On 06/Jan/12 21:59, Murray S. Kucherawy wrote: > > The point here is to obscure the original string to the > satisfaction of the report generator while allowing the report > receiver to observe that multiple reports are referring to the > same end user.
Yes, indeed ARF recommends the /identity hash/ --that replaces a string with itself. SHA1 is exemplified in Appendix A, anyway. > Basically, the usual concerns about a collision attack don’t apply > to this use of hashes since the same party that produces the hashes > also consumes them. Replacing a string with "xxxxxxxx" gives better protection by preventing any correlation. That has a 100% collision rate. _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
