[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files

From: Ethan Welker
Subject: [Bug-wget] [bug #51666] Please hash the hostname in ~/.wget-hsts files
Date: Fri, 24 Aug 2018 08:31:04 -0400 (EDT)
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0

Follow-up Comment #6, bug #51666 (project wget):

Thank you for your feedback.

Regarding the salt: I used one because OpenSSH uses one and that was both what
the original bug report references, and written by somebody likely more
experienced than me Re: security. If you want me to remove the salting or
something I can do so.

This version of the patch (only one this time, because there's little point in
only separating adding the tests) has the following changes from the previous

* Uses gnulib hashing functions instead of gnutls/openssl ones (Sorry, I
didn't know gnulib had those!).
* Fixes the interleaved versions duplicate entry thing.
* Adds dependency on gnulib's crypto/gc and crypto/gc-random (not any
crypto/gc-<hash algorithm>) to generate decent quality randomness for the
salt. Seeing as the salt apparently isn't that important, I guess it could be
switched to random_number if this is a problem.
* In case someone does want to switch to crypto/gc-<hash algorithm> in the
future (to easily add another hashing algorithm or something), the prefix was
switched from 1 to 5 to match the value of GC_SHA256 in gc.h.

(file #44848)

Additional Item Attachment:

File name: 0001-Hash-domains-in-HSTS-database-to-improve-privacy.patch Size:25


Reply to this item at:


  Message sent via Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]