683
this post was submitted on 23 Apr 2025
683 points (99.9% liked)
Privacy
2019 readers
698 users here now
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be civil and no prejudice
- Don't promote big-tech software
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 5 months ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What’s the persisted random number? Sounds like a salt, but usually each user has their own salt right? I assume we are not talking about logged in users here? Or are we?
Since the goal is to create a correlation ID that maintains privacy, you need the result to be consistent. Hashing four billion IPs might take a minute, but it's fundamentally doable in a reasonable time.
By using some much large value that you keep secret, you're basically padding the input to make the search space large enough that it's not realistically able to be enumerated.
Normally each user would have their own salt so that if two users have the same password, they hash to different values. In this case, you would want two users with the same IP to map to the same value, and simply for that value to not lead to an actual IP address.
So you just use one salt for all IP addresses, but you keep it secret.
Essentially.
I'm sure there's other ways to accomplish the goal but that's the first one that came to mind.