All geek questions in one place

Logging IP addresses for uniqueness without preserving the IP address itself for confidentiality

When registering some data in a web application, I would like to make sure that I can identify data that came at different times, but from the same IP address. On the other hand, to ensure confidentiality, since the data will be published publicly, I would like to make sure that the actual IP address cannot be restored. Therefore, I need a one-way mapping of IP addresses to some other strings that provide a 1-1 mapping.

If I understand correctly, then MD5, SHA1 or SHA256 may be the solution. I wonder if they are too expensive to handle?

I would be interested in some solution though, if Perl had an implementation that would be even better.

+3
source share
6 answers

I think MD5 will be good and fast enough. You want to add some constant salt characters to avoid a rainbow / web search. For example, the string "127.0.0.1" has md5 f528764d624db129b32c21fbca0cb8d6, which has quite a few google hits. "szabgab127.0.0.1", on the other hand, gets "Your search - 501ff2fbdca6ee72247f8c61851f17b9 - does not match any documents" (until I post this answer ...)

+6
source

Use Rabin fingerprinting . It is quick and easy to implement.

Given an n-bit message m 0, ..., m n-1, we consider it as a polynomial of degree n-1 over a finite field GF (2).

p (x) k GF (2), m - r (x) f (x) p (x) GF (2) k-1 k- .

, - - , , , , , IP- . .

, , , IP-, - . , .

+1

@marcog @daxim, HMAC, HMAC-SHA, . , , .

, , , IP-. AES 128 1-1 IP-. AES ECB.

+1

MD5 SHA-1 . ⚠ . .

SHA-2 Crypt:: SaltedHash . Perl Digest:: SHA XS.

. ? ? . .

:

use Crypt::SaltedHash;
my $normalised_string_representation_of_internet_address = '::1';    # or perhaps '10.10.10.10'

# when you first get an address, make a hash and store it
my $csh = Crypt::SaltedHash->new(algorithm => 'SHA-512', salt_len => 32);
$csh->add($normalised_string_representation_of_internet_address);
my $salted = $csh->generate;

# later retrieve the hash and see whether it matches
my $valid = Crypt::SaltedHash->validate($salted, $normalised_string_representation_of_internet_address, 32);
0

, - .

- Bloom. , ++ Bloom http://www.afflib.org/ Bloom, , . , , 1 . , , IP- .

0

Another option is Crypt :: Eksblowfish :: Bcrypt . The reason this is “better” is precisely because it (eks) is thoughtful - how expensive it is to rebuild - which makes hacking attempts anywhere from a few to ridiculously impractical. For your application, you can cache encrypted IP addresses so that it is not slow when duplicates are noticed at least.

0
source

Source: https://habr.com/ru/post/1782555/

More articles:


All Articles