[Gambas-user] Can I encrypt a string
Tobias Boege
taboege at gmail.com
Sun Jul 7 11:08:03 CEST 2019
On Sun, 07 Jul 2019, Mayost Sharon wrote:
> ---------- Original Message -----------
> From: Tobias Boege <taboege at gmail.com>
> To: Gambas Mailing List <user at lists.gambas-basic.org>
> Sent: Sun, 7 Jul 2019 10:35:31 +0200
> Subject: Re: [Gambas-user] Can I encrypt a string
>
> > On Sun, 07 Jul 2019, Mayost Sharon wrote:
> > > Thank you very much
> > >
> > > In Fedora 30 the version is: 3.12
> > > I have to wait for the version 3.14
> > >
> > >
> > > If I use this example:
> > > http://gambas.sourceforge.net/en/main.html#
> > >
> > > Do I lose anything in security?
> > >
> >
> > You pasted a link to the main iframe of the Gambas homepage,
> > I don't see what you saw.
> >
>
> Sorry
> This link:
> http://gambaswiki.org/wiki/comp/gb.openssl/cipher
>
The Encrypt method takes a key and an IV directly, whereas EncryptSalted
takes a *password* and a salt, then derives a cryptographic key from them
and then this key is used to encrypt the data. The key is derived using
PKCS#5 v1.5, an older KDF which gb.openssl uses for compatibility with
the `openssl` commandline utility which still has that as the default.
I'm no security expert, so now that you know the difference, please make
up your own mind about it [1]. If your interface uses passwords (like your
code suggests), you likely want EncryptSalted, though.
Regards,
Tobi
[1] https://en.wikipedia.org/wiki/Key_derivation_function
--
"There's an old saying: Don't change anything... ever!" -- Mr. Monk
More information about the User
mailing list