Hi Vincent, On Mon, Apr 20, 2020 at 07:38:06PM +0200, Vincent Lefevre wrote: > > For hiding our pid etc. all data which can be found in the same email > > or maybe related emails is of no use for feeding to the hash, because > > it can easily be inserted as constants in brute-force searchs. Only > > the random number remains as secret besides the data. > > > > We need data which is unrelated to the email but - to be deterministic > > with regard to other Mutt instances - is equal to all Mutt instances on > > the same machine (even if generated from different sources - every Mutt > > developer has a separate "head" version, right? ;-) > > I don't understand why you need data that "is equal to all Mutt > instances on the same machine".
This is necessary to stay on the deterministic track: For this we require that different Mutt instances use information which differs by the pid and time/sequence number at some point, which is the data fed to the hash algorithm. If we don't want to be deterministic, then I don't see a major advantage of hash functions compared to random data. Kind regards, Gero
