On Fri, Jun 26, 2009 at 5:40 PM, Simon Michael<[email protected]> wrote: > Thanks, I see. At least with reg and print; ledger bal --anon gives me no > output. > > Is that kind of hash hard to reverse-engineer ? If I published the --anon > version of my company's ledger, how hard would it be for a motivated person > to decode the names ? > > I am wondering about picking random human-readable names, instead. Ie each > time you run --anon, create a new mapping from original names to random > names, and translate everything.
SHA-1 is a one-way hash, meaning that it's statistically highly improbable that someone could recreate the original text from just the hash. In controlled circumstances it's possible to create an equivalent plain-text that generates the same SHA-1, but this is pretty limited and still won't reveal your original account names. --Pete
