On Apr 15, 2010, at 2:12 PM, briandunnington wrote: > 1. add new header(s) to indicate the section hash, hash algorithm, and > salt > 2. add new header(s) to indicate the section hash and salt (require > and assume the same algorithm as the main body) > 3. add new header(s) to indicate the section hash (require and assume > the same algorithm and salt as the main body) > 4. no changes (require and assume the same algorithm and salt as the > main body, as now)
I think #3 is fine. I'm not keen on #4 because of the swapping out possibility. It's probably not a huge worry, but most code would probably have to have some generic way to encrypt a block of data anyhow. The only reason that I could see preferring #1 to #3 is that the client could have prepared the binary resources ahead of time and used them even though the header of the message uses a different salt and hash. But, that, again, allows someone to mix and match binary resources from across messages. So, yep... I'm back to #3 (or #2, but I don't see a real advantage to #2 unless MD5 is loads faster than SHA256 on your machine). > i know that Mac support is still nascent, but i would really like to > see these encryption changes labeled as GNTP/1.1. there are a lot of > client libraries already written to the current 1.0 spec and it would > be nice to be able to transition to the new spec without having them > all break overnight when the receiver is updated. *nod* That definitely should happen, IMBBO. alter, Patrick ps. Just successfully got my Lisp code to REGISTER with Growl-for-Windows with the MD5 password-hashing but no encryption yet.... (and, I just realized that the way that I have the encryption organized at the moment is wrong since I'm not encrypting each block of binary data yet, but that's easy to fix). -- You received this message because you are subscribed to the Google Groups "Growl Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/growldiscuss?hl=en.
