[ home / bans / all ] [ qa / jp / spg ] [ maho ] [ f / ec ] [ b / poll ] [ tv / bann ] [ toggle-new ]

/maho/ - Magical Circuitboards

Advanced technology is indistinguishable from magic

New Reply

Options
Comment
File
Whitelist Token
Spoiler
Password (For file deletion.)
Markup tags exist for bold, itallics, header, spoiler etc. as listed in " [options] > View Formatting "
[Return] [Bottom] [Catalog]

File:17450236997845033087264711….jpg (1.71 MB,4000x1848)

 No.2923

In light of the hack I had a thoght in the shower that imageboards should be hashing information such as IP addresses, emails and so on.

But instead of a one way hash where the information is never retrievable, it's a 2way hash that does not hold the key on a server. Instead people who need to see the information would be give a userscript containing the key which would decrypt information on a need to know basis.

That means that a hack would have to break through two levels of security to obtain any useful information.

My biggest concern is performance. But maybe WASM can get around that or mods would use a dedicated desktop app with more processing power available.

 No.2924

File:[SubsPlease] Apocalypse Ho….jpg (170.86 KB,1920x1080)

cow kitty!

 No.2926

>In light of the hack I had a thoght in the shower that imageboards should be hashing information such as IP addresses, emails and so on.
Pretty sure the OpenIB fork of vichan did this, I think 8chan used it in the past?

 No.2927

>>2926
I know a few have one way hashed but the hardware to 2way must be better by now.
Plus userscripts and apps... Probably room to be more novel about it

 No.2928

Isn't encryption a better way to solve that? The userscript could manage the encryption/decryption and the only thing stored on the server would be the encrypted text.

 No.2929

yeah. wrong terminology, 2way hash is technically correct I guess, but I should have just called it encryption.

I refer to it as hash because a typical mod would just see a string of characters representing the IP and not the IP itself, while an Admin with a specified app would get that info

 No.2950

Wasn't the hack done via some exploit with PDF's?

 No.2952

>>2950
yes but if everything had encryption the hack would have been a lot less severe

 No.2955

>>2923
*sneaks up on you while you''re in the shower*

 No.2956

only the admins should be able to decrypt the hash, store it completely off-site imo

 No.2959

>>2923
>My biggest concern is performance.
Just like run some tests. Decrypting a bunch of short strings shouldn't be that intensive anyway.

 No.2974

>>2923
Public key encryption is cheap especially when TLS uses it so even web browsers already have that function and there is a Web Crypto API. Why would it be expensive?
https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API
The only issue is making sure the user is not dumb and actually has the private key on demand. Good luck ensuring that. And because of that, I don't think it works.
I think doing a one way encryption with well known advanced algorithms is enough. Consider that PBKDF2 based on SHA2-256 is well known and used in the aforementioned Web Crypto API.
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/deriveKey#pbkdf2
Just using basic principles to reason using thermodynamics means you have to use more energy than a supernova from an average sized star to brute force SHA2-256 has stood the test of time for 20+ years. Unless we get quantum computers worth something other than being able to generate citations in research papers, I expect it to keep standing the test of time.



[Return] [Top] [Catalog] [Post a Reply]
Delete Post [ ]

[ home / bans / all ] [ qa / jp / spg ] [ maho ] [ f / ec ] [ b / poll ] [ tv / bann ] [ toggle-new ]