The first reaction some people have when introduced to SG is: "Nice idea! But what's to stop a spammer from creating disposable addresses for me at will". Our response so far has been
1. It happens very infrequently
2. If it does happen you can switch to watchwords
There is a lot of practical wisdom behind that advice. But on a theoretical level I have always been unsatisfied with watchwords (or prefixes, which predate watchwords and don't provide as much flexibility). That's because once someone knows the disposable address you have created it's too easy for them to bomb your mailbox.
Recent experiences by some SG users got me thinking on whether there is a user-friendly way to fix this security hole. The user-friendly requirement is important as otherwise I could just require you to compute the MD5 hash of the "word" part of the disposable address (DA) and include the first 6 characters as the prefix. That suggestion is unworkable when we have to think up a DA on the fly and don't have access to a computer.
So what I would really like is a hash function that has the following properties:
1. it is easy to compute. i.e. without pen/paper.
2. it takes in a secret key as one of the two inputs (the other input would be the word part of the DA).
3. it is reasonably resistant to a known-plaintext attack. i.e. even if
someone knows the words and corresponding hashes for a handful of addresses they should not be able to derive the secret. note that a hash function which satisfies the first condition would not be completely immune to cryptanalysis.
I realize that it is probably not worthwhile to implement such a scheme right now. So this is largely an academic discussion. But it is an interesting exercise to try to meet all these requirements.
Ideas for such a hash function?