Logging of Web Usage
Aaron D. Gifford
agifford at infowest.com
Fri Apr 4 18:33:46 EST 2003
So instead of one-way-hashing just the IP, hash the IP and a temporary
throw-away secret that gets cycled at some regular interval (daily,
weekly, monthly). Yes, this means that the logged IPs are still
decypherable by anyone with access to that secret, but anyone with
access to the machine in question, the software, etc. already has the
ability to create a covert unhashed log. Just be sure you safely cycle
the secret (i.e. generate it from a secure random source, store it only
in memory or securely on the file system, don't back it up or copy it
anywhere else, and the when you discard it, make sure the memory is
overwritten and/or the file system safely overwritten so that it cannot
be recovered).
One of the problems is that cycling the secret means you can't do the
blind log statitistics gathering across secret changes that you were
keeping the logs around for in the first place. So you'd have to choose
a cycling interval to balance your statistical or other log analysis
needs against IP blinding requirements.
This does defeat some of the usefulness of the idea in the first place,
but hey, as has been shown, just hashing the IP isn't such a good idea.
Aaron out.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list