Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^2: to distinguish between [Anonymous Monk]s in a thread, brand 'em

by Jenda (Abbot)
on Sep 29, 2011 at 15:57 UTC ( [id://928606]=note: print w/replies, xml ) Need Help??


in reply to Re: to distinguish between [Anonymous Monk]s in a thread, brand 'em
in thread to distinguish between [Anonymous Monk]s in a thread, brand 'em

As we really only care about the different AnonyMonks within a thread, the hash should be generated by something more like crypt( $sessionid.$ip.$nodeid , '42' );

And I do think it would be nice to have this.

Jenda
Enoch was right!
Enjoy the last years of Rome.

Replies are listed 'Best First'.
Re^3: to distinguish between [Anonymous Monk]s in a thread, brand 'em
by mr_mischief (Monsignor) on Oct 06, 2011 at 20:47 UTC
    I'd take IP out of it. Having the node ID, the session ID could only be a certain number of things that would hash properly from a valid IP. This would give a motivated person a fair chance at getting a network and possibly a geographic fix on a person. That's not very anonymous. The session and the node ID should be enough, as the session ID should be unique.

      This would give a motivated person a fair chance at getting a network and possibly a geographic fix on a person.

      I'm not a cryptographer, but I think that is practically impossible

      Four pieces of information are used to calculate hash : salt, sessionid, ip, nodeid

      The salt doesn't have to be shared

      A fifth piece of secret information could also be used

      Only the hash and nodeid are publically accessible information

      The salt and the 5th piece can be rotated either randomly or periodically (every other week) --- good luck using crypt breaker on a moving target

      And for the biggest shocker :) the hash doesn't even have to be shared! There doesn't even have to be a hash

      The whole scheme could , instead of a dynamically computed hash, simply use a randomly assigned number, or color

      For the sake of argument, even if it were possible to break crypt and get an IP address -- so what?

      Where is the motivation? Perlmonks isn't used for commerce or political or criminal publishing, so where is the attraction to try and reverse engineer an IP out of this hash?

      ? Some random nefarious perlmonk wants to prove that X post by Anonymous Monk was really posted by mr_mischief, because the IP is the same? in same block? same IPS? So he can say AHA , GOTCHA!?

      :D

      As BrowserUk says, Gods here can and do use their privilege to see through anonymity sham -- and goverments don't even need to be Gods

      So, ip , no ip, I don't think it makes a difference :)

        I didn't see a random salt per user in the example. There really shouldn't need to be a random salt. The point is anonymity, so leave anything that ties it to the user at all out. There's no need to prevent sensitive information leaking if there's no sensitive information. A crypt on the session ID and the root node ID should be plenty to assure separation of credit for the thread, so why include anything else in a publicly displayed string?

        This all kind of assumes the idea would be picked up anyway, which is not by any means a foregone conclusion. It's all just painting a bike shed that may never be assembled.

        The level of information trusted to the site admins shouldn't by default be trusted to everyone. Don't assume that giving up IP information to the public would be okay with everyone just because it's okay with you. Apparently you're forgetting (or simply not aware, but that's doubtful) of the issues of stalking and harassment other people have had to deal with.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://928606]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (6)
As of 2024-03-28 14:13 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found