Re: string literals passwords in run only applications
Re: string literals passwords in run only applications
- Subject: Re: string literals passwords in run only applications
- From: email@hidden
- Date: Wed, 27 Feb 2002 00:48:39 -0500
On Tue, 26 Feb 2002 09:41:59 -0500, Michael Turner <email@hidden>
asked,
>
> set l to {}
>
> repeat with N from 1 to 100
>
> encrypt the text "ABC" with password N
>
> set end of l to result
>
> end repeat
>
>
Ah, you are telling me Applescript has an "encrypt" function just like
>
perl (for example) but that you don't fully trust it either. (Why not?)
'encrypt' is a function from the Akua Sweets scripting addition. Based on a
cursory examination I don't think its very strong cryptographically. The
scripting addition's dictionary says, "The encryption used is probably crackable
by the CIA--but not by a hacker--AND NOT BY ME." It doesn't claim to be strong.
>
Store the encrypted password as a script property, and check it against
>
the user's input? Sounds good to me. What about "salt"? I'll look it up
>
in the language manual. Thanks.
If you use an encryption function as you hash function, the plaintext you choose
can function as the salt.
to hash for x
encrypt the text "My salt" with password x
end hash
But as I posted a little while ago, Akua's 'encrypt' has some deficiencies that
make it poor as the basis for a hash function.
--
Scott Norton Phone: +1-703-299-1656
DTI Associates, Inc. Fax: +1-703-706-0476
2920 South Glebe Road Internet: email@hidden
Arlington, VA 22206-2768 or email@hidden
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.