From: Michael R. Brumm
Sent: Wednesday, May 05, 2004 8:59 PM
<...>
I'd vote for five base-32 digits and force everything to lower
case for the
hash computation. Upon verification, we'd get full use of the
25-bit hash
with only one extra character in the local part.
25-bit? What are you going to do, throw away the bit or pad the
next seven? I think few implementations take 25-bits for hashing...???
The SHA-1 hash is 160-bits long, so with four base-64 digits, we only use
the first 24-bits of it. Using the first 25-bits is no different. No
padding is necessary. If you start converting the 160-bit hash to base-32
and stop after the fifth character, you've encoded the first 25-bits.
If you go with base32, I'd say go with the multiples of 40-bits:
40, 80, 120... They form base32 expressions without padding (=),
and end on byte boundaries.
There's no particular reason to stay with byte boundaries. For example, the
timestamp field is two base-32 digits, which is 10-bits. Shevek determined
that the first 24-bits of a SHA-1 gave adequate security. You can always go
longer, but we don't want to break the 64-byte local part limit, if
possible, so go with what is good enough but not more.
--
Seth Goodman