Why is the email hashed and then encrypted? Isn’t encryption enough?

This is a privacy-by-design decision:

  • Even though metadata is encrypted with XSalsa20-Poly1305 (very secure), the email is first hashed with SHA-256 before being encrypted.
  • This double protection ensures that even if encryption is broken in the future (e.g. via quantum computing), the original email is still not directly exposed.
  • It also allows the user to verify ownership by hashing their own email and comparing it with the decrypted value, without revealing it in cleartext.

← All questions

Still need help? Write to us at support at emoz dot io and we will get back to you as soon as we can.