ehsbsh OP wrote on September 8, 2018 at 1:18 AM

Reply to comment by jaidedctrl in Does coinish ban "undesirable" content? by ehsbsh

btw are ips logged on coinish/ in the console at submission time?

jaidedctrl wrote on September 8, 2018 at 1:37 AM (edited on September 8, 2018 at 2:47 AM)

I wrote about this in an edit— no, I don't save IPs or log anything at all, really.
If I get an influx of kiddie porn or something, I might start temporarily storing sha256 checksums of IPs or something like that to protect privacy, but I want to avoid that until it's absolutely necessary. That'll almost certainly never happen though, and if it does I'll be loud about it.

AgitatedStatesOfAmazement wrote on September 8, 2018 at 12:26 PM

What does hashing 4 bytes accomplish? It would take like 1/20th of a second to brute force and reverse

jaidedctrl wrote on September 8, 2018 at 3:18 PM (edited on September 8, 2018 at 3:19 PM)

Yea, I know that. I wouldn't literally just be using sha256, there would be a lot of salt (chosen at random; even if it makes the ban-system a lot less fool-proof). I haven't really thought about this much, since it's probably not going to happen, anyway.

Hyolobrika wrote on September 21, 2018 at 2:38 PM

I probably don't know as much about tech but why would you need a salt? I'm curious.

jaidedctrl wrote on September 21, 2018 at 10:23 PM

if you get the sha256 hash of 12 characters or so, like in an IP address (XXX.XXX.XXX.XXX) there are only around 61917364224 (12^10) possible values.
That might seem like a lot, but a computer can create all of these values and then find the sha256 hashes of them quickly, then save them all in a list of hash-to-IP values.

Then, the hashed IPs that would be logged could easily be compared with the list of hash-to-IP values to find actual IP addresses.

Basically, storing a hash of an IP isn't obfuscation at all.

But throwing salt into the mix— making the hash values of the IP addresses less predictable— would make it very hard to calculate all potential addresses, especially if the salt is completely random.

Let's say that IPs would be hashed as "XXX.XXX.XXX.XXX" with a near-random amount of random characters at the end (salt), determined once every 24 hours. Assuming true randomness, something like that would make them incredibly difficult to predict the hash-to-value list of.