Rob McEwen wrote: >>> A word of caution. Be very careful how you use the list. >> >> OK. I was wrong. Due to this discussion, I'm convinced that MD5 of the >> whole (lower case!) e-mail address is best, with the entire e-mail >> address still showing up in plain text in the DNS txt record. >> >> But I have some questions: >> >> (1) is MD5 of the entire address reasonably safe from collisions. >> (consider the 'birthday paradox' before being too quick to answer) > >Yes. The chance of a collision is ridiculously small. Not worth worrying >about.
The chance of a collision really is much smaller than I thought, even including the birthday paradox. But rather than just say it's small and ask you to take my word for it I'm providing a link. The Wikipedia page for Birthday Attack has a chart that shows the probability of collision for hashes of various lengths. http://en.wikipedia.org/wiki/Birthday_attack Jeff Moss
