undefined | Better HN

0 pointscharcircuit1mo ago0 comments

A hash of a public identifier like an email is personally identifiable data.

0 comments

Isn’t the entire point of a cryptographically secure hash that you can’t derive the original information?

You can't derive the original better than guessing. With public identifiers you can just take a list of them and guess with those. If someone asks for your email they can hash it themselves and compare it against whatever databases.

pfortuny1mo ago

You can always encrypt with a public key instead of hashing.

pbhjpbhj1mo ago

You mean 'as well as', right?

pfortuny1mo ago

No, I mean encrypting (using a random padding like OAEP-RSA) gives an undecipherable item.

j / k navigate · click thread line to collapse

0 comments

jounker1mo ago

Isn’t the entire point of a cryptographically secure hash that you can’t derive the original information?

charcircuitOP1mo ago

pfortuny1mo ago

You can always encrypt with a public key instead of hashing.

pbhjpbhj1mo ago

You mean 'as well as', right?

pfortuny1mo ago

No, I mean encrypting (using a random padding like OAEP-RSA) gives an undecipherable item.

j / k navigate · click thread line to collapse