02-11-2017, 07:35 PM
I work with nonprofits who often share their email lists lower cased and hashed with unsalted md5 in order to verify how many people signed a petition, etc.
That sounds like it would be fairly trivial to crack. I haven't been able to figure it out yet. But i'd like to show on my list rather than just say that it can be done.
Two Questions:
1. Someone who knows what they're doing could unhash someone's email list fairly easily, right?
2. What is the mask I should be using? Roughly ten percent of my list has a dot in the name. If they have a number in the name, it's at the end usually.
The vast majority of emails are from these domains.
@gmail.com
@yahoo.com
@aol.com
@hotmail.com
@comcast.net
@sbcglobal.net
@msn.com
@verizon.net
@earthlink.net
@att.net
I feel like I need to relearn regular expressions in backwards land....
That sounds like it would be fairly trivial to crack. I haven't been able to figure it out yet. But i'd like to show on my list rather than just say that it can be done.
Two Questions:
1. Someone who knows what they're doing could unhash someone's email list fairly easily, right?
2. What is the mask I should be using? Roughly ten percent of my list has a dot in the name. If they have a number in the name, it's at the end usually.
The vast majority of emails are from these domains.
@gmail.com
@yahoo.com
@aol.com
@hotmail.com
@comcast.net
@sbcglobal.net
@msn.com
@verizon.net
@earthlink.net
@att.net
I feel like I need to relearn regular expressions in backwards land....