security-and-privacy/nginx-ipscrub
security-and-privacy
/
nginx-ipscrub
mirror of
1
0
Fork 0
Code Releases Activity

Fix README description of RNG

This commit is contained in:
Mason Simon 2018-05-27 23:24:27 -07:00
parent 92c4cffaa6
commit 9d8ab16c71
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -19,7 +19,7 @@
2. On each request, generate masked IP address as `HASH(salt ++ IP address)`.
3. Log masked IP address.
`ipscrub` uses `ngx_random` to generate random nonces. `ngx_random` is defined as the C `random()` function on non-Windows platforms, and `rand()` on Windows. NOTE: this is not a cryptographically secure RNG, but for the following threat model, that is ok.
`ipscrub` uses `arc4random` to generate random nonces (see [Theo de Raat's talk on arc4random](https://www.youtube.com/watch?v=aWmLWx8ut20) for a great overview). On Linux this requires installing [libbsd](https://libbsd.freedesktop.org/wiki/) (package libbsd-dev on Ubuntu/Debian).
ALSO NOTE: the generated hash WILL change on each `PERIOD` transition, so you will only have continuity within each `PERIOD`. But because users can transition between networks at any time (e.g. wifi -> cellular), you'd have this type of issue even if you were storing raw IPs.