Logging of Web Usage

Aaron D. Gifford agifford at infowest.com
Fri Apr 4 18:33:46 EST 2003

So instead of one-way-hashing just the IP, hash the IP and a temporary 
throw-away secret that gets cycled at some regular interval (daily, 
weekly, monthly).  Yes, this means that the logged IPs are still 
decypherable by anyone with access to that secret, but anyone with 
access to the machine in question, the software, etc. already has the 
ability to create a covert unhashed log.  Just be sure you safely cycle 
the secret (i.e. generate it from a secure random source, store it only 
in memory or securely on the file system, don't back it up or copy it 
anywhere else, and the when you discard it, make sure the memory is 
overwritten and/or the file system safely overwritten so that it cannot 
be recovered).

One of the problems is that cycling the secret means you can't do the 
blind log statitistics gathering across secret changes that you were 
keeping the logs around for in the first place.  So you'd have to choose 
a cycling interval to balance your statistical or other log analysis 
needs against IP blinding requirements.

This does defeat some of the usefulness of the idea in the first place, 
but hey, as has been shown, just hashing the IP isn't such a good idea.

Aaron out.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list