[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] leaking

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] leaking
From: "Marek Isalski" <Marek.Isalski@xxxxxxxxxxxxxxxxxx>
Date: Wed, 12 May 2004 13:47:37 +0100

>>> Dave Horsfall <dave@xxxxxxxxxxxx> 12/05/2004 13:13:07 >>>
> Unless you have a cryptographically-secure way of generating new email
> addresses, you will not have proved anything.

One of the interesting things I did when tweaking something on a website was to 
include a piece of code which does exactly that.

Each visitor is given a different email address.  It's made up of their IP 
address, the Unix time and a partial hash value, encrypted with a private 
Serpent-256 key.

Decrypting those addresses has been interesting.

Regards,

Marek Isalski
Software Support and Data Security Manager
Software Support, IT Projects, Directorate of Health Informatics
Wythenshawe Hospital, South Manchester University Hospitals NHS Trust


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] leaking
  - From: Dave Horsfall

Prev by Date: [Full-Disclosure] [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
Next by Date: Re: [Full-Disclosure] leaking
Previous by thread: Re: [Full-Disclosure] leaking
Next by thread: Re: [Full-Disclosure] leaking
Index(es):
- Date
- Thread