[OpenID] Problems with delegation and directed identity OPs
Martin Atkins
mart at degeneration.co.uk
Thu Nov 6 18:22:58 UTC 2008
Deron Meranda wrote:
>
> And, just from curiosity, why are the randomly generated URIs
> (both Google and Yahoo!) so long? You certainly don't need anywhere
> near that number of bytes to have a completely unguessable amount
> of entropy. But it certainly makes them practically non-human-readable
> and impossible to type without using cut-n-paste.
>
If I recall correctly, in Yahoo!'s case it's the output of some standard
hashing function, though I don't have a complete Yahoo! identifier to
hand in order to guess which one. I imagine Google is doing something
similar, though they apparently issue identifiers on a per-user, per-RP
basis, not just a per-user basis as Yahoo! does.
More information about the general
mailing list