Re: hashing emails is not secure (Re: avoiding anonymous emails)

[Adam Back <adam@xxxxxxxxxxxxxxx>]

You could use iterative hashing.  However i think it will be unlikely
to have both good security margin (80 bits to find is a user blocked)
and conveniently fast.

Say there are 2^30 email addresses (1 billion), and you run the hash 1
million times (2^20 bits) (second or two of iterative hashing) thats
2^50 to scan the lot.  Not too shabby.

However the cost to verify if an individual known email address is
blocked is still unacceptably low, the attacker isn't necessarily
interested to map all remailer users, just to confirm or deny some set
that are under scrutiny.

Adam

On Thu, Apr 13, 2006 at 05:33:20PM -0400, Gregory Maxwell wrote:
> On 4/13/06, Adam Back <adam@xxxxxxxxxxxxxxx> wrote:
> > Hashing emails is not very secure.  There are only a small number of
> > email addresses in the world.  A computer can try order of 4million
> > per second... and compare it to the small list of blocked hashes.
> >
> > Also I view global block as undesirable.  Each operator can do their
> > own thing... this is not some unified service, they are individual
> > services operated by different people.  There is a reason for this:
> > distributed trust, and that reason is central to the security of
> > mixmaster/mixminion.
> 
> Eh, "hashing" doesn't demand any particular computational ease. In my
> mind I was thinking of iterated sha-1 or the like.. You could tune it
> to be as computationally difficult as you like.
> 
> Ultimately, no matter how blocks are stored, someone could just use
> the system itself as an oracle.
> 
> I don't disagree, however, with your latter point on distributed
> trust... although we may find that if the internet at large considers
> the remailers a nusance the results of their ire may be far worse then
> the negative results of a colaborative blacklisting system.
> 
> ... It's not a pressing issue now in any case.