|
|
|
|
|
|
by dillondoyle
1565 days ago
|
|
|
IIRC it's sha256. Is that really reversible now? For sure on a rainbow table for something like cell phone. but i don't know why that would matter? Anyone can generate all the possible phone numbers. The whole point is that it is matchable. Like if they already have my email then they know if it's a match, but if they don't have my email they don't know what the missing email is. Like what's my email from this (without knowing my email) below:
2c03e4a168bed89f5208250cdefbe97d4d87ba7812df896311676acc2ddfcdb4 |
|
|
Names and emails can be bruteforced with various lists from existing data breaches or data brokers and you'll probably reverse 80% of them.
However reversing them is not even necessary - an adversary like Facebook can infer it based on other data, for example, let's say they know your phone number but not your email - now you buy/sign up to vendors providing both that phone number and email and they provide it to Facebook - now Facebook knows that you signed up to those vendors with your number (as they have the plain text value, can hash it on their side and compare), but they also see that there's a mysterious email hash - they don't know its plaintext value, but it perfectly matches the same vendors that have your phone number. They can infer that it's probably your email address, and while they still don't know what it is, they can use the hashed value to track you across other vendors without ever having to know the plaintext value.