On Tue, 28 Apr 2009, Steve Freegard wrote:
To reduce the likelihood of collisions then it's better to add the input
string length at the end of the md5 like ClamAV does in it's MD5 sigs e.g.
s...@laptop-smf:~$ perl -MDigest::MD5 -e '$email="s...@fsg.com"; print
Digest::MD5::md5_hex($email).length($email).".emailbl.org\n"'
c18782f8d94595d5e016e3ab9ab3f8f610.emailbl.org
This also has the benefit of making it impossible to reverse the list if
the spammer were to rsync the list.
...huh? If MD5 isn't cryptographically secure, how will adding some extra
characters onto the end make it stronger?
And there's no way to keep a spammer from checking to see if a given email
address is listed, just as there's no way to keep them from checking
whether a given domain name is listed.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Public Education: the bureaucratic process of replacing
an empty mind with a closed one. -- Thorax
-----------------------------------------------------------------------
96 days since Obama's inauguration and still no unicorn!
