LiveCode Forums.

Hi everyone,

I'm wondering if I am missing something when :

a) I'm returned an encrypted string that starts with the same 10 caracters..
- Is that a normal thing or something is missing or wrong in the Encryption setting ?

b) Eventhough I dont change the data content to be crypted, the encryption resulting string will change each time - and encrypted chains is the correct one.

So I would say that the Encryption/decryption tasks seems to run fine.
(always retreives the same input string from the start).

What "worries" me is that the encription string returns always start with the same sequence of car : "U2FsdGVkX1" followed by a string that changes...
any different behavior/setting on your side is welcomed !
Thanks

Hi,

Here are some links that I think might help you out and is beneficial for you!

https://livecode.fandom.com/wiki/Encrypt
https://livecode.fandom.com/wiki/Encrypt_using_rsa

Hope it helps!

I think the leading characters are the salt value which is calculated by LC if you don't provide your own. It doesn't contain any of the actual data, it's just a value that allows decryption while preventing dictionary attacks. It can't be used on its own to decrypt.

i've changed my code to the one pointed in Eddie's suggested link... and results came out a bit quite different..
a) produces much shorter encrypted strings
b) first characters now never get repeated

...so it kind of feel better using this disctinct formula
so if any other users running a similar stuff on their own could let us know if the "crypting process seems" to be set properly..
.so as to use in production mode.

Beside : about TLS
*TLS DOES use a good level of security but it was interesting to learn that once a connection is established, a man in the middle, can still potentialy intercepts all the SLL packet strings "in clear" hence...only some encrypted column could make life harder...and if nothing was encrypted..than all your data seems to transit in Clear (which I though TLS would "never" let this to happen - dahh..we learn every day, nehh ?!!!)

Will post new code below soon...(missing the decrypting button script still)

here are both script I'd like to - secure check : working in aes-128 :
*extra 64Encoding is also required for this case.

encrypting decrypting * beside if s/o has any clue how to use : decrypt CodeData using "aes-256-cbc" - instead ?
reply also wellcomed

jacque wrote: ↑

Mon Mar 01, 2021 7:13 pm

I think the leading characters are the salt value which is calculated by LC

...assuming that these are some LC Salt value :
- Does it make sens that : for the same InputValue...;the Cypher would generates many distinct values (following the salt string) ?
(although it could be some wanted results to make crypted Output even more secure... )

finally...AES-256-CBC "funny results".. SOLVED !

so, yes, the result should not changed when using the sam input. It probably was dong that with AES256 due to the inacurate Key lenght !
... some Online Enbcrypting tool helped a lot in setting AND Checking this all !

see : www devglan com online-tools aes-encryption-decryption

PS : missconfigured AES could be used to generate Ramdom Strings !!!