Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Identity service should do lookups based on hashed 3PIDs, not plaintext ones. #2130
ftr, there is a reason in the case of identity servers backed by another system, such as LDAP. The identity server might not know if a user exists based on hash (as it would be compute heavy to pull all the users from the external system and hash all their identifiers at that point in time), and therefore would need the plain text address so it can more easily do the lookup.
The more general cases though should be hashed, although I question to what extent we do this.