https://bugzilla.wikimedia.org/show_bug.cgi?id=18981
--- Comment #9 from Hanno Boeck <[email protected]> 2011-10-03 16:53:29 UTC --- As I tried to explain above, using a static salt and hashing with that is not the same as anonymizing the IP. Consider this: If someone breaks into a server running a mediawiki installation (by hacking the server, by raiding the server location or whatever), he can de-anonymize everything that happened in the past. This can happen afterwards, the attacker does not need to have access at the time the edit is happening. This is something completely different than the case if someone has permanent access to the server. A solution to that would be a regularly-changing salt, maybe once a week. -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
