|
Firewall Wizards
mailing list archives
Re: "Who else picked this one up?"
From: Adam Shostack <adam () homeport org>
Date: Sat, 1 May 1999 11:08:52 -0400
If you use a long salt (say a block) for each IP before hashing, then
its easy to see, when submitting an entry, if that entry is already
present (2 hash operations), but brute forcing the space becomes
impractical.
I don't have any thoughts on the reputational or other deep issues,
but wanted to toss in a way to effectively privatize the addresses
while allowing 'good contributers' to check that their data either
matches or doesn't match existing entries.
Adam
On Fri, Apr 30, 1999 at 08:52:17PM -0400, Marcus J. Ranum wrote:
| Paul Robertson writes:
| >A hashed IP address isn't going to be really useful as a cover if it's
| >easily recreated, and not so useful as a tool if it isn't. I'd rather
| >see heavy disclaimers that packets may be spoofed and real addresses.
|
| True. This is a Hard Problem(tm) - I was toying with 3 choices:
| 1) Send up hashed addresses
| 2) Send up keyed hashed addresses
| 3) Send up actual addresses
|
| Hashed addresses has the advantage that we're not publishing a
| "black list" of addresses. It has the disadvantage that someone
| can pretty easily brute force the hashes.
|
| Using keyed hashed addresses has the advantage that only the
| person who submits the address can verify that it matches
| previous/other entries. So groups of network managers who are
| cooperating could share the keys and generate useful information
| without sharing it. It has the disadvantage that correlation
| across addresses would then be impractical/useless.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
 By Date 
By Thread
Current thread:
Re: "Who else picked this one up?" dreamwvr (May 03)
Re: "Who else picked this one up?" Adam Shostack (May 03)
Re: "Who else picked this one up?" Carsten Goebels (May 03)
RE: "Who else picked this one up?" Russ (May 05)
|
Intro
