You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2004/04/29 20:51:17 UTC
[Bug 3333] New: RFE: Salt bayes token hash for privacy
http://bugzilla.spamassassin.org/show_bug.cgi?id=3333
Summary: RFE: Salt bayes token hash for privacy
Product: Spamassassin
Version: SVN Trunk (Latest Devel Version)
Platform: Other
OS/Version: other
Status: NEW
Severity: enhancement
Priority: P5
Component: Learner
AssignedTo: spamassassin-dev@incubator.apache.org
ReportedBy: sidney@sidney.com
I'm not sure how important this is, but I want to make sure it is called out
expkicitly for discussion.
Once we hash the bayes tokens, the db becomes less privacy sensitive. Without a
translation database, it is difficult for someone to, for example, get a list of
all people or topics that are regularly in your ham.
But what is still possible is for someone to probe the db for matches to
specific words by creatig the hash for a word and looking that up. That is still
a privacy concern.
The way to fix that is by incorporating some kind of salt with the hash, so that
we use sha1(token . salt) instead of sha1(token), where salt is a unique 20 byte
number for each db.
The number would be stored somewhere that would not be copied over with the
database if the database were to be given away.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.