Michal Zalewski wrote: > More importantly, since the dictionary of possible inputs is rather > limited, it would be pretty trivial to build a dictionary of site <-> > hash pairs and crack the values. May protect > xyzzy2984.eur.int.example.com, but would still reveal to me you are > coming from playboy.com.
Salt it. Problem solved.