02-14-2017, 05:22 PM
(02-12-2017, 08:14 AM)epixoip Wrote: Email addresses (and usernames themselves for that matter) are really no different from very weak passwords: short, predictable, low-entropy, human generated strings. And of course the domain names are also extremely predictable (you'll have some one-off domains here and there, but all the major domains are well-known and publicly available.) The cracking approach is pretty simple: list of domains in one wordlist, regular password wordlists in another wordlist, run combinator attack.
I've encountered lots (millions?) of MD5'd emails in the past and have not really had any difficulty cracking them (85-90% success rate?) See Gravatar, for instance. Really easy to get someone's email address from their Gravatar hash.
Better way to do it would be to treat the emails just like passwords, and as such, you'd use a proper password hashing algorithm like bcrypt or something.
I'd like to show people that hashing emails with MD5 is a bad idea and propose an alternative.
This is what we are doing. We (nonprofits, community organizing groups) do big swaps of emails based on double opted in co-branded petitions. People sign a petition - a legitimate petition that we do deliver in person. (For example, demanding that the Senate do background checks on all nominees.)
Then we calculate how many people each group contributed and then distribute a proportionate number of "new to list" emails to each group. That way people who sign a petition don't start receiving emails from 20 groups and get overwhelmed and each group gets back new names for their list.
It's not ideal, but it adheres to CAN-SPAM and groups that don't honor unsubscribes are blackballed forever.
The vulnerability is we share these lists of MD5 hashed email lists to determine new names. We need something.
Would SHA2 be better? If so, how?