Quantcast

SHA1 cracked .... What are the chances this will be addressed in LC?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

SHA1 cracked .... What are the chances this will be addressed in LC?

Mark Talluto via use-livecode
How difficult would be to guess a sha1 digest, if we repeat it many,
many times? Just as Peter Brett wrote in a previous message:

put sha1Digest(sha1Digest(sha1Digest(tData))) -- 3 times!!!!!

Al
_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: SHA1 cracked .... What are the chances this will be addressed in LC?

Mark Talluto via use-livecode
On 02/03/2017 19:28, Alejandro Tejada via use-livecode wrote:
> How difficult would be to guess a sha1 digest, if we repeat it many,
> many times? Just as Peter Brett wrote in a previous message:
>
> put sha1Digest(sha1Digest(sha1Digest(tData))) -- 3 times!!!!!

Don't do this.  It will make it _easier_ to generate collisions, because
each successive iteration loses some information from the input -- i.e.
the scheme you suggest _reduces_ security.

When performing repeated hashing, you need to feed the original data in
again at each stage.  See this Stack Overflow answer for a very detailed
explanation:  https://stackoverflow.com/a/17396367/266449

The summary is that you need the following formulation to ensure
security for repeated hashing:

     put sha1Digest(tData & sha1Digest(tData & sha1Digest(tData)))
     -- etcetera.

                                  Peter

--
Dr Peter Brett <[hidden email]>
LiveCode Technical Project Manager

lcb-mode for Emacs: https://github.com/peter-b/lcb-mode

_______________________________________________
use-livecode mailing list
[hidden email]
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
Loading...