As much as I enjoy chatting with other users, a while back I had hoped
to make this more actionable by submitting an enhancement request for
sha256:
http://quality.livecode.com/show_bug.cgi?id=14223
The challenge with satisfying that request is two fold:
- sha2 is not a single algo, but a family of algos, and requires new
syntax forms that have to be thought out in addition to the more complex
engineering work to support that new set of language design patterns.
- This chart shows that sha2 already has minor weaknesses, which will
likely become more significant over time, suggesting we might already
start looking at extending the afore-mentioned framework even further to
include sha3 (and I suppose even be prepared for the inevitable sha4).
http://valerieaurora.org/hash.html
All that said, in light of the visibility of the issue after the recent
Google research, I discussed this with a member of the core dev team
yesterday, who will be evaluating the merit of this more comprehensive
framework vs perhaps a simpler implementation of merely the most
commonly-use sha2 flavor for now.
After that analysis is done I trust we'll get an update on that soon.
For now, just rest assured that they read the same security bulletins we
do (Peter tends to read more than me, so I always pick up a trick or two
talking with him about security), and are actively exploring options for us.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for Desktop, Mobile, and Web
____________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
