randomize the length of hashes used for identifiers and filenames

Otherwise all of those names share the same exact length, which can be a rather easy pattern to spot that garble was used.
3 years ago · 73b77ce6be
parent 745d089a9d
commit 73b77ce6be
1 changed files with 7 additions and 1 deletions
--- a/hash.go
+++ b/hash.go
@ -250,13 +250,19 @@ func hashWithCustomSalt(salt []byte, name string) string {
 	// We want collisions to be practically impossible, so we choose 8 to
 	// end up with a chance of about 1 in a million even when a package has
 	// thousands of obfuscated names.
-	const hashLength = 8
+
+	const minHashLength = 8
+	const maxHashLength = 15
+	const hashLengthRange = maxHashLength - minHashLength

 	hasher.Reset()
 	hasher.Write(salt)
 	hasher.Write(flagSeed.bytes)
 	io.WriteString(hasher, name)
 	nameBase64.Encode(b64SumBuffer[:], hasher.Sum(sumBuffer[:0]))
+
+	hashLengthRandomness := b64SumBuffer[len(b64SumBuffer)-2] % hashLengthRange
+	hashLength := minHashLength + hashLengthRandomness
 	b64Name := b64SumBuffer[:hashLength]

 	// Even if we are hashing a package path, we still want the result to be