Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
arielweisberg
2 days ago
|
parent
|
context
|
favorite
| on:
Bucketsquatting is finally dead
This can be implemented without storing it. They could store a hash. No idea what they actually do.
help
charcircuit
2 days ago
[–]
A hash of a public identifier like an email is personally identifiable data.
reply
jounker
2 days ago
|
parent
|
next
[–]
Isn’t the entire point of a cryptographically secure hash that you can’t derive the original information?
reply
charcircuit
2 days ago
|
root
|
parent
|
next
[–]
You can't derive the original better than guessing. With public identifiers you can just take a list of them and guess with those. If someone asks for your email they can hash it themselves and compare it against whatever databases.
reply
pfortuny
2 days ago
|
parent
|
prev
[–]
You can always encrypt with a public key instead of hashing.
reply
pbhjpbhj
2 days ago
|
root
|
parent
[–]
You mean 'as well as', right?
reply
pfortuny
2 days ago
|
root
|
parent
[–]
No, I mean encrypting (using a random padding like OAEP-RSA) gives an undecipherable item.
reply
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
