NotesActor hash shortening

Actor hash shortening

On envelopes, actor hashes are shortened to 24 bytes (192 bits) to prevent actor hash scavenging.

A bot could try to discover large amounts of actor hashes by repeating the following procedure:

  1. List the messages of a known actor.
  2. Read all envelopes, and scan them for actor hashes.

Step 1 is possible on stores with a lenient box listing policy, where any actor can list any box. Step 2 would be possible if full actor hashes were mentioned on the envelopes.

By shortening actor hashes to 24 bytes, the above cycle is interrupted.