From ffbfde8a09cad00fa178e2dd1817b7cac1abf9e5 Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Fri, 26 Jul 2019 11:40:20 +0100 Subject: [PATCH 1/2] Update proposals/2134-identity-hash-lookup.md Co-Authored-By: Hubert Chathi --- proposals/2134-identity-hash-lookup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/2134-identity-hash-lookup.md b/proposals/2134-identity-hash-lookup.md index 2abbc5a98..1872af69a 100644 --- a/proposals/2134-identity-hash-lookup.md +++ b/proposals/2134-identity-hash-lookup.md @@ -34,7 +34,7 @@ The rainbow table attack is not perfect, because one does need to know email addresses and phone numbers to build it. While there are only so many possible phone numbers, and thus it is relatively inexpensive to generate the hash value for each one, the address space of email addresses is much, much -wider. If your email address is not share a common mailserver, decently long +wider. If your email address does not use a common mail server, is decently long or is not publicly known to attackers, it is unlikely that it would be included in a rainbow table. From 5580a2a1a9796d68eab2c71dbee3f67d31ebe1ad Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Fri, 26 Jul 2019 11:40:38 +0100 Subject: [PATCH 2/2] Update proposals/2134-identity-hash-lookup.md Co-Authored-By: Hubert Chathi --- proposals/2134-identity-hash-lookup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/2134-identity-hash-lookup.md b/proposals/2134-identity-hash-lookup.md index 1872af69a..1df58df15 100644 --- a/proposals/2134-identity-hash-lookup.md +++ b/proposals/2134-identity-hash-lookup.md @@ -70,7 +70,7 @@ carl@example.com denny@example.com ``` -The client will hash each 3PID as a concatenation of the medium and address, +The client will hash each 3PID as a concatenation of the address and medium, separated by a space and a pepper appended to the end. Note that phone numbers should be formatted as defined by https://matrix.org/docs/spec/appendices#pstn-phone-numbers, before being