Editing Mediawiki/Anonymous IP Hash
From Bibliotheca Anonoma
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 34: | Line 34: | ||
The ID is a truncated hash, which, although it increases the risk of collisions, [http://www.perlmonks.org/?node_id=111524 that may be a benefit rather than a liability when it comes to IPs.] | The ID is a truncated hash, which, although it increases the risk of collisions, [http://www.perlmonks.org/?node_id=111524 that may be a benefit rather than a liability when it comes to IPs.] | ||
{{Note|Obviously, change the | {{Note|Obviously, change the "PUT RANDOM PADDING HERE" to some 49 characters of random text: this reduces the risk of brute force attacks. Just bang on the keyboard for a bit, or if you want to be truly random, get an RNG or just roll some dice. The max size of a bcrypt salt is 22 characters. The padding size limit is 49 characters, [http://php.net/manual/en/function.password-hash.php since the max size of a string for bcrypt is 72 characters.]}} | ||
{{Warning|Static salts are a necessary evil here since we need to ensure that IDs stay with a user for a day/week. We mitigate this risk by changing the salt monthly. Obviously in passwords, always use random salts.}} | {{Warning|Static salts are a necessary evil here since we need to ensure that IDs stay with a user for a day/week. We mitigate this risk by changing the salt monthly. Obviously in passwords, always use random salts.}} |