Hi I didn't say they shouldn't do it I said I won't lose any sleep over it. I don't think it needs to be built in either - just a library will do and everybody can tweak it a little bit so that NOBODY knows which one it is - that'll piss TPTB off.
Lagi On 24 February 2017 at 13:58, Dan Brown via use-livecode < use-livecode@lists.runrev.com> wrote: > It may cost $110,000 today but the computational cost of executing this > exploit will decrease year on year until it is trivial to perform. I would > think it much better to address this issue immediately so that applications > being made now are future proofed. > > There is also the PR element to consider - Does Livecode really want to be > advertising a demonstrably insecure hash algorithm as a feature... > > On Fri, Feb 24, 2017 at 10:44 AM, Lagi Pittas via use-livecode < > use-livecode@lists.runrev.com> wrote: > > > I think everybody is overplaying this. > > > > It will only matter if the amount of money or other advantages is worth > at > > least $110,000. > > > > > > The algorithm executed in Amazons cloud at the cheapest rate would cost > > that much in processing to get 1 key. > > > > The only people that will waste YOUR money to do this are governments and > > they have the equipment. > > If you really have something they want so much they will come through > your > > door. > > > > Depending on what you are doing why not do 2 SHA1 or even an blowfish > > encrypt first. > > > > Better yet - you could write your own in a few hours based on other code > > - it doesnt have to be particular clever since they don't know the > > algorithm how will they break it unless it's just a simple transposition? > > > > Read between the lines Google doesn't use it so obviously people will > start > > using Google's which will with 100% certainty will have a backdoor in it > > looking as to how they removed 140,000 indexed pages of > > www.naturalnews.com > > after the owner didn't give in to blackmail - "Don't be evil" my arse. > > > > http://www.newstarget.com/2017-02-23-breaking-mike- > > adams-and-alex-jones-taken-down-by-google-cia-prior-to- > > big-event-trump-needs-to-beware.html > > > > A bit of history of backdoors and homegrown encryption algorithm > > http://www.whatreallyhappened.com/WRHARTICLES/NSAchallenge. > > php#axzz4Zb6ctE4v > > > > I'm certainly not going to lose sleep over this. > > > > > > Lagi > > > > On 24 February 2017 at 01:25, Tom Glod via use-livecode < > > use-livecode@lists.runrev.com> wrote: > > > > > Hi everyone, > > > > > > Read this article today. I use SHA1 in my software, so > > > > > > https://www.recode.net/2017/2/23/14715570/google- > > > researchers-crack-internet-security-tool-sha1-encryption > > > > > > What do you all think? Should I bother reporting this? or is it fair to > > say > > > they know about it? What are the chances that there will be extra > effort > > > placed on adding another sha digest function? sha256? > > > > > > THanks > > > > > > Tom > > > _______________________________________________ > > > use-livecode mailing list > > > use-livecode@lists.runrev.com > > > Please visit this url to subscribe, unsubscribe and manage your > > > subscription preferences: > > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > > > _______________________________________________ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode