On Aug 28, 2014, at 3:08 PM, yan <[email protected]> wrote: > I guess I don't understand why hashing is necessarily "trivially > invertible" here. If the threat is large precomputed rainbow tables of > potential email addresses, you could have the email provider salt the > hashes before submitting them to the log; or probably easier, have a > unique "pepper" per email provider that gets rotated on some interval [1].
The domain part of the email is likely known, which leaves the user part, which is trivially inverted on modern hardware without any rainbow tables involved (simply brute force). The addition of sale and pepper would therefore be a requirement (at bare minimum). Still, even salt and pepper is not enough (to protect passwords) [1], so if you really want to protect them, bcrypt/scrypt should be used instead. Heh, just remembered your twitter name, so I'm probably preaching to the choir. [1] https://news.ycombinator.com/item?id=8088299 Kind regards, Greg -- Please do not email me anything that you are not comfortable also sharing with the NSA.
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
