Gervase Markham wrote:
HJ wrote:
You can hash a particular domain and say "has the user visited
https://www.foo.com?"; (which is the question the browser needs to
know to do the "new site" indicator). But you can't say "give me a
list of all the domains they visited."
In a perfect world maybe, but do we live in a perfect world, no.
I'm not sure what that's supposed to mean. I'm talking about the
effects of a fundamental property of one-way hash algorithms. If you
have some magic way of reversing (say) MD5 or SHA1, let us know :-)
Yup. Go through their logs, pull out all the URLs that
are cached there, and run them through the hash. Any
that match a hash makes for a hit. Relying on the
non-reversibility of the hash for security reasons does
mean keeping accesss to the original as a secret as well.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
