Re: DNSBL for email addresses?

Thu, 23 Dec 2010 17:08:42 -0800 

On Thu, 23 Dec 2010, David F. Skoll wrote:


On Thu, 23 Dec 2010 16:33:59 -0800 (PST)
John Hardin <jhar...@impsec.org> wrote:

[...]


To digress, I would suggest the solution to that (and what I wish PGP
had implemented from day one) is to sign using two different
cryptographic hash algorithms (e.g. MD5 _and_ SHA1). It's extremely
unlikely that two different hash algorithms would have the same
collision failure mode - i.e. it would be effectively impossible to
generate a single plaintext that would generate the desired hashes
for _both_ algorithms.


I'm sure I read somewhere that in many cases, hashing with two
different hash functions is as strong as the stronger of the two
functions, but not any stronger than that.

It's still a good idea if you don't know for sure *which* one is the
stronger function.

See "Concatenation of cryptographic has functions" at
http://en.wikipedia.org/wiki/Cryptographic_hash_function


Thanks, I'll read that.


Back on-topic: I don't think it's a problem to have a reversible way
of encoding email addresses if they're used for blocking.  The
anti-phishing email reply address project produces a cleartext list of
known phishing senders.  These are (typically) compromised email
accounts where the sender cannot continue to use the account and also
change the sending address, so it does no harm to leave it in the
clear.
But the known-evil addresses aren't the data being protected (however poorly) - the email addresses from your inbound mail that you're checking against the list of evil addresses (which may include correspondents who don't want their email addresses spread about publicly) are what you're protecting. 

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
  does quite what I want. I wish Christopher Robin was here."
                                           -- Peter da Silva in a.s.r
-----------------------------------------------------------------------
 2 days until Christmas

Reply via email to