[dns-operations] IP address encryption: pseudonymization
Paul Hoffman
phoffman at proper.com
Sun Feb 25 15:59:26 UTC 2018
On 25 Feb 2018, at 4:21, bert hubert wrote:
> I've not been able to determine if the weaknesses discussed on the
> CFRG list
> are worse than the inherent limitations of IP address pseudonymization
> or
> not.
If only it was that simple. As you can see from the thread on CFRG,
there are other methods that do not have the inherent limitations of
ipcrypt: instead, they have different ones.
The easiest one to describe is
truncate_to_32_bits(aes_128(message=padded_ipv4, key=128_bit_random)).
You cannot determine the key even with a huge number of known pairs.
However, you get collisions in the output. So, if you have 4 million
unique input addresses, about .1% of the output addresses will look like
one source of input when in fact they are two sources mixed together.
> I've also taken a look at FF2/FF3 as noted there but have not been
> able to
> find out the patent status of these algorithms. At the very least
> there
> appears to a cloud of worry hanging over them.
There are definitely IPR worries, yes. Also, I hope you mean "FF1/FF3".
NIST determined there was a security reduction in FF2.
--Paul Hoffman
More information about the dns-operations
mailing list