|Keep It Simple, Stupid|
Re^4: to distinguish between [Anonymous Monk]s in a thread, brand 'emby Anonymous Monk
|on Oct 06, 2011 at 21:48 UTC||Need Help??|
This would give a motivated person a fair chance at getting a network and possibly a geographic fix on a person.
I'm not a cryptographer, but I think that is practically impossible
Four pieces of information are used to calculate hash : salt, sessionid, ip, nodeid
The salt doesn't have to be shared
A fifth piece of secret information could also be used
Only the hash and nodeid are publically accessible information
The salt and the 5th piece can be rotated either randomly or periodically (every other week) --- good luck using crypt breaker on a moving target
And for the biggest shocker :) the hash doesn't even have to be shared! There doesn't even have to be a hash
The whole scheme could , instead of a dynamically computed hash, simply use a randomly assigned number, or color
For the sake of argument, even if it were possible to break crypt and get an IP address -- so what?
Where is the motivation? Perlmonks isn't used for commerce or political or criminal publishing, so where is the attraction to try and reverse engineer an IP out of this hash?
So, ip , no ip, I don't think it makes a difference :)