From 704872625696f84bdd8f8371763b919f4e927895 Mon Sep 17 00:00:00 2001 From: Klaus Umbach Date: Mon, 19 Mar 2018 21:36:47 +0100 Subject: implemented suggestions * changed: default hashing-algorithm to blake2 * added: length-limit (default 16) * changed: prefix to show it's obfuscated (obf) --- conf/modules.d/history_redis.conf | 1 - src/plugins/lua/history_redis.lua | 6 ++++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/conf/modules.d/history_redis.conf b/conf/modules.d/history_redis.conf index 0b85f3e01..1e170213e 100644 --- a/conf/modules.d/history_redis.conf +++ b/conf/modules.d/history_redis.conf @@ -19,7 +19,6 @@ history_redis { nrows = 200; # Default rows limit compress = true; # Use zstd compression when storing data in redis subject_privacy = false; # subject privacy is off - subject_privacy_alg = 'md5'; # default hash-algorithm to obfuscate subject .include(try=true,priority=5) "${DBDIR}/dynamic/history_redis.conf" .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/history_redis.conf" diff --git a/src/plugins/lua/history_redis.lua b/src/plugins/lua/history_redis.lua index af0511b91..44283fbb8 100644 --- a/src/plugins/lua/history_redis.lua +++ b/src/plugins/lua/history_redis.lua @@ -26,7 +26,9 @@ local settings = { nrows = 200, -- default rows limit compress = true, -- use zstd compression when storing data in redis subject_privacy = false, -- subject privacy is off - subject_privacy_alg = 'md5', -- default hash-algorithm to obfuscate subject + subject_privacy_alg = 'blake2', -- default hash-algorithm to obfuscate subject + subject_privacy_prefix = 'obf', -- prefix to show it's obfuscated + subject_privacy_length = 16, -- cut the length of the hash } local rspamd_logger = require "rspamd_logger" @@ -201,7 +203,7 @@ local function handle_history_request(task, conn, from, to, reset) elseif settings.subject_privacy then local hash_alg = settings.subject_privacy_alg local subject_hash = hash.create_specific(hash_alg, e.subject) - e.subject = hash_alg..':'..subject_hash:hex() + e.subject = settings.subject_privacy_prefix .. ':' .. subject_hash:hex():sub(1,settings.subject_privacy_length) end end, data) reply.rows = data -- cgit v1.2.3