On Tue, 14 Dec 2010 15:52:28 -0800 (PST) John Hardin <jhar...@impsec.org> wrote:
> On Tue, 14 Dec 2010, Cedric Knight wrote: > > > So a hash is best, > > Agreed. > > > and I'd suggest SHA1 over MD5. > > Just out of curiosity, why? An MD5 hash is shorter than an SHA hash > (an important consideration when you're making lots of DNS queries of > the hash), MD5 is computationally lighter than SHA, and MD5 is robust > enough for this purpose, even though artificial collision scenarios > exist. > > Granted I wouldn't sign a legal document with it any more, but for a > private perfect hash of an email address, why not? I don't see that there's all that much added security anyway. I don't think spammers are likely to intercept dns as a way of harvesting addresses. As far as general privacy is concerned, without a shared-secret anyone can generate the hash and look for known addresses. And if you don't add salt to the hash, it's going to be fairly easy to perform an efficient dictionary attack, in which case the choice of hash function makes little difference.
