password recovery without saving user email

hey there. I'm developing a website and i want to have a password recovery system for the users who lost their password, but i don't want to save the user email address or any private data. i thought of saving a hash 开发者_运维知识库of the email address but if the db is compromised one could check if an email address is registered and which account it belongs to. do you have any ideas?

To protect against the DB being compromised and hashes extracted, just add some random (but constant string) to all email addresses before cashing. E.g. add "BLABLABLA" to turn "joe@example.com" into "joe@example.comBLABLABLA" before hashing. It's still not perfect, but now an attacker needs your DB, your application code, reverse engineer it, and know that that's what he needs to do in the first place (there is no hint in the DB that your application modifies the email address before hashing).