Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Saturday August 10 2019, @05:09PM   Printer-friendly
from the I-love-the-smell-of-burning-trolls-in-the-morning dept.

Things finally came to a head on slashdot last night, and now anonymous posts are banned. No more anonymous nazi ASCII art, no anonymous racism, and no APK. More in this journal entry [Ed's Comment: And lots of interesting comments too ...].

It's one way to combat anonymous hate speech and forum spam.

[Editor (JR) We've looked at the site but we cannot find an announcement that anonymous posts are actually banned; it might simply be a case that the software is not working correctly, although it would seem to be an unlikely cause. Does anyone in our community have any additional information to categorically prove or disprove that anonymous comments are disabled?

Furthermore, as there are many more comments in the journal entry than there are here, I would recommend making any new comments on BarbaraHudson's journal entry rather than splitting the discussion into two.]


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by The Mighty Buzzard on Sunday August 11 2019, @12:26AM (6 children)

    I don't have even a single FPGA, but your point is valid. I hadn't even thought of brute forcing them every single time you wanted to find one out. It really annoys me when something so inelegant turns out to be the best way to do a thing. Guess I'll be switching us over to scrypt or bcrypt or some such for the next update. Sigh.

    --
    My rights don't end where your fear begins.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Informative) by el_oscuro on Sunday August 11 2019, @01:36AM (1 child)

    by el_oscuro (1711) on Sunday August 11 2019, @01:36AM (#878622)

    I wouldn't do that unless you want your server to melt. Bcrypt/scrypt are password hashes and are explicitly designed to be computationally expensive. The only time you want to use them is to validate a login and generate a session token.

    Another idea: Just replace the last octlet of the IP with '.X' or something and hash that.

    --
    SoylentNews is Bacon! [nueskes.com]
  • (Score: 0) by Anonymous Coward on Sunday August 11 2019, @02:05AM

    by Anonymous Coward on Sunday August 11 2019, @02:05AM (#878633)

    Coming up with a security solution is useless without knowing your threat model. What data do you want to protect with this? Who do you want to protect it from? For how long do you want that protection to last? What cost are you willing to pay for said protection? Etc. Seems like you want to protect the IP addresses from being bruted, but from whom and for how long? What server resource hit are you willing to make per post for that protection?

  • (Score: 0) by Anonymous Coward on Sunday August 11 2019, @06:40PM (2 children)

    by Anonymous Coward on Sunday August 11 2019, @06:40PM (#878930)

    Also only use 1 hash routine with one salt. Once you have 2, no matter what they are, you have cut the effectiveness by at least 1/2, more like 1/4. For evey 1 new hash method used, you add the effectiveness of hiding the IP goes down by 1/2^(n-1) to 1/2^(n). So the next question is how affective is the hash method. Like 4 IP all map the same hash. it is why then just 2 different hash methods cause the complete lost of anonymity (mathematically).

    • (Score: 2) by The Mighty Buzzard on Monday August 12 2019, @02:38PM (1 child)

      No, if both hash routines are known it is mathematically the same as one hash routine to brute force (additive for time though), assuming they use the same input (an IPv4 address).

      --
      My rights don't end where your fear begins.
      • (Score: 0) by Anonymous Coward on Tuesday August 13 2019, @05:47AM

        by Anonymous Coward on Tuesday August 13 2019, @05:47AM (#879508)

        *and* iff they have the same output space (for high-entropy output, bitcount describes it well enough)