>> The chance of a collision really is much smaller than I thought, even
>> including the birthday paradox. But rather than just say it's small and
>> ask you to take my word for it I'm providing a link. The Wikipedia page
>> for Birthday Attack has a chart that shows the probability of collision
Jeff Moss wrote:
> The chance of a collision really is much smaller than I thought, even
> including the birthday paradox. But rather than just say it's small and
> ask you to take my word for it I'm providing a link. The Wikipedia page
> for Birthday Attack has a chart that shows the probability
Rob McEwen wrote:
>>> A word of caution. Be very careful how you use the list.
>>
>> OK. I was wrong. Due to this discussion, I'm convinced that MD5 of the
>> whole (lower case!) e-mail address is best, with the entire e-mail
>> address still showing up in plain text in the DNS txt record.
>>
>>
On Wed, 29 Apr 2009, Adam Katz wrote:
Okay, back to using the second half of the MD5 (simple enough, since
that was my original implementation). Relevant code:
$hash =~ s/@.*//;
$hash =~ tr [A-Z] [a-z];
$hash = substr(Digest::MD5::md5_hex($hash),16); # 2nd 16 of 32 chars
...can you go throug
Jesse Thompson wrote:
> A word of caution. Be very careful how you use the list. The
> intended usage for the list is to prevent (or monitor) local users
> from sending email to the listed addresses. The phishers
> frequently use compromised end-user accounts to receive the
> phishing replies, s
David B Funk wrote:
> Umm, I guess you didn't understand what the ".phish.icaen.uiowa.edu" part
> of "address.phish.icaen.uiowa.edu" ment.
D'oh! Sorry, doing too many things at once. You're right, that
worked for me. However, you still have Mike's issue of 63 characters
per label and 255 charac
On Wed, 29 Apr 2009, Adam Katz wrote:
> But your very next topic is contrary to that philosophy...
>
> > BTW notice that the Google data is multi-valued in the TYPE field.
> > rather than a simple enumeration of that data into an address it
> > is better to turn it into a bit-mask, as then multipl
On Wed, 29 Apr 2009, Adam Katz wrote:
> David B Funk wrote:
> > Repeat after me, ALMOST ALL characters (octets actually) are now
> > LEGAL in DNS queries (see RFC-2181 section 11).
> >
> > There is NO need for -any- kind of munging.
>
> First, you must start and end a domain label ("octet" refers
David B Funk wrote:
When MD5sums were first proposed (in place of my wild escaping), it
seemed like a great idea. However, a voice in the back of my head,
now spoken (typed?) by Rob, has been growing louder. My
implementation now merely truncates email usernames to 16 characters
(plus the note
David B Funk wrote:
> Repeat after me, ALMOST ALL characters (octets actually) are now
> LEGAL in DNS queries (see RFC-2181 section 11).
>
> There is NO need for -any- kind of munging.
First, you must start and end a domain label ("octet" refers to IP
addresses) with a letter or number, so mungin
> When MD5sums were first proposed (in place of my wild escaping), it
> seemed like a great idea. However, a voice in the back of my head,
> now spoken (typed?) by Rob, has been growing louder. My
> implementation now merely truncates email usernames to 16 characters
> (plus the noted defanging,
On Wed, 29 Apr 2009, Jesse Thompson wrote:
A word of caution. Be very careful how you use the list. The intended
usage for the list is to prevent (or monitor) local users from sending
email to the listed addresses. The phishers frequently use compromised
end-user accounts to receive the phi
Rob McEwen wrote:
Jesse Thompson wrote:
A word of caution. Be very careful how you use the list.
OK. I was wrong. Due to this discussion, I'm convinced that MD5 of the
whole (lower case!) e-mail address is best, with the entire e-mail
address still showing up in plain text in the DNS txt reco
Rob McEwen wrote:
A word of caution. Be very careful how you use the list.
OK. I was wrong. Due to this discussion, I'm convinced that MD5 of the
whole (lower case!) e-mail address is best, with the entire e-mail
address still showing up in plain text in the DNS txt record.
But I have some q
Jesse Thompson wrote:
> A word of caution. Be very careful how you use the list.
OK. I was wrong. Due to this discussion, I'm convinced that MD5 of the
whole (lower case!) e-mail address is best, with the entire e-mail
address still showing up in plain text in the DNS txt record.
But I have some
Adam Katz wrote:
This was actually rather simple to set up. I'll publish the code
[snip]
Thanks for your efforts with this. I forwarded your message to the APER
mailing list.
A word of caution. Be very careful how you use the list. The intended
usage for the list is to prevent (or monit
Le 29/04/2009 02:40, Adam Katz a écrit :
replaces the @ with a dot (not an underscore, that's not a legal
character).
Won't that pose problems distinguishing between fred.blo...@example.tld
and f...@bloggs.example.tld ?
John.
--
-- Over 3000 webcams from ski resorts around the world - www.s
Adam Katz wrote:
Mike Cardwell contended:
It would definitely require a hashing algorithm, like MD5. IIRC
there is a maximum length for a hostname, and that is 255
characters. What if the hostname in your email address is 255
characters long on it's own...?
When MD5sums were first proposed (i
This was actually rather simple to set up. I'll publish the code
(AGPL) that runs it in a bit (I need to clean it up to withstand the
heavy-handed criticism on this list ...). Note, I'm using ZoneEdit's
free NS mirroring, which has limited bandwidth. I'm willing to pay
their minimum threshold if
19 matches
Mail list logo
