As each minute goes by, I get closer and closer to releasing the finished version of Polliethink. Although the site exists now, a more feature-complete version is on its way (hopefully this Friday, but I wont make promises). Tonight, I added an interesting (and presumably unique) feature to the site – encrypted email addresses.

Lets face it – there isn’t much point in websites storing your email address. Unless of course you have some sort of newsletter that you send out on a regular basis, or are part of a spam ring responsible for Nigerian scams, then there is no need to store the email address past the registration and verification point.

There is an exception to that rule, and in this case its a case of forgotten passwords. A secret question and answer is a great to avoid email addresses, unless of course you forget the answer to the question. In many ways, its like remembering two passwords, and if you forget the one you enter on a regular basis, how are you supposed to remember the second one?

In my opinion, email address are still a great way to recover lost passwords. But that also means keeping the email address on record. If this was any other site I wouldn’t have a problem storing the email addresses in this way, but for a touchy subject like politics, I believe that privacy is paramount. I think that its important that people feel secure online, and especially with laws like this in place.

By encrypting your email address, it allows me to have no clue as to who you are (aside from your username) while at the same time allowing you to reset your password via email. This might seem a little confusing at first, but its really simple.

Lets say you did forget your password, and you go to the password reset form to get a new one. It’ll ask you for your email address. In the background, the computer also encrypts your email in the same method that it used when you first signed up. If both of these hashes are the same, then it means you entered the same password and I can take the email address you entered into the form (which still remains unencrypted) and email you out a new password.

In addition to the privacy aspects, it also protects your address if ever my database gets hacked. If such a thing was to occur, then the only information they’ll see is a bunch of hashes that make no sense and can’t be reversed. I should also point out that this is the same method nearly all websites use to secure your passwords (although some may be stronger then others).