Search for people using SHA1 hashing

Nov 2, 2008

About 10 years ago, it was actually possible to look people up by their e-mail address online. You could also find a persons e-mail by searching for his or her name. Back then there where a lot of e-mail directories that acted like the yellow pages but for e-mail addresses. Very handy, but when spam became a problem, no one was willing to publicise their e-mail address and the e-mail search quickly died out.

Years passed and nobody thinks seriously about searching for people by their e-mail address anymore. It was tossed out of our toolbox – abandoned and forgotten.

Then a few years ago, something wonderful started to happen with the web. Community sites, forums, blog platforms etc. stated publishing FOAF and SIOC documents. Both documents contain e-mail addresses of people but not in the traditional sense. They publish SHA1 hashed e-mail addresses.

You can hash an e-mail using the SHA1 algorithm but you can never reverse it. That means the hashed e-mail addresses are secured from spam bots, but they are also left public for all of us to search for. All you need to do is to hash an e-mail address and do a Google search with the hashed value. Try searching for my hashed e-mail address on Google or go hash your own e-mail.

Here is a quick way of using SHA1 algorithm to hash any string value in C#.

public static string CalculateSHA1(string value)
{
  value = value.ToLowerInvariant().Trim();
  return FormsAuthentication.HashPasswordForStoringInConfigFile(value, "sha1").ToLowerInvariant();
}

The limitations of the SHA1 e-mail search is that you can only find people that have an online profile or blog, participate in online discussions or comments on blogs. The number of searchable people will rise as more and more sites start supporting FOAF and SIOC.

* Only $4.95/month ASP.NET & Windows 2008 + IIS 7 Hosting! FREE SQL Included

Adding search capabilities to the new blog engineThe in-site search feature has been under development for a few days by Claus Christensen. Claus...AJAX and search engines – Do's and Don'tsIn the light of the immense popularity AJAX has received the last couple of months and the emerg...New search featureThe new search feature of BlogEngine.NET 1.2 is demonstrated

Comments (4) -

Morten

11/2/2008 5:26:13 PM #

Don't forget that FOAF uses a prefix of "mailto:" when computing the SHA1 of an e-mail address for foaf:mbox_sha1sum.

Also the statement "you can never reverse it" isn't quite true, but of course it's almost always impractical.

Rory Primrose

11/3/2008 2:08:26 AM #

I have a need to hash a value and use the output as a string representation like you have here. The hitch for me is that I didn't want to reference System.Web.dll as my code is not related to ASP.Net.

This has lead me to the following implementation which may be used instead of the above call to FormsAuthentication.

        private static String CalculateHash(String contents)
        {
            byte[] hash;

            using (SHA1CryptoServiceProvider provider = new SHA1CryptoServiceProvider())
            {
                hash = provider.ComputeHash(Encoding.UTF8.GetBytes(contents));
            }

            StringBuilder builder = new StringBuilder();

            for (int index = 0; index < hash.Length; index++)
            {
                byte item = hash[index];

                builder.Append(item.ToString("X2", null));
            }

            String internalValue = builder.ToString();

            return internalValue.ToLowerInvariant();
        }

Sean Carpenter

11/3/2008 2:50:18 PM #

@Rory -
To get the string representation of your hash, you can use the BitConverter class:

return BitConverter.ToString(hash).Replace("-", "").ToLowerInvariant();