On Tue, 2012-06-19 at 02:11 +0900, Stephen J. Turnbull wrote: > Lindsay Haisley writes: > > Why would, say, hashlib.md5(recip).hexdigest() be any more or less > > detectable than a reversible encryption? > > Because once the idea becomes public, anybody can check the nonesense > strings in your headers to see if any of them hash to the user's id. > That's a lot more difficult if you use encryption based on a secret > key.
Very true, and a good point. A little research turned up http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/ which is a good discussion of using AES encryption in Python. The Crypto module seems to be standard issue with Python - no special libraries required. > > IMHO, AOL's days on this planet are numbered. They'll go the way of > > Compuserve :) > > Yeah, I hope so. Unfortunately, where I live, NiftyServe still exists > and its customers still put raw Shift JIS in their headers > occasionally. I'm not going to bet on AOL's timely demise. It took a major meteor hit to wipe out the dinosaurs! > > I've seen Email Feedback Reports come in on posts that went out six > > months prior. Parsing Message IDs out of this many MBs of back mail > > logs, most of them compressed, would be hugely expensive of processing > > time. > > Seriously? How many feedback reports do you get per second? Yes, it > would be a little costly, but presumably they give something like a > date, you can narrow it down to a few MB I would guess. Weeeelll ... The average number of feedback reports / second received on my servers is pretty managable, actually ;) I prefer the idea of using Resent-Message-ID and and AES encryption on the recipient address rather than mucking with log files. It would be nice to put this into the Mailman structure in such a way that I could retrieve, or access the secret key, or at least perform encryption and decryption from a withlist script. -- Lindsay Haisley | "The difference between a duck is because FMP Computer Services | one leg is both the same" 512-259-1190 | - Anonymous http://www.fmp.com | ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
