On 5/5/19 4:20 PM, Michał Górny wrote: > > Don't you think that brute-forcing a hash of a phone number would be > trivial? >
It would be more trivial not to hash the number and say you did. ProtonMail claims they hash the number and store it unlinked to your account. Their stated objective is to prevent the same phone number or email address from being used to sign up for numerous accounts. As I said, I believe them. You apparently do not. People who don't trust ProtonMail shouldn't use it. Why believe them about end-to-end encryption if you can't trust them? That would seem to me to be a bigger concern than how they handle your number or email address. Jeff _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
