On Tue, 2012-06-19 at 02:11 +0900, Stephen J. Turnbull wrote:
Lindsay Haisley writes:
Why would, say, hashlib.md5(recip).hexdigest() be any more or less detectable than a reversible encryption?
Because once the idea becomes public, anybody can check the nonesense strings in your headers to see if any of them hash to the user's id. That's a lot more difficult if you use encryption based on a secret key.
Very true, and a good point. A little research turned up http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/ which is a good discussion of using AES encryption in Python. The Crypto module seems to be standard issue with Python - no special libraries required.
IMHO, AOL's days on this planet are numbered. They'll go the way of Compuserve :)
Yeah, I hope so. Unfortunately, where I live, NiftyServe still exists and its customers still put raw Shift JIS in their headers occasionally. I'm not going to bet on AOL's timely demise.
It took a major meteor hit to wipe out the dinosaurs!
I've seen Email Feedback Reports come in on posts that went out six months prior. Parsing Message IDs out of this many MBs of back mail logs, most of them compressed, would be hugely expensive of processing time.
Seriously? How many feedback reports do you get per second? Yes, it would be a little costly, but presumably they give something like a date, you can narrow it down to a few MB I would guess.
Weeeelll ... The average number of feedback reports / second received on my servers is pretty managable, actually ;) I prefer the idea of using Resent-Message-ID and and AES encryption on the recipient address rather than mucking with log files. It would be nice to put this into the Mailman structure in such a way that I could retrieve, or access the secret key, or at least perform encryption and decryption from a withlist script.
-- Lindsay Haisley | "The difference between a duck is because FMP Computer Services | one leg is both the same" 512-259-1190 | - Anonymous http://www.fmp.com |