spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: BASE64 encoding of SRS hash may not work with some mail servers

2004-05-05 23:18:09
from [Ryan Malayter] [Permanent Link] 
[Seth Goodman]

When verifying, you have to compare the hash in 
a case insensitive manner.  This actually reduces 
the strength of the hash since in a case-insensitive 
comparison, A=a, so we're not really even getting 
the full 24-bits of hash that we wanted.


Case-insensitivity makes each BASE64 character worth ~5.25 bits, so a
4-character case-insensitive base64 hash gives ~21 bits entropy. I don't
think a spammer is going to try a million possibilities (average) per
message to get spam through, so that's probably enough.

Using four-digit BASE32 encodings instead gives 20 bits of entropy, and
doesn't have the problem with non-alphanumeric characters. So that would
be my suggestion. After all, what's the difference between a half
million and a million tries?

        -ryan-
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: BASE64 encoding of SRS hash may not work with some mail servers, Michael R. Brumm
Next by Date:  RE: BASE64 encoding of SRS hash may not work with some mail servers, Tony Finch
Previous by Thread:  RE: BASE64 encoding of SRS hash may not work with some mail servers, Tony Finch
Next by Thread:  S/MIME Gateway Profile / Yahoo DomainKeys, Meng Weng Wong
Indexes:  [Date] [Thread] [Top] [All Lists]