Changing the current ip "hash" system

[perdedora]

The current hash mechanism is useless, Serves almost non purpose and couldn't figured out why someone would use that.

Replacing the current implementation with the same mechanism infinity had, mods with no permission to see raw ip, see the hashed one in every step,

[basedgentoo]

I believe its intended purpose was to make it so that moderators could not see IP addresses in the clear.
I believe NPFchan's implementation of it was probably the best. Though, it did make it so there was no easy way to reverse a hashed IP back into plaintext.

I think a system like this would be the best for the privacy minded:

• Encrypt IP addresses using a GPG key that only the website owner possesses.
• Make it easy for the website owner to reverse encrypted IPs using their key. (For when you need to report something to a LEO.)
• Make it so that IP data is automatically deleted after X days. (Even if the above isn't implemented, this should be. There's not really much reason to keep IPs any longer than 3 days by default.)

Doing this would make sites a lot more secure in the event of compromise or a rogue moderator/admin.

[perdedora]

I believe its intended purpose was to make it so that moderators could not see IP addresses in the clear.

But then not even admin can see the raw IP when its enabled.

I believe NPFchan's implementation of it was probably the best. Though, it did make it so there was no easy way to reverse a hashed IP back into plaintext.

Running a npfchan fork for almost 2 years I can't say that I like the way they implemented. It has some major flaws, like the one you said: no way to reverse the hashed ip to plaintext.
The problem arises when the hashed ip is stored into bans table, making the functionality of range ban useless.

In my opinion, the system you describe is perfect.

[sundhaug92]

If you have the secure_trip_salt (it's in instance-config.php), recovering the IP of the post is fairly easy. If it's a v4 address, you can calculate the poster_id function for all IPs within something like half an hour (it's years since I last had to do it, so my memory might be a bit off, and I did it in python) and match it against the hash you're looking for. It's essentially the same as password-cracking. If you have the host-log for the site going back long enough, you should be able to do the same for v6 addresses.

Note: There's theoretically a possibility for different IPs to have the same hash, but the chance of that is minuscule (especially with v4 addresses and the standard poster_id_length of 10 (which is 40 bits)).

[ctrlcctrlv]

you want something like sunshine.

you make a key offserver.

u give the server just the public key.

the server encrypts IP in a table called (well called by me) sunshine.

with rows board, thread, post, and first 256 chars of body.

then to reveal to LEO, u find the row manually, u copy the ciphertext to ur local machine, and do the decryption.

[ctrlcctrlv]

u should use elgamal or ECDSA for the encryption so as not to waste a lot of space w/a CBC scheme for likely short data.