Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday August 10 2019, @05:09PM   Printer-friendly
from the I-love-the-smell-of-burning-trolls-in-the-morning dept.

Things finally came to a head on slashdot last night, and now anonymous posts are banned. No more anonymous nazi ASCII art, no anonymous racism, and no APK. More in this journal entry [Ed's Comment: And lots of interesting comments too ...].

It's one way to combat anonymous hate speech and forum spam.

[Editor (JR) We've looked at the site but we cannot find an announcement that anonymous posts are actually banned; it might simply be a case that the software is not working correctly, although it would seem to be an unlikely cause. Does anyone in our community have any additional information to categorically prove or disprove that anonymous comments are disabled?

Furthermore, as there are many more comments in the journal entry than there are here, I would recommend making any new comments on BarbaraHudson's journal entry rather than splitting the discussion into two.]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Informative) by janrinok on Saturday August 10 2019, @06:45PM (27 children)

    by janrinok (52) Subscriber Badge on Saturday August 10 2019, @06:45PM (#878392) Journal

    Not true - your IP is protected and discarded at the earliest opportunity. We cannot give anyone your IP address - we haven't got it. We use a hash, or in fact a couple of hashes - which cannot be 'unhashed' to give your IP again.

    Starting Score:    1  point
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5  
  • (Score: 1, Interesting) by Anonymous Coward on Saturday August 10 2019, @08:51PM (16 children)

    by Anonymous Coward on Saturday August 10 2019, @08:51PM (#878460)

    "A couple of hashes" so more than 1 algorithm and / or starting values, each feed the same IP address?

    Then "reversing" is quite possible, but space intensive, Example feed all IP addresses through the different versions save the results. Now you have the keys to reserve it. Look up each hash in the multiple list and look at the intersection. If the hash only maps 4 IPs to same value and you have 2 different ones, the odds are damn good for single match in the two lists. Add a third, guaranteed.

    Now since you also use machine hashes, hence you can not tell, if I am me, if i use different browsers and or different local machines. You can pin-point if 2 anonymous post are from the same person.

    It ffun livingon the bleeding edge of anonymous posting.

    • (Score: 2) by The Mighty Buzzard on Saturday August 10 2019, @10:08PM (12 children)

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Saturday August 10 2019, @10:08PM (#878492) Homepage Journal

      Technically possible, practically impossible.

      --
      My rights don't end where your fear begins.
      • (Score: 3, Interesting) by qzm on Saturday August 10 2019, @10:20PM (11 children)

        by qzm (3260) on Saturday August 10 2019, @10:20PM (#878503)

        MD5 hashes can be calculated in a single FPGA at a rate of 4Gbps+, so around 125 million hashes/second.
        There are around 3.5 billion IP addresses to use (or a bit over 4 if you want to search all, including reserved ones)
        So, it wouldnt take many FPGAs to be able to search the ENTIRE space in a second, or around half a minute for one FPGA....

        Not saying single MD5 is enough, but double hashing, etc scale without too much trouble.

        Not really impossible it seems..

        • (Score: 0) by Anonymous Coward on Saturday August 10 2019, @11:33PM

          by Anonymous Coward on Saturday August 10 2019, @11:33PM (#878548)

          4G of addresses x 1024 bit hashes plus 15 bytes for readable ip. Makes a single table only 80 byte rows so 320GB per table, so 3 tables is a 1TB. Just saw some of 1TB SSD for $90.

          No need to dump the pictures.

          Cost here is time creating the tables to reverse the hashes.

          Tech has changed over years still remember 12kB memory and 5MB removable player.

        • (Score: 0) by Anonymous Coward on Saturday August 10 2019, @11:36PM (2 children)

          by Anonymous Coward on Saturday August 10 2019, @11:36PM (#878551)

          You are assuming you know everything they are doing. They may include salt or some other extra text that adds to the complexity. You'd have to look at the public code repository.

          • (Score: 3, Informative) by The Mighty Buzzard on Sunday August 11 2019, @12:35AM (1 child)

            Us admins have access to the salt, so not really relevant. Mind you, we also have access to the servers so we could just turn logging on and match up the timestamps of posts to the access log. Using a hashed IP address was supposed to make it a nontrivial thing to find a person's IP address rather than seeing it at a glance. That and to annoy law enforcement. There really is no way to keep a determined admin from knowing anything they want to that's going on with their servers.

            --
            My rights don't end where your fear begins.
            • (Score: 2) by jmorris on Sunday August 11 2019, @07:34AM

              by jmorris (4844) on Sunday August 11 2019, @07:34AM (#878747)

              Wouldn't annoy law enforcement long. If you can regenerate the hash to know the IP is the same it means you have the salting data. Four billion tries gets the IP, worst case. Brute forcing a 32bit value isn't hard now. But if Officer Friendly has a warrant they will get in anyway, best they get what they want and go instead of setting up camp and rooting around.

        • (Score: 2) by The Mighty Buzzard on Sunday August 11 2019, @12:26AM (6 children)

          I don't have even a single FPGA, but your point is valid. I hadn't even thought of brute forcing them every single time you wanted to find one out. It really annoys me when something so inelegant turns out to be the best way to do a thing. Guess I'll be switching us over to scrypt or bcrypt or some such for the next update. Sigh.

          --
          My rights don't end where your fear begins.
          • (Score: 3, Informative) by el_oscuro on Sunday August 11 2019, @01:36AM (1 child)

            by el_oscuro (1711) on Sunday August 11 2019, @01:36AM (#878622)

            I wouldn't do that unless you want your server to melt. Bcrypt/scrypt are password hashes and are explicitly designed to be computationally expensive. The only time you want to use them is to validate a login and generate a session token.

            Another idea: Just replace the last octlet of the IP with '.X' or something and hash that.

            --
            SoylentNews is Bacon! [nueskes.com]
          • (Score: 0) by Anonymous Coward on Sunday August 11 2019, @02:05AM

            by Anonymous Coward on Sunday August 11 2019, @02:05AM (#878633)

            Coming up with a security solution is useless without knowing your threat model. What data do you want to protect with this? Who do you want to protect it from? For how long do you want that protection to last? What cost are you willing to pay for said protection? Etc. Seems like you want to protect the IP addresses from being bruted, but from whom and for how long? What server resource hit are you willing to make per post for that protection?

          • (Score: 0) by Anonymous Coward on Sunday August 11 2019, @06:40PM (2 children)

            by Anonymous Coward on Sunday August 11 2019, @06:40PM (#878930)

            Also only use 1 hash routine with one salt. Once you have 2, no matter what they are, you have cut the effectiveness by at least 1/2, more like 1/4. For evey 1 new hash method used, you add the effectiveness of hiding the IP goes down by 1/2^(n-1) to 1/2^(n). So the next question is how affective is the hash method. Like 4 IP all map the same hash. it is why then just 2 different hash methods cause the complete lost of anonymity (mathematically).

            • (Score: 2) by The Mighty Buzzard on Monday August 12 2019, @02:38PM (1 child)

              No, if both hash routines are known it is mathematically the same as one hash routine to brute force (additive for time though), assuming they use the same input (an IPv4 address).

              --
              My rights don't end where your fear begins.
              • (Score: 0) by Anonymous Coward on Tuesday August 13 2019, @05:47AM

                by Anonymous Coward on Tuesday August 13 2019, @05:47AM (#879508)

                *and* iff they have the same output space (for high-entropy output, bitcount describes it well enough)

    • (Score: 2) by janrinok on Sunday August 11 2019, @07:47AM (2 children)

      by janrinok (52) Subscriber Badge on Sunday August 11 2019, @07:47AM (#878753) Journal

      All very true but missing the point. We don't want to know your IP or who you really are. We don't care. We want to read interesting stories and take part in intelligent conversations. It doesn't always work out that way, but that is what this site is for.

      We only need the hashes so that the comments can be processed appropriately and so that we can help prevent the most frequent abuses of the site.

      • (Score: 1) by nsa on Sunday August 11 2019, @10:13PM (1 child)

        by nsa (206) on Sunday August 11 2019, @10:13PM (#878988)

        All very true but missing the point. We don't want to know your IP or who you really are. We don't care. We want to read interesting stories and take part in intelligent conversations. It doesn't always work out that way, but that is what this site is for.

        We only need the hashes so that the comments can be processed appropriately and so that we can help prevent the most frequent abuses of the site.

        Spin city. You don't want to know until you do (it falls into the category of 'most frequent abuses of the site'). I'd guess if you were more honest with yourself you'd lose the 'most frequent' qualifier because in fact what is most scary are the abuses that are infrequent, but related to negative outcomes of much greater magnitude.

        • (Score: 2) by The Mighty Buzzard on Monday August 12 2019, @02:43PM

          Nope. Frequency trumps scariness. Spam and moderation abuse are the only things we really use the hashes for. Neither of those require an actual IP, which any admin could get easily just by turning access logging on and greping for timestamps.

          --
          My rights don't end where your fear begins.
  • (Score: 0) by Anonymous Coward on Saturday August 10 2019, @09:50PM (3 children)

    by Anonymous Coward on Saturday August 10 2019, @09:50PM (#878482)

    TMB claimed he can use a rainbow table to unhash, and your system at least allows admins to track which AC is which. I see why the TOR users get so frustrated with "bad form key" errors which don't like TOR users.

    • (Score: 4, Touché) by The Mighty Buzzard on Saturday August 10 2019, @10:10PM (2 children)

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Saturday August 10 2019, @10:10PM (#878495) Homepage Journal

      I said it's technically possible with modern hardware not that either SN or I personally have the free drive space to do so (we don't). I'm not dumping my porn stash just to find out what ISP you use.

      --
      My rights don't end where your fear begins.
      • (Score: 1, Funny) by Anonymous Coward on Sunday August 11 2019, @09:16AM (1 child)

        by Anonymous Coward on Sunday August 11 2019, @09:16AM (#878793)

        I will take on for the team to provide the offsite storage to backup your porn stash.
        Except the horse porn. I was never into that.

  • (Score: 3, Interesting) by pipedwho on Saturday August 10 2019, @09:56PM

    by pipedwho (2032) on Saturday August 10 2019, @09:56PM (#878484)

    The problem with hashing a limited range of inputs is that given the full set of known variables (ie. algorithm, constants, salts, etc). A brute force matching attack is fairly trivial. With a possible search space of a maximum of 2^32 possibilities, a brute force attack won’t take very long at all. Even with a cpu intensive hash the attack time is at most 4 billion times the hash time divided by the cluster multiplier size. So unless soylent is spending multiple seconds on each hash, an attack would be quite fast.

    A solution would be to use a HSM (hardware security module) with a protected (ie. never exposed) hash key, to perform the calculation with an internal rate limit to slow down an oracle attack.

    A good practice mitigation would be to both time limit the hashes and use a random ephemeral salt that is discarded from secure memory after a reasonable time (eg. a day). This salt must not be saved or exposed. But, it obviously limits the ability to block an up mod to an AC post after that time, which is not a problem IMO, as it’s easy enough to just up mod from a different IP address if the poster really wants to.

    Anything less is security by obscurity.

  • (Score: 0) by Anonymous Coward on Sunday August 11 2019, @03:07AM (3 children)

    by Anonymous Coward on Sunday August 11 2019, @03:07AM (#878662)

    How long is that hash stored?

  • (Score: 0) by Anonymous Coward on Sunday August 11 2019, @08:29AM

    by Anonymous Coward on Sunday August 11 2019, @08:29AM (#878772)

    I am so proud of you lot.