http://bugzilla.spamassassin.org/show_bug.cgi?id=3331
------- Additional Comments From [EMAIL PROTECTED] 2004-08-09 13:04 ------- > I won't limit the token size until > after the SHA1 hash has been computed No, I don't like that at all. It doesn't protect against a DoS in the easiest place to protect against it, and it leaves the database with entries that do not have the useful two-way mapping between token and hash. It would be much simpler to truncate tokens before hashing. There is not going to be any statistical difference between two tokens that have the same 128 or 200 byte prefix as far as heir being spam or ham signs. ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
