Hashed Email
2018-04-09 23:25:37.198445+02 by
Dan Lyke
2 comments
Freedom to Tinker: Four cents to deanonymize: Companies
reverse hashed email addresses points out that companies which used hash email
addresses as public identifiers aren't doing anything for security.
Email addresses can be harvested from various sources, and you can run 450 Billion MD5 hashes per second on an Amazon EC2 instance,
which means that "...hashing all five billion existing email addresses would take about
ten milliseconds and cost less than a hundredth of a cent."
[ related topics:
Books Privacy Invention and Design Civil Liberties Sports Cryptography Databases Government
]
comments in ascending chronological order (reverse):
#Comment Re: Hashed Email made: 2018-04-10 04:58:19.806632+02 by:
TheSHAD0W
[edit history]
Salted hashes might work better, but if you're trying to match emails between different platforms that won't work.
One of the reasons why I don't like silly things like "Gravatar". If you can match IDs cross-platform, even if outsiders can't determine identity, it means anyone with administrative access to a platform you're on that uses it can unmask you on any other platform that uses it.
#Comment Re: Hashed Email made: 2018-04-10 19:14:57.311364+02 by:
Dan Lyke
Yeah, this also has implications for password sharing: I'm sure that there are pre-hashed
files of the billion or so most popular passwords floating around...