Two days ago I posted en entry regarding the State of Michigan’s Protect MI Child initiative. The following is a response I received yesterday from Protect MI Child:
The security of the registry was a paramount concern when creating the ProtectMIChild service. Once a child’s address is confirmed by a parent to be included in the registry, the address is hashed and the plaintext version of the address is discarded. Only the hashed version of the address is stored; the plaintext version is deleted from temporary storage and overwritten with random data.
Hashing is a process similar to encryption. However, where encryption can be undone if you know a secred password, hashing is one directional. The best analogy is to a fingerprint. While your fingerprint is unique to you, it does not reveal any personal data about you. From your fingerprint alone it is impossible to tell information such as how tall you are, how old you are, or what color your eyes are. Similarly, while the hashes of the e-mail addresses are unique, there is no way to go from the hash back to the original address.
The result of this system is that even in the unlikely event that the database were compromised, the information that would be revealed is nothing but meaningless hashess.
Thank you for your interest in the Michigan Children’s Protection Registry.

9 thoughts

  1. Their assertion isn’t necessarily correct… If they’re using MD5 (or SHA1 for that matter), the hashes can be "broken" pretty quickly with Rainbow Tables. There are even a bunch of online sites that will do this for you. My hope is that they hashed on a pretty strong encryption mechanism like an SHA-512 with a decent entropy generator, though I doubt it.

  2. Ok, maybe I’m missing something but how do you prevent a spammer from realizing that an address is on the list so therefore its highly likely there are similar ones for other family members or that domain.
    I mean its great to encrypt the data but since a verification has to occur. This tool just allows the spammer to clean his list and better perpetrate his spamming.
    But hey, maybe I am missing something.

  3. .. or to reitterate a question raised in the original thread, what’s to stop someone validating against the database, finding a match and saying "Cool, now I have a child’s email address"? I.e. using it as an email validation service? If you provide a service you can’t control the end purpose behind its use, its like trying to stop people buying a burger at Wendy’s and hopping across the street to get fries at McDonalds.
    Damien

  4. I think in this case what is stopping spamers from using this list for havesting and validating emails is the cost. There are many more cheaper ways of validating email. And besides the mentality of a spammer is more like ‘the hell with demographics spam it anyway’. My concern is, that for legit companies there is now yet another regulation they must comply with.
    oh and Ben add spam to your dictionary for spell check

  5. I posted a question on their site – why has their price for legitimate Emailers to use their system gone from what the law stipulated (not more than 0.03 cents per Email checked) all the way up to 1.2 cents per Email checked? They claim they can check 10 million Email addresses per hour – well at 1.2 cents per Email, they are making $120,000 an hour – a heck of a lot of money for checking a hash table.
    So far they appear to have completely ignored my question. Their price is arbitrarily high and will drive some companies out of business while making the organizers of this little scheme quite wealthy.

Leave a Reply