On 8/30/06, Simetrical Simetrical+wikitech@gmail.com wrote:
There are only about four billion possible IP addresses. Anyone could just do a brute-force execution of whatever hashing algorithm we use on every IP address. Really, though, there's no harm in storing IP address-pageview links for a short period of time, like a day.
[snip]
H(secret + ip) can only be inverted by exhaustive search of both the secret and the IP (or the secret if you happen to have some known H(), IP pairs)... and the secret can be much longer than 32 bits.
However the fuss about the AOL logs showed that, at least for search strings, mere correlation of requests was enough to leak too much data. I do not believe that the same is true for page hits, but thats the consideration.
To me it seems a bit foolish of an argument though... any one of our admins could add such a bug... any upstream ISP could sniff the traffic.... and we all know that the US Government is already doing so. ;) but it is what it is..... and for some reason people don't like the prospects of the world figuring out that they have a venereal disease. Silly people.