On 24/02/2017 18:47, axwald via use-livecode wrote:
few days ago I read about PHP incorporating a modern crypto lib now:
Not a specialist regarding this, but wouldn't it be possible to interface
@Lagi: The first customer already called to ask if I'd use "this security
risk" - thanks "LibHash-Hmac" (Richard posted the URL) I could deny
Even if I agree with you about the real risk, it would be very bad idea not
to update any commercial software now. It might even have juristic
consequences, knowingly using broken crypto?
If you're using SHA-1 to implement an HMAC, you should already be using
the recommended formulation:
hmac := hash(key | hash(key | message))
Or, in LiveCode:
function HmacSha1(pKey, pData)
return sha1digest(pKey & sha1digest(pKey & pData))
If you are doing this, then the current attack on SHA-1 does not affect
the security of your system at all .
 I am not a cryptographer but this is my understanding of the situation.
Dr Peter Brett <peter.br...@livecode.com>
LiveCode Technical Project Manager
lcb-mode for Emacs: https://github.com/peter-b/lcb-mode
use-livecode mailing list
Please visit this url to subscribe, unsubscribe and manage your subscription