Comments (6)
It's not intended to be perfect, and it really can't be. If you care that much, use vhosts in a services system (such as Atheme).
from charybdis.
Fair enough, but I was surprised just how weak it was, it would be nice to mention that in the docs at least.
from charybdis.
You're also just brute-forcing it. For a 6 character subdomain, there's only 26^6, or 308,915,776, possibilities, which is very easily brute-forced by a modern computer, especially since the FNV hash is insanely fast. No matter what, you can't win, unless you make the cloaked subdomain longer, which is not the intention of the cloaking module.
from charybdis.
Sure, but something like a shared secret used in a cryptographically secure hash would make things considerably harder.
from charybdis.
Granted, if someone was wanting to find an IP, and they knew enough to know how to get around charybdis' host cloaking, they'd probably be smart enough to know other ways of obtaining an IP anyway...
from charybdis.
We decided a long time ago that we really did not want to carry cryptographic code in the IRCd or create a hard dependency on openssl. It is possible to supply a different cloaking module if you would like to carry crypto code in your IRCd -- SorceryNet does this for example in their SorIRCd stuff.
It is a known fact that the cloaking module is not very effective, but I do not believe that using a cryptographically secure hash for the value used to permute the characters in the hostname will really provide any improvement to the fact that hosts can be bruteforced. I would say that the fact that it takes 16 seconds to bruteforce 'foobar.foobar' in your example shows that it is at least better than SHA1 would perform here, and SHA256/SHA512/Whirlpool/Tiger are too expensive.
from charybdis.
Related Issues (20)
- Catastrophic compile fail in commio.c (librb) in (I believe) master HOT 2
- FreeBSD: Port bind issue HOT 3
- SCTP is not documented in reference/example.confs
- hideserver module /map for users HOT 4
- Cannot add channel modes without "+". HOT 1
- /stats C is undocumented
- a mode to mute unregistered users and show a helpful error HOT 2
- make more snotes netwide
- consider sending set by/at on BMASK burst
- ban lists preventing adding subsets of active supersets assumes human behaviour
- TLS-SRP
- warn users affected by +zq/+zb HOT 1
- Unknown date build field from release
- make `+rb $~a` prioritise ERR_NEEDREGGEDNICK
- extban for matching a mask only when unidentified
- autogen.sh fails with missing libtool files HOT 1
- KICK without a source is ignored HOT 4
- wsock doesn't accept input.
- I-Line problem
- m_requirectcp.cpp botnets/spambots/floodbots
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from charybdis.