-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Moin,
On Wednesday 30 August 2006 18:12, Gregory Maxwell wrote:
On 8/30/06, Simetrical Simetrical+wikitech@gmail.com wrote:
There are only about four billion possible IP addresses. Anyone could just do a brute-force execution of whatever hashing algorithm we use on every IP address. Really, though, there's no harm in storing IP address-pageview links for a short period of time, like a day.
[snip]
H(secret + ip) can only be inverted by exhaustive search of both the secret and the IP (or the secret if you happen to have some known H(), IP pairs)... and the secret can be much longer than 32 bits.
So, if you can't guarantee that the hashes of the IP (including the log) don't leak out, how can you guarantee that the secret doesn't leak out? Answer: You can't.
The only safe way to not leak these information out is not even to store them.
If you log this data, expect law inforcement knocking on your door next week and ask "for all information pertaining the view of pages X, Y, Z, ... (continue for 1000 more), or IP adresses U, V, W, ... (continue for 1000 more, in regard to $alleged_terrorist_attack_of_the_week".
However the fuss about the AOL logs showed that, at least for search strings, mere correlation of requests was enough to leak too much data. I do not believe that the same is true for page hits, but thats the consideration.
To me it seems a bit foolish of an argument though... any one of our admins could add such a bug... any upstream ISP could sniff the traffic.... and we all know that the US Government is already doing so. ;) but it is what it is..... and for some reason people don't like the prospects of the world figuring out that they have a venereal disease. Silly people.
Maybe they just don't want the whole [censored] world to know what they read, search, use, write, or like. See: AOL.
The next time you enter by accident your CC number, SSN, or any other data that identifies you into the seach box of mediawiki, consider how much better you would feel if you nobody recorded, logged, backed up, stored, processed, and then made public your data.
Just because someone _could_ collect the data already doesn't mean Mediawiki foundation should do, too.
Best wishes,
Tels
- -- Signed on Wed Aug 30 19:14:35 2006 with key 0x93B84C15. Visit my photo gallery at http://bloodgate.com/photos/ PGP key on http://bloodgate.com/tels.asc or per email.
"Boooooooring!" - Dot, the Warner sister