|We don't bite newbies here... much|
but not reasoning for changing the hash algorithm itself
Sure it is. A strong hash function is harder to attack.
why you would do it on a hash-by-hash basis rather than a per-process basis.
Concerns over information exposure of key order to an attacker.
I don't get the reluctance to share this information?
If there is any reluctance it is purely that of me wanting to avoid a long dialog repeating what has already been said elsewhere. I have a lot of demands on my time these days.
In reply to Re^13: Hash order randomization is coming, are you ready?