http://bugzilla.spamassassin.org/show_bug.cgi?id=3333
------- Additional Comments From [EMAIL PROTECTED] 2004-04-29 20:47 ------- > If the hashed tokens aren't meant to be recovered, > why not make it more difficult to recover them? That's a point. If it is worth doing, here is one way: Add a configuration option of a salt passphrase, which can be any length. The passphrase is run through SHA-1 to make a 20 byte number. That is used as the salt. In terms of code, it adds just a few lines: Something to initialize the salt to sha1(passphrase) when the user configuration is first read, and then one more argument to sha1 when the token is hashed. As long as the user does not change the passphrase in the configuration, everything works. If they want to change the passphrase they have to start the Bayes database all over again. All this accomplishes is to make the ham information in the db unavailable to anyone who manages to steal a copy of the db unless they can steal the configuration options too. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
