[12962] in cryptography@c2.net mail archive
Re: Logging of Web Usage
daemon@ATHENA.MIT.EDU (Ben Laurie)
Fri Apr 4 17:52:22 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Fri, 04 Apr 2003 12:13:47 +0100
From: Ben Laurie <ben@algroup.co.uk>
To: Bill Frantz <frantz@pwpconsult.com>
Cc: Seth David Schoen <schoen@loyalty.org>, cypherpunks@lne.com,
cryptography@wasabisystems.com,
Filed.Crypto.General@scuzzy.ben.algroup.co.uk
In-Reply-To: <v03110736bab23b47a797@[192.168.1.5]>
Bill Frantz wrote:
> At 6:16 PM -0800 4/2/03, Seth David Schoen wrote:
>
>>Bill Frantz writes:
>>
>>
>>>The http://cryptome.org/usage-logs.htm URL says:
>>>
>>>
>>>>Low resolution data in most cases is intended to be sufficient for
>>>>marketing analyses. It may take the form of IP addresses that have been
>>>>subjected to a one way hash, to refer URLs that exclude information other
>>>>than the high level domain, or temporary cookies.
>>>
>>>Note that since IPv4 addresses are 32 bits, anyone willing to dedicate a
>>>computer for a few hours can reverse a one way hash by exhaustive search.
>>>Truncating IPs seems a much more privacy friendly approach.
>>>
>>>This problem would be less acute with IPv6 addresses.
>>
>>I'm skeptical that it will even take "a few hours"; on a 1.5 GHz
>>desktop machine, using "openssl speed", I see about a million hash
>>operations per second. (It depends slightly on which hash you choose.)
>>This is without compiling OpenSSL with processor-specific optimizations.
>
>
> Ah yes, I haven't updated my timings for the new machines that are faster
> than my 550Mhz. :-)
>
> The only other item is importance is that the exhaustive search time isn't
> the time to reverse one IP, but the time to reverse all the IPs that have
> been recorded.
You only need to build the dictionary once.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
