← Back to context Comment by charcircuit 20 hours ago A hash of a public identifier like an email is personally identifiable data. 5 comments charcircuit Reply jounker 19 hours ago Isn’t the entire point of a cryptographically secure hash that you can’t derive the original information? charcircuit 18 hours ago You can't derive the original better than guessing. With public identifiers you can just take a list of them and guess with those. If someone asks for your email they can hash it themselves and compare it against whatever databases. pfortuny 19 hours ago You can always encrypt with a public key instead of hashing. pbhjpbhj 1 hour ago You mean 'as well as', right? pfortuny 1 hour ago No, I mean encrypting (using a random padding like OAEP-RSA) gives an undecipherable item.
jounker 19 hours ago Isn’t the entire point of a cryptographically secure hash that you can’t derive the original information? charcircuit 18 hours ago You can't derive the original better than guessing. With public identifiers you can just take a list of them and guess with those. If someone asks for your email they can hash it themselves and compare it against whatever databases.
charcircuit 18 hours ago You can't derive the original better than guessing. With public identifiers you can just take a list of them and guess with those. If someone asks for your email they can hash it themselves and compare it against whatever databases.
pfortuny 19 hours ago You can always encrypt with a public key instead of hashing. pbhjpbhj 1 hour ago You mean 'as well as', right? pfortuny 1 hour ago No, I mean encrypting (using a random padding like OAEP-RSA) gives an undecipherable item.
pbhjpbhj 1 hour ago You mean 'as well as', right? pfortuny 1 hour ago No, I mean encrypting (using a random padding like OAEP-RSA) gives an undecipherable item.
pfortuny 1 hour ago No, I mean encrypting (using a random padding like OAEP-RSA) gives an undecipherable item.
Isn’t the entire point of a cryptographically secure hash that you can’t derive the original information?
You can't derive the original better than guessing. With public identifiers you can just take a list of them and guess with those. If someone asks for your email they can hash it themselves and compare it against whatever databases.
You can always encrypt with a public key instead of hashing.
You mean 'as well as', right?
No, I mean encrypting (using a random padding like OAEP-RSA) gives an undecipherable item.