Logging of Web Usage
Ben Laurie
ben at algroup.co.uk
Fri Apr 4 06:13:47 EST 2003
Bill Frantz wrote:
> At 6:16 PM -0800 4/2/03, Seth David Schoen wrote:
>
>>Bill Frantz writes:
>>
>>
>>>The http://cryptome.org/usage-logs.htm URL says:
>>>
>>>
>>>>Low resolution data in most cases is intended to be sufficient for
>>>>marketing analyses. It may take the form of IP addresses that have been
>>>>subjected to a one way hash, to refer URLs that exclude information other
>>>>than the high level domain, or temporary cookies.
>>>
>>>Note that since IPv4 addresses are 32 bits, anyone willing to dedicate a
>>>computer for a few hours can reverse a one way hash by exhaustive search.
>>>Truncating IPs seems a much more privacy friendly approach.
>>>
>>>This problem would be less acute with IPv6 addresses.
>>
>>I'm skeptical that it will even take "a few hours"; on a 1.5 GHz
>>desktop machine, using "openssl speed", I see about a million hash
>>operations per second. (It depends slightly on which hash you choose.)
>>This is without compiling OpenSSL with processor-specific optimizations.
>
>
> Ah yes, I haven't updated my timings for the new machines that are faster
> than my 550Mhz. :-)
>
> The only other item is importance is that the exhaustive search time isn't
> the time to reverse one IP, but the time to reverse all the IPs that have
> been recorded.
You only need to build the dictionary once.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list