ProtonMail and Anonymity

Peter Lebbing peter at
Mon May 6 15:30:13 CEST 2019

On 06/05/2019 14:53, Jeff Allen wrote:
> It would be more trivial not to hash the number and say you did.

I think it's a worthwhile thing to point out that they state "because
hash functions are one-way functions, it is impossible to derive your
phone number [...]" without reservations, but that this is a false sense
of security. It is a very limited part of the complete picture, which is
that a Dutch mobile phone number has only 8 varying digits, meaning an
entropy of less than 27 bits, cryptographically laughable. And that an
adversary might not even be interested in reversing the hash at all, but
just to verify that the phone number of their target has been used to
set up a ProtonMail account.

With passphrase hashing, the passphrase should be secret. There's
nothing secret about a phone number or e-mail address. That completely
changes the picture.

For me, it's not so much that I question their methods, it's that I
question their claims. Blanketly stating "it is impossible to derive
your phone number" sounds like security theater to me, and they should
be aware of that if they are the least bit competent. That doesn't sit

I don't expect most of their clients to see through this theater. It is
their job to be open and honest about the consequences of their methods,
so their clients can make an informed choice whether they will go
through with it or not.

My 2 cents,


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list