[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
hashing emails is not secure (Re: avoiding anonymous emails)
Hashing emails is not very secure. There are only a small number of
email addresses in the world. A computer can try order of 4million
per second... and compare it to the small list of blocked hashes.
Also I view global block as undesirable. Each operator can do their
own thing... this is not some unified service, they are individual
services operated by different people. There is a reason for this:
distributed trust, and that reason is central to the security of
mixmaster/mixminion.
Adam
On Wed, Apr 12, 2006 at 08:37:57PM -0400, Gregory Maxwell wrote:
> On 4/12/06, Steve Crook <steve@xxxxxxxxxxxxxxxx> wrote:
> > On Wed, Apr 12, 2006 at 08:11:34PM -0400, Nick Mathewson wrote:
> > >
> > > Also, is it really a good idea to have a big list of everybody who
> > > doesn't want anonymous email? It seems like a spam/abuse target.
> > > What do mixmaster operators do for cases like this?
> >
> > In general nothing. Mixmaster operators each manage their own block
> > list and don't communicate it to other ops.
>
> Perhaps it would be useful to have a list which is distributed as a
> cryptographic hash of the blocked username.. Mixmaster exit operators
> could publish a list of hashes they won't deliver to, and a list of
> hashes whom they have personally confirmed as not wanting mail.
> Operators could examine the list of confirmed hashes, and add hashes
> to block based on the number of confirmed independent/trusted sources
> being over a threshold.
>
> I.e. if you don't want mixmaster sourced mail you email any three from
> a list of server operators and then all other participants block too.