Autor: John W. Baxter Data: Dla: exim-users Temat: Re: [exim] Re: Sanity check: ACL to block fake sender addresses
On 11/18/05 9:53 AM, "Ian Eiloart" <iane@???> wrote:
> Then, we'd probably use an MD5 hash of the
> sender address, a secret and something time sensitive.
MD5 and "time sensitive" in the same sentence is "worrysome". That's a
feature of MD5.
So you probably would do something else, or use a coarse-grained time such
as the day and be willing to try at least one prior day's hash if today's
fails. ;-)