[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files
|
From: |
Ethan Welker |
|
Subject: |
[Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files |
|
Date: |
Fri, 24 Aug 2018 08:31:04 -0400 (EDT) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 |
Follow-up Comment #6, bug #51666 (project wget):
Thank you for your feedback.
Regarding the salt: I used one because OpenSSH uses one and that was both what
the original bug report references, and written by somebody likely more
experienced than me Re: security. If you want me to remove the salting or
something I can do so.
This version of the patch (only one this time, because there's little point in
only separating adding the tests) has the following changes from the previous
patchset:
* Uses gnulib hashing functions instead of gnutls/openssl ones (Sorry, I
didn't know gnulib had those!).
* Fixes the interleaved versions duplicate entry thing.
* Adds dependency on gnulib's crypto/gc and crypto/gc-random (not any
crypto/gc-<hash algorithm>) to generate decent quality randomness for the
salt. Seeing as the salt apparently isn't that important, I guess it could be
switched to random_number if this is a problem.
* In case someone does want to switch to crypto/gc-<hash algorithm> in the
future (to easily add another hashing algorithm or something), the prefix was
switched from 1 to 5 to match the value of GC_SHA256 in gc.h.
(file #44848)
_______________________________________________________
Additional Item Attachment:
File name: 0001-Hash-domains-in-HSTS-database-to-improve-privacy.patch Size:25
KB
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?51666>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/