Y
Hacker News
new
|
ask
|
show
|
jobs
by
charcircuit
97 days ago
A hash of a public identifier like an email is personally identifiable data.
2 comments
jounker
97 days ago
Isn’t the entire point of a cryptographically secure hash that you can’t derive the original information?
link
charcircuit
97 days ago
You can't derive the original better than guessing. With public identifiers you can just take a list of them and guess with those. If someone asks for your email they can hash it themselves and compare it against whatever databases.
link
pfortuny
97 days ago
You can always encrypt with a public key instead of hashing.
link
pbhjpbhj
96 days ago
You mean 'as well as', right?
link
pfortuny
96 days ago
No, I mean encrypting (using a random padding like OAEP-RSA) gives an undecipherable item.
link