undefined | Better HN

0 pointscuchoi1mo ago0 comments

yep, updated the copy

0 comments

Can you code up a quick sqlite database of inbound emails receieved (md5 hashed sender email), subject, body + what your claw's response would have been, if any. A simple dashboard where have to enter your hashed email to display the messages and responses.

I understand not sending the reply via actual email, but the reply should be visible if you want to make this fair + an actual iterative learning experiment.

gunapologist991mo ago

md5 is trivial to brute force.

TheDong1mo ago

No it is not. You would need an md5 preimage attack to go from md5sum to email (what I assume you mean by 'brute force')

To prove my point, c5633e6781ede1aea59db6f76f82a365 is the md5sum of an email address. What's the email address?

If the attacker already knows a given input email ('foo@gmail.com'), then any hash algorithm will identically let them see the emails.

The problem with the above proposal isn't related to hashing, it's that the email address is being used as a password to see sent contents, which seems wrong since email addresses are effectively public.

2 more replies

j / k navigate · click thread line to collapse