[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

David Leon Gil coruus at gmail.com
Thu Aug 28 15:17:43 PDT 2014

On Thu, Aug 28, 2014 at 6:08 PM, yan <yan at mit.edu> wrote:
> I guess I don't understand why hashing is necessarily "trivially
> invertible" here. If the threat is large precomputed rainbow tables of
> potential email addresses, you could have the email provider salt the
> hashes before submitting them to the log; or probably easier, have a
> unique "pepper" per email provider that gets rotated on some interval [1].

The issue is that usernames are extremely guessable. I think that
Joseph Bonneau had some stats on this in his thesis.

It can be made more different by using a largish scrypt instance, but
it's still going to be easy to guess (at least) 50% of email

More information about the Messaging mailing list