At 6:16 PM -0800 4/2/03, Seth David Schoen wrote:
>Bill Frantz writes:
>
>> The http://cryptome.org/usage-logs.htm URL says:
>>
>> >Low resolution data in most cases is intended to be sufficient for
>> >marketing analyses.  It may take the form of IP addresses that have been
>> >subjected to a one way hash, to refer URLs that exclude information other
>> >than the high level domain, or temporary cookies.
>>
>> Note that since IPv4 addresses are 32 bits, anyone willing to dedicate a
>> computer for a few hours can reverse a one way hash by exhaustive search.
>> Truncating IPs seems a much more privacy friendly approach.
>>
>> This problem would be less acute with IPv6 addresses.
>
>I'm skeptical that it will even take "a few hours"; on a 1.5 GHz
>desktop machine, using "openssl speed", I see about a million hash
>operations per second.  (It depends slightly on which hash you choose.)
>This is without compiling OpenSSL with processor-specific optimizations.

Ah yes, I haven't updated my timings for the new machines that are faster
than my 550Mhz.  :-)

The only other item is importance is that the exhaustive search time isn't
the time to reverse one IP, but the time to reverse all the IPs that have
been recorded.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | Due process for all    | Periwinkle -- Consulting
(408)356-8506         | used to be the         | 16345 Englewood Ave.
[EMAIL PROTECTED] | American way.          | Los Gatos, CA 95032, USA



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to