-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Moin,
On Wednesday 30 August 2006 18:12, Gregory Maxwell wrote:
On 8/30/06, Simetrical
<Simetrical+wikitech(a)gmail.com> wrote:
There are only about four billion possible IP
addresses. Anyone could
just do a brute-force execution of whatever hashing algorithm we use
on every IP address. Really, though, there's no harm in storing IP
address-pageview links for a short period of time, like a day.
[snip]
H(secret + ip) can only be inverted by exhaustive search of both the
secret and the IP (or the secret if you happen to have some known H(),
IP pairs)... and the secret can be much longer than 32 bits.
So, if you can't guarantee that the hashes of the IP (including the log)
don't leak out, how can you guarantee that the secret doesn't leak out?
Answer: You can't.
The only safe way to not leak these information out is not even to store
them.
If you log this data, expect law inforcement knocking on your door next week
and ask "for all information pertaining the view of pages X, Y, Z, ...
(continue for 1000 more), or IP adresses U, V, W, ... (continue for 1000
more, in regard to $alleged_terrorist_attack_of_the_week".
However the fuss about the AOL logs showed that, at
least for search
strings, mere correlation of requests was enough to leak too much
data. I do not believe that the same is true for page hits, but
thats the consideration.
To me it seems a bit foolish of an argument though... any one of our
admins could add such a bug... any upstream ISP could sniff the
traffic.... and we all know that the US Government is already doing
so. ;) but it is what it is..... and for some reason people don't
like the prospects of the world figuring out that they have a venereal
disease. Silly people.
Maybe they just don't want the whole [censored] world to know what they
read, search, use, write, or like. See: AOL.
The next time you enter by accident your CC number, SSN, or any other data
that identifies you into the seach box of mediawiki, consider how much
better you would feel if you nobody recorded, logged, backed up, stored,
processed, and then made public your data.
Just because someone _could_ collect the data already doesn't mean Mediawiki
foundation should do, too.
Best wishes,
Tels
- --
Signed on Wed Aug 30 19:14:35 2006 with key 0x93B84C15.
Visit my photo gallery at
http://bloodgate.com/photos/
PGP key on
http://bloodgate.com/tels.asc or per email.
"Boooooooring!" - Dot, the Warner sister
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRPXI+3cLPEOTuEwVAQJ+Kgf+LCutkvBbTRwOW5mm5BwPgG8eXCPxb75V
NS/BJprzDbVLOdsRIFl6f9nhd1qRjbNdl6Q6YTCJDhsFoSaW3QeMowWrvkWRs1b5
jHAclcfnhwukjYj9bQzJKCfw3FhU9DJLLDPENt5hNe4ZgR+XfNZbM/RWAtcoWqql
aTW6FPl0jJCIq5lkR5jtB57+eRQ5FM9RpBe39iXaKwvP1G/jGonDkgL70guuVCzo
nY3QzbRDRTN1qSg4cZzmFJrRE/kbO2IWLN6TBI0mbbDn75iyNPNu8WhI2jlmbMEJ
fsU9Em25W6BX1feDLMxg5Ym5t8ccaIS8F8AYEgqPctGBLXo4sNim4w==
=6+RK
-----END PGP SIGNATURE-----