert pDesc, pCondition
   if pCondition then
  put "ok -" && pDesc & return after msg
   else
  put "not ok -" && pDesc & return after msg
   end if
end _testAssert

command _testPasswordDemo
   local tSecured
   put storePassword("correct horse battery staple") into tSecured
   put "# Stored:" && tSecured & return into msg
   _testAssert "bad password", \
 not verifyPassword("hunter2", tSecured)
   _testAssert "good password", \
 verifyPassword("correct horse battery staple", tSecured)
end _testPasswordDemo

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: SHA1 cracked .... What are the chances this will be addressed in LC?

2017-03-01 Thread Peter TB Brett via use-livecode

On 01/03/2017 18:22, Richard Gaskin via use-livecode wrote:

The answer turns out to be: "Quite good - pull request submitted, status
changed to 'Awaiting Build'" - i.e. "done!"

http://quality.livecode.com/show_bug.cgi?id=14223

Many thanks to Peter Brett for addressing this, and implementing it in
such a nice way.


Hold your horses, Richard, I'm still waiting for the official Mark 
Waddingham stamp of approval for making changes to the LiveCode language!


There's a still a chance that it'll change a bit before it actually 
makes its way into a release.


   Peter ;-)

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: SHA1 cracked .... What are the chances this will be addressed in LC?

2017-03-02 Thread Peter TB Brett via use-livecode

On 02/03/2017 19:28, Alejandro Tejada via use-livecode wrote:

How difficult would be to guess a sha1 digest, if we repeat it many,
many times? Just as Peter Brett wrote in a previous message:

put sha1Digest(sha1Digest(sha1Digest(tData))) -- 3 times!


Don't do this.  It will make it _easier_ to generate collisions, because 
each successive iteration loses some information from the input -- i.e. 
the scheme you suggest _reduces_ security.


When performing repeated hashing, you need to feed the original data in 
again at each stage.  See this Stack Overflow answer for a very detailed 
explanation:  https://stackoverflow.com/a/17396367/266449


The summary is that you need the following formulation to ensure 
security for repeated hashing:


put sha1Digest(tData & sha1Digest(tData & sha1Digest(tData)))
-- etcetera.

 Peter

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: Application not working with MacOSX 10.6 (maybe due to tsNet)

2017-04-26 Thread Peter TB Brett via use-livecode



On 26/04/2017 11:41, Hakima Manseri via use-livecode wrote:

Hi again,

the new standalone does leunch on 10.6 but tsNet with LiveCode 8.0
doesn't seem include SFTP support.
Is that the case or have we messed up somewhere ?


tsNet is only included in LiveCode 8.1.0 or later.

   Peter

--
Dr Peter Brett 
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode