[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: hashing emails is not secure (Re: avoiding anonymous emails)

On 4/13/06, Adam Back <adam@xxxxxxxxxxxxxxx> wrote:
> Hashing emails is not very secure.  There are only a small number of
> email addresses in the world.  A computer can try order of 4million
> per second... and compare it to the small list of blocked hashes.
> Also I view global block as undesirable.  Each operator can do their
> own thing... this is not some unified service, they are individual
> services operated by different people.  There is a reason for this:
> distributed trust, and that reason is central to the security of
> mixmaster/mixminion.

Eh, "hashing" doesn't demand any particular computational ease. In my
mind I was thinking of iterated sha-1 or the like.. You could tune it
to be as computationally difficult as you like.

Ultimately, no matter how blocks are stored, someone could just use
the system itself as an oracle.

I don't disagree, however, with your latter point on distributed
trust... although we may find that if the internet at large considers
the remailers a nusance the results of their ire may be far worse then
the negative results of a colaborative blacklisting system.

... It's not a pressing issue now in any case.