The problem is that with a known IV and the code, the next IV can be predicted if using the random function. If the generator was reseeded every time an IV was generated, that would remove the advance prediction issue. I didn't mean that the first IV could be guessed. Exploitation would be difficult and I believe even requires the attacker to be able to inject plain text to be encrypted.
On Jul 3, 2018, 1:24 PM -0400, Rick Harrison via use-livecode < use-livecode@lists.runrev.com>, wrote: Hi Brian, I think it would be pretty hard to do based on the time. One would have to do the calculation in advance and hope that the program caught the server at exactly the correct millisecond. As you also pointed out the hacker would also have to have access to the code. If you generate your own random seed with a counter it should not count by 1’s. The step count ideally should be random as well. Good discussion! Thanks, Rick _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
