Skip to content
This repository has been archived by the owner on Aug 6, 2023. It is now read-only.

Id hashes probably leak IP addresses, can be used to correlate users across hosts #6

Open
jdpage opened this issue Jan 31, 2021 · 5 comments
Open

Id hashes probably leak IP addresses, can be used to correlate users across hosts #6

jdpage opened this issue Jan 31, 2021 · 5 comments

Comments

@jdpage
Copy link

jdpage commented Jan 31, 2021

My math (and my idea of your threat model) might be wrong here, but I'm guessing that you're displaying hashed IP addresses as ids so as not to publish people's IP addresses.

For IPv4, 8 characters of a sha256 hash is probably enough to get the address back, since that's 32 bits of entropy, and IPv4 addresses only have 32 bits of entropy to start with. It'd be pretty trivial to construct a rainbow table mapping 8-char hashes back to IPv4 addresses (it'd take a few hours and about <80GB of disk space), and I'd expect it to have very very few collisions. (I can test this if you'd like.)

Truncating the hash further or salting it with some server-side secret would fix this, if it's something you think needs fixing. Using a server-side secret would also prevent people from correlating ids across multiple hosts.

Apologies if this is something you've already thought of or isn't relevant to your threat model. Hope you have a lovely day, and thank you for making this!
@makew0rld
Copy link
Owner

Hmm, I should've though of this. Thanks for bringing it up. gemlikes is pretty much just a toy project, but salting would likely be a good idea. Perhaps it could just be a string variable in the config?

I'd be happy to take a PR for this.

@steven-kraft
Copy link
Contributor

Perhaps it could just be a string variable in the config?

I was thinking the same thing, but with the config file in the same directory as the binaries it may be publicly accessible.

I guess it depends on how the server is configured, but the one I'm using right now lets me download the toml file. 😭

@makew0rld
Copy link
Owner

Ah no, you're right. Not sure what a good solution is then.

@steven-kraft
Copy link
Contributor

steven-kraft commented Feb 16, 2021
edited
Loading

Maybe instead of asking the user for a string, you could generate one and store it somewhere in the data folder? Or have the user put it there maybe? I'm thinking that should be safe, but I'm not 100% sure.

@makew0rld
Copy link
Owner

Sounds good yep. Probably generating it if it doesn't exist is the way to go, and then just using it again and again.

Would be happy to have a PR for this.

@jdpage jdpage mentioned this issue Feb 28, 2021
Open
jdpage added a commit to anachronauts/gemlikes that referenced this issue Mar 2, 2021
@jdpage
Use salt when generating ids from ips
ffe54c1 
Implements makew0rld#6
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jdpage @steven-kraft @makew0rld