On Sat, Jul 10, 2004 at 10:05:25PM -0700, Tor Slettnes wrote:
> On Jul 9, 2004, at 01:59, Matthew Byng-Maddick wrote:
> >This shouldn't be "hash_8", it should be something more along the
> >lines of:
> Any particular reason?
That the secret can almost certainly be reversed out from the string, and
new valid return paths predicted. Given that you're writing a HOWTO, it
seems sensible to use something safe to start with, rather than suggest to
people to do something unsafe.
> Note that for this purpose, I am not neccessarily looking for a
> cryptographically safe string - merely something that's hard to guess
> by the spammer.
This is true, however what you're writing is a document that you expect
many people to just copy. Given that, kerchoff's principle starts applying,
and all of your secrecy should be in the key. If the key can be reversed out,
as seems likely with a few return paths, then the spammer can once again start
emitting valid return-paths from that domain, and you're back to where you
started.
> Hashing over a string that contains a secret should
> be more than enough, IMO.
I'd say your opinion is wrong. At least for the moment, it probably holds,
but if large numbers of people start doing this trick, it'll be a disaster
within the arms race. Better, IMO, to have it being strong from the start.
> I'd put more weight on simplicity.
Well, it's up to you, but I'd say you were being naive.
Cheers
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/
(Please use this address to reply)
