At 1/3 of a second to compute a single hash, brute forcing the entire space of p... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		wgd on Nov 21, 2013 \| parent \| context \| favorite \| on: MediaCrush – A website for serving media super fas... At 1/3 of a second to compute a single hash, brute forcing the entire space of possible addresses takes around 45 CPU-years. But computing the hash of every single IP address is ridiculously parallel, so it's trivial to spin up 2k machines on EC2 and brute force the entire thing in a week. Total cost, somewhere under $8k if you don't want to bother owning real machines, less for any organization that happens to need to do similar things on a regular or semi-regular basis. It's not a trivial investment since that effort only gets you a single IP address, but it's easily within the reach of a vast number of organizations if they have real motivation (read: not a fishing expedition) to reverse it.

bmelton on Nov 22, 2013 [–]

And of course, they wouldn't have to test every IP address in the world, they'd only have to test the IP addresses that appeared in the webserver logs at some point, substantially reducing the time requirement.

ddevault on Nov 23, 2013 | [–]

For what it's worth, we don't keep IPs in the http log.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact