Follow-up Comment #5, bug #51666 (project wget): Thanks for addressing the issue.
Saving the salt together with the (salted) hash isn't of big help when we talk about a limited set of input strings. You can get complete lists of existing domains and brute force through them in a few seconds. Can even be optimized by starting with the top 1m domains. I just mention this to make clear that this way of obscuring is far from being safe. It is just slightly more effort to reverse the domain names in comparison to unsalted hashes. Anyways, it helps from being fly-by looked at, e.g. on the console. I would like to ask you to not use OpenSSL for hashing. We have/use the SHA256 digest functions from gnulib anyways. So it should be straight forward. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?51666> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/