Also some fun takeaways: it also makes external calls to azure to load configuration and stays silent after updating for 2 weeks before showing warnings.
Moq is unusable. Needs to be forked or repoaced. Time to switch to NSubstitute.
Also some fun takeaways: it also makes external calls to azure to load configuration and stays silent after updating for 2 weeks before showing warnings.
Moq is unusable. Needs to be forked or repoaced. Time to switch to NSubstitute.
It’s hard for me to believe someone who spent time implementing such a system would fall for such an obvious fallacy of what hashing can do. It’s like hashing phone numbers, completely worthless - if the list of values it could be is limited you can simply brute force it. Take some available lists of known emails, take all known domains or mail servers and try github@domain, try some basic password cracking methods, dictionary attacks and simply append @gmail.com etc., I’d be surprised if you couldn’t de"anonymize" 99.9% of mails pretty much instantly.
But right at the start of the projects readme we have “The resulting opaque string (which can never reveal the originating email) is the only thing used”. “never” is something you wouln’t say about salted passwords hashed with sha512, for unsalted emails it’s asenine
The more details I read, the better this gets.