Follow-up Comment #5, bug #51666 (project wget):
Thanks for addressing the issue.
Saving the salt together with the (salted) hash isn't of big help when we talk
about a limited set of input strings. You can get complete lists of existing
domains and brute force through them in a few seconds. Can even be optimized
by starting with the top 1m domains. I just mention this to make clear that
this way of obscuring is far from being safe. It is just slightly more effort
to reverse the domain names in comparison to unsalted hashes.
Anyways, it helps from being fly-by looked at, e.g. on the console.
I would like to ask you to not use OpenSSL for hashing. We have/use the SHA256
digest functions from gnulib anyways. So it should be straight forward.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?51666>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
