in reply to Re^5: monastery mark-upedness (brute force)
in thread monastery mark-upedness

I wasn't going to only display the first 3 octets. And if you have the resources to post anonymous nodes from any IP address you want to, then I probably have more to fear from you than you figuring out what IP addresses anonymous postings to PerlMonks come from.

- tye        

  • Comment on Re^6: monastery mark-upedness (brute force)

Replies are listed 'Best First'.
Re^7: monastery mark-upedness (privacy)
by kyle (Abbot) on Mar 21, 2008 at 16:48 UTC

    I'm not concerned about someone forging an IP address. I'm talking about just figuring out where it is. Some of our monks my want to retain the privacy of not having their IP address available to others. If the scheme for hiding IP addresses is vulnerable to a brute force attack, we might as well just publish them in the clear.

    Admittedly, my thoughts on this are based on a design that's not completely defined, so this may all be gnashing for nothing.

[reply]

      And my point was how do you "brute force" an algorithm that is only run on the IP address that an anonymous node at PerlMonks is posted via?

      All security is relative and has the potential to be broken. So by your logic, we should just abanodon all of it.

      If somebody can spoof TCP from arbitrary IP addresses, I doubt they'll be wasting their considerable resources trying to sniff out the IP address of some "anonymous" poster to PerlMonks.

      A more realistic privacy concern is somebody realizing that some other anonymous poster is posting through their same corporate firewall. Which would simply be another reason to post "anonymously" by registering as "codejunkie" via some gmail account.

      So, no, I don't consider "brute force" a big concern for an anonymous posting IP addressing hash function. But privacy concerns certainly should be raised before something like this is implemented (something I only give moderate odds of ever happening).

      - tye        

[reply]

        Well, again, perhaps I am not understanding the proposal here, but to spell out what I have in mind...

        1. Some monk (perhaps not Anonymous Monk, but a registered user) posts a message from IP address "a.b.c.d".
        2. Along with the message, some hash of "a.b.c.d" is posted as well.
        3. The hash is such that "a.b.c" is separate from "d".
        4. Another monk can look at hash("a.b.c") and make many guesses as to what "a.b.c" is. This is the brute force.
        5. Now the other monk has the source IP of the original monk's access. This probably gives a pretty good idea of the original monk's location, which the original monk may not have wanted to be public.

        There are only 16_777_216 possibilities for "a.b.c", and that's if I search every country and every IP block that I know isn't registered to anyone.

        I think I just now figured out the disconnect here. You're saying that the algorithm for hashing IP addresses here won't be public. As such, there won't be a way for people to try a dictionary attack against it. This is why you talk about spoofing IP addresses. Without a public algorithm, the only way to run dictionary attacks would be to spoof IP addresses and see what the site calls them.

        ...and now I see you say exactly that in Re^7: monastery mark-upedness (brute force)

        You also seem to be saying that this won't be used on registered users (only the literal Anonymous Monk). If that's the case, I don't see how it would help with sock puppetry, but that doesn't really concern me.

        OK, glad that's all cleared up. Thanks for your patience.

[reply]
[d/l]

In Section Perl Monks Discussion