Mark-- I stand corrected. Seems like a security issue that should be addressed in dated address generation.
--Brian On Thu, Oct 21, 2004 at 04:32:52PM -0400, Mark Horn wrote: > On Thu, Oct 21, 2004 at 02:10:02PM -0500, Brian wrote: > > I believe dated addresses contain a hash generated using your > > crypt_key, as well as the sender e-mail address and date. > > No, they don't. The hash in a dated adress is calculated using > crypt_key and the dated portion of the address only. Everything else > is ignored. E.g.: > > $ tmda-address -d > [EMAIL PROTECTED] > $ tmda-check-address [EMAIL PROTECTED] > STATUS: VALID > EXPIRES: Thu Oct 21 20:29:29 2004 UTC > $ tmda-check-address [EMAIL PROTECTED] > STATUS: VALID > EXPIRES: Thu Oct 21 20:29:29 2004 UTC > > So if I share my crypt_key with my son, the first example > demonstrates how you'd use one of my dated addresses to send > email to my son. (Assuming of course, that his email address is > [EMAIL PROTECTED] - which it isn't.) > > The second example is simply there to demonstrate that the only > portion of the email address that the hash uses is the date. > > Cheers, > - Mark > _____________________________________________ > tmda-users mailing list ([EMAIL PROTECTED]) > http://tmda.net/lists/listinfo/tmda-users > _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
