From 6bb4a9e9110e58bd9a383b3957b909db7ca54222 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 18 Jun 2019 17:09:06 +0100 Subject: [PATCH] Add per-is salt consideration --- proposals/2134-identity-hash-lookup.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/proposals/2134-identity-hash-lookup.md b/proposals/2134-identity-hash-lookup.md index 45f7d5f02..f7c36e74f 100644 --- a/proposals/2134-identity-hash-lookup.md +++ b/proposals/2134-identity-hash-lookup.md @@ -89,6 +89,10 @@ versions is impractical if the hashing algorithm ever needs to be changed. Bloom filters are an alternative method of providing private contact discovery, however does not scale well due to clients needing to download a large filter that needs updating every time a new bind is made. Further considered solutions are explored in https://signal.org/blog/contact-discovery/ Signal's eventual solution of using SGX is considered impractical for a Matrix-style setup. +We could let an identity server specify its own salt for the hashes, however it +would require an extra network call before uploading 3pid hashes in order for +the client to ask the server which salt it requires. + ## Security considerations None