

Dutch search engine ignores IP addresses - fauigerzigerk
http://www.theregister.co.uk/2009/01/29/ixquick_ignores_ips/

======
PonyGumbo
Nice try, NSA.

------
axod
"The technical need to store IP addresses for 48 hours – blocking automated
use of Ixquick's servers – has been overcome by recent technological
developments,"

Umm what? recent? You've been able to hash the IP for quite a while now, to
protect against abuse, etc but to protect anonymity.

I believe that's pretty standard if you want a unique ID for a users IP, but
don't want to store IPs.

Maybe I'm missing something...

~~~
DenisM
please stay away from designing anything related to securty. or at least point
your users to this thread. thanks.

~~~
axod
What an excellent counter-argument you pose. Well done.

I guess I should have also put:

Don't use a standard hashing algorithm without salt

In addition, make the salt secret - type it in when the program starts.

Or as sho suggests transmit it from an out of jurisdiction site over a secure
channel.

To be honest I assumed those points would be obvious. We're on Hacker news,
not Digg.

~~~
sho
Digg? No need to get insulting.

Anyway, you're wrong about almost everything. You misunderstand what a hash
function is. It is not an encryption algorithm. Both the hash and the salt are
_supposed_ to be known to the attacker. And by the way, salts are supposed to
be _unique per record_.

An ideal hash function is supposed to be an irreversible, unfakeable process
regardless of the attacker's knowledge of all components going in. That
knowledge is assumed! My whole point is that while this is a very useful tool,
it doesn't work for data sets small enough to brute force. This is elementary.

Your response, cobbling together some kind of poor man's encryption by padding
out the plaintext before hashing with a secret salt, is ridiculous. If you
have a secret key then just ENCRYPT!

Geeze man, GP was a bit rude, but if you're this stubborn about something
you're obviously wrong about, maybe you _should_ keep far away from security
..

~~~
axod
Hey :) I know what a hash function is. I also know the trade offs between
using a hash and full blown encryption.

"salts are supposed to be public. Furthermore, they're supposed to be unique
per record."

There are no rules you know :/ For something like this, where you're just
trying to make a log of IPs unreadable by the government/hackers/whatever, I'd
still say a hash is the best bet.

Your point about may as well encrypt is a valid one, but may result in higher
complexity/cpu usage/mem usage/storage, for not much added security. It
depends just how secure you want to be.

I think we've flogged this one to death though :)

~~~
sho
Well, true, there are no hard and fast rules. Whatever works. Some things work
better than others, though!

The hypothetical system we're arguing about is kind of ridiculous anyway. No-
one is going to go to these lengths to protect just one tiny aspect of their
operation, and if they did, it would be dwarfed by everything else. And this
hypothetical secret-keeping operator is just going to tell the cops the secret
within 5 minutes anyway. You can't "defeat" a country's own government, on
their turf, like this.

And let's not even think about the time we've wasted arguing about storing the
IPs when the real solution would seem to be to just not store the damn search
string ..

Lol, this horse is dead all right.

------
gojomo
Not the first -- Cuil also claims not to log IP addresses.

