On Apr 18, 2012, at 07:22 PM, Richard Wackerbarth wrote:
>I don't understand the proposal. By "added to this hash", do you mean
>"included in the set of elements that get hashed" or do you mean
>"appended to the hash value"?
I mean "append (or prepend, we have to decide ;) to the hash input.
Specifically. Let's say you have this message snippet:
List-Post: foo.example.com
Message-ID: <bar>
under the current algorithm is:
>>> from base64 import b32encode
>>> from hashlib import sha1
>>> s = sha1('bar')
>>> b32encode(s.digest())
'MLG3OAQP7EQOLKTEFQ6UAZUVBXI7AH2N'
but after the elaboration suggested in this bug would be:
>>> s = sha1('bar')
>>> s.update('foo.example.com')
>>> b32encode(s.digest())
'P67IMDMX6CRPP3TXX26OMJEOX2DDK6WN'
>Presumedly, the sole purpose in publishing an algorithm to create the
>hash is to make it possible for two handlers to independently develop
>the same hash given only the message. Otherwise, a "secret" method could
>be used to assign a unique identifier to the message.
Exactly.
>In either case, this suggested change renews my argument that the
>resulting hash should be tagged, visibly, with a "protocol revision
>designator". Omitting that designation transforms the chosen calculation
>method into a "secret".
The way to do that is probably to use a parameter on the header, e.g.
On Apr 18, 2012, at 07:22 PM, Richard Wackerbarth wrote:
>I don't understand the proposal. By "added to this hash", do you mean
>"included in the set of elements that get hashed" or do you mean
>"appended to the hash value"?
I mean "append (or prepend, we have to decide ;) to the hash input.
Specifically. Let's say you have this message snippet:
List-Post: foo.example.com
Message-ID: <bar>
under the current algorithm is:
>>> from base64 import b32encode s.digest( )) QOLKTEFQ6UAZUVB XI7AH2N'
>>> from hashlib import sha1
>>> s = sha1('bar')
>>> b32encode(
'MLG3OAQP7E
but after the elaboration suggested in this bug would be:
>>> s = sha1('bar') 'foo.example. com') s.digest( )) RPP3TXX26OMJEOX 2DDK6WN'
>>> s.update(
>>> b32encode(
'P67IMDMX6C
>Presumedly, the sole purpose in publishing an algorithm to create the
>hash is to make it possible for two handlers to independently develop
>the same hash given only the message. Otherwise, a "secret" method could
>be used to assign a unique identifier to the message.
Exactly.
>In either case, this suggested change renews my argument that the
>resulting hash should be tagged, visibly, with a "protocol revision
>designator". Omitting that designation transforms the chosen calculation
>method into a "secret".
The way to do that is probably to use a parameter on the header, e.g.
Permalink-Hash: P67IMDMX6CRPP3T XX26OMJEOX2DDK6 WN; version=1