| > "trivially be linked" = searching 3 quadrillion possibilities? Which is trivial. Doing the same thing many times is literally what computers were invented for. Whether it's 3 times or 3 quadrillion times, it does not matter. > Suppose that in the near future that a quantum computer enables the "trivial" piercing of current anonymity assumptions, should those individuals also be fair game for doxxing: "they were never anonymous"? There are myriad ways to have provable anonymity, quantum computers are not magic. More over the best known algorithm for some kind of deanonymization under QC is still Grover's search which is a sqrt improvement, rather than anything catastrophic like Shor's. But that's also irrelevant. ejmr's "anonymization" was not anonymous under the standard cryptographic assumptions of 20 years ago, let alone 12 years ago when the software originated. To be clear, when ejmr was first started: * SHA1 was mostly cryptographically broken (that is it was considered a sufficiently determined adversary with unlimited money could break it), hence any new use of SHA-1 is definitionally wrong. * SHA is the wrong family anyway, SHA hashes are authentication codes and are therefore intentionally extremely fast to compute. It was well established in the _90s_ that authentication hashes are not appropriate for anything other than authentication, alongside numerous demonstrations of breaking password hashes which is what ejmr was essentially doing. * ejmr was not salting anything, and literally anyone with actual experience in any actual field using hashes knows that salting hashes is mandatory. This isn't "this was anonymous until computers got faster", this was not anonymous at the time it was first written, under standard cryptographic assumptions. Let's say it cost $10k for this PI to compute those hashes, then 12 years ago, assuming Moore's law, it would cost $5million to break (under simple assumptions, so I doubled to be conservative). That. is. broken. > Your casual appropriation of "triviality" to dismiss moral concerns over this paper and the authors' possible motives rings hollow in me. No. My claims are purely related to the claims that the authors of this paper are responsible for deanonymizing people that on ejmr, when ejmr catastrophically failed and misled its users. Your immediate response to my statement about triviality was to repeat "it's a big number" which belies a gross misunderstanding of the field. Anything involving hashing or cryptography is filled with giant numbers. A non-trivial attack is one that involves doing something clever to reduce the search space to make the attack possible. This attack was _literally_ "we just tried every option as fast as possible". That attack on misuse of hashing operations was identified in the 90s when people demonstrated breaking of password hashes. This attack is not clever. It does not - afaict - do anything that in anyway reduces the complexity from "try every option", it is a dumb solution to the incompetent "anonymization" performed by ejmr. That "try every option" was an option speaks to how poor the ejmr code was, and how trivial this was. As for the "morality" of the paper: there are endless "studies" of forum culture and demographics that haven't caused problems. The only problem I see is that ejmr is refusing to acknowledge that they rolled their own crypto, and predictably got it wrong. That and people like you who seem to believe this mediocre research paper is somehow responsible. |