On Wednesday, September 3, 2014, Trevor Perrin <[email protected]> wrote:
> > People keep suggesting salt, but I don't think per-user salt is > feasible (different salts could map Bob's address to different hashes, > allowing the log to contain different public keys for Bob). This is a very important point. (Which I hadn't really considered!) It's possible to enforce this post-hoc by publishing/gossiping (signed) messages consisting of a salt and a ZKP of the corresponding email address.[*] This is likely fairly effective in this case: If, e.g., to 'register' [email protected], Google requires your Gmail address, they can reject 'salt-split' identities. If they ever do, you can prove that they did. This makes them, e.g., being ordered to do so rather less likely. But this is only deters attacks; it doesn't prevent them. [*] In practice just another salted hash would work...
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
