Re: [Full-Disclosure] leaking

From: Marek Isalski (Marek.Isalski_at_smuht.nwest.nhs.uk)
Date: 05/12/04

  • Next message: KUIJPERS Jimmy: "Re: [Full-Disclosure] leaking"
    To: <full-disclosure@lists.netsys.com>
    Date: Wed, 12 May 2004 13:47:37 +0100
    
    

    >>> Dave Horsfall <dave@horsfall.org> 12/05/2004 13:13:07 >>>
    > Unless you have a cryptographically-secure way of generating new email
    > addresses, you will not have proved anything.

    One of the interesting things I did when tweaking something on a website was to include a piece of code which does exactly that.

    Each visitor is given a different email address. It's made up of their IP address, the Unix time and a partial hash value, encrypted with a private Serpent-256 key.

    Decrypting those addresses has been interesting.

    Regards,

    Marek Isalski
    Software Support and Data Security Manager
    Software Support, IT Projects, Directorate of Health Informatics
    Wythenshawe Hospital, South Manchester University Hospitals NHS Trust

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: KUIJPERS Jimmy: "Re: [Full-Disclosure] leaking"