On 28 August 2014 16:29, Mike Hearn <[email protected]> wrote: >> Sorry I wasn't more clear. I was referring to the fact that the >> directory would be openly publishing a list of everyone's email >> addresses. Even if you hash them, they're pretty trivially invertible. > > > Ah right. I don't think that aspect is a big deal. Given that spammers have > shown an ability to successfully invert tens of millions of user passwords, > I can't worry too much about them inverting a hash of a public address. > > Hashing is still valuable though. Otherwise you'd get marketing people > worrying about people publishing lists of obviously phishy accounts and > embarassing the company, or people managing to locate the personal addresses > of celebrities by analysing account names etc.
Hashing may be desirable, but it is not without it's problems: - Case insensitivity - Arbitrary suffix after a metacharacter (gmail's [email protected] potentially being the most well known) - Arbitrary metacharacters for the suffix (qmail's default is a - I believe, but you can make it anything) - gTLDs in unicode vs punycode -tom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
