https://bugzilla.wikimedia.org/show_bug.cgi?id=18981
--- Comment #10 from Daniel Friesen <[email protected]> 2011-10-03 17:20:10 UTC --- (In reply to comment #9) > As I tried to explain above, using a static salt and hashing with that is not > the same as anonymizing the IP. > > Consider this: > If someone breaks into a server running a mediawiki installation (by hacking > the server, by raiding the server location or whatever), he can de-anonymize > everything that happened in the past. This can happen afterwards, the attacker > does not need to have access at the time the edit is happening. > This is something completely different than the case if someone has permanent > access to the server. > > A solution to that would be a regularly-changing salt, maybe once a week. What is the point of storing anything at all if you're hashing and salting it in ways that preclude the ability to do blocks or attribution? Also rather than a fixed salt salting with something like the revision id would be better. I think... -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
