Matthew Wilcox <[EMAIL PROTECTED]> writes: > On Mon, Mar 31, 2003 at 12:02:14PM -0500, Aaron M. Ucko wrote: > > Like Sam, I see no particular need for salt beyond the username. > > Uh.. Sam who? I saw no email. The username is insufficient salt; the
Sam Hartman <[EMAIL PROTECTED]>, in <[EMAIL PROTECTED]> (which seems to have gone only to the list). > secretary has a list of all debian usernames and has at least a year to > attempt to construct collisions. True, though I think even finding collisions on that timescale would be an accomplishment. The extra salt certainly wouldn't *hurt*; I'm just not convinced it's necessary. > Yes, that's true. Or add a significanlty longer batching period; maybe > one day is enough. Or min(1 day, 100 votes) to deal with falloff. -- Aaron M. Ucko, KB1CJC (amu at alum.mit.edu, ucko at debian.org) Finger [EMAIL PROTECTED] (NOT a valid e-mail address) for more info. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]