Full Disclosure mailing list archives

Re: leaking

From: "Marek Isalski" <Marek.Isalski () smuht nwest nhs uk>
Date: Wed, 12 May 2004 13:47:37 +0100

Dave Horsfall <dave () horsfall org> 12/05/2004 13:13:07 >>>

Unless you have a cryptographically-secure way of generating new email
addresses, you will not have proved anything.


One of the interesting things I did when tweaking something on a website was to include a piece of code which does 
exactly that.

Each visitor is given a different email address.  It's made up of their IP address, the Unix time and a partial hash 
value, encrypted with a private Serpent-256 key.

Decrypting those addresses has been interesting.

Regards,

Marek Isalski
Software Support and Data Security Manager
Software Support, IT Projects, Directorate of Health Informatics
Wythenshawe Hospital, South Manchester University Hospitals NHS Trust


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: leaking, (continued)
- - - RE: leaking Alerta Redsegura (May 12)
- Re: leaking Dave Horsfall (May 12)
  - RE: leaking Alerta Redsegura (May 12)
    - Re: leaking Alexander Gretencord (May 12)
    - RE: leaking Dave Horsfall (May 12)
  - Re: leaking Nancy Kramer (May 12)
    - Re: leaking Dave Horsfall (May 12)
- Message not available
  - Re: leaking Nancy Kramer (May 12)
- RE: leaking Felipe Angoitia (May 12)
  - Re: leaking Valdis . Kletnieks (May 12)
- Re: leaking Marek Isalski (May 12)
  - Re: leaking Dave Horsfall (May 12)
- RE: leaking Felipe Angoitia (May 12)
- RE: leaking Duquette, John (May 12)
- RE: leaking Felipe Angoitia (May 13)
- Re: leaking Marek Isalski (May 13)