From 73b77ce6beedb0bd7719fdb5fed8fbdeffc86b4f Mon Sep 17 00:00:00 2001
From: Azrotronik <60074481+Azrotronik@users.noreply.github.com>
Date: Mon, 17 Oct 2022 18:36:29 +0100
Subject: [PATCH] randomize the length of hashes used for identifiers and
 filenames

Otherwise all of those names share the same exact length,
which can be a rather easy pattern to spot that garble was used.
---
 hash.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hash.go b/hash.go
index cd906e7..8b7ce8f 100644
--- a/hash.go
+++ b/hash.go
@@ -250,13 +250,19 @@ func hashWithCustomSalt(salt []byte, name string) string {
 	// We want collisions to be practically impossible, so we choose 8 to
 	// end up with a chance of about 1 in a million even when a package has
 	// thousands of obfuscated names.
-	const hashLength = 8
+
+	const minHashLength = 8
+	const maxHashLength = 15
+	const hashLengthRange = maxHashLength - minHashLength
 
 	hasher.Reset()
 	hasher.Write(salt)
 	hasher.Write(flagSeed.bytes)
 	io.WriteString(hasher, name)
 	nameBase64.Encode(b64SumBuffer[:], hasher.Sum(sumBuffer[:0]))
+
+	hashLengthRandomness := b64SumBuffer[len(b64SumBuffer)-2] % hashLengthRange
+	hashLength := minHashLength + hashLengthRandomness
 	b64Name := b64SumBuffer[:hashLength]
 
 	// Even if we are hashing a package path, we still want the result to be