Can you code up a quick sqlite database of inbound emails receieved (md5 hashed sender email), subject, body + what your claw's response would have been, if any. A simple dashboard where have to enter your hashed email to display the messages and responses.
I understand not sending the reply via actual email, but the reply should be visible if you want to make this fair + an actual iterative learning experiment.
No it is not. You would need an md5 preimage attack to go from md5sum to email (what I assume you mean by 'brute force')
To prove my point, c5633e6781ede1aea59db6f76f82a365 is the md5sum of an email address. What's the email address?
If the attacker already knows a given input email ('foo@gmail.com'), then any hash algorithm will identically let them see the emails.
The problem with the above proposal isn't related to hashing, it's that the email address is being used as a password to see sent contents, which seems wrong since email addresses are effectively public.
Can you code up a quick sqlite database of inbound emails receieved (md5 hashed sender email), subject, body + what your claw's response would have been, if any. A simple dashboard where have to enter your hashed email to display the messages and responses.
I understand not sending the reply via actual email, but the reply should be visible if you want to make this fair + an actual iterative learning experiment.
md5 is trivial to brute force.
No it is not. You would need an md5 preimage attack to go from md5sum to email (what I assume you mean by 'brute force')
To prove my point, c5633e6781ede1aea59db6f76f82a365 is the md5sum of an email address. What's the email address?
If the attacker already knows a given input email ('foo@gmail.com'), then any hash algorithm will identically let them see the emails.
The problem with the above proposal isn't related to hashing, it's that the email address is being used as a password to see sent contents, which seems wrong since email addresses are effectively public.
2 replies →