1

Imagine you want to create a "secure" messaging app which must comply to:

If someone has access to server databases, he/she can not identify the user from the field your using to substitute the normal username / email.

This solution seems interesting.

But I wonder:

  • If there are any better (more secure) alternatives
  • What hashing mechanism one should use
Community
  • 1
  • 1
marco alves
  • 1,707
  • 2
  • 18
  • 28

1 Answers1

0

Not really. Hashes are good for hiding secret information, like passwords. For information like email addresses, which are usually quite easily guessed/googled, an attacker could easily pre-generate a huge list of hashes for a database of email addresses and quickly use a reverse lookup to find out if a given hash (on your system) matches up with one of the addresses in the database. That's putting aside the fact that hashes are not unique, which probably isn't a problem with a big enough hash address space.

Generally, if you want anonymous IDs, you should use randomly generated ones.

Chris Shain
  • 50,833
  • 6
  • 93
  • 125
  • However, using a random IDs may be become totally impractical if think of use case of native mobile messaging app: user A may know user B's email, but it doesn't have access to its random ID... I wonder if using a combination of email hash + salt + secret would do the trick of getting anonymity without sacrificing implementability. – marco alves Jan 12 '14 at 02:16