[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol
David Leon Gil
coruus at gmail.com
Thu Aug 28 15:17:43 PDT 2014
On Thu, Aug 28, 2014 at 6:08 PM, yan <yan at mit.edu> wrote:
> I guess I don't understand why hashing is necessarily "trivially
> invertible" here. If the threat is large precomputed rainbow tables of
> potential email addresses, you could have the email provider salt the
> hashes before submitting them to the log; or probably easier, have a
> unique "pepper" per email provider that gets rotated on some interval [1].
The issue is that usernames are extremely guessable. I think that
Joseph Bonneau had some stats on this in his thesis.
It can be made more different by using a largish scrypt instance, but
it's still going to be easy to guess (at least) 50% of email
addresses.
More information about the Messaging
mailing list