I might have to go lookup their implementation. I feel like a good way of addressing your concern would be a secure hash of the IP address combined with a persistent random number.
The same IP would always map to the same output and you wouldn’t be able to just pre-compute it and bypass everything.
What’s the persisted random number? Sounds like a salt, but usually each user has their own salt right? I assume we are not talking about logged in users here? Or are we?
Since the goal is to create a correlation ID that maintains privacy, you need the result to be consistent. Hashing four billion IPs might take a minute, but it’s fundamentally doable in a reasonable time.
By using some much large value that you keep secret, you’re basically padding the input to make the search space large enough that it’s not realistically able to be enumerated.
Normally each user would have their own salt so that if two users have the same password, they hash to different values. In this case, you would want two users with the same IP to map to the same value, and simply for that value to not lead to an actual IP address.
I might have to go lookup their implementation. I feel like a good way of addressing your concern would be a secure hash of the IP address combined with a persistent random number.
The same IP would always map to the same output and you wouldn’t be able to just pre-compute it and bypass everything.
What’s the persisted random number? Sounds like a salt, but usually each user has their own salt right? I assume we are not talking about logged in users here? Or are we?
Since the goal is to create a correlation ID that maintains privacy, you need the result to be consistent. Hashing four billion IPs might take a minute, but it’s fundamentally doable in a reasonable time.
By using some much large value that you keep secret, you’re basically padding the input to make the search space large enough that it’s not realistically able to be enumerated.
Normally each user would have their own salt so that if two users have the same password, they hash to different values. In this case, you would want two users with the same IP to map to the same value, and simply for that value to not lead to an actual IP address.
So you just use one salt for all IP addresses, but you keep it secret.
Essentially.
I’m sure there’s other ways to accomplish the goal but that’s the first one that came to mind.