On 8/30/06, Gregory Maxwell <gmaxwell(a)gmail.com>
wrote:
It can be easily configured so that anyone with
access to the secret
has privileged access to the server and, already, anyone with
privileged access to the server could be logging IPs.
Yes, but again, there's no good reason to allow anyone without
privileged access to the server to see the IPs in the first place,
encoded or not, so why bother encoding them for storage? *If* you're
going to allow people to view the connections the way AOL did, you may
as well assign arbitrary numbers (say, chronologically) rather than
some encoded form of the IP, since that's easier to implement *and*
more secure, if only marginally.
It's not easier to impliment numbering IPs, actually. Hashing is memoryless.
The reason to use it for storage is the above mentioned paranoia about
being able to make sure things are not retained too long....
It's all a silly and pointless argument in my view, and it's really
off topic for this list.