[wp-hackers] Encrypting comment_author_IP, comment_author_email and user_email

William Canino william.canino at googlemail.com
Sat Oct 24 14:54:41 UTC 2009

> For example, if you live in an oppressive country
> where "Freedom of Speech" is not observed (and
> expressing opinions contrary to the government's
> can get you arrested, tortured, and killed

Yes, and remember guys that FoS only applies to governments. Blogging
about your employer can get you fired. Blogging about a private
individual or company can get you arrested, tortured and killed.  c.f.
the Godfather.

Thank you for your ideas, Peter and Matt. Douglas saw through my intentions.

Okay, anything sent to gravatar is unsalted md5 and is therefore
subject to rainbow tables.  My plugin must then have to cache them
locally, including fetching them as needed.  It's too much work and,
hey, does it even make sense to have gravatars when we are striving to
be anonymous? ;)

My big challenge right now for this plugin is that WordPress Core uses
"$comment->comment_author_email" in wild abandon.  A hook to
comment_author_email is worthless because nobody uses it. See

I think PKI is the way to go. I mean, why even ask for his email
address in the comment form if you won't use it to send him emails?
However, for my plugin to be of any use to others, my plugin's users
will just have to edit their other plugins so as to call my plugin's
decryptor function.

Here is my follow-up question:  How about I put the private key and
the decryption on a separate website?  For example, the plugin's
decryptor function will ask http://secret.com/secret.php to decrypt
the database column data.  Secret.com and Blog.com will have each
other's private key. Will this work?

For performance, secret.php could have a cache of results.  Good idea?


2009/10/24 Peter Westwood <peter.westwood at ftwr.co.uk>:
> On 23 Oct 2009, at 18:20, William Canino wrote:
>> Hello,
>> Has anyone heard of anyone writing a plugin that encrypts these three
>> columns in the database level?
>> a. $comment->comment_author_email, "SELECT comment_author_email FROM
>> wp_comments" and "SELECT user_email FROM wp_users" will display
>> gibberish.
>> b. comment_author_email() will display gibberish unless a condition
>> set in the plugin is true.
> If you want to truly protect the address this is not possible!
>> I would like assurance that someone who gains db access to the blog or
>> get hold of a SQL dump cannot harvest email addresses.
> You have a number of choices here:
> Encrypt with a symmetric key algorithm so you can get the email address back
> temporarily when you need it - gravatar, checking comments are from same
> author etc.
> The downside of this is you are adding a lot of extra computation to every
> page load and if someone gets access to the db it is likely they will also
> get access to steal the key and algorithm used too so you don't get much
> protection.
> You also have the implementation cost of the crypto algorithm
> Encrypt with a public-private key algorithm and don't have the private key
> on the server so you can only get the email address back offline where the
> private key exists. To handle gravatar you would have to cache the image
> locally yourself and replace the pluggable function.
> To checking comments are from same author you would have to encrypt the
> incoming email address.
> The downside of this is you have to do the caching of gravatars if you use
> them.
> You also have the implementation cost of the crypto algorithm
> Hash the email address using md5 - this is what is used to generate the
> gravatar url so you are alright there and load wise this should have little
> effect.
> A plain md5 like this will be subject to the rainbow table worries and you
> would do better to use a salted md5 but then you will need to cache the
> gravatar image.
> Using this method you can't get the email address back!
> Hope this helps!
> --
> Peter Westwood
> http://blog.ftwr.co.uk | http://westi.wordpress.com
> C53C F8FC 8796 8508 88D6 C950 54F4 5DCD A834 01C5
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list