Brian: Ahhh, ok, I get it. It’s easy to re-seed every time it’s called, using the milliseconds. That assumes that the user of the program initiates the action at a random time.
I’ll change the code so it re-seeds every time. Best, Bill > On Jul 3, 2018, at 7:02 PM, Brian Milby via use-livecode > <use-livecode@lists.runrev.com> wrote: > > The problem is that with a known IV and the code, the next IV can be > predicted if using the random function. If the generator was reseeded every > time an IV was generated, that would remove the advance prediction issue. I > didn't mean that the first IV could be guessed. Exploitation would be > difficult and I believe even requires the attacker to be able to inject > plain text to be encrypted. > > On Jul 3, 2018, 1:24 PM -0400, Rick Harrison via use-livecode < > use-livecode@lists.runrev.com>, wrote: > > Hi Brian, > > I think it would be pretty hard to do based on the time. > One would have to do the calculation in advance and > hope that the program caught the server at exactly > the correct millisecond. As you also pointed out the > hacker would also have to have access to the code. > > If you generate your own random seed with a counter > it should not count by 1’s. The step count ideally should > be random as well. > > Good discussion! > > Thanks, > > Rick > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
