From: Michael R. Brumm
Sent: Wednesday, May 05, 2004 7:23 PM
<...>
Let see:
40-bit hash = 7 base64 chars = 8 base32 chars = 10 hex chars
80-bit hash = 14 base64 chars = 16 base32 chars = 20 hex chars
120-bit hash = 21 base64 chars = 24 base32 chars = 30 hex chars
How long are you guys planning to make those hashes? I'd say that
for 80-bits or less, hex is the least problematic.
Since SRS recommends four base-64 digits, we're only talking about 24-bit
hashes. Much ado about nothing, as the big guy said.
4 base-64 digits = 24-bit hash
5 base-32 digits = 25-bit hash
6 base-16 digits = 24-bit hash
For one or two characters, why sweat all the work to produce a hash in
base-64 that can withstand case mangling, as we currently do? You have to
first reduce the string you are hashing to lower case, compute the hash and
represent it as base-64. When verifying, you have to compare the hash in a
case insensitive manner. This actually reduces the strength of the hash
since in a case-insensitive comparison, A=a, so we're not really even
getting the full 24-bits of hash that we wanted. I'd vote for five base-32
digits and force everything to lower case for the hash computation. Upon
verification, we'd get full use of the 25-bit hash with only one extra
character in the local part.
--
Seth Goodman