On Tue, 2 Sep 2025, Job Snijders wrote:

> On Mon Sep 1, 2025 at 11:50 PM UTC, Damien Miller wrote:
> > I don't mind switching the algorithm, but the whole purpose of the
> > connection hash in this context is to provide an identifier that takes
> > in the unique descriptors of the connection that is short enough to
> > avoid exceeding the relatively-modest sockaddr_un path limit.
> >
> > IMO, at 64 characters, a hex-encoded SHA256 hash is too long for this.
> > It should be truncated and/or a modified b64 encoding use. Modified
> > because base64 usually uses /, which isn't acceptable for something
> > intended as a filesystem path (+ isn't great either).
> 
> I recommend using 'base64url' encoding (RFC 4648, section 5) without padding.
> https://datatracker.ietf.org/doc/html/rfc4648#section-5

we have sshbuf_dtourlb64() for this