[krageon]

It cannot be reversed without a significant amount of effort (really, even when you say the "entropy is quite small" it's not actually as small as you would think) and is therefore probably reasonable. Worst case a regulating body will tell you that no, they do not think "this will take 1-10 years to reverse" is quite good enough and then you can work with them on a solution that would be good enough.

[bcoates]

Minutes to days to reverse almost the whole list, depending on budget. It's not a real obstruction except to casual snooping.

[krageon]

Could you walk me through how you come to that conclusion? I admit my estimate was very ballpark, but "minutes" seems so wildly out of line with what I think I must be making a mistake somewhere.

[bcoates]

A single AWS GPU server can hash trial passwords on the order of 100 GH/s, which puts a pretty low ceiling on "hashcat as a service" rental costs.

I'm assuming 10^12 tries per second is economical for any business.

there are about a million words, including all likely spellings of all but the rarest first and last names, so all 1 or 2 word addresses, firstname.lastnames, etc. addresses are about 10^12. try those, plus short alphanumerics, for the 1000 most common email domains -> 10^15 addresses

Throw in every name in public leak databases that doesn't meet those patterns as well.

There's on the order of 1 million domains that are likely to be serving mail at all; try the billion most likely names for each of those for another 10^15.

This should capture almost every email address that isn't an intentionally obfuscated one-off and adds up to less than an hour at 10^12/sec. There's a modest overhead to matching against a larger list but it shouldn't matter in practice

[jacquesm]

A couple of hundred bucks spent on renting GPU instances can speed things up considerably.