On 28/02/2017 15:46, Bob Sneidar via use-livecode wrote:
Thanks for that Peter! I've been thinking about a way to encrypt data
for storage in database systems for things like passwords and server
credentials. Now to figure out how to decrypt it...

Hi Bob,

Never store user passwords in clear text, or in any encoding that can be reversed. Both message digest algorithms and HMACs are intended to be *one-way* functions -- this is one of their important properties.

If you are handling passwords, then this is a pretty decent page with good guidelines on how to do it safely and securely:


Note that the HMAC definition I posted earlier is a simplified version; it would probably be a good idea to have a library that provides the full spec described in https://tools.ietf.org/html/rfc2104

Also, I'm wondering whether to add an Argon2 or PBKDF2 implementation to the engine to help with this.


Dr Peter Brett <peter.br...@livecode.com>
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

use-livecode mailing list
Please visit this url to subscribe, unsubscribe and manage your subscription 

Reply via email to