Gervase Markham wrote:
HJ wrote:
You can hash a particular domain and say "has the user visited https://www.foo.com?" (which is the question the browser needs to know to do the "new site" indicator). But you can't say "give me a list of all the domains they visited."
In a perfect world maybe, but do we live in a perfect world, no.
I'm not sure what that's supposed to mean. I'm talking about the effects of a fundamental property of one-way hash algorithms. If you have some magic way of reversing (say) MD5 or SHA1, let us know :-)
Yup. Go through their logs, pull out all the URLs that are cached there, and run them through the hash. Any that match a hash makes for a hit. Relying on the non-reversibility of the hash for security reasons does mean keeping accesss to the original as a secret as well.
iang
-- News and views on what matters in finance+crypto: http://financialcryptography.com/
_______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security