[messaging] Google End-to-End plans on using key directories with a CT-like verification protocol

Tao Effect contact at taoeffect.com
Thu Aug 28 15:18:43 PDT 2014

On Aug 28, 2014, at 3:08 PM, yan <yan at mit.edu> wrote:

> I guess I don't understand why hashing is necessarily "trivially
> invertible" here. If the threat is large precomputed rainbow tables of
> potential email addresses, you could have the email provider salt the
> hashes before submitting them to the log; or probably easier, have a
> unique "pepper" per email provider that gets rotated on some interval [1].

The domain part of the email is likely known, which leaves the user part, which is trivially inverted on modern hardware without any rainbow tables involved (simply brute force).

The addition of sale and pepper would therefore be a requirement (at bare minimum).

Still, even salt and pepper is not enough (to protect passwords) [1], so if you really want to protect them, bcrypt/scrypt should be used instead. Heh, just remembered your twitter name, so I'm probably preaching to the choir.

[1] https://news.ycombinator.com/item?id=8088299

Kind regards,

Please do not email me anything that you are not comfortable also sharing with the NSA.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140828/097ed4ec/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140828/097ed4ec/attachment.sig>

More information about the Messaging mailing list