Hi Ben,
thanks for your answer.
On 06.10.2010 01:11, Ben Noordhuis wrote:
Hi Franz, welcome. Replies inline:
On Wed, Oct 6, 2010 at 00:49, Franz Schwartau fr...@electromail.org wrote:
How should the module react to a failed initialization of seed_rand() in
iphash_create_server_config()
This is why mod_log_iphash adds a random, unknown 128 character string
in front of the IPv4 address before hashing with MD5. So you have to
search within 64^128 * 2^32 possibilities instead of just 2^32. :-)
On 06.10.2010 07:16, Ted Dunning wrote:
It is less a matter of time than you calculate.
Hi!
I wrote a small module to fulfil a privacy policy where logging of the
ip address is not allowed. It adds a new directive to LogFormat which
generates a MD5 hash of a salted ip address. It makes it look like a
IPv6 address. Thus statistics tools like AWstats have a chance to work.
If you really want security, you should note that exhaustive search will
crack this kind of hashing pretty quickly.
Changing the salt and making sure that nobody knows what the salt is helps a
little bit.
On Tue, Oct 5, 2010 at 3:49 PM, Franz Schwartau fr...@electromail.orgwrote:
Hi!
I wrote
Hi Franz, welcome. Replies inline:
On Wed, Oct 6, 2010 at 00:49, Franz Schwartau fr...@electromail.org wrote:
How should the module react to a failed initialization of seed_rand() in
iphash_create_server_config() (line 90)? Returning NULL in
iphash_create_server_config() doesn't seem to help.
Yes, of course, but all (cryptographic) hash functions are vulnerable
to brute force attacks. It's just a question of effort/time.
The salt used in mod_log_iphash is 128 characters long. So we have
64^128 + 2^32 (for the concatenated IPv4 address) possibilities. If you
want you can increase
It is less a matter of time than you calculate.
For IPV4, you only have 32 bits to search.
On Tue, Oct 5, 2010 at 4:13 PM, Franz Schwartau fr...@electromail.orgwrote:
Yes, of course, but all (cryptographic) hash functions are vulnerable
to brute force attacks. It's just a question of