Am Sun, 5 May 2019 14:32:20 -0400 schrieb Jeff Allen <jral...@runbox.com>:
> On 5/5/19 1:36 PM, Stefan Claas wrote: > > On Sun, 5 May 2019 11:22:56 -0400 > > Tony Lane <codeg...@gmail.com> wrote: > > > >> Isn't it obvious? > > > > I don't think so! Users new to privacy related > > services may think when visiting the ProtonMail > > site that they are anonymous, when seeing their > > main page: > > > > https://protonmail.com/ > > > > I suppose like anything else it all comes down to whether you believe > them or not. I do. [snip] Well, I just asked myself ... What is the purpose behind an unlinked hash. A spammer using their system, without a hash function could send successfully spam to other users, because ProtonMail is not blacklisted. When that happens a user receiving this spam can report that, so that actions can be taken. This of course requires then a bit of work, at the ProtonMail site, to remove the spammers account. Why do they use unlinked hashes? If I could sign up anonymously the hash could also be linked to my account and even if thousands of people have the same hash they could remove the spammers account. Should an unlinked hash protect users from a powerful adversary? O.k. people can now laugh at me, because I am no programmer nor cryptographer or math-geek. My assumption is that a powerful adversary has a list of all global mobile phone numbers, computes quickle the hashes for them and saves them also in a database. How long does it take to find in a database the correct hash for a given number ... Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
