On Wed, Jun 30, 2010 at 11:50:49PM -0500, Tilghman Lesher wrote: > On Wednesday 30 June 2010 18:38:51 Steve Edwards wrote: > > On Sun, 13 Jun 2010, Tilghman Lesher wrote: > > > I would generally suggest something a little more deterministic (where > > > 101 is your extension): > > > > > > $ echo '101This is a salt' | sha1sum > > > 22c3c098bfc2289396af84ecfb1ab77419a6537e > > > > Aside from being 8 characters longer, why do you prefer sha1sum to md5sum? > > The use of MD5 is gradually being displaced, as crypto attacks are getting > better. Since SHA1 is usually the replacement, I went with it, since it's > also likely to be available on systems. While SHA1 will eventually succumb to > the same attacks as MD5, due to its larger bitstrength, it has quite a few > years left in it, before we need to start thinking about SHA256 or SHA512 to > replace it.
So, assuming I can relatively easily come up with another phrase that gives the same md5sum as the one of '101This is a salt', what does it help me with breaking the next extension? I prefer shorter names. An md5 checksum is too long as-is. Maybe simply get the first 8 characters from it and hope they are unique. For a small sample size (I suspect even a few 1000-s here would be small enough) I would not expect any collisions. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users