On Wed, 2019-09-04 at 16:58 -0400, Scott Mayhew wrote: > > While thinking about this I wondered, why not simply hash (SHA-256 for > > example) the principal name and store the hash instead? > > > > It will make the length fixed and uniform and probably often shorter > > than the real principal names, so saving space in the general case. > > > > I am not against truncating to 1024, but a hash would be more elegant > > and correct. > > I can do that. Is there any reason I would want to convert the hash to > to a human-readable format (i.e. something that would match the > sha256sum command-line tool's output) or can I just use the raw buffer? > Note that if we wanted to print the hash in an error message or > something, I can just use printk's %*phN format specifier... I do not see a reason to waste time turning to ascii before the time you really need to. A byte buffer is perfectly fine. Simo. -- Simo Sorce RHEL Crypto Team Red Hat, Inc
