> a) Not sure how you'd explain hashing and salting to someone. I'm not 100% I've used the right terms, but a hash would be 'a unique identifier for each address which doesn't reveal the address but shows whether two addresses are the same' - avoiding discussion of what actually happens behind the scenes and neatly sidestepping the question of salting. :)
> b) With only a few tens of millions of addresses, even with a salt, it could > be trivial to brute-force someone's address hash. You'd have to estimate the > current and future cost of the resources involved. With a sufficiently large secret salt (hundreds of bits, I should think), it should be infeasible. Or we could potentially encrypt the normalised address (which I think is broadly equivalent and should neatly avoid any issue of collisions!). Granted, if the secret got out then there would be major issues (think of any of the many 'X department lost Y data on Z mode of transport' stories), but this secret isn't something that should ever need to leave a datacentre. These are ways of doing it, but I'm fairly sure they're not the ways of doing it *right*. Dave. _______________________________________________ developers-public mailing list [email protected] https://secure.mysociety.org/admin/lists/mailman/listinfo/developers-public Unsubscribe: https://secure.mysociety.org/admin/lists/mailman/options/developers-public/archive%40mail-archive.com
