Fix README description of RNG
This commit is contained in:
parent
92c4cffaa6
commit
9d8ab16c71
@ -19,7 +19,7 @@
|
|||||||
2. On each request, generate masked IP address as `HASH(salt ++ IP address)`.
|
2. On each request, generate masked IP address as `HASH(salt ++ IP address)`.
|
||||||
3. Log masked IP address.
|
3. Log masked IP address.
|
||||||
|
|
||||||
`ipscrub` uses `ngx_random` to generate random nonces. `ngx_random` is defined as the C `random()` function on non-Windows platforms, and `rand()` on Windows. NOTE: this is not a cryptographically secure RNG, but for the following threat model, that is ok.
|
`ipscrub` uses `arc4random` to generate random nonces (see [Theo de Raat's talk on arc4random](https://www.youtube.com/watch?v=aWmLWx8ut20) for a great overview). On Linux this requires installing [libbsd](https://libbsd.freedesktop.org/wiki/) (package libbsd-dev on Ubuntu/Debian).
|
||||||
|
|
||||||
ALSO NOTE: the generated hash WILL change on each `PERIOD` transition, so you will only have continuity within each `PERIOD`. But because users can transition between networks at any time (e.g. wifi -> cellular), you'd have this type of issue even if you were storing raw IPs.
|
ALSO NOTE: the generated hash WILL change on each `PERIOD` transition, so you will only have continuity within each `PERIOD`. But because users can transition between networks at any time (e.g. wifi -> cellular), you'd have this type of issue even if you were storing raw IPs.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user