Am 11.07.2014 17:19, schrieb Tyler Romeo: > Most likely, we would encrypt the IP with AES or something using a > configuration-based secret key. That way checkusers can still reverse the > hash back into normal IP addresses without having to store the mapping in the > database.
There are two problems with this, I think. 1) No forward secrecy. If that key is ever leaked, all IPs become "plain". And it will be, sooner or later. This would probably not be obvious, so this feature would instill a false sense of security. 2) No range blocks. It's often quite useful to be able to block a range of IPs. This is an important tool in the fight against spammers, taking it away would be a problem. -- daniel _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
