\ On Wed, Sep 10, 2008 at 12:38 AM, Brian Eaton <[EMAIL PROTECTED]> wrote: > On Tue, Sep 9, 2008 at 4:25 PM, John Hjelmstad <[EMAIL PROTECTED]> wrote: >> I briefly considered String hashCode, but quickly recognized that was a bad >> idea. MD5 of contents sounds reasonable. Brian, thoughts? > > I suspect using the entire input body contents is out of the question, > though that was my initial thought. > > Don't use MD5. Nobody knows how to attack it for this kind of > application, yet, but a lot of progress has been made. SHA1 is > probably OK. SHA-256 would be great, HMAC-SHA1 would be great, except > then you have to worry about keying, which is a pain. This cache is > potentially shared across multiple servers, right?
Keyczar could help with this... > > If it's a single server cache, HMAC-SHA1 with a random key. > > The cache key generated by the HTTP content fetchers might be useful > for this as well, assuming you can get ahold of it somehow. >
